本文整理汇总了Java中org.apache.bcel.classfile.AnnotationEntry类的典型用法代码示例。如果您正苦于以下问题:Java AnnotationEntry类的具体用法?Java AnnotationEntry怎么用?Java AnnotationEntry使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
AnnotationEntry类属于org.apache.bcel.classfile包,在下文中一共展示了AnnotationEntry类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: analyzeField
import org.apache.bcel.classfile.AnnotationEntry; //导入依赖的package包/类
private void analyzeField(Field field, JavaClass javaClass) {
for (AnnotationEntry annotation : field.getAnnotationEntries()) {
if (ANNOTATION_TYPES.contains(annotation.getAnnotationType()) ||
annotation.getAnnotationType().contains("JsonTypeInfo")) {
for (ElementValuePair elementValuePair : annotation.getElementValuePairs()) {
if ("use".equals((elementValuePair.getNameString())) &&
VULNERABLE_USE_NAMES.contains(elementValuePair.getValue().stringifyValue())) {
bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, HIGH_PRIORITY)
.addClass(javaClass)
.addString(javaClass.getClassName() + " on field " +
field.getName() + " of type " + field.getType() +
" annotated with " + annotation.toShortString())
.addField(FieldAnnotation.fromBCELField(javaClass, field))
.addString("")
);
}
}
}
}
}
示例2: isVulnerable
import org.apache.bcel.classfile.AnnotationEntry; //导入依赖的package包/类
private static boolean isVulnerable(Method method) {
// If the method is not annotated with `@RequestMapping`, there is no vulnerability.
AnnotationEntry requestMappingAnnotation = findRequestMappingAnnotation(method);
if (requestMappingAnnotation == null) {
return false;
}
// If the `@RequestMapping` annotation is used without the `method` annotation attribute,
// there is a vulnerability.
ElementValuePair methodAnnotationAttribute = findMethodAnnotationAttribute(requestMappingAnnotation);
if (methodAnnotationAttribute == null) {
return true;
}
// If the `@RequestMapping` annotation is used with the `method` annotation attribute equal to `{}`,
// there is a vulnerability.
ElementValue methodAnnotationAttributeValue = methodAnnotationAttribute.getValue();
if (isEmptyArray(methodAnnotationAttributeValue)) {
return true;
}
// If the `@RequestMapping` annotation is used with the `method` annotation attribute but contains a mix of
// unprotected and protected HTTP request methods, there is a vulnerability.
return isMixOfUnprotectedAndProtectedHttpRequestMethods(methodAnnotationAttributeValue);
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:27,代码来源:SpringCsrfUnrestrictedRequestMappingDetector.java
示例3: parseAnnotation
import org.apache.bcel.classfile.AnnotationEntry; //导入依赖的package包/类
public void parseAnnotation(org.apache.bcel.classfile.JavaClass obj) {
// 处理Annotation
for (AnnotationEntry annotationEntry : obj.getAnnotationEntries()) {
if (annotationEntry.getAnnotationType().equals(AnnotationParse.Table)) {
TableInfo tableInfo = AnnotationParse.parseTable(annotationEntry);
if (tableInfo != null) {
this.addTable(tableInfo);
}
} else if (annotationEntry.getAnnotationType().equals(AnnotationParse.Transactional)) {
this.annotationDefs.setTransactional(AnnotationParse.parseTransactional(annotationEntry));
} else if (annotationEntry.getAnnotationType().equals(AnnotationParse.RequestMapping)) {
this.annotationDefs.setRequestMapping(AnnotationParse.parseRequestMapping(annotationEntry));
} else if (annotationEntry.getAnnotationType().equals(AnnotationParse.Controller)) {
this.annotationDefs.setController(AnnotationParse.parseController(annotationEntry));
} else if (annotationEntry.getAnnotationType().equals(AnnotationParse.Service)) {
this.annotationDefs.setService(AnnotationParse.parseService(annotationEntry));
}
}
}
示例4: Method
import org.apache.bcel.classfile.AnnotationEntry; //导入依赖的package包/类
public Method(JavaClass javaClass, org.apache.bcel.classfile.Method method, boolean isParseAnnotation) {
this.javaClass = javaClass;
this.javaClassId = javaClass.getId();
this.access_flags = method.getAccessFlags();
this.name = method.getName();
this.signature = SignatureUtil.getSignature(method);
this.info = ParseUtil.getMethodInfo(method.toString());
this.argumentCount = this.calArgumentCount();
this.invokeItems = new ArrayList<InvokeItem>();
this.readFields = new ArrayList<Attribute>();
this.writeFields = new ArrayList<Attribute>();
this.selfLineCount = -1;
this.invokedItems = new HashSet<InvokeItem>();
this.annotationDefs = new AnnotationDefs();
// 处理Annotation
if (isParseAnnotation) {
for (AnnotationEntry annotationEntry : method.getAnnotationEntries()) {
if (annotationEntry.getAnnotationType().equals(AnnotationParse.Transactional)) {
this.annotationDefs.setTransactional(AnnotationParse.parseTransactional(annotationEntry));
} else if (annotationEntry.getAnnotationType().equals(AnnotationParse.RequestMapping)) {
this.annotationDefs.setRequestMapping(AnnotationParse.parseRequestMapping(annotationEntry));
}
}
}
}
示例5: addAnnotations
import org.apache.bcel.classfile.AnnotationEntry; //导入依赖的package包/类
private void addAnnotations(Element node, AnnotationEntry[] annotations) {
if (annotations.length == 0) {
return;
}
Element a = new Element("annotations", nsXMLVM);
node.addContent(a);
for (AnnotationEntry annotation : annotations) {
String type = annotation.getAnnotationType();
// Turn into a scoped name. Strip off leading "L" and
// trailing
// ";"
type = type.substring(1, type.length() - 1);
type = type.replaceAll("/", ".");
Element newAnnotation = new Element("annotation", nsXMLVM);
a.addContent(newAnnotation);
newAnnotation.setAttribute("type", type);
ElementValuePair[] values = annotation.getElementValuePairs();
for (ElementValuePair value : values) {
Element property = new Element("property", nsXMLVM);
// TODO(arno) Need to add type
property.setAttribute("name", value.getNameString());
property.setAttribute("value", value.getValue().stringifyValue());
newAnnotation.addContent(property);
}
}
}
示例6: visitParameterAnnotation
import org.apache.bcel.classfile.AnnotationEntry; //导入依赖的package包/类
@Override
public void visitParameterAnnotation(ParameterAnnotations arg0) {
ParameterAnnotationEntry[] parameterAnnotationEntries = arg0.getParameterAnnotationEntries();
int numParametersToMethod = getNumberMethodArguments();
int offset = 0;
if (numParametersToMethod > parameterAnnotationEntries.length) {
offset = 1;
}
for (int i = 0; i < parameterAnnotationEntries.length; i++) {
ParameterAnnotationEntry e = parameterAnnotationEntries[i];
for (AnnotationEntry ae : e.getAnnotationEntries()) {
boolean runtimeVisible = ae.isRuntimeVisible();
String name = ClassName.fromFieldSignature(ae.getAnnotationType());
if (name == null)
continue;
name = ClassName.toDottedClassName(name);
Map<String, ElementValue> map = new HashMap<String, ElementValue>();
for (ElementValuePair ev : ae.getElementValuePairs()) {
map.put(ev.getNameString(), ev.getValue());
}
visitParameterAnnotation(offset + i, name, map, runtimeVisible);
}
}
}
示例7: visitAnnotation
import org.apache.bcel.classfile.AnnotationEntry; //导入依赖的package包/类
@Override
public void visitAnnotation(Annotations arg0) {
for (AnnotationEntry ae : arg0.getAnnotationEntries()) {
boolean runtimeVisible = ae.isRuntimeVisible();
String name = ClassName.fromFieldSignature(ae.getAnnotationType());
if (name == null)
continue;
name = ClassName.toDottedClassName(name);
Map<String, ElementValue> map = new HashMap<String, ElementValue>();
for (ElementValuePair ev : ae.getElementValuePairs()) {
map.put(ev.getNameString(), ev.getValue());
}
visitAnnotation(name, map, runtimeVisible);
}
}
示例8: visitMethod
import org.apache.bcel.classfile.AnnotationEntry; //导入依赖的package包/类
@Override
public void visitMethod(Method obj) {
super.visitMethod(obj);
if (obj.isPrivate() && !getMethodName().equals("writeReplace") && !getMethodName().equals("readResolve")
&& !getMethodName().equals("readObject") && !getMethodName().equals("readObjectNoData")
&& !getMethodName().equals("writeObject") && getMethodName().indexOf("debug") == -1
&& getMethodName().indexOf("Debug") == -1 && getMethodName().indexOf("trace") == -1
&& getMethodName().indexOf("Trace") == -1 && !getMethodName().equals("<init>")
&& !getMethodName().equals("<clinit>")) {
for(AnnotationEntry a : obj.getAnnotationEntries()) {
String typeName = a.getAnnotationType();
if (typeName.equals("Ljavax/annotation/PostConstruct;")
|| typeName.equals("Ljavax/annotation/PreDestroy;"))
return;
}
definedPrivateMethods.add(MethodAnnotation.fromVisitedMethod(this));
}
}
示例9: hasRequestMapping
import org.apache.bcel.classfile.AnnotationEntry; //导入依赖的package包/类
private boolean hasRequestMapping(JavaClass clazz) {
Method[] methods = clazz.getMethods();
for (Method m: methods) {
AnnotationEntry[] annotations = m.getAnnotationEntries();
for (AnnotationEntry ae: annotations) {
if (REQUEST_MAPPING_ANNOTATION_TYPES.contains(ae.getAnnotationType())) {
return true;
}
}
}
return false;
}
示例10: findRequestMappingAnnotation
import org.apache.bcel.classfile.AnnotationEntry; //导入依赖的package包/类
private static AnnotationEntry findRequestMappingAnnotation(Method method) {
for (AnnotationEntry annotationEntry : method.getAnnotationEntries()) {
if (REQUEST_MAPPING_ANNOTATION_TYPE.equals(annotationEntry.getAnnotationType())) {
return annotationEntry;
}
}
return null;
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:9,代码来源:SpringCsrfUnrestrictedRequestMappingDetector.java
示例11: findMethodAnnotationAttribute
import org.apache.bcel.classfile.AnnotationEntry; //导入依赖的package包/类
private static ElementValuePair findMethodAnnotationAttribute(AnnotationEntry requestMappingAnnotation) {
for (ElementValuePair elementValuePair : requestMappingAnnotation.getElementValuePairs()) {
if (METHOD_ANNOTATION_ATTRIBUTE_KEY.equals(elementValuePair.getNameString())) {
return elementValuePair;
}
}
return null;
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:9,代码来源:SpringCsrfUnrestrictedRequestMappingDetector.java
示例12: visitClassContext
import org.apache.bcel.classfile.AnnotationEntry; //导入依赖的package包/类
@Override
public void visitClassContext(ClassContext classContext) {
JavaClass javaClass = classContext.getJavaClass();
for (Method m : javaClass.getMethods()) {
for (AnnotationEntry ae : m.getAnnotationEntries()) {
//Every method mark with @javax.jws.WebMethod is mark as an Endpoint
if (ae.getAnnotationType().equals("Ljavax/jws/WebMethod;")) {
bugReporter.reportBug(new BugInstance(this, JAXWS_ENDPOINT_TYPE, Priorities.LOW_PRIORITY) //
.addClassAndMethod(javaClass, m));
}
}
}
}
示例13: visitClassContext
import org.apache.bcel.classfile.AnnotationEntry; //导入依赖的package包/类
@Override
public void visitClassContext(ClassContext classContext) {
JavaClass javaClass = classContext.getJavaClass();
method : for (Method m : javaClass.getMethods()) {
for (AnnotationEntry ae : m.getAnnotationEntries()) {
if (REQUEST_MAPPING_ANNOTATION_TYPES.contains(ae.getAnnotationType())) {
bugReporter.reportBug(new BugInstance(this, SPRING_ENDPOINT_TYPE, Priorities.LOW_PRIORITY) //
.addClassAndMethod(javaClass, m));
continue method;
}
}
}
}
示例14: visitClassContext
import org.apache.bcel.classfile.AnnotationEntry; //导入依赖的package包/类
@Override
public void visitClassContext(ClassContext classContext) {
JavaClass javaClass = classContext.getJavaClass();
for (Method m : javaClass.getMethods()) {
for (AnnotationEntry ae : m.getAnnotationEntries()) {
//Every method mark with @javax.ws.rs.Path is mark as an Endpoint
if (ae.getAnnotationType().equals("Ljavax/ws/rs/Path;")) {
bugReporter.reportBug(new BugInstance(this, JAXRS_ENDPOINT_TYPE, Priorities.LOW_PRIORITY) //
.addClassAndMethod(javaClass, m));
}
}
}
}
示例15: bcelExample
import org.apache.bcel.classfile.AnnotationEntry; //导入依赖的package包/类
private static void bcelExample() throws IOException {
ClassParser cp = new ClassParser(CLASS_FILE);
JavaClass jc = cp.parse();
System.out.println("jc = " + jc);
ConstantPool constantPool = jc.getConstantPool();
System.out.println("constantPool = " + constantPool);
for (AnnotationEntry annotationEntry : jc.getAnnotationEntries()) {
System.out.println("annotationEntry = " + annotationEntry);
}
for (Method method : jc.getMethods()) {
System.out.println("method = " + method);
System.out.println(
"method annotation = " + Arrays.toString(method.getAnnotationEntries()));
}
}