本文整理汇总了Java中org.apache.bcel.generic.ConstantPoolGen类的典型用法代码示例。如果您正苦于以下问题:Java ConstantPoolGen类的具体用法?Java ConstantPoolGen怎么用?Java ConstantPoolGen使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
ConstantPoolGen类属于org.apache.bcel.generic包,在下文中一共展示了ConstantPoolGen类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: createStream
import org.apache.bcel.generic.ConstantPoolGen; //导入依赖的package包/类
public Stream createStream(Location location, ObjectType type, ConstantPoolGen cpg,
RepositoryLookupFailureCallback lookupFailureCallback) {
Instruction ins = location.getHandle().getInstruction();
try {
if (ins instanceof InvokeInstruction) {
if (!Hierarchy.isSubtype(type, baseClassType))
return null;
Stream stream = new Stream(location, type.getClassName(), baseClassType.getClassName())
.setIsOpenOnCreation(true)
.setIgnoreImplicitExceptions(true);
if (bugType != null)
stream.setInteresting(bugType);
return stream;
}
} catch (ClassNotFoundException e) {
lookupFailureCallback.reportMissingClass(e);
}
return null;
}
示例2: createStream
import org.apache.bcel.generic.ConstantPoolGen; //导入依赖的package包/类
public Stream createStream(Location location, ObjectType type, ConstantPoolGen cpg,
RepositoryLookupFailureCallback lookupFailureCallback) {
Instruction ins = location.getHandle().getInstruction();
if (ins.getOpcode() != Constants.GETSTATIC)
return null;
GETSTATIC getstatic = (GETSTATIC) ins;
if (!className.equals(getstatic.getClassName(cpg))
|| !fieldName.equals(getstatic.getName(cpg))
|| !fieldSig.equals(getstatic.getSignature(cpg)))
return null;
return new Stream(location, type.getClassName(), streamBaseClass)
.setIgnoreImplicitExceptions(true)
.setIsOpenOnCreation(true);
}
示例3: buildResourceCollection
import org.apache.bcel.generic.ConstantPoolGen; //导入依赖的package包/类
private ResourceCollection<Resource> buildResourceCollection(ClassContext classContext,
Method method, ResourceTrackerType resourceTracker)
throws CFGBuilderException, DataflowAnalysisException {
ResourceCollection<Resource> resourceCollection = new ResourceCollection<Resource>();
CFG cfg = classContext.getCFG(method);
ConstantPoolGen cpg = classContext.getConstantPoolGen();
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) {
Location location = i.next();
Resource resource = resourceTracker.isResourceCreation(location.getBasicBlock(),
location.getHandle(), cpg);
if (resource != null)
resourceCollection.addCreatedResource(location, resource);
}
return resourceCollection;
}
示例4: getSinks
import org.apache.bcel.generic.ConstantPoolGen; //导入依赖的package包/类
private Set<MethodAndSink> getSinks(ConstantPoolGen cpg, InvokeInstruction invoke, TaintFrame frame) {
String className = getInstanceClassName(cpg, invoke, frame);
String methodName = "." + invoke.getMethodName(cpg) + invoke.getSignature(cpg);
String fullMethodName = className.concat(methodName);
Set<InjectionSink> sinks = injectionSinks.get(fullMethodName);
if (sinks != null) {
assert !sinks.isEmpty() : "empty set of sinks";
return getMethodAndSinks(fullMethodName, sinks);
}
try {
if (className.endsWith("]")) {
// not a real class
return Collections.emptySet();
}
JavaClass javaClass = Repository.lookupClass(className);
assert javaClass != null;
return getSuperSinks(javaClass, methodName);
} catch (ClassNotFoundException ex) {
AnalysisContext.reportMissingClass(ex);
}
return Collections.emptySet();
}
示例5: getInstanceClassName
import org.apache.bcel.generic.ConstantPoolGen; //导入依赖的package包/类
private static String getInstanceClassName(ConstantPoolGen cpg, InvokeInstruction invoke, TaintFrame frame) {
try {
int instanceIndex = frame.getNumArgumentsIncludingObjectInstance(invoke, cpg) - 1;
if (instanceIndex != -1) {
assert instanceIndex < frame.getStackDepth();
Taint instanceTaint = frame.getStackValue(instanceIndex);
String className = instanceTaint.getRealInstanceClassName();
if (className != null) {
return className;
}
}
} catch (DataflowAnalysisException ex) {
assert false : ex.getMessage();
}
String dottedClassName = invoke.getReferenceType(cpg).toString();
return ClassName.toSlashedClassName(dottedClassName);
}
示例6: getInjectionPoint
import org.apache.bcel.generic.ConstantPoolGen; //导入依赖的package包/类
@Override
protected InjectionPoint getInjectionPoint(InvokeInstruction invoke, ConstantPoolGen cpg,
InstructionHandle handle) {
assert invoke != null && cpg != null;
String method = invoke.getMethodName(cpg);
String sig = invoke.getSignature(cpg);
if(sig.startsWith("(Ljava/lang/String;)")) {
if(method.startsWith("set")) { // Targeting : x.setPassword("abc123")
String methodLowerCase = method.toLowerCase();
for (String password : PASSWORD_WORDS) {
if (methodLowerCase.contains(password)) {
return new InjectionPoint(new int[]{0}, HARD_CODE_PASSWORD_TYPE);
}
}
} else if(PASSWORD_WORDS.contains(method.toLowerCase())) { // Targeting : DSL().user("").password(String x)
return new InjectionPoint(new int[]{0}, HARD_CODE_PASSWORD_TYPE);
}
}
return InjectionPoint.NONE;
}
示例7: hasCustomReadObject
import org.apache.bcel.generic.ConstantPoolGen; //导入依赖的package包/类
/**
* Check if the readObject is doing multiple external call beyond the basic readByte, readBoolean, etc..
* @param m
* @param classContext
* @return
* @throws CFGBuilderException
* @throws DataflowAnalysisException
*/
private boolean hasCustomReadObject(Method m, ClassContext classContext,List<String> classesToIgnore)
throws CFGBuilderException, DataflowAnalysisException {
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
int count = 0;
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
//ByteCode.printOpCode(inst,cpg);
if(inst instanceof InvokeInstruction) {
InvokeInstruction invoke = (InvokeInstruction) inst;
if (!READ_DESERIALIZATION_METHODS.contains(invoke.getMethodName(cpg))
&& !classesToIgnore.contains(invoke.getClassName(cpg))) {
count +=1;
}
}
}
return count > 3;
}
示例8: analyzeMethod
import org.apache.bcel.generic.ConstantPoolGen; //导入依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
MethodGen methodGen = classContext.getMethodGen(m);
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
if (methodGen == null || methodGen.getInstructionList() == null) {
return; //No instruction .. nothing to do
}
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
if (inst instanceof InvokeInstruction) {
InvokeInstruction invoke = (InvokeInstruction) inst;
String methodName = invoke.getMethodName(cpg);
if ("enableDefaultTyping".equals(methodName)) {
JavaClass clz = classContext.getJavaClass();
bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, HIGH_PRIORITY)
.addClass(clz)
.addMethod(clz, m)
.addCalledMethod(cpg, invoke)
.addSourceLine(classContext, m, location)
);
}
}
}
}
示例9: getInjectionPoint
import org.apache.bcel.generic.ConstantPoolGen; //导入依赖的package包/类
@Override
protected InjectionPoint getInjectionPoint(InvokeInstruction invoke, ConstantPoolGen cpg,
InstructionHandle handle) {
assert invoke != null && cpg != null;
String method = invoke.getMethodName(cpg);
String sig = invoke.getSignature(cpg);
if(method.equals("registerReceiver")){
if(sig.contains("Ljava/lang/String;")){
if(sig.contains(";I)")){
return new InjectionPoint(new int[]{2}, ANDROID_REGISTER_RECEIVER_TYPE);
}else{
return new InjectionPoint(new int[]{1}, ANDROID_REGISTER_RECEIVER_TYPE);
}
}
}
return InjectionPoint.NONE;
}
示例10: getInjectionPoint
import org.apache.bcel.generic.ConstantPoolGen; //导入依赖的package包/类
@Override
protected InjectionPoint getInjectionPoint(InvokeInstruction invoke, ConstantPoolGen cpg,
InstructionHandle handle) {
assert invoke != null && cpg != null;
String method = invoke.getMethodName(cpg);
String sig = invoke.getSignature(cpg);
// System.out.println(invoke.getClassName(cpg));
if(sig.contains("Ljava/lang/String;")) {
if("loadUrl".equals(method)){
if(sig.contains("Ljava/util/Map;")){
return new InjectionPoint(new int[]{1}, WEBVIEW_LOAD_DATA_URL_TYPE);
}else{
return new InjectionPoint(new int[]{0}, WEBVIEW_LOAD_DATA_URL_TYPE);
}
}else if("loadData".equals(method)){
return new InjectionPoint(new int[]{2}, WEBVIEW_LOAD_DATA_URL_TYPE);
}else if("loadDataWithBaseURL".equals(method)){
//BUG
return new InjectionPoint(new int[]{4}, WEBVIEW_LOAD_DATA_URL_TYPE);
}
}
return InjectionPoint.NONE;
}
示例11: getInjectionPoint
import org.apache.bcel.generic.ConstantPoolGen; //导入依赖的package包/类
@Override
protected InjectionPoint getInjectionPoint(InvokeInstruction invoke, ConstantPoolGen cpg,
InstructionHandle handle) {
assert invoke != null && cpg != null;
String method = invoke.getMethodName(cpg);
String sig = invoke.getSignature(cpg);
// System.out.println(sig);
if(sig.contains("Ljava/lang/String;")) {
if(method.contains("send") && method.contains("Broadcast") && !method.contains("Sticky")){
// System.out.println(method);
if("sendOrderedBroadcastAsUser".equals(method)){
return new InjectionPoint(new int[]{5}, ANDROID_BROADCAST_TYPE);
}
if("sendOrderedBroadcast".equals(method) && sig.contains("Landroid/content/BroadcastReceiver;")){
return new InjectionPoint(new int[]{5}, ANDROID_BROADCAST_TYPE);
}
return new InjectionPoint(new int[]{0}, ANDROID_BROADCAST_TYPE);
}
}
return InjectionPoint.NONE;
}
示例12: analyzeMethod
import org.apache.bcel.generic.ConstantPoolGen; //导入依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
if (inst instanceof LDC) {
LDC ldc = (LDC) inst;
if (ldc != null) {
if("java.naming.security.authentication".equals(ldc.getValue(cpg)) &&
"none".equals(ByteCode.getConstantLDC(location.getHandle().getNext(), cpg, String.class))){
JavaClass clz = classContext.getJavaClass();
bugReporter.reportBug(new BugInstance(this, LDAP_ANONYMOUS, Priorities.LOW_PRIORITY) //
.addClass(clz)
.addMethod(clz, m)
.addSourceLine(classContext, m, location));
break;
}
}
}
}
}
示例13: matches
import org.apache.bcel.generic.ConstantPoolGen; //导入依赖的package包/类
public boolean matches(Instruction instruction, ConstantPoolGen cpg) {
if(instruction != null && instruction instanceof InvokeInstruction) {
InvokeInstruction invokeInstruction = (InvokeInstruction) instruction;
if (classesNames.size() != 0 && !classesNames.contains(invokeInstruction.getClassName(cpg))) {
return false;
}
else if (methodNames.size() != 0 && !methodNames.contains(invokeInstruction.getMethodName(cpg))) {
return false;
}
else if (argSignatures.size() != 0 && !argSignatures.contains(invokeInstruction.getSignature(cpg))) {
return false;
}
return true;
}
return false;
}
示例14: generateFields
import org.apache.bcel.generic.ConstantPoolGen; //导入依赖的package包/类
private void generateFields(RootClass k, ConstantPoolGen cp, ClassGen cg)
{
RootMember[] members = k.getMembers();
for (int i = 0; i < members.length; i++)
{
if (cg.containsField(members[i].getName()) == null)
{
Type type = ((BasicMember) members[i]).getJavaType();
if (type != null)
{
FieldGen fg = new FieldGen(ACC_PRIVATE, type, members[i].getName(), cp);
cg.addField(fg.getField());
}
}
}
}
示例15: SpawningMethod
import org.apache.bcel.generic.ConstantPoolGen; //导入依赖的package包/类
SpawningMethod (Method method, String className, ConstantPoolGen constantPoolGen,
SpawnSignature spawnSignature, int indexSync, Debug d)
throws NoSpawningMethodException, AssumptionFailure {
super(method, className, constantPoolGen);
if (callsSync()) {
throw new MethodCallsSyncException();
}
MethodGen spawnSignatureGen = new MethodGen(spawnSignature.getMethod(), spawnSignature.getClassName(), constantPoolGen);
ArrayList<SpawnableCall> spawnableCalls = getSpawnableCalls(constantPoolGen, spawnSignatureGen);
if (spawnableCalls.size() > 0) {
this.spawnableCalls = spawnableCalls;
this.indexSync = indexSync;
// this.spawnSignature = spawnSignature;
this.d = d;
}
else {
throw new NoSpawningMethodException();
}
}