本文整理汇总了Java中edu.umd.cs.findbugs.ba.ClassContext.getCFG方法的典型用法代码示例。如果您正苦于以下问题:Java ClassContext.getCFG方法的具体用法?Java ClassContext.getCFG怎么用?Java ClassContext.getCFG使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类edu.umd.cs.findbugs.ba.ClassContext的用法示例。
在下文中一共展示了ClassContext.getCFG方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: hasCustomReadObject
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
/**
* Check if the readObject is doing multiple external call beyond the basic readByte, readBoolean, etc..
* @param m
* @param classContext
* @return
* @throws CFGBuilderException
* @throws DataflowAnalysisException
*/
private boolean hasCustomReadObject(Method m, ClassContext classContext,List<String> classesToIgnore)
throws CFGBuilderException, DataflowAnalysisException {
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
int count = 0;
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
//ByteCode.printOpCode(inst,cpg);
if(inst instanceof InvokeInstruction) {
InvokeInstruction invoke = (InvokeInstruction) inst;
if (!READ_DESERIALIZATION_METHODS.contains(invoke.getMethodName(cpg))
&& !classesToIgnore.contains(invoke.getClassName(cpg))) {
count +=1;
}
}
}
return count > 3;
}
示例2: analyzeMethod
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
MethodGen methodGen = classContext.getMethodGen(m);
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
if (methodGen == null || methodGen.getInstructionList() == null) {
return; //No instruction .. nothing to do
}
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
if (inst instanceof InvokeInstruction) {
InvokeInstruction invoke = (InvokeInstruction) inst;
String methodName = invoke.getMethodName(cpg);
if ("enableDefaultTyping".equals(methodName)) {
JavaClass clz = classContext.getJavaClass();
bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, HIGH_PRIORITY)
.addClass(clz)
.addMethod(clz, m)
.addCalledMethod(cpg, invoke)
.addSourceLine(classContext, m, location)
);
}
}
}
}
示例3: analyzeMethod
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
if (inst instanceof LDC) {
LDC ldc = (LDC) inst;
if (ldc != null) {
if("java.naming.security.authentication".equals(ldc.getValue(cpg)) &&
"none".equals(ByteCode.getConstantLDC(location.getHandle().getNext(), cpg, String.class))){
JavaClass clz = classContext.getJavaClass();
bugReporter.reportBug(new BugInstance(this, LDAP_ANONYMOUS, Priorities.LOW_PRIORITY) //
.addClass(clz)
.addMethod(clz, m)
.addSourceLine(classContext, m, location));
break;
}
}
}
}
}
示例4: buildResourceCollection
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
private ResourceCollection<Resource> buildResourceCollection(ClassContext classContext, Method method,
ResourceTrackerType resourceTracker) throws CFGBuilderException, DataflowAnalysisException {
ResourceCollection<Resource> resourceCollection = new ResourceCollection<Resource>();
CFG cfg = classContext.getCFG(method);
ConstantPoolGen cpg = classContext.getConstantPoolGen();
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) {
Location location = i.next();
Resource resource = resourceTracker.isResourceCreation(location.getBasicBlock(), location.getHandle(), cpg);
if (resource != null)
resourceCollection.addCreatedResource(location, resource);
}
return resourceCollection;
}
示例5: PatternMatcher
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
/**
* Constructor.
*
* @param pattern
* the ByteCodePattern to look for examples of
* @param classContext
* ClassContext for the class to analyze
* @param method
* the Method to analyze
*/
public PatternMatcher(ByteCodePattern pattern, ClassContext classContext, Method method) throws CFGBuilderException,
DataflowAnalysisException {
this.pattern = pattern;
this.cfg = classContext.getCFG(method);
this.cpg = classContext.getConstantPoolGen();
this.dfs = classContext.getDepthFirstSearch(method);
this.vnaDataflow = classContext.getValueNumberDataflow(method);
this.domAnalysis = classContext.getNonExceptionDominatorsAnalysis(method);
this.workList = new LinkedList<BasicBlock>();
this.visitedBlockMap = new IdentityHashMap<BasicBlock, BasicBlock>();
this.resultList = new LinkedList<ByteCodePatternMatch>();
}
示例6: analyzeMethod
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException{
JavaClass clazz = classContext.getJavaClass();
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location loc = i.next();
Instruction inst = loc.getHandle().getInstruction();
if (inst instanceof INVOKEVIRTUAL) {
INVOKEVIRTUAL invoke = (INVOKEVIRTUAL)inst;
if( "java.lang.StringBuilder".equals(invoke.getClassName(cpg)) && "append".equals(invoke.getMethodName(cpg))) {
Instruction prev = loc.getHandle().getPrev().getInstruction();
if (prev instanceof LDC) {
LDC ldc = (LDC)prev;
Object value = ldc.getValue(cpg);
if (value instanceof String) {
String v = (String)value;
if ("redirect:".equals(v)) {
BugInstance bug = new BugInstance(this, SPRING_UNVALIDATED_REDIRECT_TYPE, Priorities.NORMAL_PRIORITY);
bug.addClass(clazz).addMethod(clazz,m).addSourceLine(classContext,m,loc);
reporter.reportBug(bug);
}
}
}
}
}
}
}
示例7: analyzeMethod
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
if (inst instanceof INVOKEINTERFACE) {
INVOKEINTERFACE invoke = (INVOKEINTERFACE) inst;
String methodName = invoke.getMethodName(cpg);
String className = invoke.getClassName(cpg);
if (className.equals("javax.servlet.http.HttpServletResponse") &&
(methodName.equals("addHeader") || methodName.equals("setHeader"))) {
LDC ldc = ByteCode.getPrevInstruction(location.getHandle().getPrev(), LDC.class);
if (ldc != null) {
String headerValue = ByteCode.getConstantLDC(location.getHandle().getPrev(), cpg, String.class);
if ("Access-Control-Allow-Origin".equalsIgnoreCase((String)ldc.getValue(cpg)) &&
(headerValue.contains("*") || "null".equalsIgnoreCase(headerValue))) {
JavaClass clz = classContext.getJavaClass();
bugReporter.reportBug(new BugInstance(this, PERMISSIVE_CORS, Priorities.HIGH_PRIORITY)
.addClass(clz)
.addMethod(clz, m)
.addSourceLine(classContext, m, location));
}
}
}
}
}
}
示例8: allow_All_Hostname_Verify
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
private void allow_All_Hostname_Verify(ClassContext classContext, JavaClass javaClass, Method m){
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = null;
try {
cfg = classContext.getCFG(m);
} catch (CFGBuilderException e) {
e.printStackTrace();
}
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location loc = i.next();
//ByteCode.printOpCode(loc.getHandle().getInstruction(), cpg);
Instruction inst = loc.getHandle().getInstruction();
if (inst instanceof GETSTATIC) {
GETSTATIC invoke = (GETSTATIC) inst;
// System.out.println(invoke.getClassName(cpg));
// System.out.println(invoke.getName(cpg));
// System.out.println(invoke.getSignature(cpg));
// if("org.apache.http.conn.ssl.SSLSocketFactory".equals(invoke.getClassName(cpg)) &&
// "Lorg/apache/http/conn/ssl/X509HostnameVerifier;".equals(invoke.getSignature(cpg)) &&
// "ALLOW_ALL_HOSTNAME_VERIFIER".equals(invoke.getName(cpg))){
if("ALLOW_ALL_HOSTNAME_VERIFIER".equals(invoke.getName(cpg))){
bugReporter.reportBug(new BugInstance(this, WEAK_HOSTNAME_VERIFIER_TYPE, Priorities.NORMAL_PRIORITY)
.addClassAndMethod(javaClass, m));
}
}
}
}
示例9: analyzeMethod
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException
{
MethodGen methodGen = classContext.getMethodGen(m);
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
if (methodGen == null || methodGen.getInstructionList() == null) {
return; //No instruction .. nothing to do
}
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
//
if (inst instanceof InvokeInstruction) {
// System.out.println(inst.getName());
InvokeInstruction invoke = (InvokeInstruction) inst;
String className = invoke.getClassName(cpg);
if ("java.io.ObjectInputStream".equals(className) || className.contains("InputStream") || InterfaceUtils.isSubtype(className, "java.io.ObjectInputStream")) {
String methodName = invoke.getMethodName(cpg);
if (OBJECT_INPUTSTREAM_READ_METHODS.contains(methodName)) {
JavaClass clz = classContext.getJavaClass();
bugReporter.reportBug(new BugInstance(this, OBJECT_DESERIALIZATION_TYPE, HIGH_PRIORITY) //
.addClass(clz).addMethod(clz, m).addSourceLine(classContext,m,location));
}
}
}
}
}
示例10: get_line_location
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
private Map<String, List<Location>> get_line_location(Method m, ClassContext classContext){
HashMap<String, List<Location>> all_line_location = new HashMap<>();
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = null;
try {
cfg = classContext.getCFG(m);
} catch (CFGBuilderException e) {
e.printStackTrace();
return all_line_location;
}
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location loc = i.next();
Instruction inst = loc.getHandle().getInstruction();
if(inst instanceof INVOKEVIRTUAL) {
INVOKEVIRTUAL invoke = (INVOKEVIRTUAL) inst;
// if (classname.equals(invoke.getClassName(cpg)) &&
// methodName.equals(invoke.getMethodName(cpg))) {
if(all_line_location.containsKey(invoke.getMethodName(cpg))){
all_line_location.get(invoke.getMethodName(cpg)).add(loc);
}else {
LinkedList<Location> loc_list = new LinkedList<>();
loc_list.add(loc);
all_line_location.put(invoke.getMethodName(cpg), loc_list);
}
// }
}
}
return all_line_location;
}
示例11: analyzeMethod
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
private void analyzeMethod(JavaClass javaClass, Method m, ClassContext classContext) throws CFGBuilderException {
MethodGen methodGen = classContext.getMethodGen(m);
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
if (methodGen == null || methodGen.getInstructionList() == null) {
bugReporter.reportBug(new BugInstance(this, WEBVIEW_RECEIVE_SSL_ERROR_TYPE, HIGH_PRIORITY)
.addClass(javaClass)
.addMethod(javaClass, m)
);
}
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
if (inst instanceof INVOKEVIRTUAL) {
INVOKEVIRTUAL invoke = (INVOKEVIRTUAL) inst;
String methodName = invoke.getMethodName(cpg);
if ("proceed".equals(methodName)) {
bugReporter.reportBug(new BugInstance(this, WEBVIEW_RECEIVE_SSL_ERROR_TYPE, HIGH_PRIORITY)
.addClass(javaClass)
.addMethod(javaClass, m)
.addCalledMethod(cpg, invoke)
.addSourceLine(classContext, m, location)
);
}
break;
}
}
}
示例12: analyzeMethod
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
private void analyzeMethod(ClassContext classContext, Method method) throws CFGBuilderException, ClassNotFoundException,
DataflowAnalysisException {
CFG cfg = classContext.getCFG(method);
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) {
Location location = i.next();
Instruction ins = location.getHandle().getInstruction();
if (ins instanceof InvokeInstruction) {
if (TARGET_METHOD != null
&& !((InvokeInstruction) ins).getMethodName(classContext.getConstantPoolGen()).equals(TARGET_METHOD))
continue;
System.out.println("\n*******************************************************\n");
System.out.println("Method invocation: " + location.getHandle());
System.out.println("\tInvoking: "
+ SignatureConverter.convertMethodSignature((InvokeInstruction) ins, classContext.getConstantPoolGen()));
JavaClassAndMethod proto = Hierarchy.findInvocationLeastUpperBound((InvokeInstruction) ins,
classContext.getConstantPoolGen());
if (proto == null) {
System.out.println("\tUnknown prototype method");
} else {
System.out.println("\tPrototype method: class=" + proto.getJavaClass().getClassName() + ", method="
+ proto.getMethod());
}
Set<JavaClassAndMethod> calledMethodSet = Hierarchy.resolveMethodCallTargets((InvokeInstruction) ins,
classContext.getTypeDataflow(method).getFactAtLocation(location), classContext.getConstantPoolGen());
System.out.println("\tTarget method set: " + calledMethodSet);
}
}
}
示例13: analyzeMethod
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
private void analyzeMethod(ClassContext classContext, Method method) throws CFGBuilderException, DataflowAnalysisException {
MethodGen methodGen = classContext.getMethodGen(method);
CFG cfg = classContext.getCFG(method);
LockDataflow dataflow = classContext.getLockDataflow(method);
for (Iterator<Location> j = cfg.locationIterator(); j.hasNext();) {
Location location = j.next();
visitLocation(classContext, location, methodGen, dataflow);
}
}
示例14: analyzeMethod
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
public void analyzeMethod(ClassContext classContext, Method method, ResourceTrackerType resourceTracker,
ResourceCollection<Resource> resourceCollection) throws CFGBuilderException, DataflowAnalysisException {
MethodGen methodGen = classContext.getMethodGen(method);
if (methodGen == null)
return;
try {
CFG cfg = classContext.getCFG(method);
DepthFirstSearch dfs = classContext.getDepthFirstSearch(method);
if (DEBUG)
System.out.println(SignatureConverter.convertMethodSignature(methodGen));
for (Iterator<Resource> i = resourceCollection.resourceIterator(); i.hasNext();) {
Resource resource = i.next();
ResourceValueAnalysis<Resource> analysis = new ResourceValueAnalysis<Resource>(methodGen, cfg, dfs,
resourceTracker, resource);
Dataflow<ResourceValueFrame, ResourceValueAnalysis<Resource>> dataflow = new Dataflow<ResourceValueFrame, ResourceValueAnalysis<Resource>>(
cfg, analysis);
Profiler profiler = Global.getAnalysisCache().getProfiler();
profiler.start(resourceTracker.getClass());
try {
dataflow.execute();
} finally {
profiler.end(resourceTracker.getClass());
}
inspectResult(classContext, methodGen, cfg, dataflow, resource);
}
} catch (RuntimeException e) {
AnalysisContext.logError("Exception while analyzing " + methodGen.getClassName() + "." + methodGen.getName() + ":"
+ methodGen.getSignature(), e);
}
}
示例15: analyzeMethod
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
private void analyzeMethod(ClassContext classContext, Method method) throws CFGBuilderException, DataflowAnalysisException {
// System.out.println("Checking " + method);
CFG cfg = classContext.getCFG(method);
LockDataflow lockDataflow = classContext.getLockDataflow(method);
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) {
Location location = i.next();
Instruction ins = location.getHandle().getInstruction();
if (!(ins instanceof INVOKESTATIC))
continue;
if (!isSleep((INVOKESTATIC) ins, classContext.getConstantPoolGen()))
continue;
// System.out.println("Found sleep at " + location.getHandle());
LockSet lockSet = lockDataflow.getFactAtLocation(location);
if (lockSet.getNumLockedObjects() > 0) {
bugAccumulator.accumulateBug(
new BugInstance(this, "SWL_SLEEP_WITH_LOCK_HELD", NORMAL_PRIORITY).addClassAndMethod(
classContext.getJavaClass(), method), classContext, method, location);
}
}
bugAccumulator.reportAccumulatedBugs();
}