本文整理汇总了Java中edu.umd.cs.findbugs.ba.ClassContext.getConstantDataflow方法的典型用法代码示例。如果您正苦于以下问题:Java ClassContext.getConstantDataflow方法的具体用法?Java ClassContext.getConstantDataflow怎么用?Java ClassContext.getConstantDataflow使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类edu.umd.cs.findbugs.ba.ClassContext的用法示例。
在下文中一共展示了ClassContext.getConstantDataflow方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: analyzeMethod
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
private void analyzeMethod(ClassContext cc, Method m) throws CFGBuilderException, DataflowAnalysisException {
JavaClass jc = cc.getJavaClass();
MethodGen mg = cc.getMethodGen(m);
if (mg == null) {
return;
}
ConstantPoolGen cpg = mg.getConstantPool();
CFG cfg = cc.getCFG(m);
ConstantDataflow df = cc.getConstantDataflow(m);
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) {
Location l = i.next();
Instruction ins = l.getHandle().getInstruction();
if (!(ins instanceof InvokeInstruction)) {
continue;
}
InvokeInstruction ii = (InvokeInstruction) ins;
MethodDescriptor md = new MethodDescriptor(ii, cpg);
// Skip this method if it's not on the list
if (!methodsToWatch.contains(md.toString()))
{
continue;
}
ConstantFrame cf = df.getFactAtLocation(l);
int numArgs = cf.getNumArguments(ii, cpg);
// If the function has 1 argument passed to it:
// This should always be true since the methods in the list
// only have one argument.
if (numArgs == 1) {
// Get the only constant value passed to the function
Constant val = cf.getStackValue(0);
// If the value is not a constant string
// (I know it is a String because the methodsToWatch list specifies argument type)
if (!val.isConstantString())
{
// Log and report
BugInstance bug = new BugInstance(this, "POSSIBLE_COMMAND_INJECTION", HIGH_PRIORITY);
bug.addClassAndMethod(mg, jc.getSourceFileName());
bugAccumulator.accumulateBug(bug, SourceLineAnnotation.fromVisitedInstruction(cc, mg, jc.getSourceFileName(), l.getHandle()));
}
}
}
bugAccumulator.reportAccumulatedBugs();
}
示例2: analyzeMethod
import edu.umd.cs.findbugs.ba.ClassContext; //导入方法依赖的package包/类
private void analyzeMethod(ClassContext classContext, Method method) throws DataflowAnalysisException, CFGBuilderException {
JavaClass javaClass = classContext.getJavaClass();
this.method = method;
this.classContext = classContext;
MethodGen methodGen = classContext.getMethodGen(method);
if (methodGen == null)
return;
ConstantPoolGen cpg = methodGen.getConstantPool();
CFG cfg = classContext.getCFG(method);
StringAppendState stringAppendState = getStringAppendState(cfg, cpg);
ConstantDataflow dataflow = classContext.getConstantDataflow(method);
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) {
Location location = i.next();
Instruction ins = location.getHandle().getInstruction();
if (!(ins instanceof InvokeInstruction))
continue;
InvokeInstruction invoke = (InvokeInstruction) ins;
if (isDatabaseSink(invoke, cpg)) {
ConstantFrame frame = dataflow.getFactAtLocation(location);
int numArguments = frame.getNumArguments(invoke, cpg);
Constant value = frame.getStackValue(numArguments - 1);
if (!value.isConstantString()) {
// TODO: verify it's the same string represented by
// stringAppendState
// FIXME: will false positive on const/static strings
// returns by methods
Location prev = getPreviousLocation(cfg, location, true);
if (prev == null || !isSafeValue(prev, cpg)) {
BugInstance bug = generateBugInstance(javaClass, methodGen, location.getHandle(), stringAppendState);
bugAccumulator.accumulateBug(
bug,
SourceLineAnnotation.fromVisitedInstruction(classContext, methodGen,
javaClass.getSourceFileName(), location.getHandle()));
}
}
}
}
bugAccumulator.reportAccumulatedBugs();
}