KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > edu > umd > cs > findbugs > detect > DoInsideDoPrivileged


1 /*
2  * FindBugs - Find Bugs in Java programs
3  * Copyright (C) 2005, University of Maryland
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Lesser General Public
7  * License as published by the Free Software Foundation; either
8  * version 2.1 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  * Lesser General Public License for more details.
14  *
15  * You should have received a copy of the GNU Lesser General Public
16  * License along with this library; if not, write to the Free Software
17  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18  */
19
20 package edu.umd.cs.findbugs.detect;
21
22 import org.apache.bcel.Repository;
23 import org.apache.bcel.classfile.Code;
24 import org.apache.bcel.classfile.JavaClass;
25 import org.apache.bcel.classfile.Method;
26
27 import edu.umd.cs.findbugs.BugInstance;
28 import edu.umd.cs.findbugs.BugReporter;
29 import edu.umd.cs.findbugs.BytecodeScanningDetector;
30
31 /**
32  * @author pugh
33  */
34 public class DoInsideDoPrivileged extends BytecodeScanningDetector {
35     BugReporter bugReporter;
36     public DoInsideDoPrivileged(BugReporter bugReporter) {
37         this.bugReporter = bugReporter;
38     }
39     boolean isDoPrivileged = false;
40     @Override JavaDoc
41     public void visit(JavaClass obj) {
42         try {
43             isDoPrivileged =
44                 Repository.implementationOf(getClassName(),"java/security/PrivilegedAction")
45                 || Repository.implementationOf(getClassName(),"java/security/PrivilegedExceptionAction");
46         } catch (ClassNotFoundException JavaDoc e) {
47             isDoPrivileged = true;
48         }
49     }
50     
51     @Override JavaDoc
52     public void visit(Code obj) {
53         if (isDoPrivileged && getMethodName().equals("run")) return;
54         if (getMethod().isPrivate()) return;
55         if (DumbMethods.isTestMethod(getMethod())) return;
56         super.visit(obj);
57     }
58     @Override JavaDoc
59     public void sawOpcode(int seen) {
60         try {
61         if (seen == INVOKEVIRTUAL && getNameConstantOperand().equals("setAccessible")) {
62             String JavaDoc className = getDottedClassConstantOperand();
63             if (className.equals("java.lang.reflect.Field") || className.equals("java.lang.reflect.Method"))
64                 bugReporter.reportBug(new BugInstance(this, "DP_DO_INSIDE_DO_PRIVILEGED",
65                         LOW_PRIORITY)
66                             .addClassAndMethod(this)
67                             .addCalledMethod(this)
68                             .addSourceLine(this)
69                             );
70         }
71         if (seen == NEW) {
72             String JavaDoc classOfConstructedClass = getClassConstantOperand();
73             JavaClass constructedClass = Repository.lookupClass(classOfConstructedClass);
74             if (Repository.instanceOf(constructedClass,"java/lang/ClassLoader")
75                     && !(getMethodName().equals("main") && getMethodSig().equals("([Ljava/lang/String;)V") && getMethod().isStatic()) )
76                 bugReporter.reportBug(new BugInstance(this, "DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED",
77                     NORMAL_PRIORITY)
78                         .addClassAndMethod(this)
79                         .addClass(constructedClass)
80                         .addSourceLine(this)
81                         );
82         }
83         } catch (ClassNotFoundException JavaDoc e) {
84             // ignore this
85 }
86
87     }
88
89 }
90
Popular Tags