import org.apache.bcel.generic.MethodGen; //导入方法依赖的package包/类
private void analyzeMethod(ClassContext classContext, Method method) throws CFGBuilderException, DataflowAnalysisException {
MethodGen methodGen = classContext.getMethodGen(method);
if (methodGen == null)
return;
BitSet bytecodeSet = classContext.getBytecodeSet(method);
if (bytecodeSet == null)
return;
// We don't adequately model instanceof interfaces yet
if (bytecodeSet.get(Constants.INSTANCEOF) || bytecodeSet.get(Constants.CHECKCAST))
return;
CFG cfg = classContext.getCFG(method);
TypeDataflow typeDataflow = classContext.getTypeDataflow(method);
ConstantPoolGen cpg = classContext.getConstantPoolGen();
String sourceFile = classContext.getJavaClass().getSourceFileName();
if (DEBUG) {
String methodName = methodGen.getClassName() + "." + methodGen.getName();
System.out.println("Checking " + methodName);
}
for (Iterator i = cfg.locationIterator(); i.hasNext();) {
Location location = i.next();
InstructionHandle handle = location.getHandle();
Instruction ins = handle.getInstruction();
if (!(ins instanceof INVOKEINTERFACE))
continue;
INVOKEINTERFACE invoke = (INVOKEINTERFACE) ins;
String mName = invoke.getMethodName(cpg);
if (!mName.equals("setAttribute"))
continue;
String cName = invoke.getClassName(cpg);
if (!cName.equals("javax.servlet.http.HttpSession"))
continue;
TypeFrame frame = typeDataflow.getFactAtLocation(location);
if (!frame.isValid()) {
// This basic block is probably dead
continue;
}
Type operandType = frame.getTopValue();
if (operandType.equals(TopType.instance())) {
// unreachable
continue;
}
if (!(operandType instanceof ReferenceType)) {
// Shouldn't happen - illegal bytecode
continue;
}
ReferenceType refType = (ReferenceType) operandType;
if (refType.equals(NullType.instance())) {
continue;
}
try {
double isSerializable = DeepSubtypeAnalysis.isDeepSerializable(refType);
if (isSerializable < 0.9) {
SourceLineAnnotation sourceLineAnnotation = SourceLineAnnotation.fromVisitedInstruction(classContext,
methodGen, sourceFile, handle);
ReferenceType problem = DeepSubtypeAnalysis.getLeastSerializableTypeComponent(refType);
bugAccumulator.accumulateBug(new BugInstance(this, "J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION",
isSerializable < 0.15 ? HIGH_PRIORITY : isSerializable > 0.5 ? LOW_PRIORITY : NORMAL_PRIORITY)
.addClassAndMethod(methodGen, sourceFile).addType(problem).describe(TypeAnnotation.FOUND_ROLE),
sourceLineAnnotation);
}
} catch (ClassNotFoundException e) {
// ignore
}
}
}