Examples with UExpression org.jetbrains.uast.UExpression used on opensource projects

Example 16 with UExpression

use of org.jetbrains.uast.UExpression in project kotlin by JetBrains.

the class HandlerDetector method checkClass.

@Override
public void checkClass(@NonNull JavaContext context, @NonNull UClass declaration) {
    // Only consider static inner classes
    if (context.getEvaluator().isStatic(declaration)) {
        return;
    }
    boolean isAnonymous = declaration instanceof UAnonymousClass;
    if (declaration.getContainingClass() == null && !isAnonymous) {
        return;
    }
    //// Only flag handlers using the default looper
    //noinspection unchecked
    UCallExpression invocation = UastUtils.getParentOfType(declaration, UObjectLiteralExpression.class, true, UMethod.class);
    if (invocation != null) {
        if (isAnonymous && invocation.getValueArgumentCount() > 0) {
            for (UExpression expression : invocation.getValueArguments()) {
                PsiType type = expression.getExpressionType();
                if (type instanceof PsiClassType && LOOPER_CLS.equals(type.getCanonicalText())) {
                    return;
                }
            }
        }
    } else if (hasLooperConstructorParameter(declaration)) {
        // possibly used correctly from elsewhere
        return;
    }
    Location location = context.getUastNameLocation(declaration);
    String name;
    if (isAnonymous) {
        name = "anonymous " + ((UAnonymousClass) declaration).getBaseClassReference().getQualifiedName();
    } else {
        name = declaration.getQualifiedName();
    }
    //noinspection VariableNotUsedInsideIf
    context.reportUast(ISSUE, declaration, location, String.format("This Handler class should be static or leaks might occur (%1$s)", name));
}

Example 17 with UExpression

use of org.jetbrains.uast.UExpression in project kotlin by JetBrains.

the class RequiredAttributeDetector method visitMethod.

@Override
public void visitMethod(@NonNull JavaContext context, @Nullable UastVisitor visitor, @NonNull UCallExpression call, @NonNull UMethod method) {
    // Handle
    //    View#inflate(Context context, int resource, ViewGroup root)
    //    LayoutInflater#inflate(int resource, ViewGroup root)
    //    LayoutInflater#inflate(int resource, ViewGroup root, boolean attachToRoot)
    List<UExpression> args = call.getValueArguments();
    String layout = null;
    int index = 0;
    ResourceEvaluator evaluator = new ResourceEvaluator(context);
    for (UExpression expression : args) {
        ResourceUrl url = evaluator.getResource(expression);
        if (url != null && url.type == ResourceType.LAYOUT) {
            layout = url.toString();
            break;
        }
        index++;
    }
    if (layout == null) {
        // Flow analysis didn't succeed
        return;
    }
    // In all the applicable signatures, the view root argument is immediately after
    // the layout resource id.
    int viewRootPos = index + 1;
    if (viewRootPos < args.size()) {
        UExpression viewRoot = args.get(viewRootPos);
        if (UastLiteralUtils.isNullLiteral(viewRoot)) {
            // Yep, this one inflates the given view with a null parent:
            // Tag it as such. For now just use the include data structure since
            // it has the same net effect
            recordIncludeWidth(layout, true);
            recordIncludeHeight(layout, true);
        }
    }
}

Example 18 with UExpression

use of org.jetbrains.uast.UExpression in project kotlin by JetBrains.

the class SQLiteDetector method visitMethod.

@Override
public void visitMethod(@NonNull JavaContext context, @Nullable UastVisitor visitor, @NonNull UCallExpression call, @NonNull UMethod uMethod) {
    PsiMethod method = uMethod.getPsi();
    JavaEvaluator evaluator = context.getEvaluator();
    if (!JavaEvaluator.isMemberInClass(method, "android.database.sqlite.SQLiteDatabase")) {
        return;
    }
    int parameterCount = evaluator.getParameterCount(method);
    if (parameterCount == 0) {
        return;
    }
    if (!evaluator.parameterHasType(method, 0, TYPE_STRING)) {
        return;
    }
    // Try to resolve the String and look for STRING keys
    UExpression argument = call.getValueArguments().get(0);
    String sql = ConstantEvaluator.evaluateString(context, argument, true);
    if (sql != null && (sql.startsWith("CREATE TABLE") || sql.startsWith("ALTER TABLE")) && sql.matches(".*\\bSTRING\\b.*")) {
        String message = "Using column type STRING; did you mean to use TEXT? " + "(STRING is a numeric type and its value can be adjusted; for example, " + "strings that look like integers can drop leading zeroes. See issue " + "explanation for details.)";
        context.report(ISSUE, call, context.getUastLocation(call), message);
    }
}

Example 19 with UExpression

use of org.jetbrains.uast.UExpression in project kotlin by JetBrains.

the class SecureRandomDetector method visitMethod.

@Override
public void visitMethod(@NonNull JavaContext context, @Nullable UastVisitor visitor, @NonNull UCallExpression call, @NonNull UMethod method) {
    List<UExpression> arguments = call.getValueArguments();
    if (arguments.isEmpty()) {
        return;
    }
    UExpression seedArgument = arguments.get(0);
    JavaEvaluator evaluator = context.getEvaluator();
    if (JavaEvaluator.isMemberInClass(method, JAVA_SECURITY_SECURE_RANDOM) || evaluator.isMemberInSubClassOf(method, JAVA_UTIL_RANDOM, false) && isSecureRandomReceiver(context, call)) {
        // Called with a fixed seed?
        Object seed = ConstantEvaluator.evaluate(context, seedArgument);
        //noinspection VariableNotUsedInsideIf
        if (seed != null) {
            context.report(ISSUE, call, context.getUastLocation(call), "Do not call `setSeed()` on a `SecureRandom` with a fixed seed: " + "it is not secure. Use `getSeed()`.");
        } else {
            // Called with a simple System.currentTimeMillis() seed or something like that?
            PsiElement resolvedArgument = UastUtils.tryResolve(seedArgument);
            if (resolvedArgument instanceof PsiMethod) {
                PsiMethod seedMethod = (PsiMethod) resolvedArgument;
                String methodName = seedMethod.getName();
                if (methodName.equals("currentTimeMillis") || methodName.equals("nanoTime")) {
                    context.report(ISSUE, call, context.getUastLocation(call), "It is dangerous to seed `SecureRandom` with the current " + "time because that value is more predictable to " + "an attacker than the default seed.");
                }
            }
        }
    }
}

Example 20 with UExpression

use of org.jetbrains.uast.UExpression in project kotlin by JetBrains.

the class CipherGetInstanceDetector method visitMethod.

@Override
public void visitMethod(@NonNull JavaContext context, @Nullable UastVisitor visitor, @NonNull UCallExpression node, @NonNull UMethod method) {
    if (!context.getEvaluator().isMemberInSubClassOf(method, CIPHER, false)) {
        return;
    }
    List<UExpression> arguments = node.getValueArguments();
    if (arguments.size() == 1) {
        UExpression expression = arguments.get(0);
        Object value = ConstantEvaluator.evaluate(context, expression);
        if (value instanceof String) {
            checkParameter(context, node, expression, (String) value, !(expression instanceof ULiteralExpression));
        }
    }
}