edu.umd.cs.findbugs.detect.ConstructorThrow

All Implemented Interfaces:: Detector, Priorities, org.apache.bcel.classfile.Visitor

public class ConstructorThrow extends OpcodeStackDetector

This detector can find constructors that throw exception.

Nested Class Summary

Nested classes/interfaces inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector
OpcodeStackDetector.WithCustomJumpInfo
Field Summary

Fields inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector
stack

Fields inherited from class edu.umd.cs.findbugs.visitclass.DismantleBytecode
codeBytes, lineNumberTable, M_BR, M_CP, M_INT, M_PAD, M_R, M_UINT

Fields inherited from interface edu.umd.cs.findbugs.Priorities
EXP_PRIORITY, HIGH_PRIORITY, IGNORE_PRIORITY, LOW_PRIORITY, NORMAL_PRIORITY
Constructor Summary

Constructors

Constructor

Description

ConstructorThrow(BugReporter bugReporter)
Method Summary

Modifier and Type

Method

Description

void

sawOpcode(int seen)

1.

void

visit(org.apache.bcel.classfile.JavaClass obj)

Visit a class to find the constructor, then collect all the methods that gets called in it.

void

visit(org.apache.bcel.classfile.Method obj)

void

visitAfter(org.apache.bcel.classfile.JavaClass obj)

Methods inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector
afterOpcode, beforeOpcode, getStack, isUsingCustomUserValue, visitCode

Methods inherited from class edu.umd.cs.findbugs.BytecodeScanningDetector
getClassContext, report, shouldVisitCode, visitClassContext

Methods inherited from class edu.umd.cs.findbugs.visitclass.DismantleBytecode
areOppositeBranches, atCatchBlock, getBranchFallThrough, getBranchOffset, getBranchTarget, getClassConstantOperand, getClassDescriptorOperand, getCodeByte, getConstantRefOperand, getDefaultSwitchOffset, getDottedClassConstantOperand, getFieldDescriptorOperand, getIntConstant, getLongConstant, getMaxPC, getMethodDescriptorOperand, getNameConstantOperand, getNextCodeByte, getNextOpcode, getNextPC, getOpcode, getPC, getPrevOpcode, getRefConstantOperand, getRefFieldIsStatic, getRegisterOperand, getSigConstantOperand, getStringConstantOperand, getSwitchLabels, getSwitchOffsets, getXClassOperand, getXFieldOperand, getXMethodOperand, isBranch, isMethodCall, isRegisterLoad, isRegisterStore, isRegisterStore, isReturn, isShift, isSwitch, isWideOpcode, printOpCode, sawBranchTo, sawClass, sawDouble, sawField, sawFloat, sawIMethod, sawInt, sawLong, sawMethod, sawRegister, sawString, visit

Methods inherited from class edu.umd.cs.findbugs.visitclass.AnnotationVisitor
getAnnotationParameterAsEnum, getAnnotationParameterAsString, getAnnotationParameterAsStringArray, visitAnnotation, visitAnnotation, visitParameterAnnotation, visitParameterAnnotation, visitSyntheticParameterAnnotation

Methods inherited from class edu.umd.cs.findbugs.visitclass.PreorderVisitor
amVisitingMainMethod, asUnsignedByte, doVisitMethod, getClassDescriptor, getClassName, getCode, getConstantPool, getDottedClassName, getDottedFieldSig, getDottedMethodSig, getDottedSuperclassName, getField, getFieldDescriptor, getFieldIsStatic, getFieldName, getFieldSig, getFullyQualifiedFieldName, getFullyQualifiedMethodName, getMethod, getMethodDescriptor, getMethodName, getMethodSig, getMethodVisitOrder, getNumberArguments, getNumberMethodArguments, getPackageName, getSizeOfSurroundingTryBlock, getSizeOfSurroundingTryBlock, getSourceFile, getStringFromIndex, getSuperclassName, getSurroundingCaughtExceptions, getSurroundingCaughtExceptions, getSurroundingCaughtExceptionTypes, getSurroundingTryBlock, getSurroundingTryBlock, getThisClass, getXClass, getXField, getXMethod, hasInterestingClass, hasInterestingMethod, isVisitMethodsInCallOrder, setupVisitorForClass, setVisitMethodsInCallOrder, shouldVisit, toString, visitAfter, visitAnnotationDefault, visitAnnotationEntry, visitBootstrapMethods, visitConstantInvokeDynamic, visitConstantMethodHandle, visitConstantMethodType, visitConstantModule, visitConstantPackage, visitConstantPool, visitEnclosingMethod, visitingField, visitingMethod, visitInnerClasses, visitJavaClass, visitLineNumberTable, visitLocalVariableTable, visitMethodParameters, visitParameterAnnotationEntry, visitStackMap, visitStackMapEntry

Methods inherited from class edu.umd.cs.findbugs.visitclass.BetterVisitor
clone, report, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visitCodeException, visitConstantClass, visitConstantDouble, visitConstantFieldref, visitConstantFloat, visitConstantInteger, visitConstantInterfaceMethodref, visitConstantLong, visitConstantMethodref, visitConstantNameAndType, visitConstantString, visitConstantUtf8, visitConstantValue, visitDeprecated, visitExceptionTable, visitField, visitInnerClass, visitLineNumber, visitLocalVariable, visitLocalVariableTypeTable, visitMethod, visitSignature, visitSourceFile, visitSynthetic, visitUnknown

Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.bcel.classfile.Visitor
visitConstantDynamic, visitMethodParameter, visitModule, visitModuleExports, visitModuleMainClass, visitModuleOpens, visitModulePackages, visitModuleProvides, visitModuleRequires, visitNestHost, visitNestMembers, visitRecord, visitRecordComponent, visitStackMapType

Constructor Details
- ConstructorThrow
  
  public ConstructorThrow(BugReporter bugReporter)
Method Details
- visit
  
  public void visit(org.apache.bcel.classfile.JavaClass obj)
  
  Visit a class to find the constructor, then collect all the methods that gets called in it. Also, we are checking for final declaration on the class, or a final finalizer, as if present no finalizer attack can happen.
  
  Overrides:
  
  visit in class BetterVisitor
- visit
  
  public void visit(org.apache.bcel.classfile.Method obj)
  
  Overrides:
  
  visit in class BetterVisitor
- visitAfter
  
  public void visitAfter(org.apache.bcel.classfile.JavaClass obj)
  
  Overrides:
  
  visitAfter in class PreorderVisitor
- sawOpcode
  
  public void sawOpcode(int seen)
  
  1. Check for any throw expression in the constructor. 2. Check for any exception throw inside constructor, or any of the called methods. If the class is final, we are fine, no finalizer attack can happen. In the first pass the detector shouldn't report, because there could be a final finalizer and a throwing constructor. Reporting in this case would be a false positive as classes with a final finalizer are not vulnerable to the finalizer attack.
  Specified by:
  
  sawOpcode in class OpcodeStackDetector
  
  See Also:
  
  OpcodeStackDetector.beforeOpcode(int)

Class ConstructorThrow

Nested Class Summary

Nested classes/interfaces inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector

Field Summary

Fields inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector

Fields inherited from class edu.umd.cs.findbugs.visitclass.DismantleBytecode

Fields inherited from interface edu.umd.cs.findbugs.Priorities

Constructor Summary

Method Summary

Methods inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector

Methods inherited from class edu.umd.cs.findbugs.BytecodeScanningDetector

Methods inherited from class edu.umd.cs.findbugs.visitclass.DismantleBytecode

Methods inherited from class edu.umd.cs.findbugs.visitclass.AnnotationVisitor

Methods inherited from class edu.umd.cs.findbugs.visitclass.PreorderVisitor

Methods inherited from class edu.umd.cs.findbugs.visitclass.BetterVisitor

Methods inherited from class java.lang.Object

Methods inherited from interface org.apache.bcel.classfile.Visitor

Constructor Details

ConstructorThrow

Method Details

visit

visit

visitAfter

sawOpcode