Package edu.umd.cs.findbugs.detect

Class ConstructorThrow

java.lang.Object

edu.umd.cs.findbugs.visitclass.BetterVisitor

edu.umd.cs.findbugs.visitclass.PreorderVisitor

edu.umd.cs.findbugs.visitclass.AnnotationVisitor

edu.umd.cs.findbugs.visitclass.DismantleBytecode

edu.umd.cs.findbugs.BytecodeScanningDetector

edu.umd.cs.findbugs.bcel.OpcodeStackDetector

edu.umd.cs.findbugs.detect.ConstructorThrow

All Implemented Interfaces:

Detector, Priorities, org.apache.bcel.classfile.Visitor

public class ConstructorThrow
extends OpcodeStackDetector

This detector can find constructors that throw exception.

Nested Class Summary

Nested classes/interfaces inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector

OpcodeStackDetector.WithCustomJumpInfo

Field Summary

Fields inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector

stack

Fields inherited from class edu.umd.cs.findbugs.visitclass.DismantleBytecode

codeBytes, lineNumberTable, M_BR, M_CP, M_INT, M_PAD, M_R, M_UINT

Fields inherited from interface edu.umd.cs.findbugs.Priorities

EXP_PRIORITY, HIGH_PRIORITY, IGNORE_PRIORITY, LOW_PRIORITY, NORMAL_PRIORITY

Constructor Summary

Constructors

Constructor	Description
ConstructorThrow(BugReporter bugReporter)

Method Summary

Modifier and Type	Method	Description
void	sawOpcode(int seen)	1.
void	visit(org.apache.bcel.classfile.JavaClass obj)	Visit a class to find the constructor, then collect all the methods that gets called in it.
void	visitAfter(org.apache.bcel.classfile.JavaClass obj)

Methods inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector

afterOpcode, beforeOpcode, getStack, isUsingCustomUserValue, visitCode

Methods inherited from class edu.umd.cs.findbugs.BytecodeScanningDetector

getClassContext, report, shouldVisitCode, visitClassContext

Methods inherited from class edu.umd.cs.findbugs.visitclass.DismantleBytecode

areOppositeBranches, atCatchBlock, getBranchFallThrough, getBranchOffset, getBranchTarget, getClassConstantOperand, getClassDescriptorOperand, getCodeByte, getConstantRefOperand, getDefaultSwitchOffset, getDottedClassConstantOperand, getFieldDescriptorOperand, getIntConstant, getLongConstant, getMaxPC, getMethodDescriptorOperand, getNameConstantOperand, getNextCodeByte, getNextOpcode, getNextPC, getOpcode, getPC, getPrevOpcode, getRefConstantOperand, getRefFieldIsStatic, getRegisterOperand, getSigConstantOperand, getStringConstantOperand, getSwitchLabels, getSwitchOffsets, getXClassOperand, getXFieldOperand, getXMethodOperand, isBranch, isMethodCall, isRegisterLoad, isRegisterStore, isRegisterStore, isReturn, isShift, isSwitch, isWideOpcode, printOpCode, sawBranchTo, sawClass, sawDouble, sawField, sawFloat, sawIMethod, sawInt, sawLong, sawMethod, sawRegister, sawString, visit

Methods inherited from class edu.umd.cs.findbugs.visitclass.AnnotationVisitor

getAnnotationParameterAsString, getAnnotationParameterAsStringArray, visitAnnotation, visitAnnotation, visitParameterAnnotation, visitParameterAnnotation, visitSyntheticParameterAnnotation

Methods inherited from class edu.umd.cs.findbugs.visitclass.PreorderVisitor

amVisitingMainMethod, asUnsignedByte, doVisitMethod, getClassDescriptor, getClassName, getCode, getConstantPool, getDottedClassName, getDottedFieldSig, getDottedMethodSig, getDottedSuperclassName, getField, getFieldDescriptor, getFieldIsStatic, getFieldName, getFieldSig, getFullyQualifiedFieldName, getFullyQualifiedMethodName, getMethod, getMethodDescriptor, getMethodName, getMethodSig, getMethodVisitOrder, getNumberArguments, getNumberMethodArguments, getPackageName, getSizeOfSurroundingTryBlock, getSizeOfSurroundingTryBlock, getSourceFile, getStringFromIndex, getSuperclassName, getSurroundingCaughtExceptions, getSurroundingCaughtExceptions, getSurroundingCaughtExceptionTypes, getSurroundingTryBlock, getSurroundingTryBlock, getThisClass, getXClass, getXField, getXMethod, hasInterestingClass, hasInterestingMethod, isVisitMethodsInCallOrder, setupVisitorForClass, setVisitMethodsInCallOrder, shouldVisit, toString, visitAfter, visitAnnotationDefault, visitAnnotationEntry, visitBootstrapMethods, visitConstantInvokeDynamic, visitConstantMethodHandle, visitConstantMethodType, visitConstantModule, visitConstantPackage, visitConstantPool, visitEnclosingMethod, visitingField, visitingMethod, visitInnerClasses, visitJavaClass, visitLineNumberTable, visitLocalVariableTable, visitMethodParameters, visitParameterAnnotationEntry, visitStackMap, visitStackMapEntry

Methods inherited from class edu.umd.cs.findbugs.visitclass.BetterVisitor

clone, report, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visitCodeException, visitConstantClass, visitConstantDouble, visitConstantFieldref, visitConstantFloat, visitConstantInteger, visitConstantInterfaceMethodref, visitConstantLong, visitConstantMethodref, visitConstantNameAndType, visitConstantString, visitConstantUtf8, visitConstantValue, visitDeprecated, visitExceptionTable, visitField, visitInnerClass, visitLineNumber, visitLocalVariable, visitLocalVariableTypeTable, visitMethod, visitSignature, visitSourceFile, visitSynthetic, visitUnknown

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.bcel.classfile.Visitor

visitConstantDynamic, visitMethodParameter, visitModule, visitModuleExports, visitModuleMainClass, visitModuleOpens, visitModulePackages, visitModuleProvides, visitModuleRequires, visitNestHost, visitNestMembers, visitRecord, visitRecordComponent, visitStackMapType

Constructor Details

ConstructorThrow

public ConstructorThrow(BugReporter bugReporter)

Method Details

visit

public void visit(org.apache.bcel.classfile.JavaClass obj)

Visit a class to find the constructor, then collect all the methods that gets called in it. Also, we are checking for final declaration on the class, or a final finalizer, as if present no finalizer attack can happen.

Overrides:

visit in class BetterVisitor

visitAfter

public void visitAfter(org.apache.bcel.classfile.JavaClass obj)

Overrides:

visitAfter in class PreorderVisitor

sawOpcode

public void sawOpcode(int seen)

1. Check for any throw expression in the constructor. 2. Check for any exception throw inside constructor, or any of the called methods. If the class is final, we are fine, no finalizer attack can happen. In the first pass the detector shouldn't report, because there could be a final finalizer and a throwing constructor. Reporting in this case would be a false positive as classes with a final finalizer are not vulnerable to the finalizer attack.

Specified by:

sawOpcode in class OpcodeStackDetector

See Also:

• OpcodeStackDetector.beforeOpcode(int)