Packages

  • package root
    Definition Classes
    root
  • package org
    Definition Classes
    root
  • package opalj

    OPAL is a Scala-based framework for the static analysis, manipulation and creation of Java bytecode.

    OPAL is a Scala-based framework for the static analysis, manipulation and creation of Java bytecode. OPAL is designed with performance, scalability and adaptability in mind.

    Its main components are:

    • a library (Common) which provides generally useful data-structures and algorithms for static analyses.
    • a framework for parsing Java bytecode (Bytecode Infrastructure) that can be used to create arbitrary representations.
    • a library to create a one-to-one in-memory representation of Java bytecode (Bytecode Disassembler).
    • a library to create a representation of Java bytecode that facilitates writing simple static analyses (Bytecode Representation - org.opalj.br).
    • a scalable, easily customizable framework for the abstract interpretation of Java bytecode (Abstract Interpretation Framework - org.opalj.ai).
    • a library to extract dependencies between code elements and to facilitate checking architecture definitions.
    • a library for the lightweight manipulation and creation of Java bytecode.

    General Design Decisions

    Thread Safety

    Unless explicitly noted, OPAL is thread safe. I.e., the classes defined by OPAL can be considered to be thread safe unless otherwise stated. (For example, it is possible to read and process class files concurrently without explicit synchronization on the client side.)

    No null Values

    Unless explicitly noted, OPAL does not null values I.e., fields that are accessible will never contain null values and methods will never return null. If a method accepts null as a value for a parameter or returns a null value it is always explicitly documented. In general, the behavior of methods that are passed null values is undefined unless explicitly documented.

    No Typecasts for Collections

    For efficiency reasons, OPAL sometimes uses mutable data-structures internally. After construction time, these data-structures are generally represented using their generic interfaces (e.g., scala.collection.{Set,Map}). However, a downcast (e.g., to add/remove elements) is always forbidden as it would effectively prevent thread-safety. Furthermore, the concrete data-structure is always considered an implementation detail and may change at any time.

    Assertions

    OPAL makes heavy use of Scala's Assertion Facility to facilitate writing correct code. Hence, for production builds (after thorough testing(!)) it is highly recommend to build OPAL again using -Xdisable-assertions.

    Definition Classes
    org
  • package ai

    Implementation of an abstract interpretation (ai) framework – also referred to as OPAL.

    Implementation of an abstract interpretation (ai) framework – also referred to as OPAL.

    Please note, that OPAL/the abstract interpreter just refers to the classes and traits defined in this package (ai). The classes and traits defined in the sub-packages (in particular in domain) are not considered to be part of the core of OPAL/the abstract interpreter.

    Definition Classes
    opalj
    Note

    This framework assumes that the analyzed bytecode is valid; i.e., the JVM's bytecode verifier would be able to verify the code. Furthermore, load-time errors (e.g., LinkageErrors) are – by default – completely ignored to facilitate the analysis of parts of a project. In general, if the presented bytecode is not valid, the result is undefined (i.e., OPAL may report meaningless results, crash or run indefinitely).

    See also

    org.opalj.ai.Domain - The core interface between the abstract interpretation framework and the abstract domain that is responsible for performing the abstract computations.

    org.opalj.ai.AI - Implements the abstract interpreter that processes a methods code and uses an analysis-specific domain to perform the abstract computations.

  • package jdkbug

    Contains definitions that are used by the elements specified in JDKBugs

    Contains definitions that are used by the elements specified in JDKBugs

    Definition Classes
    ai
  • CallStackEntry
  • CalledTaintAnalysisDomain
  • CallerNode
  • ContextNode
  • JDKTaintAnalysis
  • RootTaintAnalysisDomain
  • TaintAnalysisDomain
o

org.opalj.ai.jdkbug

JDKTaintAnalysis

object JDKTaintAnalysis extends AIProject[URL, Domain with OptionalReport] with OneStepAnalysis[URL, ReportableAnalysisResult] with AnalysisExecutor

Searches for occurrences of the Class.forName bug in the JDK

Source
JDKBugs.scala
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. JDKTaintAnalysis
  2. AnalysisExecutor
  3. OneStepAnalysis
  4. Analysis
  5. AIProject
  6. AnyRef
  7. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. def ai: AI[Domain with OptionalReport]

    Returns the abstract interpreter that should be used for performing the abstract interpretations.

    Returns the abstract interpreter that should be used for performing the abstract interpretations.

    Definition Classes
    JDKTaintAnalysisAIProject
  5. val analysis: JDKTaintAnalysis.type
    Definition Classes
    JDKTaintAnalysisAnalysisExecutor
  6. def analysisSpecificParametersDescription: String

    Describes the analysis specific parameters.

    Describes the analysis specific parameters. An analysis specific parameter has to start with a dash ("-") and has to contain an equals sign ("=").

    Definition Classes
    JDKTaintAnalysisAnalysisExecutor
    Note

    The parameter -library= is already predefined (see general documentation).

    ,

    The parameter -cp= is already predefined (see general documentation).

  7. final def analyze(project: Project[URL], parameters: Seq[String] = List.empty, initProgressManagement: (Int) ⇒ ProgressManagement = ProgressManagement.None): ReportableAnalysisResult

    Analyzes the given project and reports the result(s).

    Analyzes the given project and reports the result(s).

    initProgressManagement

    A function to get a org.opalj.br.analyses.ProgressManagement object. The function is called by the analysis for each major analysis with the number of steps (Int) that will be performed . The analysis will subsequently use that object to report status information (related to that part of the analysis) and to check the interrupted status. The number of steps is at least 1. The analysis may call this function multiple times. However, the last End event always has be signaled using the first ProgressManagement object. In other words, logically nested calls are supported, but chaining is not. A legal call sequence could be:

    val pouter = initProgressManagement(2)
    pouter.progress(1,Start,Some("call graph analysis"))
        // ... construct call graph
    pouter.progress(1,End,None)
    pouter.progress(2,Start,Some("analyzing class files"))
        val p2 = initProgressManagement(500)
        // SEVERAL CLASS FILES ARE ANALYZED IN PARALLEL:
        p2.progress(1,Start,Some("java.lang.Object"))
        p2.progress(2,Start,Some("java.util.ArrayList"))
        p2.progress(3,Start,Some("java.lang.String"))
        p2.progress(2,End,Some("java.util.ArrayList"))
        p2.progress(4,Start,Some("java.util.Date"))
        ...
        p2.progress(500,End,None)
    pouter.progress(2,End,None)
    returns

    The analysis' result. If the analysis was aborted/killed the analysis should return an appropriate result (which might be null) and this has to be specified/documented by the analysis.

    Definition Classes
    OneStepAnalysisAnalysis
  8. def analyze(project: Project[URL], parameters: Seq[String]): ReportableAnalysisResult

    Analyzes the given project by first determining the entry points of the analysis and then starting an independent analysis for each entry point using its own domain.

    Analyzes the given project by first determining the entry points of the analysis and then starting an independent analysis for each entry point using its own domain.

    Definition Classes
    AIProject
    Note

    This method is intended to be overridden by subtraits that need to get hold on the specified analysis parameters. In this case (in the subtrait) it is recommended to first analyze the parameters and afterwards to call this method using super.analyze(...).

  9. val analyzeInParallel: Boolean

    If true (default) all entry points will be analyzed in parallel.

    If true (default) all entry points will be analyzed in parallel.

    Needs to be overridden by subclasses if the entry points should be analyzed sequentially.

    Attributes
    protected
    Definition Classes
    AIProject
  10. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  11. def checkAnalysisSpecificParameters(parameters: Seq[String]): Seq[String]

    Checks if the (additional) parameters are understood by the analysis.

    Checks if the (additional) parameters are understood by the analysis. If an error is found a list of issues is returned and the analysis will not be executed.

    This method must be overridden if the analysis defines additional parameters. A method that overrides this method should return the list of issues if it can't validate all arguments. The default behavior is to check that there are no additional parameters.

    Definition Classes
    JDKTaintAnalysisAnalysisExecutor
  12. def clone(): AnyRef
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )
  13. def copyright: String

    The copyright statement which contains less than 124 character and no line-breaks.

    The copyright statement which contains less than 124 character and no line-breaks.

    Definition Classes
    Analysis
  14. def description: String

    A textual description of this analysis.

    A textual description of this analysis.

    The description should discuss:

    • the goal of the analysis
    • weaknesses of the analysis; i.e., whether the analysis may report false positives or may not report existing bugs (i.e., whether the analysis is subject to false negatives.)
    • if applicable, it should discuss what the developer could/should do in general to remedy the situation
    • if applicable it should discuss the severeness of the found results. I.e., whether immediate action is required because a bug was found that will show up at runtime or if it is a security bug.
    • if applicable it should give an example. I.e., what the expected result is given a project with certain resources.
    Definition Classes
    JDKTaintAnalysisAnalysis
  15. def doAnalyze(project: Project[URL], parameters: Seq[String], isInterrupted: () ⇒ Boolean): ReportableAnalysisResult
    Definition Classes
    JDKTaintAnalysisOneStepAnalysis
  16. def documentationUrl: Option[String]

    A URL at which documentation about this analysis can be found.

    A URL at which documentation about this analysis can be found. This allows user interfaces to show a link for the user to click on, as a way to access further documentation about this analysis.

    For example, for a command line interface, outputting the entire description to the console may not be desirable, and it could show this URL instead.

    This is just a String, not a java.net.URL, because we do not intend to use it as an URL internally. It is just a text string that can be shown to the user.

    Definition Classes
    Analysis
  17. def domain(project: Project[URL], method: Method): Domain with OptionalReport

    Basically, each entry point is analyzed on its own and is associated with a unique domain instance.

    Basically, each entry point is analyzed on its own and is associated with a unique domain instance.

    Definition Classes
    JDKTaintAnalysisAIProject
  18. def entryPoints(project: Project[URL]): Iterable[Method]

    This method finds all possible entry points.

    This method finds all possible entry points. An entry point has to be public or protected and not final. Also it needs to take a String as argument and return an Object or Class

    returns

    All methods that are potential entry points.

    Definition Classes
    JDKTaintAnalysisAIProject
  19. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  20. def equals(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  21. def finalize(): Unit
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  22. final def getClass(): Class[_]
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  23. def handleParsingExceptions(project: SomeProject, exceptions: Traversable[Throwable]): Unit
    Attributes
    protected
    Definition Classes
    AnalysisExecutor
  24. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  25. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  26. var javaSecurityFile: String
  27. val javaSecurityParameter: String
  28. def main(args: Array[String]): Unit
    Definition Classes
    AnalysisExecutor
  29. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  30. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  31. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  32. def printUsage(implicit logContext: LogContext): Unit

    Prints out general information how to use this analysis.

    Prints out general information how to use this analysis. Printed whenever the set of specified parameters is not valid.

    Attributes
    protected
    Definition Classes
    AnalysisExecutor
  33. def setupProject(cpFiles: Iterable[File], libcpFiles: Iterable[File], completelyLoadLibraries: Boolean, analysisMode: AnalysisMode, fallbackConfiguration: Config)(implicit initialLogContext: LogContext): Project[URL]
    Definition Classes
    AnalysisExecutor
  34. final def synchronized[T0](arg0: ⇒ T0): T0
    Definition Classes
    AnyRef
  35. def title: String

    A short descriptive title which should contain less than 64 characters and no line-breaks.

    A short descriptive title which should contain less than 64 characters and no line-breaks.

    The default is the simple name of the class implementing the analysis.

    Definition Classes
    Analysis
  36. def toString(): String
    Definition Classes
    AnyRef → Any
  37. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  38. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  39. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )

Inherited from AnalysisExecutor

Inherited from Analysis[URL, ReportableAnalysisResult]

Inherited from AIProject[URL, Domain with OptionalReport]

Inherited from AnyRef

Inherited from Any

Ungrouped