0

I need to do some operations on the AST produced by the java parser. My problem is I want to check a class initialization cycle problem is there or not.

One example is, 

class mark1 {
  public static final int x = mark2.p * 5;
  //Do some operations here
} 

class mark2 {
 public static final int p = mark1.x + 100;
 //Do some operations here
}

The initialization order of the classes can vary, causing computation of different values for mark1.x and mark2.p. I am trying to implement it using javaparser produced AST but didn't get a feasible solution.

unni teja
  • 1

1 Answers1

0

With JavaParser you can easily get all the static fields and the static initializers.

The problem I see with this is that you need to resolve references. For example you need to understand that "mark2.p" and "mark1.x" refer to static fields of other classes. From the point of view of the ASTs they are field accesses, but the AST and JavaParser alone cannot tell you that that particular field is static. To do so you need to use a symbol solver like https://github.com/ftomassetti/java-symbol-solver/ or you can build the logic yourself. For example you could need to look at the imports and see if the class mark1 has been imported or if one class named mark1 is present in the same package as mark2. Doing that you could recognize that mark1 is the name of a class and look into that class for the symbol p. You could then find it and notice it is a static field.

Source: I am a JavaParser contributor

Federico Tomassetti
  • 2,100
  • 1
  • 19
  • 26
  • Thanks for the reply sir. I want to implement this rule https://www.securecoding.cert.org/confluence/display/java/DCL00-J.+Prevent+class+initialization+cycles. I got the AST using javaparser. I want to do a pattern matching to find this vulnerability, but I stuck here. – unni teja Apr 25 '16 at 19:25