How to write custom detector for find sec bug plugin ? It will be help full if someone write a sample detector to detect the use of a word. Thanks in advance
Asked
Active
Viewed 528 times
0
-
Welcome to SO! please share what you have tried also. http://stackoverflow.com/help/how-to-ask – selva Jun 23 '16 at 07:16
-
I have written a custom detector for finding the use of system.out.println. But it is giving lots of false positive. such as it's showing bug at the below statement for (UploadForm object : uploadFormObj.getAllObjInExcel()). – niraj Jun 24 '16 at 09:23
1 Answers
2
Below is the sample code for detecting system.out.printl but it is showing lots of false positive bugs
package com.h3xstream.findsecbugs;
import org.apache.bcel.Constants;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.Priorities;
import edu.umd.cs.findbugs.bcel.OpcodeStackDetector;
import edu.umd.cs.findbugs.classfile.ClassDescriptor;
import edu.umd.cs.findbugs.classfile.FieldDescriptor;
public class CallToSystemOutPrintlnDetector2 extends OpcodeStackDetector {
private BugReporter bugReporter;
public CallToSystemOutPrintlnDetector2(BugReporter bugReporter) {
super();
this.bugReporter = bugReporter;
}
public void sawOpcode(int seen) {
if (seen == Constants.GETSTATIC) {
try {
FieldDescriptor operand = getFieldDescriptorOperand();
ClassDescriptor classDescriptor = operand.getClassDescriptor();
if ("java/lang/System".equals(classDescriptor.getClassName())
&& ("err".equals(operand.getName()) || "out"
.equals(operand.getName()))) {
bugReporter
.reportBug(new BugInstance(this,
"MY_CALL_TO_SYSTEM_OUT_BUG",
Priorities.NORMAL_PRIORITY)
//
.addClass(this).addMethod(this)
.addSourceLine(this));
}
} catch (Exception e) {
// ignore
}
}
}
}
