Make this take into account arrays
github-actions opened this issue · 0 comments
github-actions commented
Make this take into account arrays
ATTEMPTED FIX
}
}
}
*/
if (insnNode instanceof MethodInsnNode) {
MethodInsnNode methodInsnNode = (MethodInsnNode) insnNode;
/*if (methodInsnNode.owner.startsWith("java/lang/Process")
|| Type.getReturnType(methodInsnNode.desc).getClassName().startsWith("java.lang.Process")) {
variant[0] = "Process";
} else*/ if (methodInsnNode.owner.equals("java/lang/Runtime")) {
if (methodInsnNode.name.equals("exec")) {
// TODO: Make this take into account arrays
// ATTEMPTED FIX
AbstractInsnNode previous = methodInsnNode.getPrevious();
if (previous instanceof LdcInsnNode) {
variant[0] = "Exec";
LdcInsnNode ldc = (LdcInsnNode) previous;
if (cache.containsBlacklistedString(ldc.cst.toString())) {
setClassNodePath(classNode.name);
setSourceFilePath(classNode.sourceFile);
found = true;
}
break;
}
break;
// ATTEMPTED FIX
}
/*else if (methodInsnNode.name.equals("getRuntime")) {
variant[0] = "GetRuntime";
}*/
}
if (variant[0] != null) {
setClassNodePath(classNode.name);
setSourceFilePath(classNode.sourceFile);
found = true;
break;
}
} else if (insnNode instanceof LineNumberNode) {
setLine(((LineNumberNode) insnNode).line);
}
}
}
if (found) {
List<CheckResult> result = new ArrayList<>();
result.add(new CheckResult("Spigot", "MALWARE", "SystemAccess", variant[0], getSourceFilePath(),
getClassNodePath(), getLine()));
return result;
}
return new ArrayList<>();
}
}13bb5deb7d0337a2ba063646de46e609e9295f50