View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   https://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.bcel.verifier.statics;
20  
21  import org.apache.bcel.Repository;
22  import org.apache.bcel.classfile.ClassFormatException;
23  import org.apache.bcel.classfile.JavaClass;
24  import org.apache.bcel.verifier.PassVerifier;
25  import org.apache.bcel.verifier.VerificationResult;
26  import org.apache.bcel.verifier.Verifier;
27  import org.apache.bcel.verifier.exc.LoadingException;
28  import org.apache.commons.lang3.ArrayUtils;
29  
30  /**
31   * This PassVerifier verifies a class file according to pass 1 as described in The Java Virtual Machine Specification,
32   * 2nd edition. More detailed information is to be found at the do_verify() method's documentation.
33   *
34   * @see #do_verify()
35   */
36  public final class Pass1Verifier extends PassVerifier {
37      /**
38       * DON'T USE THIS EVEN PRIVATELY! USE getJavaClass() INSTEAD.
39       *
40       * @see #getJavaClass()
41       */
42      private JavaClass javaClass;
43  
44      /**
45       * The Verifier that created this.
46       */
47      private final Verifier verifier;
48  
49      /**
50       * Should only be instantiated by a Verifier.
51       *
52       * @see Verifier
53       */
54      public Pass1Verifier(final Verifier verifier) {
55          this.verifier = verifier;
56      }
57  
58      /**
59       * Pass-one verification basically means loading in a class file. The Java Virtual Machine Specification is not too
60       * precise about what makes the difference between passes one and two. The answer is that only pass one is performed on
61       * a class file as long as its resolution is not requested; whereas pass two and pass three are performed during the
62       * resolution process. Only four constraints to be checked are explicitly stated by The Java Virtual Machine
63       * Specification, 2nd edition:
64       * <UL>
65       * <LI>The first four bytes must contain the right magic number (0xCAFEBABE).
66       * <LI>All recognized attributes must be of the proper length.
67       * <LI>The class file must not be truncated or have extra bytes at the end.
68       * <LI>The constant pool must not contain any superficially unrecognizable information.
69       * </UL>
70       * A more in-depth documentation of what pass one should do was written by <A HREF=mailto:pwfong@cs.sfu.ca>Philip W. L.
71       * Fong</A>:
72       * <UL>
73       * <LI>the file should not be truncated.
74       * <LI>the file should not have extra bytes at the end.
75       * <LI>all variable-length structures should be well-formatted:
76       * <UL>
77       * <LI>there should only be constant_pool_count-1 many entries in the constant pool.
78       * <LI>all constant pool entries should have size the same as indicated by their type tag.
79       * <LI>there are exactly interfaces_count many entries in the interfaces array of the class file.
80       * <LI>there are exactly fields_count many entries in the fields array of the class file.
81       * <LI>there are exactly methods_count many entries in the methods array of the class file.
82       * <LI>there are exactly attributes_count many entries in the attributes array of the class file, fields, methods, and
83       * code attribute.
84       * <LI>there should be exactly attribute_length many bytes in each attribute. Inconsistency between attribute_length and
85       * the actually size of the attribute content should be uncovered. For example, in an Exceptions attribute, the actual
86       * number of exceptions as required by the number_of_exceptions field might yeild an attribute size that doesn't match
87       * the attribute_length. Such an anomaly should be detected.
88       * <LI>all attributes should have proper length. In particular, under certain context (for example while parsing method_info),
89       * recognizable attributes (for example "Code" attribute) should have correct format (for example attribute_length is 2).
90       * </UL>
91       * <LI>Also, certain constant values are checked for validity:
92       * <UL>
93       * <LI>The magic number should be 0xCAFEBABE.
94       * <LI>The major and minor version numbers are valid.
95       * <LI>All the constant pool type tags are recognizable.
96       * <LI>All undocumented access flags are masked off before use. Strictly speaking, this is not really a check.
97       * <LI>The field this_class should point to a string that represents a legal non-array class name, and this name should
98       * be the same as the class file being loaded.
99       * <LI>the field super_class should point to a string that represents a legal non-array class name.
100      * <LI>Because some of the above checks require cross referencing the constant pool entries, guards are set up to make
101      * sure that the referenced entries are of the right type and the indices are within the legal range (0 &lt; index &lt;
102      * constant_pool_count).
103      * </UL>
104      * <LI>Extra checks done in pass 1:
105      * <UL>
106      * <LI>the constant values of static fields should have the same type as the fields.
107      * <LI>the number of words in a parameter list does not exceed 255 and locals_max.
108      * <LI>the name and signature of fields and methods are verified to be of legal format.
109      * </UL>
110      * </UL>
111      * (From the Paper <A HREF="http://www.cs.sfu.ca/people/GradStudents/pwfong/personal/JVM/pass1/"> The Mysterious Pass
112      * One, first draft, September 2, 1997</A>.)
113      *
114      * <P>
115      * However, most of this is done by parsing a class file or generating a class file into BCEL's internal data structure.
116      * <B>Therefore, all that is really done here is look up the class file from BCEL's repository.</B> This is also
117      * motivated by the fact that some omitted things (like the check for extra bytes at the end of the class file) are
118      * handy when actually using BCEL to repair a class file (otherwise you would not be able to load it into BCEL).
119      * </P>
120      *
121      * @see org.apache.bcel.Repository
122      * @see org.apache.bcel.Const#JVM_CLASSFILE_MAGIC
123      */
124     @Override
125     public VerificationResult do_verify() {
126         final JavaClass jc;
127         try {
128             jc = getJavaClass(); // loads in the class file if not already done.
129 
130             /* If we find more constraints to check, we should do this in an own method. */
131             // This should maybe caught by BCEL: In case of renamed .class files we get wrong
132             // JavaClass objects here.
133             // This test should be much more complicated. It needs to take the class name, remove any portion at the
134             // end that matches the file name and then see if the remainder matches anything on the class path.
135             // Dumb test for now, see if the class name ends with the file name.
136             if (jc != null && !verifier.getClassName().equals(jc.getClassName()) && !jc.getClassName().endsWith(verifier.getClassName())) {
137                 throw new LoadingException("Wrong name: the internal name of the .class file '" + jc.getClassName() + "' does not match the file's name '"
138                     + verifier.getClassName() + "'.");
139             }
140         } catch (final LoadingException | ClassFormatException e) {
141             return new VerificationResult(VerificationResult.VERIFIED_REJECTED, e.getMessage());
142         } catch (final RuntimeException e) {
143             // BCEL does not catch every possible RuntimeException; for example if
144             // a constant pool index is referenced that does not exist.
145             return new VerificationResult(VerificationResult.VERIFIED_REJECTED, "Parsing via BCEL did not succeed.  exception occurred:\n" + e.toString());
146             // Don't think we want to dump a stack trace unless we have some sort of a debug option.
147             // e.getClass().getName()+" occurred:\n"+Utility.getStackTrace(e));
148         }
149 
150         if (jc != null) {
151             return VerificationResult.VR_OK;
152         }
153         // TODO: Maybe change Repository's behavior to throw a LoadingException instead of just returning "null"
154         // if a class file cannot be found or in another way be looked up.
155         return new VerificationResult(VerificationResult.VERIFIED_REJECTED, "Repository.lookup() failed. FILE NOT FOUND?");
156     }
157 
158     /**
159      * Used to load in and return the myOwner-matching JavaClass object when needed. Avoids loading in a class file when
160      * it's not really needed!
161      */
162     private JavaClass getJavaClass() {
163         if (javaClass == null) {
164             try {
165                 javaClass = Repository.lookupClass(verifier.getClassName());
166             } catch (final ClassNotFoundException ignored) {
167                 // FIXME: currently, Pass1Verifier treats jc == null as a special
168                 // case, so we don't need to do anything here. A better solution
169                 // would be to simply throw the ClassNotFoundException
170                 // out of this method.
171             }
172         }
173         return javaClass;
174     }
175 
176     /**
177      * Currently this returns an empty array of String. One could parse the error messages of BCEL (written to
178      * {@link System#err}) when loading a class file such as detecting unknown attributes or trailing garbage at the end
179      * of a class file. However, Markus Dahm does not like the idea so this method is currently useless and therefore marked
180      * as <strong>TODO</strong>.
181      */
182     @Override
183     public String[] getMessages() {
184         return ArrayUtils.EMPTY_STRING_ARRAY;
185     }
186 
187 }