Merge pull request #16 from adrianherrera/null-security-manager

Added new "set security manager to null" heuristic to the MaliciousCodeS...

src/the/bytecode/club/bytecodeviewer/gui/MaliciousCodeScannerOptions.java

@@ -17,7 +17,7 @@ import java.awt.event.ActionEvent;
 public class MaliciousCodeScannerOptions extends JFrame {
 	public MaliciousCodeScannerOptions() {
 		this.setIconImages(BytecodeViewer.iconList);
-		setSize(new Dimension(250, 277));
+		setSize(new Dimension(250, 300));
 		setResizable(false);
 		setTitle("Malicious Code Scanner Options");
 		getContentPane().setLayout(null);
@@ -67,6 +67,12 @@ public class MaliciousCodeScannerOptions extends JFrame {
 		chckbxLdcMatchesIp.setBounds(6, 189, 232, 23);
 		getContentPane().add(chckbxLdcMatchesIp);
 
+		final JCheckBox chckbxNullSecMan = new JCheckBox(
+				"SecurityManager set to null");
+		chckbxNullSecMan.setSelected(true);
+		chckbxNullSecMan.setBounds(6, 215, 232, 23);
+		getContentPane().add(chckbxNullSecMan);
+
 		JButton btnNewButton = new JButton("Start Scanning");
 		btnNewButton.addActionListener(new ActionListener() {
 			public void actionPerformed(ActionEvent arg0) {
@@ -77,11 +83,11 @@ public class MaliciousCodeScannerOptions extends JFrame {
 						chckbxLdcContainswww.isSelected(),
 						chckbxLdcContainshttp.isSelected(),
 						chckbxLdcContainshttps.isSelected(), chckbxLdcMatchesIp
-								.isSelected()));
+								.isSelected(), chckbxNullSecMan.isSelected()));
 				dispose();
 			}
 		});
-		btnNewButton.setBounds(6, 219, 232, 23);
+		btnNewButton.setBounds(6, 245, 232, 23);
 		getContentPane().add(btnNewButton);
 		this.setLocationRelativeTo(null);
 	}

src/the/bytecode/club/bytecodeviewer/plugins/MaliciousCodeScanner.java

@@ -2,10 +2,12 @@ package the.bytecode.club.bytecodeviewer.plugins;
 
 import java.util.ArrayList;
 
+import org.objectweb.asm.Opcodes;
 import org.objectweb.asm.tree.AbstractInsnNode;
 import org.objectweb.asm.tree.ClassNode;
 import org.objectweb.asm.tree.FieldNode;
 import org.objectweb.asm.tree.InsnList;
+import org.objectweb.asm.tree.InsnNode;
 import org.objectweb.asm.tree.LdcInsnNode;
 import org.objectweb.asm.tree.MethodInsnNode;
 import org.objectweb.asm.tree.MethodNode;
@@ -25,10 +27,11 @@ import the.bytecode.club.bytecodeviewer.api.PluginConsole;
 
 public class MaliciousCodeScanner extends Plugin {
 
-	public boolean ORE, ONE, ORU, OIO, LWW, LHT, LHS, LIP;
+	public boolean ORE, ONE, ORU, OIO, LWW, LHT, LHS, LIP, NSM;
 
 	public MaliciousCodeScanner(boolean reflect, boolean runtime, boolean net,
-			boolean io, boolean www, boolean http, boolean https, boolean ip) {
+			boolean io, boolean www, boolean http, boolean https, boolean ip,
+			boolean nullSecMan) {
 		ORE = reflect;
 		ONE = net;
 		ORU = runtime;
@@ -37,6 +40,7 @@ public class MaliciousCodeScanner extends Plugin {
 		LHT = http;
 		LHS = https;
 		LIP = ip;
+		NSM = nullSecMan;
 	}
 
 	@Override
@@ -77,6 +81,8 @@ public class MaliciousCodeScanner extends Plugin {
 				}
 			}
 
+			boolean prevInsn_aconst_null = false;
+
 			for (Object o : classNode.methods.toArray()) {
 				MethodNode m = (MethodNode) o;
 
@@ -111,6 +117,29 @@ public class MaliciousCodeScanner extends Plugin {
 							}
 						}
 					}
+
+					// Check if the security manager is getting set to null
+					if ((a instanceof InsnNode)
+							&& (a.getOpcode() == Opcodes.ACONST_NULL)) {
+						prevInsn_aconst_null = true;
+					} else if ((a instanceof MethodInsnNode)
+							&& (a.getOpcode() == Opcodes.INVOKESTATIC)) {
+						final String owner = ((MethodInsnNode) a).owner;
+						final String name = ((MethodInsnNode) a).name;
+						if ((NSM && prevInsn_aconst_null
+								&& owner.equals("java/lang/System") && name
+									.equals("setSecurityManager"))) {
+							sb.append("Found Security Manager set to null at method "
+									+ classNode.name
+									+ "."
+									+ m.name
+									+ "("
+									+ m.desc + ")" + BytecodeViewer.nl);
+							prevInsn_aconst_null = false;
+						}
+					} else {
+						prevInsn_aconst_null = false;
+					}
 				}
 			}
 		}