Annotations could also added to usage slices. When adding annotations, all of the annotations of a given method or class must be added with references to the className and methodName along with lineNumber and columnNumber. In addition, all of the attributes of the annotation must be retained.
In the above example, we need to retain information such as:
[ ] typeFullName of the annotation is org.springframework.web.bind.annotation.GetMapping
[ ] args list is [{name: "value", type: "java.util.List<String>", values: ["/", "/home"]}]
[ ] methodFullName
[ ] lineNumber
[ ] columnNumber
[ ] fileName
If a method or a class has multiple annotations, then every annotation must be captured. The hierarchy could also be captured if an annotation is a sub-class of another annotation.
Annotations could also added to usage slices. When adding annotations, all of the annotations of a given method or class must be added with references to the className and methodName along with lineNumber and columnNumber. In addition, all of the attributes of the annotation must be retained.
Example:
https://github.com/HooliCorp/vuln-spring/blob/master/src/main/java/com/example/vulnspring/WebController.java#L46
In the above example, we need to retain information such as:
org.springframework.web.bind.annotation.GetMapping[{name: "value", type: "java.util.List<String>", values: ["/", "/home"]}]If a method or a class has multiple annotations, then every annotation must be captured. The hierarchy could also be captured if an annotation is a sub-class of another annotation.