Review

Detector:	DMMC
Target:	project ' itext ' version 5091
Misuse:	misuse ' dmmc-18 '
Tags:

Misuse Details

Details about the known misuse from the MUBench dataset.

Description:	StringTokenizer.nextToken() is invoked without prior check of hasMoreTokens(). This usage may be safe from context, since the tokenized value is an RBG color value which has a known number of tokens. However, the usage is unsafe against invalid values and we, therefore, consider it a misuse.
Fix Description:
Violation Types:	missing/condition/value_or_state
In File:	com/itextpdf/text/html/WebColors.java
In Method:	getRGBColor(String)
Code with Misuse:	class WebColors { /** * Gives you a BaseColor based on a name. * * @param name * a name such as black, violet, cornflowerblue or #RGB or #RRGGBB * or RGB or RRGGBB or rgb(R,G,B) * @return the corresponding BaseColor object. Never returns null. * @throws IllegalArgumentException * if the String isn't a know representation of a color. / public static BaseColor getRGBColor(String name) throws IllegalArgumentException { int[] c = { 0, 0, 0, 255 }; name = name.toLowerCase(); boolean colorStrWithoutHash = missingHashColorFormat(name); if (name.startsWith("#") \|\| colorStrWithoutHash) { if (!colorStrWithoutHash) { name = name.substring(1); // lop off the # to unify hex parsing. } if (name.length() == 3) { String s = name.substring(0, 1); c[0] = Integer.parseInt(s+s, 16); String s2 = name.substring(1, 2); c[1] = Integer.parseInt(s2+s2, 16); String s3 = name.substring(2); c[2] = Integer.parseInt(s3+s3, 16); return new BaseColor(c[0], c[1], c[2], c[3]); } if (name.length() == 6) { c[0] = Integer.parseInt(name.substring(0, 2), 16); c[1] = Integer.parseInt(name.substring(2, 4), 16); c[2] = Integer.parseInt(name.substring(4), 16); return new BaseColor(c[0], c[1], c[2], c[3]); } throw new IllegalArgumentException(MessageLocalization.getComposedMessage("unknown.color.format.must.be.rgb.or.rrggbb")); } else if (name.startsWith("rgb(")) { StringTokenizer tok = new StringTokenizer(name, "rgb(), \t\r\n\f"); for (int k = 0; k < 3; ++k) { String v = tok.nextToken(); if (v.endsWith("%")) c[k] = Integer.parseInt(v.substring(0, v.length() - 1)) 255 / 100; else c[k] = Integer.parseInt(v); if (c[k] < 0) c[k] = 0; else if (c[k] > 255) c[k] = 255; } return new BaseColor(c[0], c[1], c[2], c[3]); } if (!NAMES.containsKey(name)) // TODO localize this error message. throw new IllegalArgumentException("Color '" + name + "' not found."); c = NAMES.get(name); return new BaseColor(c[0], c[1], c[2], c[3]); } }

Potential Hits

Findings of the detector that identify an anomaly in the same file and method as the known misuse.

Hit	Rank	Firstcallline	Missingcalls	Presentcalls	Strangeness	Type
Yes	18	263	hasMoreTokens()	();nextToken()	0.889	java.util.StringTokenizer
No	164	241	indexOf()	length();startsWith();substring()	0.714	java.lang.String

Reviewer Name:	hoan
Comment: