HashUnsafeEqualsDetector (OWASP Find Security Bugs Plugin 1.10.0 API)

java.lang.Object
- com.h3xstream.findsecbugs.injection.AbstractTaintDetector
- - com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
  - - com.h3xstream.findsecbugs.injection.BasicInjectionDetector
    - - com.h3xstream.findsecbugs.password.HashUnsafeEqualsDetector

All Implemented Interfaces:: TaintFrameAdditionalVisitor, edu.umd.cs.findbugs.Detector, edu.umd.cs.findbugs.Priorities

public class HashUnsafeEqualsDetector
extends BasicInjectionDetector
implements TaintFrameAdditionalVisitor

Detect:

 if(hashInput.equals(actualHash)) {
     ....
 }

Field Summary

Fields
Modifier and Type Field and Description

static List<String> HASH_WORDS
- Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
  injectionSinks
- Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
  bugReporter
- Fields inherited from interface edu.umd.cs.findbugs.Priorities
  EXP_PRIORITY, HIGH_PRIORITY, IGNORE_PRIORITY, LOW_PRIORITY, NORMAL_PRIORITY

Fields
Modifier and Type	Field and Description
`static List<String>`	`HASH_WORDS`

Constructor Summary

Constructors
Constructor and Description

HashUnsafeEqualsDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Constructors
Constructor and Description
`HashUnsafeEqualsDetector(edu.umd.cs.findbugs.BugReporter bugReporter)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected InjectionPoint`	`getInjectionPoint(org.apache.bcel.generic.InvokeInstruction invoke, org.apache.bcel.generic.ConstantPoolGen cpg, org.apache.bcel.generic.InstructionHandle handle)`
`protected int`	`getPriorityFromTaintFrame(TaintFrame fact, int offset)` The default implementation of `getPriorityFromTaintFrame()` can be overridden if the detector must base its priority on multiple parameters or special conditions like constant values.
`void`	`visitField(org.apache.bcel.generic.FieldInstruction put, org.apache.bcel.generic.MethodGen methodGen, TaintFrame frameType, Taint taint, int numProduced, org.apache.bcel.generic.ConstantPoolGen cpg)`
`void`	`visitInvoke(org.apache.bcel.generic.InvokeInstruction invoke, org.apache.bcel.generic.MethodGen methodGen, TaintFrame frameType, List<Taint> parameters, org.apache.bcel.generic.ConstantPoolGen cpg)` This method will be triggered for every method invocation (static, interface, special and virtual).
`void`	`visitLoad(org.apache.bcel.generic.LoadInstruction instruction, org.apache.bcel.generic.MethodGen methodGen, TaintFrame frameType, int numProduced, org.apache.bcel.generic.ConstantPoolGen cpg)`
`void`	`visitReturn(org.apache.bcel.generic.MethodGen methodGen, Taint returnValue, org.apache.bcel.generic.ConstantPoolGen cpg)`

Methods inherited from class com.h3xstream.findsecbugs.injection.BasicInjectionDetector
addParsedInjectionPoint, loadConfiguredSinks, loadConfiguredSinks, loadCustomSinks, loadCustomSinksConfigFiles, loadSink, registerVisitor

Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
analyzeLocation, getPriority, report

Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
analyzeMethod, shouldAnalyzeClass, visitClassContext

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- HASH_WORDS
```
public static List<String> HASH_WORDS
```

Constructor Detail

HashUnsafeEqualsDetector

public HashUnsafeEqualsDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Method Detail

getPriorityFromTaintFrame
```
protected int getPriorityFromTaintFrame(TaintFrame fact,
                                        int offset)
                                 throws edu.umd.cs.findbugs.ba.DataflowAnalysisException
```
Description copied from class: AbstractInjectionDetector

The default implementation of getPriorityFromTaintFrame() can be overridden if the detector must base its priority on multiple parameters or special conditions like constant values. By default, this method will call the getPriority() method with the parameter taint at the specified offset.

Overrides:

getPriorityFromTaintFrame in class AbstractInjectionDetector

Parameters:

fact - The TaintFrame for the inspected instruction call.

offset - The offset of the checked parameter.

Returns:

Priorities interface values from 1 to 5 (Enum-like interface)

Throws:

edu.umd.cs.findbugs.ba.DataflowAnalysisException - An exception thrown when the TaintFrame cannot be analyzed.

getInjectionPoint

protected InjectionPoint getInjectionPoint(org.apache.bcel.generic.InvokeInstruction invoke,
                                           org.apache.bcel.generic.ConstantPoolGen cpg,
                                           org.apache.bcel.generic.InstructionHandle handle)

Overrides:: getInjectionPoint in class BasicInjectionDetector

visitInvoke
```
public void visitInvoke(org.apache.bcel.generic.InvokeInstruction invoke,
                        org.apache.bcel.generic.MethodGen methodGen,
                        TaintFrame frameType,
                        List<Taint> parameters,
                        org.apache.bcel.generic.ConstantPoolGen cpg)
```
Description copied from interface: TaintFrameAdditionalVisitor

This method will be triggered for every method invocation (static, interface, special and virtual). The constant pool allowed the resolution of method name, field name, constant strings, etc. The taintframe

Specified by:

visitInvoke in interface TaintFrameAdditionalVisitor

methodGen - Method

frameType - Frame representation after the invoke (results)

parameters - Stack representation just before the invoke

visitReturn

public void visitReturn(org.apache.bcel.generic.MethodGen methodGen,
                        Taint returnValue,
                        org.apache.bcel.generic.ConstantPoolGen cpg)
                 throws Exception

Specified by:: visitReturn in interface TaintFrameAdditionalVisitor
Parameters:: methodGen - Method; returnValue - State of the returned value.
Throws:: Exception

visitLoad

public void visitLoad(org.apache.bcel.generic.LoadInstruction instruction,
                      org.apache.bcel.generic.MethodGen methodGen,
                      TaintFrame frameType,
                      int numProduced,
                      org.apache.bcel.generic.ConstantPoolGen cpg)

Specified by:: visitLoad in interface TaintFrameAdditionalVisitor

visitField

public void visitField(org.apache.bcel.generic.FieldInstruction put,
                       org.apache.bcel.generic.MethodGen methodGen,
                       TaintFrame frameType,
                       Taint taint,
                       int numProduced,
                       org.apache.bcel.generic.ConstantPoolGen cpg)
                throws Exception

Specified by:: visitField in interface TaintFrameAdditionalVisitor
Throws:: Exception

Class HashUnsafeEqualsDetector

Field Summary

Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector

Fields inherited from interface edu.umd.cs.findbugs.Priorities

Constructor Summary

Method Summary

Methods inherited from class com.h3xstream.findsecbugs.injection.BasicInjectionDetector

Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector

Methods inherited from class java.lang.Object

Field Detail

HASH_WORDS

Constructor Detail

HashUnsafeEqualsDetector

Method Detail

getPriorityFromTaintFrame

getInjectionPoint

visitInvoke

visitReturn

visitLoad

visitField