Package com.h3xstream.findsecbugs

Class ReDosDetector

java.lang.Object

edu.umd.cs.findbugs.visitclass.BetterVisitor

edu.umd.cs.findbugs.visitclass.PreorderVisitor

edu.umd.cs.findbugs.visitclass.AnnotationVisitor

edu.umd.cs.findbugs.visitclass.DismantleBytecode

edu.umd.cs.findbugs.BytecodeScanningDetector

edu.umd.cs.findbugs.bcel.OpcodeStackDetector

com.h3xstream.findsecbugs.ReDosDetector

All Implemented Interfaces:

edu.umd.cs.findbugs.Detector, edu.umd.cs.findbugs.Priorities, org.apache.bcel.classfile.Visitor

public class ReDosDetector
extends edu.umd.cs.findbugs.bcel.OpcodeStackDetector

This detector does minimal effort to find potential REDOS.

It will identify pattern similar to : (( )+)+

It will not identify pattern of equivalence (such as(aa|a)). It is far more complex to identify.

For more advanced Regex analysis: Safe Regex

Nested Class Summary

Nested classes/interfaces inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector

edu.umd.cs.findbugs.bcel.OpcodeStackDetector.WithCustomJumpInfo

Field Summary

Fields inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector

stack

Fields inherited from class edu.umd.cs.findbugs.visitclass.DismantleBytecode

codeBytes, lineNumberTable, M_BR, M_CP, M_INT, M_PAD, M_R, M_UINT

Fields inherited from interface edu.umd.cs.findbugs.Priorities

EXP_PRIORITY, HIGH_PRIORITY, IGNORE_PRIORITY, LOW_PRIORITY, NORMAL_PRIORITY

Constructor Summary

Constructors

Constructor	Description
ReDosDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Method Summary

Modifier and Type	Method	Description
void	sawOpcode(int seen)

Methods inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector

afterOpcode, beforeOpcode, getStack, isUsingCustomUserValue, visitCode

Methods inherited from class edu.umd.cs.findbugs.BytecodeScanningDetector

getClassContext, report, shouldVisitCode, visitClassContext

Methods inherited from class edu.umd.cs.findbugs.visitclass.DismantleBytecode

areOppositeBranches, atCatchBlock, getBranchFallThrough, getBranchOffset, getBranchTarget, getClassConstantOperand, getClassDescriptorOperand, getCodeByte, getConstantRefOperand, getDefaultSwitchOffset, getDottedClassConstantOperand, getFieldDescriptorOperand, getIntConstant, getLongConstant, getMaxPC, getMethodDescriptorOperand, getNameConstantOperand, getNextCodeByte, getNextOpcode, getNextPC, getOpcode, getPC, getPrevOpcode, getRefConstantOperand, getRefFieldIsStatic, getRegisterOperand, getSigConstantOperand, getStringConstantOperand, getSwitchLabels, getSwitchOffsets, getXClassOperand, getXFieldOperand, getXMethodOperand, isBranch, isMethodCall, isRegisterLoad, isRegisterStore, isRegisterStore, isReturn, isShift, isSwitch, isWideOpcode, printOpCode, sawBranchTo, sawClass, sawDouble, sawField, sawFloat, sawIMethod, sawInt, sawLong, sawMethod, sawRegister, sawString, visit

Methods inherited from class edu.umd.cs.findbugs.visitclass.AnnotationVisitor

getAnnotationParameterAsString, getAnnotationParameterAsStringArray, visitAnnotation, visitAnnotation, visitParameterAnnotation, visitParameterAnnotation, visitSyntheticParameterAnnotation

Methods inherited from class edu.umd.cs.findbugs.visitclass.PreorderVisitor

amVisitingMainMethod, asUnsignedByte, doVisitMethod, getClassDescriptor, getClassName, getCode, getConstantPool, getDottedClassName, getDottedFieldSig, getDottedMethodSig, getDottedSuperclassName, getField, getFieldDescriptor, getFieldIsStatic, getFieldName, getFieldSig, getFullyQualifiedFieldName, getFullyQualifiedMethodName, getMethod, getMethodDescriptor, getMethodName, getMethodSig, getMethodVisitOrder, getNumberArguments, getNumberMethodArguments, getPackageName, getSizeOfSurroundingTryBlock, getSizeOfSurroundingTryBlock, getSourceFile, getStringFromIndex, getSuperclassName, getSurroundingCaughtExceptions, getSurroundingCaughtExceptions, getSurroundingTryBlock, getSurroundingTryBlock, getThisClass, getXClass, getXField, getXMethod, hasInterestingClass, hasInterestingMethod, isVisitMethodsInCallOrder, setupVisitorForClass, setVisitMethodsInCallOrder, shouldVisit, toString, visitAfter, visitAfter, visitAnnotationDefault, visitAnnotationEntry, visitBootstrapMethods, visitConstantInvokeDynamic, visitConstantMethodHandle, visitConstantMethodType, visitConstantModule, visitConstantPackage, visitConstantPool, visitEnclosingMethod, visitingField, visitingMethod, visitInnerClasses, visitJavaClass, visitLineNumberTable, visitLocalVariableTable, visitMethodParameters, visitParameterAnnotationEntry, visitStackMap, visitStackMapEntry

Methods inherited from class edu.umd.cs.findbugs.visitclass.BetterVisitor

clone, report, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visitCodeException, visitConstantClass, visitConstantDouble, visitConstantFieldref, visitConstantFloat, visitConstantInteger, visitConstantInterfaceMethodref, visitConstantLong, visitConstantMethodref, visitConstantNameAndType, visitConstantString, visitConstantUtf8, visitConstantValue, visitDeprecated, visitExceptionTable, visitField, visitInnerClass, visitLineNumber, visitLocalVariable, visitLocalVariableTypeTable, visitMethod, visitSignature, visitSourceFile, visitSynthetic, visitUnknown

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.bcel.classfile.Visitor

visitConstantDynamic, visitMethodParameter, visitModule, visitModuleExports, visitModuleMainClass, visitModuleOpens, visitModulePackages, visitModuleProvides, visitModuleRequires, visitNestHost, visitNestMembers

Constructor Detail

ReDosDetector

public ReDosDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Method Detail

sawOpcode

public void sawOpcode(int seen)

Specified by:

sawOpcode in class edu.umd.cs.findbugs.bcel.OpcodeStackDetector