Package com.h3xstream.findsecbugs.injection

Class AbstractInjectionDetector

  • All Implemented Interfaces:
    edu.umd.cs.findbugs.Detector, edu.umd.cs.findbugs.Priorities
    Direct Known Subclasses:
    BasicInjectionDetector
    public abstract class AbstractInjectionDetector
extends AbstractTaintDetector
    Detector designed for extension to detect injection vulnerabilities
    Author:
    David Formanek (Y Soft Corporation, a.s.)

    • Constructor Detail

      • AbstractInjectionDetector

        protected AbstractInjectionDetector​(edu.umd.cs.findbugs.BugReporter bugReporter)

    • Method Detail

      • report

        public void report()
        Once the analysis is completed, all the collected sinks are reported as bugs.
        Specified by:
        report in interface edu.umd.cs.findbugs.Detector
        Overrides:
        report in class AbstractTaintDetector

      • analyzeLocation

        protected void analyzeLocation​(edu.umd.cs.findbugs.ba.ClassContext classContext,
                               org.apache.bcel.classfile.Method method,
                               org.apache.bcel.generic.InstructionHandle handle,
                               org.apache.bcel.generic.ConstantPoolGen cpg,
                               org.apache.bcel.generic.InvokeInstruction invoke,
                               TaintFrame fact,
                               ClassMethodSignature classMethodSignature)
                        throws edu.umd.cs.findbugs.ba.DataflowAnalysisException
        Specified by:
        analyzeLocation in class AbstractTaintDetector
        Throws:
        edu.umd.cs.findbugs.ba.DataflowAnalysisException

      • getPriorityFromTaintFrame

        protected int getPriorityFromTaintFrame​(TaintFrame fact,
                                        int offset)
                                 throws edu.umd.cs.findbugs.ba.DataflowAnalysisException
        The default implementation of getPriorityFromTaintFrame() can be overridden if the detector must base its priority on multiple parameters or special conditions like constant values. By default, this method will call the getPriority() method with the parameter taint at the specified offset.
        Parameters:
        fact - The TaintFrame for the inspected instruction call.
        offset - The offset of the checked parameter.
        Returns:
        Priorities interface values from 1 to 5 (Enum-like interface)
        Throws:
        edu.umd.cs.findbugs.ba.DataflowAnalysisException - An exception thrown when the TaintFrame cannot be analyzed.

      • getPriority

        protected int getPriority​(Taint taint)
        The default implementation of getPriority() can be overridden if the severity and the confidence for risk is particular. By default, injection will be rated "High" if the complete link between source and sink is made. If it is not the case but concatenation with external source is made, "Medium" is used.
        Parameters:
        taint - Detail about the state of the value passed (Cumulative information leading to the variable passed).
        Returns:
        Priorities interface values from 1 to 5 (Enum-like interface)

      • getInjectionPoint

        protected abstract InjectionPoint getInjectionPoint​(org.apache.bcel.generic.InvokeInstruction invoke,
                                                    org.apache.bcel.generic.ConstantPoolGen cpg,
                                                    org.apache.bcel.generic.InstructionHandle handle)