Package com.h3xstream.findsecbugs.injection

Class AbstractTaintDetector

  • All Implemented Interfaces:
    edu.umd.cs.findbugs.Detector, edu.umd.cs.findbugs.Priorities
    Direct Known Subclasses:
    AbstractInjectionDetector
    public abstract class AbstractTaintDetector
extends Object
implements edu.umd.cs.findbugs.Detector
    Detector designed for extension to allow usage of taint analysis
    Author:
    David Formanek (Y Soft Corporation, a.s.)

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected edu.umd.cs.findbugs.BugReporter bugReporter  

      • Fields inherited from interface edu.umd.cs.findbugs.Priorities

        EXP_PRIORITY, HIGH_PRIORITY, IGNORE_PRIORITY, LOW_PRIORITY, NORMAL_PRIORITY

    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      protected AbstractTaintDetector​(edu.umd.cs.findbugs.BugReporter bugReporter)  

    • Field Detail

      • bugReporter

        protected final edu.umd.cs.findbugs.BugReporter bugReporter

    • Constructor Detail

      • AbstractTaintDetector

        protected AbstractTaintDetector​(edu.umd.cs.findbugs.BugReporter bugReporter)

    • Method Detail

      • shouldAnalyzeClass

        public boolean shouldAnalyzeClass​(edu.umd.cs.findbugs.ba.ClassContext classContext)
        Allow any concrete implementation of taint detector to skip the analysis of certain files. The purpose can be for optimisation or to trigger bug in specific context. The default implementation returns true to all classes visited.
        Parameters:
        classContext - Information about the class that is about to be analyzed
        Returns:
        If the given class should be analyze.

      • visitClassContext

        public void visitClassContext​(edu.umd.cs.findbugs.ba.ClassContext classContext)
        Specified by:
        visitClassContext in interface edu.umd.cs.findbugs.Detector

      • report

        public void report()
        Specified by:
        report in interface edu.umd.cs.findbugs.Detector

      • analyzeMethod

        protected void analyzeMethod​(edu.umd.cs.findbugs.ba.ClassContext classContext,
                             org.apache.bcel.classfile.Method method)
                      throws edu.umd.cs.findbugs.classfile.CheckedAnalysisException
        Throws:
        edu.umd.cs.findbugs.classfile.CheckedAnalysisException

      • analyzeLocation

        protected abstract void analyzeLocation​(edu.umd.cs.findbugs.ba.ClassContext classContext,
                                        org.apache.bcel.classfile.Method method,
                                        org.apache.bcel.generic.InstructionHandle handle,
                                        org.apache.bcel.generic.ConstantPoolGen cpg,
                                        org.apache.bcel.generic.InvokeInstruction invoke,
                                        TaintFrame fact,
                                        ClassMethodSignature classMethodSignature)
                                 throws edu.umd.cs.findbugs.ba.DataflowAnalysisException
        Throws:
        edu.umd.cs.findbugs.ba.DataflowAnalysisException