Package com.h3xstream.findsecbugs.injection

Class BasicInjectionDetector

java.lang.Object

com.h3xstream.findsecbugs.injection.AbstractTaintDetector

com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

com.h3xstream.findsecbugs.injection.BasicInjectionDetector

All Implemented Interfaces:

edu.umd.cs.findbugs.Detector, edu.umd.cs.findbugs.Priorities

Direct Known Subclasses:

AbstractHardcodedPasswordEqualsDetector, AbstractHardcodePasswordInMapDetector, AndroidSqlInjectionDetector, AwsQueryInjectionDetector, BeanInjectionDetector, CipherDetector, CommandInjectionDetector, CrlfLogInjectionDetector, CustomInjectionDetector, ExternalConfigurationControlDetector, FileDisclosureDetector, FormatStringManipulationDetector, HashUnsafeEqualsDetector, HttpParameterPollutionDetector, HttpResponseSplittingDetector, IntuitiveHardcodePasswordDetector, JschPasswordDetector, JstlExpressionWhiteLister, LdapInjectionDetector, LegacyInjectionDetector, OgnlInjectionDetector, PathTraversalDetector, PermissiveCORSDetector, PotentialValueTracker, ScalaSensitiveDataExposureDetector, ScriptInjectionDetector, SmtpHeaderInjectionDetector, SqlInjectionDetector, SSRFDetector, StdXmlTransformDetector, SuspiciousCommandDetector, TrustBoundaryViolationAttributeDetector, TrustBoundaryViolationValueDetector, XmlInjectionDetector, XPathInjectionDetector, XssJspDetector, XssMvcApiDetector, XssServletDetector, XssTwirlDetector

public abstract class BasicInjectionDetector
extends AbstractInjectionDetector

Detector designed for extension to detect basic injections with a list of full method names with specified injectable arguments as taint sinks

Author:

David Formanek (Y Soft Corporation, a.s.)

Field Summary

Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

injectionSinks

Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector

bugReporter

Fields inherited from interface edu.umd.cs.findbugs.Priorities

EXP_PRIORITY, HIGH_PRIORITY, IGNORE_PRIORITY, LOW_PRIORITY, NORMAL_PRIORITY

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	BasicInjectionDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Method Summary

Modifier and Type	Method	Description
protected void	addParsedInjectionPoint(String fullMethodName, InjectionPoint injectionPoint)
protected InjectionPoint	getInjectionPoint(org.apache.bcel.generic.InvokeInstruction invoke, org.apache.bcel.generic.ConstantPoolGen cpg, org.apache.bcel.generic.InstructionHandle handle)
protected void	loadConfiguredSinks(InputStream stream, String bugType)
protected void	loadConfiguredSinks(String filename, String bugType)	Loads taint sinks from configuration
protected void	loadCustomSinks(String fileName, String bugType)	Loads taint sinks configuration file from file system.
protected void	loadCustomSinksConfigFiles()	Loads taint sinks from custom file.
protected void	loadSink(String line, String bugType)	Loads a single taint sink (like a line of configuration)
void	registerVisitor(TaintFrameAdditionalVisitor visitor)

Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

analyzeLocation, getPriority, getPriorityFromTaintFrame, report

Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector

analyzeMethod, shouldAnalyzeClass, visitClassContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BasicInjectionDetector

protected BasicInjectionDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Method Detail

getInjectionPoint

protected InjectionPoint getInjectionPoint(org.apache.bcel.generic.InvokeInstruction invoke,
                                           org.apache.bcel.generic.ConstantPoolGen cpg,
                                           org.apache.bcel.generic.InstructionHandle handle)

Specified by:

getInjectionPoint in class AbstractInjectionDetector

loadConfiguredSinks

protected void loadConfiguredSinks(InputStream stream,
                                   String bugType)
                            throws IOException

Throws:

IOException

loadConfiguredSinks

protected void loadConfiguredSinks(String filename,
                                   String bugType)

Loads taint sinks from configuration

Parameters:

filename - name of the configuration file

bugType - type of an injection bug

loadCustomSinksConfigFiles

protected void loadCustomSinksConfigFiles()

Loads taint sinks from custom file. The file name is passed using system property based on the current class name.

Example for Linux/Mac OS X:

• -Dfindsecbugs.injection.customconfigfile.SqlInjectionDetector="/tmp/sql-custom.txt|SQL_INJECTION_HIBERNATE:/tmp/sql2-custom.txt|SQL_INJECTION_HIBERNATE"
• -Dfindsecbugs.injection.customconfigfile.ScriptInjectionDetector="/tmp/script-engine-custom.txt|SCRIPT_ENGINE_INJECTION:/tmp/el-custom.txt|EL_INJECTION"

Example for Windows:

• -Dfindsecbugs.injection.customconfigfile.SqlInjectionDetector="C:\Temp\sql-custom.txt|SQL_INJECTION_HIBERNATE;C:\Temp\sql2-custom.txt|SQL_INJECTION_HIBERNATE"
• -Dfindsecbugs.injection.customconfigfile.ScriptInjectionDetector="C:\Temp\script-engine-custom.txt|SCRIPT_ENGINE_INJECTION;C:\Temp\el-custom.txt|EL_INJECTION"

loadCustomSinks

protected void loadCustomSinks(String fileName,
                               String bugType)

Loads taint sinks configuration file from file system. If the file doesn't exist on file system, loads the file from classpath.

Parameters:

fileName - name of the configuration file

bugType - type of an injection bug

loadSink

protected void loadSink(String line,
                        String bugType)

Loads a single taint sink (like a line of configuration)

Parameters:

line - specification of the sink

bugType - type of an injection bug

addParsedInjectionPoint

protected void addParsedInjectionPoint(String fullMethodName,
                                       InjectionPoint injectionPoint)

registerVisitor

public void registerVisitor(TaintFrameAdditionalVisitor visitor)