Package com.h3xstream.findsecbugs.injection

Class InjectionSink

java.lang.Object

com.h3xstream.findsecbugs.injection.InjectionSink

public class InjectionSink
extends Object

Used to represent location of a taint sink

Author:

David Formanek (Y Soft Corporation, a.s.)

Constructor Summary

Constructors

Constructor	Description
InjectionSink(edu.umd.cs.findbugs.Detector detector, String bugType, int originalPriority, edu.umd.cs.findbugs.ba.ClassContext classContext, org.apache.bcel.classfile.Method method, org.apache.bcel.generic.InstructionHandle instructionHandle, String sinkMethod, int parameterOffset)	Constructs the instance and stores immutable values for reporting

Method Summary

Modifier and Type	Method	Description
void	addLine(edu.umd.cs.findbugs.SourceLineAnnotation line)	Adds a line with tainted source or path for reporting
void	addLines(Collection<TaintLocation> locations)	Adds lines with tainted source or path for reporting
void	addSources(Set<UnknownSource> sources)
boolean	equals(Object obj)
edu.umd.cs.findbugs.BugInstance	generateBugInstance(boolean taintedInsideMethod)	Uses immutable values, updated priority and added lines for reporting
int	hashCode()
boolean	updateSinkPriority(int priority)	Updates the priority if it is higher (which means lower number)

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

InjectionSink

public InjectionSink(edu.umd.cs.findbugs.Detector detector,
                     String bugType,
                     int originalPriority,
                     edu.umd.cs.findbugs.ba.ClassContext classContext,
                     org.apache.bcel.classfile.Method method,
                     org.apache.bcel.generic.InstructionHandle instructionHandle,
                     String sinkMethod,
                     int parameterOffset)

Constructs the instance and stores immutable values for reporting

Parameters:

detector - detctor for reporting

bugType - reported bug type

originalPriority - original priority (without sink confirmation)

classContext - class with the sink

method - method with the sink

instructionHandle - instruction with the sink

sinkMethod - called method (sink)

parameterOffset - Parameter Offset

Throws:

NullPointerException - if any argument is null

Method Detail

updateSinkPriority

public boolean updateSinkPriority(int priority)

Updates the priority if it is higher (which means lower number)

Parameters:

priority - potential new priority

Returns:

true if updated, false otherwise

addLine

public void addLine(edu.umd.cs.findbugs.SourceLineAnnotation line)

Adds a line with tainted source or path for reporting

Parameters:

line - line to add

addLines

public void addLines(Collection<TaintLocation> locations)

Adds lines with tainted source or path for reporting

Parameters:

locations - collection of locations used to extract lines

generateBugInstance

public edu.umd.cs.findbugs.BugInstance generateBugInstance(boolean taintedInsideMethod)

Uses immutable values, updated priority and added lines for reporting

Parameters:

taintedInsideMethod - true if not influenced by method arguments

Returns:

new bug instance filled with information

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

addSources

public void addSources(Set<UnknownSource> sources)