com.h3xstream.findsecbugs.injection.trust (OWASP Find Security Bugs Plugin 1.13.0 API)

Trust Boundary Violation is fancy name to describe tainted value passed directly to session attribute. This could be an expected behavior that allow an attacker to change the session state.

When the parameter is dynamic, it is a lot more suspicious than when it is a dynamic value. setAttribute( suspiciousValue, "true") vs setAttribute( "language" , commonDynamicValue)

For this reason, the trust boundary violation was split in two detectors. This will allow user to hide the low priority of this detector.

See Also:: TrustBoundaryViolationAttributeDetector, TrustBoundaryViolationValueDetector

Class Summary
Class	Description
TrustBoundaryViolationAttributeDetector	Trust Boundary Violation is fancy name to describe tainted value passed directly to session attribute.
TrustBoundaryViolationValueDetector

Package com.h3xstream.findsecbugs.injection.trust