Package com.h3xstream.findsecbugs.injection.xml

Class XmlInjectionDetector

    • Constructor Detail

      • XmlInjectionDetector

        public XmlInjectionDetector​(edu.umd.cs.findbugs.BugReporter bugReporter)

    • Method Detail

      • getPriorityFromTaintFrame

        protected int getPriorityFromTaintFrame​(TaintFrame taintFrame,
                                        int offset)
                                 throws edu.umd.cs.findbugs.ba.DataflowAnalysisException
        Description copied from class: AbstractInjectionDetector
        The default implementation of getPriorityFromTaintFrame() can be overridden if the detector must base its priority on multiple parameters or special conditions like constant values. By default, this method will call the getPriority() method with the parameter taint at the specified offset.
        Overrides:
        getPriorityFromTaintFrame in class AbstractInjectionDetector
        Parameters:
        taintFrame - The TaintFrame for the inspected instruction call.
        offset - The offset of the checked parameter.
        Returns:
        Priorities interface values from 1 to 5 (Enum-like interface)
        Throws:
        edu.umd.cs.findbugs.ba.DataflowAnalysisException - An exception thrown when the TaintFrame cannot be analyzed.

      • visitInvoke

        public void visitInvoke​(org.apache.bcel.generic.InvokeInstruction invoke,
                        org.apache.bcel.generic.MethodGen methodGen,
                        TaintFrame frameType,
                        List<Taint> parameters,
                        org.apache.bcel.generic.ConstantPoolGen cpg)
                 throws edu.umd.cs.findbugs.ba.DataflowAnalysisException
        Description copied from interface: TaintFrameAdditionalVisitor
        This method will be triggered for every method invocation (static, interface, special and virtual). The constant pool allowed the resolution of method name, field name, constant strings, etc. The taintframe
        Specified by:
        visitInvoke in interface TaintFrameAdditionalVisitor
        methodGen - Method
        frameType - Frame representation after the invoke (results)
        parameters - Stack representation just before the invoke
        Throws:
        edu.umd.cs.findbugs.ba.DataflowAnalysisException

      • visitReturn

        public void visitReturn​(org.apache.bcel.generic.MethodGen methodGen,
                        Taint returnValue,
                        org.apache.bcel.generic.ConstantPoolGen cpg)
                 throws Exception
        Specified by:
        visitReturn in interface TaintFrameAdditionalVisitor
        Parameters:
        methodGen - Method
        returnValue - State of the returned value.
        Throws:
        Exception

      • visitLoad

        public void visitLoad​(org.apache.bcel.generic.LoadInstruction instruction,
                      org.apache.bcel.generic.MethodGen methodGen,
                      TaintFrame frameType,
                      int numProduced,
                      org.apache.bcel.generic.ConstantPoolGen cpg)
        Specified by:
        visitLoad in interface TaintFrameAdditionalVisitor

      • shouldAnalyzeClass

        public boolean shouldAnalyzeClass​(edu.umd.cs.findbugs.ba.ClassContext classContext)
        Before we added new tag to the taint analysis and add more effort, here is a linear search on the constant pool. Constant pool include all the constant use in the code of the class. It contains class references and string value. If there are no XML in string in the class, we are add not going to run this additional visitor.
        Overrides:
        shouldAnalyzeClass in class AbstractTaintDetector
        Parameters:
        classContext - Information about the class that is about to be analyzed
        Returns: