Package com.h3xstream.findsecbugs.password

Class HashUnsafeEqualsDetector

  • All Implemented Interfaces:
    TaintFrameAdditionalVisitor, edu.umd.cs.findbugs.Detector, edu.umd.cs.findbugs.Priorities
    public class HashUnsafeEqualsDetector
extends BasicInjectionDetector
implements TaintFrameAdditionalVisitor

    Detect hash value that are compare with the equals method. The equals implementation is stopping the comparison of both value once a first difference is found. This comparison is susceptible to timing attack. 

     if(hashInput.equals(actualHash)) {
     ....
 }

    • Constructor Detail

      • HashUnsafeEqualsDetector

        public HashUnsafeEqualsDetector​(edu.umd.cs.findbugs.BugReporter bugReporter)

    • Method Detail

      • getPriorityFromTaintFrame

        protected int getPriorityFromTaintFrame​(TaintFrame fact,
                                        int offset)
                                 throws edu.umd.cs.findbugs.ba.DataflowAnalysisException
        Description copied from class: AbstractInjectionDetector
        The default implementation of getPriorityFromTaintFrame() can be overridden if the detector must base its priority on multiple parameters or special conditions like constant values. By default, this method will call the getPriority() method with the parameter taint at the specified offset.
        Overrides:
        getPriorityFromTaintFrame in class AbstractInjectionDetector
        Parameters:
        fact - The TaintFrame for the inspected instruction call.
        offset - The offset of the checked parameter.
        Returns:
        Priorities interface values from 1 to 5 (Enum-like interface)
        Throws:
        edu.umd.cs.findbugs.ba.DataflowAnalysisException - An exception thrown when the TaintFrame cannot be analyzed.

      • getInjectionPoint

        protected InjectionPoint getInjectionPoint​(org.apache.bcel.generic.InvokeInstruction invoke,
                                           org.apache.bcel.generic.ConstantPoolGen cpg,
                                           org.apache.bcel.generic.InstructionHandle handle)
        Overrides:
        getInjectionPoint in class BasicInjectionDetector

      • visitInvoke

        public void visitInvoke​(org.apache.bcel.generic.InvokeInstruction invoke,
                        org.apache.bcel.generic.MethodGen methodGen,
                        TaintFrame frameType,
                        List<Taint> parameters,
                        org.apache.bcel.generic.ConstantPoolGen cpg)
        Description copied from interface: TaintFrameAdditionalVisitor
        This method will be triggered for every method invocation (static, interface, special and virtual). The constant pool allowed the resolution of method name, field name, constant strings, etc. The taintframe
        Specified by:
        visitInvoke in interface TaintFrameAdditionalVisitor
        methodGen - Method
        frameType - Frame representation after the invoke (results)
        parameters - Stack representation just before the invoke

      • visitReturn

        public void visitReturn​(org.apache.bcel.generic.MethodGen methodGen,
                        Taint returnValue,
                        org.apache.bcel.generic.ConstantPoolGen cpg)
                 throws Exception
        Specified by:
        visitReturn in interface TaintFrameAdditionalVisitor
        Parameters:
        methodGen - Method
        returnValue - State of the returned value.
        Throws:
        Exception

      • visitLoad

        public void visitLoad​(org.apache.bcel.generic.LoadInstruction instruction,
                      org.apache.bcel.generic.MethodGen methodGen,
                      TaintFrame frameType,
                      int numProduced,
                      org.apache.bcel.generic.ConstantPoolGen cpg)
        Specified by:
        visitLoad in interface TaintFrameAdditionalVisitor