Class IntuitiveHardcodePasswordDetector
- java.lang.Object
-
- com.h3xstream.findsecbugs.injection.AbstractTaintDetector
-
- com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
-
- com.h3xstream.findsecbugs.injection.BasicInjectionDetector
-
- com.h3xstream.findsecbugs.password.IntuitiveHardcodePasswordDetector
-
- All Implemented Interfaces:
edu.umd.cs.findbugs.Detector,edu.umd.cs.findbugs.Priorities
public class IntuitiveHardcodePasswordDetector extends BasicInjectionDetector
This detector will find what look like password hardcode on unknown API. Such as:
MyCustomClient.setPassword("abc123!");It will also find API written in other language.
MonClient.defMotDePasse("abc123!");It will match method that contains other keywords prefixing or suffixing.
MyClient.setConnectionPwd("abc123!");
-
-
Field Summary
Fields Modifier and Type Field Description protected static List<String>PASSWORD_WORDSPasswords in various language http://www.indifferentlanguages.com/words/password The keyword is also used to detect variable name that are likely to be password (reused in AbstractHardcodedPassword).-
Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
injectionSinks
-
Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
bugReporter
-
-
Constructor Summary
Constructors Constructor Description IntuitiveHardcodePasswordDetector(edu.umd.cs.findbugs.BugReporter bugReporter)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected InjectionPointgetInjectionPoint(org.apache.bcel.generic.InvokeInstruction invoke, org.apache.bcel.generic.ConstantPoolGen cpg, org.apache.bcel.generic.InstructionHandle handle)protected intgetPriorityFromTaintFrame(TaintFrame fact, int offset)The default implementation ofgetPriorityFromTaintFrame()can be overridden if the detector must base its priority on multiple parameters or special conditions like constant values.-
Methods inherited from class com.h3xstream.findsecbugs.injection.BasicInjectionDetector
addParsedInjectionPoint, loadConfiguredSinks, loadConfiguredSinks, loadCustomSinks, loadCustomSinksConfigFiles, loadSink, registerVisitor
-
Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
analyzeLocation, getPriority, report
-
Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
analyzeMethod, shouldAnalyzeClass, visitClassContext
-
-
-
-
Method Detail
-
getPriorityFromTaintFrame
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset) throws edu.umd.cs.findbugs.ba.DataflowAnalysisException
Description copied from class:AbstractInjectionDetectorThe default implementation ofgetPriorityFromTaintFrame()can be overridden if the detector must base its priority on multiple parameters or special conditions like constant values. By default, this method will call thegetPriority()method with the parameter taint at the specified offset.- Overrides:
getPriorityFromTaintFramein classAbstractInjectionDetector- Parameters:
fact- The TaintFrame for the inspected instruction call.offset- The offset of the checked parameter.- Returns:
- Priorities interface values from 1 to 5 (Enum-like interface)
- Throws:
edu.umd.cs.findbugs.ba.DataflowAnalysisException- An exception thrown when the TaintFrame cannot be analyzed.
-
getInjectionPoint
protected InjectionPoint getInjectionPoint(org.apache.bcel.generic.InvokeInstruction invoke, org.apache.bcel.generic.ConstantPoolGen cpg, org.apache.bcel.generic.InstructionHandle handle)
- Overrides:
getInjectionPointin classBasicInjectionDetector
-
-