Package com.h3xstream.findsecbugs.scala

Class XssMvcApiDetector

java.lang.Object

com.h3xstream.findsecbugs.injection.AbstractTaintDetector

com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

com.h3xstream.findsecbugs.injection.BasicInjectionDetector

com.h3xstream.findsecbugs.scala.XssMvcApiDetector

All Implemented Interfaces:

edu.umd.cs.findbugs.Detector, edu.umd.cs.findbugs.Priorities

public class XssMvcApiDetector
extends BasicInjectionDetector

Field Summary

Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

injectionSinks

Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector

bugReporter

Fields inherited from interface edu.umd.cs.findbugs.Priorities

EXP_PRIORITY, HIGH_PRIORITY, IGNORE_PRIORITY, LOW_PRIORITY, NORMAL_PRIORITY

Constructor Summary

Constructors

Constructor	Description
XssMvcApiDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Method Summary

Modifier and Type	Method	Description
protected int	getPriority(Taint taint)	The default implementation of getPriority() can be overridden if the severity and the confidence for risk is particular.
protected int	getPriorityFromTaintFrame(TaintFrame fact, int offset)	The default implementation of getPriorityFromTaintFrame() can be overridden if the detector must base its priority on multiple parameters or special conditions like constant values.

Methods inherited from class com.h3xstream.findsecbugs.injection.BasicInjectionDetector

addParsedInjectionPoint, getInjectionPoint, loadConfiguredSinks, loadConfiguredSinks, loadCustomSinks, loadCustomSinksConfigFiles, loadSink, registerVisitor

Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

analyzeLocation, report

Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector

analyzeMethod, shouldAnalyzeClass, visitClassContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

XssMvcApiDetector

public XssMvcApiDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Method Detail

getPriorityFromTaintFrame

protected int getPriorityFromTaintFrame(TaintFrame fact,
                                        int offset)
                                 throws edu.umd.cs.findbugs.ba.DataflowAnalysisException

Description copied from class: AbstractInjectionDetector

The default implementation of getPriorityFromTaintFrame() can be overridden if the detector must base its priority on multiple parameters or special conditions like constant values. By default, this method will call the getPriority() method with the parameter taint at the specified offset.

Overrides:

getPriorityFromTaintFrame in class AbstractInjectionDetector

Parameters:

fact - The TaintFrame for the inspected instruction call.

offset - The offset of the checked parameter.

Returns:

Priorities interface values from 1 to 5 (Enum-like interface)

Throws:

edu.umd.cs.findbugs.ba.DataflowAnalysisException - An exception thrown when the TaintFrame cannot be analyzed.

getPriority

protected int getPriority(Taint taint)

Description copied from class: AbstractInjectionDetector

The default implementation of getPriority() can be overridden if the severity and the confidence for risk is particular. By default, injection will be rated "High" if the complete link between source and sink is made. If it is not the case but concatenation with external source is made, "Medium" is used.

Overrides:

getPriority in class AbstractInjectionDetector

Parameters:

taint - Detail about the state of the value passed (Cumulative information leading to the variable passed).

Returns:

Priorities interface values from 1 to 5 (Enum-like interface)