Class TaintConfig
- java.lang.Object
-
- java.util.AbstractMap<K,V>
-
- java.util.HashMap<String,TaintMethodConfig>
-
- com.h3xstream.findsecbugs.taintanalysis.TaintConfig
-
- All Implemented Interfaces:
Serializable,Cloneable,Map<String,TaintMethodConfig>
public class TaintConfig extends HashMap<String,TaintMethodConfig>
Map of taint summaries for all known methods and classes This class extends HashMap:- The key is the method signature (ie : org/hibernate/Session.createQuery(Ljava/lang/String;)Lorg/hibernate/Query;)
- The value is the behavior of the method ("0" for param index 0 is tainted, "UNKNOWN" if the method does not become tainted base on the value, "TAINTED" if the result must be consider unsafe)
- Author:
- David Formanek (Y Soft Corporation, a.s.)
- See Also:
- Serialized Form
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class java.util.AbstractMap
AbstractMap.SimpleEntry<K extends Object,V extends Object>, AbstractMap.SimpleImmutableEntry<K extends Object,V extends Object>
-
-
Constructor Summary
Constructors Constructor Description TaintConfig()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voiddump(PrintStream output)Dumps all the summaries for debuggingTaint.StategetClassTaintState(String typeSignature, Taint.State defaultState)Taint.StategetFieldTaintState(String fieldSignature, Taint.State defaultState)TaintMethodConfiggetMethodConfig(TaintFrame frame, edu.umd.cs.findbugs.classfile.MethodDescriptor methodDescriptor, String className, String methodId)TaintgetStaticFieldTaint(String fieldSignature, Taint defaultValue)TaintMethodConfiggetSuperMethodConfig(String className, String methodId)TaintClassConfiggetTaintClassConfig(String typeSignature)booleanisClassImmutable(String typeSignature)booleanisClassTaintSafe(String typeSignature)voidload(InputStream input, boolean checkRewrite)Loads summaries from stream checking the formatvoidputStaticFieldTaint(String fieldSignature, Taint t)-
Methods inherited from class java.util.HashMap
clear, clone, compute, computeIfAbsent, computeIfPresent, containsKey, containsValue, entrySet, forEach, get, getOrDefault, isEmpty, keySet, merge, put, putAll, putIfAbsent, remove, remove, replace, replace, replaceAll, size, values
-
Methods inherited from class java.util.AbstractMap
equals, hashCode, toString
-
-
-
-
Method Detail
-
dump
public void dump(PrintStream output)
Dumps all the summaries for debugging- Parameters:
output- stream where to output the summaries
-
load
public void load(InputStream input, boolean checkRewrite) throws IOException
Loads summaries from stream checking the format- Parameters:
input- input stream of configured summariescheckRewrite- whether to check duplicit summaries- Throws:
IOException- if cannot read the stream or the format is badIllegalArgumentException- for bad method formatIllegalStateException- if there are duplicit configurations
-
isClassImmutable
public boolean isClassImmutable(String typeSignature)
-
isClassTaintSafe
public boolean isClassTaintSafe(String typeSignature)
-
getClassTaintState
public Taint.State getClassTaintState(String typeSignature, Taint.State defaultState)
-
getFieldTaintState
public Taint.State getFieldTaintState(String fieldSignature, Taint.State defaultState)
-
getTaintClassConfig
public TaintClassConfig getTaintClassConfig(String typeSignature)
-
getMethodConfig
public TaintMethodConfig getMethodConfig(TaintFrame frame, edu.umd.cs.findbugs.classfile.MethodDescriptor methodDescriptor, String className, String methodId)
-
getSuperMethodConfig
public TaintMethodConfig getSuperMethodConfig(String className, String methodId)
-
-