Package com.h3xstream.findsecbugs.taintanalysis

Class TaintFieldConfig

  • All Implemented Interfaces:
    TaintTypeConfig
    public class TaintFieldConfig
extends Object
implements TaintTypeConfig
    Summary of information about a class field related to taint analysis, allows to configure default behavior for class fields. Default configuration is mutable class with null taint state.
    Author:
    Tomas Polesovsky (Liferay, Inc.)

    • Field Detail

      • DEFAULT_TAINT_STATE

        public static final Taint.State DEFAULT_TAINT_STATE

    • Constructor Detail

      • TaintFieldConfig

        public TaintFieldConfig()

    • Method Detail

      • accepts

        public static boolean accepts​(String typeSignature,
                              String taintConfig)

      • load

        public TaintFieldConfig load​(String taintConfig)
                      throws IOException
        Loads class field summary from String

        The summary should have the following syntax:
        defaultTaintState #IMMUTABLE, where
        1. defaultTaintState means the Taint state for type casting and return types. Usually SAFE is used to specify classes that cannot contain injection escape characters
        2. #IMMUTABLE flags is used for classes that cannot be subject to taint state mutation during taint analysis
        3. at least one of two above are required
        Example:
        Ljava/lang/Boolean;:SAFE#IMMUTABLE
        • Here the summary is: SAFE#IMMUTABLE
        • When a object is casted to Boolean or Boolean is a method result type, the taint state will be always SAFE
        • When applying taint mutation to method arguments, Boolean arguments cannot change taint state
        • Practically, Booleans cannot transfer characters that could cause injections and thus are SAFE as return types and casts
        Example:
        Ljava/lang/String;:#IMMUTABLE
        • String is immutable class and therefore String method arguments cannot change taint state
        • Practically, String can carry injection sensitive characters but is always immutable
        Example:
        Ljava/util/concurrent/atomic/AtomicBoolean;:SAFE
        • AtomicBoolean value can be changed but cannot carry injection sensitive value
        Specified by:
        load in interface TaintTypeConfig
        Parameters:
        taintConfig - state#IMMUTABLE, where state is one of Taint.STATE or empty
        Returns:
        initialized object with taint class summary
        Throws:
        IOException - for bad format of parameter
        NullPointerException - if argument is null

      • setTypeSignature

        public void setTypeSignature​(String typeSignature)
        Set full class and method signature for the analyzed method
        Parameters:
        typeSignature - method signature

      • getTypeSignature

        public String getTypeSignature()
        Returns the analyzed method full signature
        Returns:
        signature of the method