java.lang.Object
- edu.umd.cs.findbugs.visitclass.BetterVisitor
- - edu.umd.cs.findbugs.visitclass.PreorderVisitor
  - - edu.umd.cs.findbugs.visitclass.AnnotationVisitor
    - - edu.umd.cs.findbugs.visitclass.DismantleBytecode
      - edu.umd.cs.findbugs.BytecodeScanningDetector
        
        edu.umd.cs.findbugs.bcel.OpcodeStackDetector
        
        com.h3xstream.findsecbugs.xml.TransformerFactoryDetector

All Implemented Interfaces:

edu.umd.cs.findbugs.Detector, edu.umd.cs.findbugs.Priorities, org.apache.bcel.classfile.Visitor
```
public class TransformerFactoryDetector
extends edu.umd.cs.findbugs.bcel.OpcodeStackDetector
```
Currently the detector look for a specific code sequence. If the value is not hardcoded or computed at runtime, it will be consider as possibly unsafe. Minimal effort was put in this detector to avoid giving a lot of resource for code section that usually all look the same. Do note that the "safe" state for the TransformerFactory doesn't prevent denial of service attack like the LoL Bomb.

- Nested Class Summary
  - Nested classes/interfaces inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector
    edu.umd.cs.findbugs.bcel.OpcodeStackDetector.WithCustomJumpInfo
- Field Summary
  - Fields inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector
    stack
  - Fields inherited from class edu.umd.cs.findbugs.visitclass.DismantleBytecode
    codeBytes, lineNumberTable, M_BR, M_CP, M_INT, M_PAD, M_R, M_UINT
  - Fields inherited from interface edu.umd.cs.findbugs.Priorities
    EXP_PRIORITY, HIGH_PRIORITY, IGNORE_PRIORITY, LOW_PRIORITY, NORMAL_PRIORITY
- Constructor Summary
  
  Constructors
  Constructor Description
  
  TransformerFactoryDetector(edu.umd.cs.findbugs.BugReporter bugReporter)
- Method Summary
  
  All Methods Instance Methods Concrete Methods
  Modifier and Type Method Description
  
  void sawOpcode(int seen)
  - Methods inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector
    afterOpcode, beforeOpcode, getStack, isUsingCustomUserValue, visitCode
  - Methods inherited from class edu.umd.cs.findbugs.BytecodeScanningDetector
    getClassContext, report, shouldVisitCode, visitClassContext
  - Methods inherited from class edu.umd.cs.findbugs.visitclass.DismantleBytecode
    areOppositeBranches, atCatchBlock, getBranchFallThrough, getBranchOffset, getBranchTarget, getClassConstantOperand, getClassDescriptorOperand, getCodeByte, getConstantRefOperand, getDefaultSwitchOffset, getDottedClassConstantOperand, getFieldDescriptorOperand, getIntConstant, getLongConstant, getMaxPC, getMethodDescriptorOperand, getNameConstantOperand, getNextCodeByte, getNextOpcode, getNextPC, getOpcode, getPC, getPrevOpcode, getRefConstantOperand, getRefFieldIsStatic, getRegisterOperand, getSigConstantOperand, getStringConstantOperand, getSwitchLabels, getSwitchOffsets, getXClassOperand, getXFieldOperand, getXMethodOperand, isBranch, isMethodCall, isRegisterLoad, isRegisterStore, isRegisterStore, isReturn, isShift, isSwitch, isWideOpcode, printOpCode, sawBranchTo, sawClass, sawDouble, sawField, sawFloat, sawIMethod, sawInt, sawLong, sawMethod, sawRegister, sawString, visit
  - Methods inherited from class edu.umd.cs.findbugs.visitclass.AnnotationVisitor
    getAnnotationParameterAsString, getAnnotationParameterAsStringArray, visitAnnotation, visitAnnotation, visitParameterAnnotation, visitParameterAnnotation, visitSyntheticParameterAnnotation
  - Methods inherited from class edu.umd.cs.findbugs.visitclass.PreorderVisitor
    amVisitingMainMethod, asUnsignedByte, doVisitMethod, getClassDescriptor, getClassName, getCode, getConstantPool, getDottedClassName, getDottedFieldSig, getDottedMethodSig, getDottedSuperclassName, getField, getFieldDescriptor, getFieldIsStatic, getFieldName, getFieldSig, getFullyQualifiedFieldName, getFullyQualifiedMethodName, getMethod, getMethodDescriptor, getMethodName, getMethodSig, getMethodVisitOrder, getNumberArguments, getNumberMethodArguments, getPackageName, getSizeOfSurroundingTryBlock, getSizeOfSurroundingTryBlock, getSourceFile, getStringFromIndex, getSuperclassName, getSurroundingCaughtExceptions, getSurroundingCaughtExceptions, getSurroundingTryBlock, getSurroundingTryBlock, getThisClass, getXClass, getXField, getXMethod, hasInterestingClass, hasInterestingMethod, isVisitMethodsInCallOrder, setupVisitorForClass, setVisitMethodsInCallOrder, shouldVisit, toString, visitAfter, visitAfter, visitAnnotationDefault, visitAnnotationEntry, visitBootstrapMethods, visitConstantInvokeDynamic, visitConstantMethodHandle, visitConstantMethodType, visitConstantModule, visitConstantPackage, visitConstantPool, visitEnclosingMethod, visitingField, visitingMethod, visitInnerClasses, visitJavaClass, visitLineNumberTable, visitLocalVariableTable, visitMethodParameters, visitParameterAnnotationEntry, visitStackMap, visitStackMapEntry
  - Methods inherited from class edu.umd.cs.findbugs.visitclass.BetterVisitor
    clone, report, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visitCodeException, visitConstantClass, visitConstantDouble, visitConstantFieldref, visitConstantFloat, visitConstantInteger, visitConstantInterfaceMethodref, visitConstantLong, visitConstantMethodref, visitConstantNameAndType, visitConstantString, visitConstantUtf8, visitConstantValue, visitDeprecated, visitExceptionTable, visitField, visitInnerClass, visitLineNumber, visitLocalVariable, visitLocalVariableTypeTable, visitMethod, visitSignature, visitSourceFile, visitSynthetic, visitUnknown
  - Methods inherited from class java.lang.Object
    equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
  - Methods inherited from interface org.apache.bcel.classfile.Visitor
    visitConstantDynamic, visitMethodParameter, visitModule, visitModuleExports, visitModuleMainClass, visitModuleOpens, visitModulePackages, visitModuleProvides, visitModuleRequires, visitNestHost, visitNestMembers

- Constructor Detail
  - TransformerFactoryDetector
```
public TransformerFactoryDetector(edu.umd.cs.findbugs.BugReporter bugReporter)
```
- Method Detail
  - sawOpcode
```
public void sawOpcode(int seen)
```
    Specified by:
    
    sawOpcode in class edu.umd.cs.findbugs.bcel.OpcodeStackDetector

Class TransformerFactoryDetector

Nested Class Summary

Nested classes/interfaces inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector

Field Summary

Fields inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector

Fields inherited from class edu.umd.cs.findbugs.visitclass.DismantleBytecode

Fields inherited from interface edu.umd.cs.findbugs.Priorities

Constructor Summary

Method Summary

Methods inherited from class edu.umd.cs.findbugs.bcel.OpcodeStackDetector

Methods inherited from class edu.umd.cs.findbugs.BytecodeScanningDetector

Methods inherited from class edu.umd.cs.findbugs.visitclass.DismantleBytecode

Methods inherited from class edu.umd.cs.findbugs.visitclass.AnnotationVisitor

Methods inherited from class edu.umd.cs.findbugs.visitclass.PreorderVisitor

Methods inherited from class edu.umd.cs.findbugs.visitclass.BetterVisitor

Methods inherited from class java.lang.Object

Methods inherited from interface org.apache.bcel.classfile.Visitor

Constructor Detail

TransformerFactoryDetector

Method Detail

sawOpcode