Package com.h3xstream.findsecbugs.xss

Class XssJspDetector

  • All Implemented Interfaces:
    edu.umd.cs.findbugs.Detector, edu.umd.cs.findbugs.Priorities
    public class XssJspDetector
extends BasicInjectionDetector

    • Field Detail

      • JSP_PARENT_CLASSES

        protected static final String[] JSP_PARENT_CLASSES

    • Constructor Detail

      • XssJspDetector

        public XssJspDetector​(edu.umd.cs.findbugs.BugReporter bugReporter)

    • Method Detail

      • getPriority

        protected int getPriority​(Taint taint)
        Description copied from class: AbstractInjectionDetector
        The default implementation of getPriority() can be overridden if the severity and the confidence for risk is particular. By default, injection will be rated "High" if the complete link between source and sink is made. If it is not the case but concatenation with external source is made, "Medium" is used.
        Overrides:
        getPriority in class AbstractInjectionDetector
        Parameters:
        taint - Detail about the state of the value passed (Cumulative information leading to the variable passed).
        Returns:
        Priorities interface values from 1 to 5 (Enum-like interface)

      • shouldAnalyzeClass

        public boolean shouldAnalyzeClass​(edu.umd.cs.findbugs.ba.ClassContext classContext)
        Description copied from class: AbstractTaintDetector
        Allow any concrete implementation of taint detector to skip the analysis of certain files. The purpose can be for optimisation or to trigger bug in specific context. The default implementation returns true to all classes visited.
        Overrides:
        shouldAnalyzeClass in class AbstractTaintDetector
        Parameters:
        classContext - Information about the class that is about to be analyzed
        Returns:
        If the given class should be analyze.