Index (OWASP Find Security Bugs Plugin 1.13.0 API)

A B C D E F G H I J K L M N O P Q R S T U V W X
All Classes All Packages

A

AbstractHardcodedPasswordEqualsDetector - Class in com.h3xstream.findsecbugs.password
AbstractHardcodedPasswordEqualsDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.AbstractHardcodedPasswordEqualsDetector
AbstractHardcodePasswordInMapDetector - Class in com.h3xstream.findsecbugs.password: Detect hard-code password in settings map (key value configurations constructed at runtime)
AbstractHardcodePasswordInMapDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.AbstractHardcodePasswordInMapDetector
AbstractInjectionDetector - Class in com.h3xstream.findsecbugs.injection: Detector designed for extension to detect injection vulnerabilities
AbstractInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
AbstractTaintDetector - Class in com.h3xstream.findsecbugs.injection: Detector designed for extension to allow usage of taint analysis
AbstractTaintDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
accepts(String, String) - Static method in class com.h3xstream.findsecbugs.taintanalysis.TaintClassConfig
accepts(String, String) - Static method in class com.h3xstream.findsecbugs.taintanalysis.TaintFieldConfig
accepts(String, String) - Static method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig
accepts(String, String) - Static method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfigWithArgumentsAndLocation
addAllSources(Set<UnknownSource>) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
addLine(SourceLineAnnotation) - Method in class com.h3xstream.findsecbugs.injection.InjectionSink: Adds a line with tainted source or path for reporting
addLines(Collection<TaintLocation>) - Method in class com.h3xstream.findsecbugs.injection.InjectionSink: Adds lines with tainted source or path for reporting
addLocation(TaintLocation, boolean) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Adds location for a taint source or path to remember for reporting
addMutableStackIndex(int) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Adds a stack index modified by method
addParsedInjectionPoint(String, InjectionPoint) - Method in class com.h3xstream.findsecbugs.injection.BasicInjectionDetector
addSink(String, int[], String, SinksLoader.InjectionPointReceiver) - Method in class com.h3xstream.findsecbugs.injection.SinksLoader
addSource(UnknownSource) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
addSources(Set<UnknownSource>) - Method in class com.h3xstream.findsecbugs.injection.InjectionSink
addTag(Taint.Tag) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Adds the specified taint tag to this fact or marks this tag to add if this fact acts like a derivation of taint transfer behaviour
analyseRegexString(String) - Method in class com.h3xstream.findsecbugs.RegexRedosAnalyzer
analyze(IAnalysisCache, MethodDescriptor) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine
analyzeInstruction(Instruction) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
analyzeLocation(ClassContext, Method, InstructionHandle, ConstantPoolGen, InvokeInstruction, TaintFrame, ClassMethodSignature) - Method in class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
analyzeLocation(ClassContext, Method, InstructionHandle, ConstantPoolGen, InvokeInstruction, TaintFrame, ClassMethodSignature) - Method in class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
analyzeMethod(ClassContext, Method) - Method in class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
AndroidSqlInjectionDetector - Class in com.h3xstream.findsecbugs.injection.sql
AndroidSqlInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.sql.AndroidSqlInjectionDetector
AnonymousLdapDetector - Class in com.h3xstream.findsecbugs.ldap
AnonymousLdapDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.ldap.AnonymousLdapDetector
APOSTROPHE_ENCODED - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
atClass(String...) - Method in class com.h3xstream.findsecbugs.common.matcher.InvokeMatcherBuilder
atMethod(String...) - Method in class com.h3xstream.findsecbugs.common.matcher.InvokeMatcherBuilder
AwsQueryInjectionDetector - Class in com.h3xstream.findsecbugs.injection.aws
AwsQueryInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.aws.AwsQueryInjectionDetector

B

BadHexadecimalConversionDetector - Class in com.h3xstream.findsecbugs.crypto
BadHexadecimalConversionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.BadHexadecimalConversionDetector
BasicInjectionDetector - Class in com.h3xstream.findsecbugs.injection: Detector designed for extension to detect basic injections with a list of full method names with specified injectable arguments as taint sinks
BasicInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.BasicInjectionDetector
BCELUtil - Class in com.h3xstream.findsecbugs
BCELUtil() - Constructor for class com.h3xstream.findsecbugs.BCELUtil
BeanInjectionDetector - Class in com.h3xstream.findsecbugs.injection.beans
BeanInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.beans.BeanInjectionDetector
BroadcastDetector - Class in com.h3xstream.findsecbugs.android
BroadcastDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.BroadcastDetector
bugReporter - Variable in class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
ByteCode - Class in com.h3xstream.findsecbugs.common
ByteCode() - Constructor for class com.h3xstream.findsecbugs.common.ByteCode

C

CipherDetector - Class in com.h3xstream.findsecbugs.crypto.cipher
CipherDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.cipher.CipherDetector
CipherWithNoIntegrityDetector - Class in com.h3xstream.findsecbugs.crypto: This detector mark cipher usage that doesn't provide integrity.
CipherWithNoIntegrityDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.CipherWithNoIntegrityDetector
ClassMethodSignature - Class in com.h3xstream.findsecbugs.injection
ClassMethodSignature(String, String, String) - Constructor for class com.h3xstream.findsecbugs.injection.ClassMethodSignature
clearParameters() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Clear method the parameters that could influence the taint state
com.h3xstream.findsecbugs - package com.h3xstream.findsecbugs
com.h3xstream.findsecbugs.android - package com.h3xstream.findsecbugs.android
com.h3xstream.findsecbugs.common - package com.h3xstream.findsecbugs.common
com.h3xstream.findsecbugs.common.matcher - package com.h3xstream.findsecbugs.common.matcher
com.h3xstream.findsecbugs.cookie - package com.h3xstream.findsecbugs.cookie
com.h3xstream.findsecbugs.crypto - package com.h3xstream.findsecbugs.crypto
com.h3xstream.findsecbugs.crypto.cipher - package com.h3xstream.findsecbugs.crypto.cipher
com.h3xstream.findsecbugs.csrf - package com.h3xstream.findsecbugs.csrf
com.h3xstream.findsecbugs.endpoint - package com.h3xstream.findsecbugs.endpoint
com.h3xstream.findsecbugs.file - package com.h3xstream.findsecbugs.file
com.h3xstream.findsecbugs.groovy - package com.h3xstream.findsecbugs.groovy
com.h3xstream.findsecbugs.injection - package com.h3xstream.findsecbugs.injection
com.h3xstream.findsecbugs.injection.aws - package com.h3xstream.findsecbugs.injection.aws
com.h3xstream.findsecbugs.injection.beans - package com.h3xstream.findsecbugs.injection.beans
com.h3xstream.findsecbugs.injection.command - package com.h3xstream.findsecbugs.injection.command
com.h3xstream.findsecbugs.injection.crlf - package com.h3xstream.findsecbugs.injection.crlf
com.h3xstream.findsecbugs.injection.custom - package com.h3xstream.findsecbugs.injection.custom
com.h3xstream.findsecbugs.injection.fileDisclosure - package com.h3xstream.findsecbugs.injection.fileDisclosure
com.h3xstream.findsecbugs.injection.formatter - package com.h3xstream.findsecbugs.injection.formatter
com.h3xstream.findsecbugs.injection.http - package com.h3xstream.findsecbugs.injection.http
com.h3xstream.findsecbugs.injection.ldap - package com.h3xstream.findsecbugs.injection.ldap
com.h3xstream.findsecbugs.injection.redirect - package com.h3xstream.findsecbugs.injection.redirect
com.h3xstream.findsecbugs.injection.script - package com.h3xstream.findsecbugs.injection.script
com.h3xstream.findsecbugs.injection.smtp - package com.h3xstream.findsecbugs.injection.smtp
com.h3xstream.findsecbugs.injection.sql - package com.h3xstream.findsecbugs.injection.sql
com.h3xstream.findsecbugs.injection.ssrf - package com.h3xstream.findsecbugs.injection.ssrf
com.h3xstream.findsecbugs.injection.trust - package com.h3xstream.findsecbugs.injection.trust: Trust Boundary Violation is fancy name to describe tainted value passed directly to session attribute.
com.h3xstream.findsecbugs.injection.xml - package com.h3xstream.findsecbugs.injection.xml
com.h3xstream.findsecbugs.jsp - package com.h3xstream.findsecbugs.jsp
com.h3xstream.findsecbugs.kotlin - package com.h3xstream.findsecbugs.kotlin
com.h3xstream.findsecbugs.ldap - package com.h3xstream.findsecbugs.ldap
com.h3xstream.findsecbugs.password - package com.h3xstream.findsecbugs.password
com.h3xstream.findsecbugs.saml - package com.h3xstream.findsecbugs.saml
com.h3xstream.findsecbugs.scala - package com.h3xstream.findsecbugs.scala
com.h3xstream.findsecbugs.serial - package com.h3xstream.findsecbugs.serial
com.h3xstream.findsecbugs.spring - package com.h3xstream.findsecbugs.spring
com.h3xstream.findsecbugs.taintanalysis - package com.h3xstream.findsecbugs.taintanalysis
com.h3xstream.findsecbugs.taintanalysis.data - package com.h3xstream.findsecbugs.taintanalysis.data
com.h3xstream.findsecbugs.taintanalysis.extra - package com.h3xstream.findsecbugs.taintanalysis.extra
com.h3xstream.findsecbugs.template - package com.h3xstream.findsecbugs.template
com.h3xstream.findsecbugs.wicket - package com.h3xstream.findsecbugs.wicket
com.h3xstream.findsecbugs.xml - package com.h3xstream.findsecbugs.xml
com.h3xstream.findsecbugs.xpath - package com.h3xstream.findsecbugs.xpath: This package focus on the identification of XPath injection vulnerability from various APIs: javax.xml (JDK API) org.apache.xpath org.apache.commons.jxpath (Apache Commons) TODO org.xmldb.api.modules (Apache Xindice) TODO
com.h3xstream.findsecbugs.xss - package com.h3xstream.findsecbugs.xss
COMMAND_INJECTION_SAFE - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
CommandInjectionDetector - Class in com.h3xstream.findsecbugs.injection.command: Detect the usage of Runtime and ProcessBuilder to execute system command.
CommandInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.command.CommandInjectionDetector
configPattern - Static variable in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig
ConstantPasswordDetector - Class in com.h3xstream.findsecbugs.password: General detector for hard coded passwords and cryptographic keys
ConstantPasswordDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.ConstantPasswordDetector
CONTENT_PROVIDER_TYPES - Static variable in class com.h3xstream.findsecbugs.injection.sql.AndroidSqlInjectionDetector
CookieFlagsDetector - Class in com.h3xstream.findsecbugs.cookie
CookieFlagsDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.cookie.CookieFlagsDetector
CookieReadDetector - Class in com.h3xstream.findsecbugs.cookie
CookieReadDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.cookie.CookieReadDetector
CorsRegistryCORSDetector - Class in com.h3xstream.findsecbugs.spring
CorsRegistryCORSDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.spring.CorsRegistryCORSDetector
CR_ENCODED - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
createFact() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis
CREDIT_CARD_VARIABLE - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
CrlfLogInjectionDetector - Class in com.h3xstream.findsecbugs.injection.crlf: Detects logging of tainted values - CRLF injection (or Improper Output Neutralization for Logs)
CrlfLogInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.crlf.CrlfLogInjectionDetector
CUSTOM_INJECTION_SAFE - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
CustomInjectionDetector - Class in com.h3xstream.findsecbugs.injection.custom
CustomInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.custom.CustomInjectionDetector
CustomMessageDigestDetector - Class in com.h3xstream.findsecbugs.crypto: Implementing a custom solution for message digest should not promote.
CustomMessageDigestDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.CustomMessageDigestDetector

D

DangerousPermissionCombination - Class in com.h3xstream.findsecbugs
DangerousPermissionCombination(BugReporter) - Constructor for class com.h3xstream.findsecbugs.DangerousPermissionCombination
DEFAULT_TAINT_STATE - Static variable in class com.h3xstream.findsecbugs.taintanalysis.TaintClassConfig
DEFAULT_TAINT_STATE - Static variable in class com.h3xstream.findsecbugs.taintanalysis.TaintFieldConfig
DeserializationGadgetDetector - Class in com.h3xstream.findsecbugs.serial
DeserializationGadgetDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.serial.DeserializationGadgetDetector
DesUsageDetector - Class in com.h3xstream.findsecbugs.crypto.cipher: Cipher identify DES/CBC/NoPadding (56 bit) DES/CBC/PKCS5Padding (56 bit) DES/ECB/NoPadding (56 bit) DES/ECB/PKCS5Padding (56 bit) Ref: Partial list of ciphers
DesUsageDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.cipher.DesUsageDetector
dump(PrintStream) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig: Dumps all the summaries for debugging

E

EnabledExtensionsInApacheXmlRpcDetector - Class in com.h3xstream.findsecbugs.xml
EnabledExtensionsInApacheXmlRpcDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xml.EnabledExtensionsInApacheXmlRpcDetector
EngineRegistrar - Class in com.h3xstream.findsecbugs.taintanalysis: Registers taint analysis (dataflow engine) with analysis cache
EngineRegistrar() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.EngineRegistrar
equals(Object) - Method in class com.h3xstream.findsecbugs.injection.ClassMethodSignature
equals(Object) - Method in class com.h3xstream.findsecbugs.injection.InjectionSink
equals(Object) - Method in class com.h3xstream.findsecbugs.injection.MethodAndSink
equals(Object) - Method in class com.h3xstream.findsecbugs.taintanalysis.data.TaintLocation
equals(Object) - Method in class com.h3xstream.findsecbugs.taintanalysis.data.UnknownSource
equals(Object) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
ErrorMessageExposureDetector - Class in com.h3xstream.findsecbugs.crypto: Printing error messages to standard output may expose security-sensitive information, and such an exposure of unencrypted information would be vulnerable as reported by CWE-209 (https://cwe.mitre.org/data/deffinitions/209.html).
ErrorMessageExposureDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.ErrorMessageExposureDetector
EsapiEncryptorDetector - Class in com.h3xstream.findsecbugs.crypto: This detector identify the usage of ESAPI cryptography components.
EsapiEncryptorDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.EsapiEncryptorDetector
ExternalConfigurationControlDetector - Class in com.h3xstream.findsecbugs: Detects External Control of System or Configuration Setting weakness using setCatalog method of java.sql.Connection
ExternalConfigurationControlDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.ExternalConfigurationControlDetector
ExternalFileAccessDetector - Class in com.h3xstream.findsecbugs.android
ExternalFileAccessDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.ExternalFileAccessDetector

F

FIELD - com.h3xstream.findsecbugs.taintanalysis.data.UnknownSourceType: Define unknown value where the value is coming from a field.
FileDisclosureDetector - Class in com.h3xstream.findsecbugs.injection.fileDisclosure
FileDisclosureDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.fileDisclosure.FileDisclosureDetector
FileUploadFilenameDetector - Class in com.h3xstream.findsecbugs.file: The filename given in FileUpload API is directly taken from the HTTP request.
FileUploadFilenameDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.file.FileUploadFilenameDetector
FindSecBugsGlobalConfig - Class in com.h3xstream.findsecbugs: This class contains some flag that can be used to create global configuration.
FindSecBugsGlobalConfig() - Constructor for class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
finishAnalysis() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis: This method must be called after executing the data flow
finishAnalysis() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor: This method must be called from outside at the end of the method analysis
FormatStringManipulationDetector - Class in com.h3xstream.findsecbugs.injection.formatter
FormatStringManipulationDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.formatter.FormatStringManipulationDetector
FreemarkerDetector - Class in com.h3xstream.findsecbugs.template: Equivalent to Velocity template detector.
FreemarkerDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.template.FreemarkerDetector
from(String) - Static method in class com.h3xstream.findsecbugs.injection.ClassMethodSignature
fullMethodPattern - Static variable in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig

G

generateBugInstance(boolean) - Method in class com.h3xstream.findsecbugs.injection.InjectionSink: Uses immutable values, updated priority and added lines for reporting
GeolocationDetector - Class in com.h3xstream.findsecbugs.android
GeolocationDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.GeolocationDetector
getAllLocations() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
getArgumentsClasses() - Method in class com.h3xstream.findsecbugs.spring.SignatureParserWithGeneric
getBugType() - Method in class com.h3xstream.findsecbugs.injection.InjectionPoint
getClassMethodSignature() - Method in class com.h3xstream.findsecbugs.injection.MethodAndSink
getClassName() - Method in class com.h3xstream.findsecbugs.injection.ClassMethodSignature
getClassTaintState(String, Taint.State) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig
getConstantInt(InstructionHandle) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Extract the integer value from the Instruction ICONST.
getConstantLDC(InstructionHandle, ConstantPoolGen, Class<T>) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Get the constant value of the given instruction.
getConstantOrPotentialValue() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
getConstantValue() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Returns the constant value of the string or char if known
getContanstBooleanAsString(LinkedList<Instruction>, ConstantPoolGen) - Static method in class com.h3xstream.findsecbugs.common.JspUtils
getCustomConfigFile() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
getCustomSinksConfigFile(String) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig: This getter will load sink injections.
getDebugInfo() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Gets the info for debugging merged from all used facts
getDefaultConstructorConfig(int) - Static method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Constructs a default constructor summary (modifies 2 stack items with UNKNOWN taint state)
getDefaultValue() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
getFieldTaintState(String, Taint.State) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig
getFindSecBugsVersion() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig: Getters and setters only
getInjectableArguments() - Method in class com.h3xstream.findsecbugs.injection.InjectionPoint
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in interface com.h3xstream.findsecbugs.injection.InjectionSource: The implementation should identify method that are susceptible to injection and return parameters index that can injected.
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.redirect.RedirectionSource
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.crypto.cipher.CipherDetector: Hook Cipher.getInstance(), KeyGenerator.getInstance()
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.file.SuspiciousCommandDetector
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.BasicInjectionDetector
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.LegacyInjectionDetector
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.kotlin.KotlinHardcodedPasswordEqualsDetector
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.kotlin.KotlinHardcodePasswordInMapDetector
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.password.HardcodedPasswordEqualsDetector
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.password.HardcodePasswordInMapDetector
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.password.HashUnsafeEqualsDetector
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.password.IntuitiveHardcodePasswordDetector
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.password.JschPasswordDetector
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.PermissiveCORSDetector
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.LegacyInjectionDetector
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.redirect.UnvalidatedRedirectDetector
getInstance() - Static method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
getLocalVariable(MethodGen, int) - Static method in class com.h3xstream.findsecbugs.common.StackUtils
getLocation() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfigWithArgumentsAndLocation
getMethodConfig(TaintFrame, MethodDescriptor, String, String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig
getMethodDescriptor() - Method in class com.h3xstream.findsecbugs.taintanalysis.data.TaintLocation: Returns the method of this location
getMethodName() - Method in class com.h3xstream.findsecbugs.injection.ClassMethodSignature
getMutableStackIndices() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Returns all stack indices modified by method if there are any
getNonParametricState() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Gets the state influencing the state of this fact if dependant on method arguments, final state is given by merge of that state and arguments
getNumArgumentsIncludingObjectInstance(InvokeInstruction, ConstantPoolGen) - Static method in class com.h3xstream.findsecbugs.BCELUtil
getOutputTaint() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Returns the output taint of the method describing the taint transfer
getParameterIndex() - Method in class com.h3xstream.findsecbugs.taintanalysis.data.UnknownSource
getParameters() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Returns the method arguments influencing the taint state of this fact
getParametersOutputTaints() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Returns computed output taints for method parameters for back-propagation.

Please note the stackIndex is in reverse order compared to the method parameters (and frame local variables), i.e.
getParentClassNames(JavaClass) - Static method in class com.h3xstream.findsecbugs.BCELUtil
getPosition() - Method in class com.h3xstream.findsecbugs.taintanalysis.data.TaintLocation: Returns the position in the method of this location
getPotentialValue() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Returns the constant value that will be set under a specific condition
getPrevInstruction(InstructionHandle, Class<T>) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Get the previous instruction matching the given type of instruction (second parameter)
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.file.PathTraversalDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.HttpResponseSplittingDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector: The default implementation of getPriority() can be overridden if the severity and the confidence for risk is particular.
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.command.CommandInjectionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.crlf.CrlfLogInjectionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.formatter.FormatStringManipulationDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.http.HttpParameterPollutionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.ldap.LdapInjectionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.redirect.UnvalidatedRedirectDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.smtp.SmtpHeaderInjectionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.sql.AndroidSqlInjectionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.sql.SqlInjectionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.trust.TrustBoundaryViolationAttributeDetector: All or nothing : If the taint to sink path is found, it is mark as high If the source is not confirm, it is mark as low.
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.trust.TrustBoundaryViolationValueDetector: = All or nothing : If the taint to sink path is found, it is mark as high If the source is not confirm, it is mark as low.
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.scala.ScalaSensitiveDataExposureDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.scala.XssMvcApiDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.scala.XssTwirlDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.xpath.XPathInjectionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.xss.XssJspDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.xss.XssServletDetector
getPriorityFromTaintFrame(TaintFrame, int) - Method in class com.h3xstream.findsecbugs.crypto.cipher.CipherDetector
getPriorityFromTaintFrame(TaintFrame, int) - Method in class com.h3xstream.findsecbugs.file.SuspiciousCommandDetector
getPriorityFromTaintFrame(TaintFrame, int) - Method in class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector: The default implementation of getPriorityFromTaintFrame() can be overridden if the detector must base its priority on multiple parameters or special conditions like constant values.
getPriorityFromTaintFrame(TaintFrame, int) - Method in class com.h3xstream.findsecbugs.injection.xml.XmlInjectionDetector
getPriorityFromTaintFrame(TaintFrame, int) - Method in class com.h3xstream.findsecbugs.password.AbstractHardcodedPasswordEqualsDetector
getPriorityFromTaintFrame(TaintFrame, int) - Method in class com.h3xstream.findsecbugs.password.AbstractHardcodePasswordInMapDetector
getPriorityFromTaintFrame(TaintFrame, int) - Method in class com.h3xstream.findsecbugs.password.HashUnsafeEqualsDetector
getPriorityFromTaintFrame(TaintFrame, int) - Method in class com.h3xstream.findsecbugs.password.IntuitiveHardcodePasswordDetector
getPriorityFromTaintFrame(TaintFrame, int) - Method in class com.h3xstream.findsecbugs.password.JschPasswordDetector
getPriorityFromTaintFrame(TaintFrame, int) - Method in class com.h3xstream.findsecbugs.PermissiveCORSDetector
getPriorityFromTaintFrame(TaintFrame, int) - Method in class com.h3xstream.findsecbugs.scala.XssMvcApiDetector
getPushNumber(InstructionHandle) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Extract the number from a push operation (BIPUSH/SIPUSH).
getRealInstanceClass() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Finds out the real type of instance matching this fact if possible
getRealInstanceClassName() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Finds out the real class name of instance matching this fact if possible
getReturnClasses() - Method in class com.h3xstream.findsecbugs.spring.SignatureParserWithGeneric
getSignature() - Method in class com.h3xstream.findsecbugs.injection.ClassMethodSignature
getSignatureField() - Method in class com.h3xstream.findsecbugs.taintanalysis.data.UnknownSource
getSignatureMethod() - Method in class com.h3xstream.findsecbugs.taintanalysis.data.UnknownSource
getSink() - Method in class com.h3xstream.findsecbugs.injection.MethodAndSink
getSlashedClassName(JavaClass) - Static method in class com.h3xstream.findsecbugs.BCELUtil
getSlashedClassName(ConstantPoolGen, FieldOrMethod) - Static method in class com.h3xstream.findsecbugs.BCELUtil
getSources() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
getSourceType() - Method in class com.h3xstream.findsecbugs.taintanalysis.data.UnknownSource
getState() - Method in class com.h3xstream.findsecbugs.taintanalysis.data.UnknownSource: Auto-generate getter and setter with the template Builder
getState() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Returns the taint state of this fact
getStaticFieldTaint(String, Taint) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig
getStringArray(OpcodeStack.Item) - Method in class com.h3xstream.findsecbugs.spring.CorsRegistryCORSDetector
getStringFromIdx(int) - Method in class com.h3xstream.findsecbugs.spring.CorsRegistryCORSDetector
getSuperMethodConfig(String, String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig
getTags() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Returns all present taint tags for this fact
getTagsToRemove() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Returns tags to remove (if this fact acts like a taint derivation spec.)
getTaintClassConfig(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig
getTaintedLocations() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Returns locations with taint sources or nodes on path from those sources, if there are some locations confirmed to be tainted, only those are returned
getTaintState() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintClassConfig
getTaintState() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFieldConfig
getTaintState(Taint.State) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintClassConfig
getTaintState(Taint.State) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFieldConfig
getTypeSignature() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintClassConfig: Returns the analyzed method full signature
getTypeSignature() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFieldConfig: Returns the analyzed method full signature
getTypeSignature() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Returns the analyzed method full signature
getUnknownLocations() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
getVariableIndex() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: If known (check first), returns the index of the local variable, where the value matching this fact is stored
GoogleApiKeyDetector - Class in com.h3xstream.findsecbugs.password: GoogleApi provide code sample to sign URL using provided API key.
GoogleApiKeyDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.GoogleApiKeyDetector
GroovyShellDetector - Class in com.h3xstream.findsecbugs.groovy
GroovyShellDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.groovy.GroovyShellDetector

H

handleLoadInstruction(LoadInstruction) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
handleStoreInstruction(StoreInstruction) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
HardcodedPasswordEqualsDetector - Class in com.h3xstream.findsecbugs.password: Detect:
HardcodedPasswordEqualsDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.HardcodedPasswordEqualsDetector
HardcodePasswordInMapDetector - Class in com.h3xstream.findsecbugs.password: Detect hard-code password in settings map (key value configurations constructed at runtime)
HardcodePasswordInMapDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.HardcodePasswordInMapDetector
HASH_VARIABLE - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
hashCode() - Method in class com.h3xstream.findsecbugs.injection.ClassMethodSignature
hashCode() - Method in class com.h3xstream.findsecbugs.injection.InjectionSink
hashCode() - Method in class com.h3xstream.findsecbugs.injection.MethodAndSink
hashCode() - Method in class com.h3xstream.findsecbugs.taintanalysis.data.TaintLocation
hashCode() - Method in class com.h3xstream.findsecbugs.taintanalysis.data.UnknownSource
hashCode() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
HashUnsafeEqualsDetector - Class in com.h3xstream.findsecbugs.password: Detect hash value that are compare with the equals method.
HashUnsafeEqualsDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.HashUnsafeEqualsDetector
hasMutableStackIndices() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Checks if there are any indices modified by method
hasOneTag(Taint.Tag...) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks whether one of the specified taint tag is present for this fact
hasParameters() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks if the taint state of this fact depends on the method arguments
hasTag(Taint.Tag) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks whether the specified taint tag is present for this fact
hasTags() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks if there are any taint tags for this fact
hasValidVariableIndex() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks if the index of the local variable matching this fact is known
HazelcastSymmetricEncryptionDetector - Class in com.h3xstream.findsecbugs.crypto: http://code.google.com/p/hazelcast/wiki/Encryption
HazelcastSymmetricEncryptionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.HazelcastSymmetricEncryptionDetector
HTTP_POLLUTION_SAFE - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
HttpParameterPollutionDetector - Class in com.h3xstream.findsecbugs.injection.http
HttpParameterPollutionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.http.HttpParameterPollutionDetector
HttpResponseSplittingDetector - Class in com.h3xstream.findsecbugs: Detects HTTP Response splitting weakness
HttpResponseSplittingDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.HttpResponseSplittingDetector

I

ImproperHandlingUnicodeDetector - Class in com.h3xstream.findsecbugs
ImproperHandlingUnicodeDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.ImproperHandlingUnicodeDetector
initEntryFact(TaintFrame) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis: Initialize the initial state of a TaintFrame.
InjectionPoint - Class in com.h3xstream.findsecbugs.injection
InjectionPoint(int[], String) - Constructor for class com.h3xstream.findsecbugs.injection.InjectionPoint
InjectionSink - Class in com.h3xstream.findsecbugs.injection: Used to represent location of a taint sink
InjectionSink(Detector, String, int, ClassContext, Method, InstructionHandle, String, int) - Constructor for class com.h3xstream.findsecbugs.injection.InjectionSink: Constructs the instance and stores immutable values for reporting
injectionSinks - Variable in class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
InjectionSource - Interface in com.h3xstream.findsecbugs.injection
InsecureSmtpSslDetector - Class in com.h3xstream.findsecbugs.crypto
InsecureSmtpSslDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.InsecureSmtpSslDetector
InstructionDSL - Class in com.h3xstream.findsecbugs.common.matcher
InstructionDSL() - Constructor for class com.h3xstream.findsecbugs.common.matcher.InstructionDSL
InsufficientKeySizeBlowfishDetector - Class in com.h3xstream.findsecbugs.crypto
InsufficientKeySizeBlowfishDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeBlowfishDetector
InsufficientKeySizeRsaDetector - Class in com.h3xstream.findsecbugs.crypto: Similar to the blowfish key size detector
InsufficientKeySizeRsaDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeRsaDetector
InterfaceUtils - Class in com.h3xstream.findsecbugs.common
InterfaceUtils() - Constructor for class com.h3xstream.findsecbugs.common.InterfaceUtils
IntuitiveHardcodePasswordDetector - Class in com.h3xstream.findsecbugs.password: This detector will find what look like password hardcode on unknown API.
IntuitiveHardcodePasswordDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.IntuitiveHardcodePasswordDetector
INVALID - com.h3xstream.findsecbugs.taintanalysis.Taint.State
InvalidStateException - Exception in com.h3xstream.findsecbugs.taintanalysis
InvalidStateException(String) - Constructor for exception com.h3xstream.findsecbugs.taintanalysis.InvalidStateException
INVOKEDYNAMIC_GENERIC_CLASSNAME - Static variable in class com.h3xstream.findsecbugs.BCELUtil
invokeInstruction() - Static method in class com.h3xstream.findsecbugs.common.matcher.InstructionDSL
InvokeMatcherBuilder - Class in com.h3xstream.findsecbugs.common.matcher
InvokeMatcherBuilder() - Constructor for class com.h3xstream.findsecbugs.common.matcher.InvokeMatcherBuilder
isClassImmutable(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig
isClassTaintSafe(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig
isConfigured() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Checks if the summary is configured or derived
isConstantInteger(OpcodeStack.Item) - Static method in class com.h3xstream.findsecbugs.common.StackUtils
isConstantString(OpcodeStack.Item) - Static method in class com.h3xstream.findsecbugs.common.StackUtils
isConstantValue(Taint) - Static method in class com.h3xstream.findsecbugs.common.TaintUtil
isConstantValueAndNotEmpty(Taint) - Static method in class com.h3xstream.findsecbugs.common.TaintUtil
isDebugOutputTaintConfigs() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
isDebugPrintInstructionVisited() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
isDebugPrintInvocationVisited() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
isDebugTaintState() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
isImmutable() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintClassConfig
isInformative() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks if there is any valuable information derived by the taint analysis.
isInformative() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Checks if the summary needs to be saved or has no information value
isParametersOutputTaintsProcessed() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig
isRemovingTags() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks if there are some tags to remove (if this fact acts like a taint derivation spec.)
isReportPotentialXssWrongContext() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
isSafe() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks whether values matching this fact are always trusted
isSubtype(String, String...) - Static method in class com.h3xstream.findsecbugs.common.InterfaceUtils: Test if the given class is a subtype of ONE of the super classes given.
isSubtype(JavaClass, String...) - Static method in class com.h3xstream.findsecbugs.common.InterfaceUtils: Test if the given class is a subtype of ONE of the super classes given.
isTainted() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks whether values matching this fact are probably untrusted
isTaintedMainArgument() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
isTaintedSystemVariables() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
isUnknown() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks whether values matching this fact can be untrusted but also safe
isVariableString(OpcodeStack.Item) - Static method in class com.h3xstream.findsecbugs.common.StackUtils
isVerboseLocationReport() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
isVulnerable() - Method in class com.h3xstream.findsecbugs.RegexRedosAnalyzer
isWorkaroundVisitInvokeDynamic() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig

J

JaxRsEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: JAX-RS (JSR311) defines an api for REST service.
JaxRsEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.JaxRsEndpointDetector
JaxWsEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: JAX-RS (JSR224) defines an api for Web service.
JaxWsEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.JaxWsEndpointDetector
JschPasswordDetector - Class in com.h3xstream.findsecbugs.password: Finds hardcoded passwords with the Jsch library (SSH client)
JschPasswordDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.JschPasswordDetector
JSP_PARENT_CLASSES - Static variable in class com.h3xstream.findsecbugs.xss.XssJspDetector
JspIncludeDetector - Class in com.h3xstream.findsecbugs.jsp
JspIncludeDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.jsp.JspIncludeDetector
JspSpringEvalDetector - Class in com.h3xstream.findsecbugs.jsp
JspSpringEvalDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.jsp.JspSpringEvalDetector
JspUtils - Class in com.h3xstream.findsecbugs.common
JspUtils() - Constructor for class com.h3xstream.findsecbugs.common.JspUtils
JstlExpressionWhiteLister - Class in com.h3xstream.findsecbugs.taintanalysis.extra: This detector will set the return value of PageContextImpl.proprietaryEvaluate as safe for XSS is some very specific case.
JstlExpressionWhiteLister(BugReporter) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.extra.JstlExpressionWhiteLister
JstlOutDetector - Class in com.h3xstream.findsecbugs.jsp
JstlOutDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.jsp.JstlOutDetector

K

KotlinHardcodedPasswordEqualsDetector - Class in com.h3xstream.findsecbugs.kotlin: Detect:
KotlinHardcodedPasswordEqualsDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.kotlin.KotlinHardcodedPasswordEqualsDetector
KotlinHardcodePasswordInMapDetector - Class in com.h3xstream.findsecbugs.kotlin: Detect hard-code password in settings map (key value configurations constructed at runtime)
KotlinHardcodePasswordInMapDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.kotlin.KotlinHardcodePasswordInMapDetector

L

LDAP_INJECTION_SAFE - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
LdapEntryPoisoningDetector - Class in com.h3xstream.findsecbugs.ldap: LDAP Entry Poisoning For more information: https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf
LdapEntryPoisoningDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.ldap.LdapEntryPoisoningDetector
LdapInjectionDetector - Class in com.h3xstream.findsecbugs.injection.ldap
LdapInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.ldap.LdapInjectionDetector
LegacyInjectionDetector - Class in com.h3xstream.findsecbugs.injection: Detector designed for extension to detect injection vulnerabilities using the original mechanism with InjectionSource class
LegacyInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.LegacyInjectionDetector
LF_ENCODED - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
load(InputStream, boolean) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig: Loads summaries from stream checking the format
load(InputStream, TaintConfigLoader.TaintConfigReceiver) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfigLoader: Loads the summaries and do what is specified
load(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintClassConfig: Loads class summary from String

The summary should have the following syntax:
defaultTaintState #IMMUTABLE, where defaultTaintState means the Taint state for type casting and return types.
load(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFieldConfig: Loads class field summary from String

The summary should have the following syntax:
defaultTaintState #IMMUTABLE, where defaultTaintState means the Taint state for type casting and return types.
load(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Loads method summary from String.
load(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfigWithArgumentsAndLocation: Loads method config from String, the method config contains a current class as the context

The method accepts syntax similar to TaintMethodConfig.load(String) with small difference.
The summary must ends with '@' character followed by class name
load(String) - Method in interface com.h3xstream.findsecbugs.taintanalysis.TaintTypeConfig: Initializes the taint config object from String
loadConfiguredSinks(InputStream, String) - Method in class com.h3xstream.findsecbugs.injection.BasicInjectionDetector
loadConfiguredSinks(String, String) - Method in class com.h3xstream.findsecbugs.injection.BasicInjectionDetector: Loads taint sinks from configuration
loadConfiguredSinks(String, String, SinksLoader.InjectionPointReceiver) - Method in class com.h3xstream.findsecbugs.injection.SinksLoader
loadCustomSinks(String, String) - Method in class com.h3xstream.findsecbugs.injection.BasicInjectionDetector: Loads taint sinks configuration file from file system.
loadCustomSinksConfigFiles() - Method in class com.h3xstream.findsecbugs.injection.BasicInjectionDetector: Loads taint sinks from custom file.
loadFromSystem(String, String) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
loadSink(String, String) - Method in class com.h3xstream.findsecbugs.injection.BasicInjectionDetector: Loads a single taint sink (like a line of configuration)
loadSink(String, String, SinksLoader.InjectionPointReceiver) - Method in class com.h3xstream.findsecbugs.injection.SinksLoader
loadSinks(InputStream, String, SinksLoader.InjectionPointReceiver) - Method in class com.h3xstream.findsecbugs.injection.SinksLoader
LT_ENCODED - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag

M

matches(OpcodeStackDetector) - Method in class com.h3xstream.findsecbugs.common.matcher.InvokeMatcherBuilder
matches(Instruction, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.common.matcher.InvokeMatcherBuilder
meetInto(TaintFrame, Edge, TaintFrame) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis
merge(Taint.State, Taint.State) - Static method in enum com.h3xstream.findsecbugs.taintanalysis.Taint.State: Returns the "more dangerous" state (TAINTED > UNKNOWN > SAFE > NULL > INVALID) as a merge of two states
merge(Taint, Taint) - Static method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Returns the merge of the facts such that it can represent any of them
mergeValues(TaintFrame, TaintFrame, int) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis
MethodAndSink - Class in com.h3xstream.findsecbugs.injection: ClassMethodSignature and InjectionSink tuple
MethodAndSink(ClassMethodSignature, InjectionSink) - Constructor for class com.h3xstream.findsecbugs.injection.MethodAndSink
ModificationAfterValidationDetector - Class in com.h3xstream.findsecbugs
ModificationAfterValidationDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.ModificationAfterValidationDetector

N

NONE - Static variable in class com.h3xstream.findsecbugs.injection.InjectionPoint: This instance is use to represent "null" as no injection point.
NormalizationAfterValidationDetector - Class in com.h3xstream.findsecbugs
NormalizationAfterValidationDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.NormalizationAfterValidationDetector
NULL - com.h3xstream.findsecbugs.taintanalysis.Taint.State
NullCipherDetector - Class in com.h3xstream.findsecbugs.crypto
NullCipherDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.NullCipherDetector

O

ObjectDeserializationDetector - Class in com.h3xstream.findsecbugs.serial: Detect Java object deserialization
ObjectDeserializationDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.serial.ObjectDeserializationDetector
OgnlInjectionDetector - Class in com.h3xstream.findsecbugs.injection.script
OgnlInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.script.OgnlInjectionDetector
OVERLY_PERMISSIVE_FILE_PERMISSION - Static variable in class com.h3xstream.findsecbugs.file.OverlyPermissiveFilePermissionDetector
OverlyPermissiveFilePermissionDetector - Class in com.h3xstream.findsecbugs.file
OverlyPermissiveFilePermissionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.file.OverlyPermissiveFilePermissionDetector

P

PARAMETER - com.h3xstream.findsecbugs.taintanalysis.data.UnknownSourceType: Define unknown value where the value is coming from a function parameter.
PASSWORD_VARIABLE - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
PASSWORD_WORDS - Static variable in class com.h3xstream.findsecbugs.password.IntuitiveHardcodePasswordDetector: Passwords in various language http://www.indifferentlanguages.com/words/password The keyword is also used to detect variable name that are likely to be password (reused in AbstractHardcodedPassword).
PATH_TRAVERSAL_SAFE - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
PathTraversalDetector - Class in com.h3xstream.findsecbugs.file
PathTraversalDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.file.PathTraversalDetector
PebbleDetector - Class in com.h3xstream.findsecbugs.template
PebbleDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.template.PebbleDetector
PermissiveCORSDetector - Class in com.h3xstream.findsecbugs
PermissiveCORSDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.PermissiveCORSDetector
PersistentCookieDetector - Class in com.h3xstream.findsecbugs.cookie
PersistentCookieDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.cookie.PersistentCookieDetector
PlayUnvalidatedRedirectDetector - Class in com.h3xstream.findsecbugs.scala
PlayUnvalidatedRedirectDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.scala.PlayUnvalidatedRedirectDetector
PotentialValueTracker - Class in com.h3xstream.findsecbugs.taintanalysis.extra: This class detect potential default value and set it to the Taint instance.
PotentialValueTracker(BugReporter) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.extra.PotentialValueTracker
PredictableRandomDetector - Class in com.h3xstream.findsecbugs
PredictableRandomDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.PredictableRandomDetector
printOpCode(Instruction, ConstantPoolGen) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Print the the detail of the given instruction (class, method, etc.)
putStaticFieldTaint(String, Taint) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig

Q

QUOTE_ENCODED - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag

R

receiveInjectionPoint(String, InjectionPoint) - Method in interface com.h3xstream.findsecbugs.injection.SinksLoader.InjectionPointReceiver
receiveTaintConfig(String, String) - Method in interface com.h3xstream.findsecbugs.taintanalysis.TaintConfigLoader.TaintConfigReceiver
REDIRECT_SAFE - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
RedirectionSource - Class in com.h3xstream.findsecbugs.injection.redirect
RedirectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.redirect.RedirectionSource
RedosAnnotationDetector - Class in com.h3xstream.findsecbugs: Detect REDOS in validation annotation.
RedosAnnotationDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.RedosAnnotationDetector
ReDosDetector - Class in com.h3xstream.findsecbugs: This detector does minimal effort to find potential REDOS.
ReDosDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.ReDosDetector
RegexRedosAnalyzer - Class in com.h3xstream.findsecbugs
RegexRedosAnalyzer() - Constructor for class com.h3xstream.findsecbugs.RegexRedosAnalyzer
registerAdditionalVisitor(TaintFrameAdditionalVisitor) - Static method in class com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine
registerAnalysisEngines(IAnalysisCache) - Method in class com.h3xstream.findsecbugs.taintanalysis.EngineRegistrar
registerVisitor(TaintFrameAdditionalVisitor) - Method in class com.h3xstream.findsecbugs.injection.BasicInjectionDetector
registerWith(IAnalysisCache) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine
removeTag(Taint.Tag) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Removes the specified tag (if present) or marks this tag to remove if this fact acts like a derivation of taint transfer behaviour
report() - Method in class com.h3xstream.findsecbugs.android.GeolocationDetector
report() - Method in class com.h3xstream.findsecbugs.cookie.CookieFlagsDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.BadHexadecimalConversionDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.CustomMessageDigestDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.InsecureSmtpSslDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeBlowfishDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeRsaDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.StaticIvDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.WeakTrustManagerDetector
report() - Method in class com.h3xstream.findsecbugs.csrf.SpringCsrfUnrestrictedRequestMappingDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.JaxRsEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.JaxWsEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.SpringMvcEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.Struts2EndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.TapestryEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.WicketEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.file.OverlyPermissiveFilePermissionDetector
report() - Method in class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector: Once the analysis is completed, all the collected sinks are reported as bugs.
report() - Method in class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
report() - Method in class com.h3xstream.findsecbugs.jsp.JstlOutDetector
report() - Method in class com.h3xstream.findsecbugs.jsp.XslTransformJspDetector
report() - Method in class com.h3xstream.findsecbugs.ldap.AnonymousLdapDetector
report() - Method in class com.h3xstream.findsecbugs.password.GoogleApiKeyDetector
report() - Method in class com.h3xstream.findsecbugs.RedosAnnotationDetector
report() - Method in class com.h3xstream.findsecbugs.serial.DeserializationGadgetDetector
report() - Method in class com.h3xstream.findsecbugs.serial.ObjectDeserializationDetector
report() - Method in class com.h3xstream.findsecbugs.serial.UnsafeJacksonDeserializationDetector
report() - Method in class com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector
report() - Method in class com.h3xstream.findsecbugs.spring.SpringUnvalidatedRedirectDetector
report() - Method in class com.h3xstream.findsecbugs.StrutsValidatorFormDetector
report() - Method in class com.h3xstream.findsecbugs.wicket.WicketXssComponentDetector
report() - Method in class com.h3xstream.findsecbugs.xss.XSSRequestWrapperDetector
reportBug(String, String) - Method in class com.h3xstream.findsecbugs.PredictableRandomDetector
RETURN - com.h3xstream.findsecbugs.taintanalysis.data.UnknownSourceType: Define unknown value where the value is coming from an external call.
RsaNoPaddingDetector - Class in com.h3xstream.findsecbugs.crypto.cipher
RsaNoPaddingDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.cipher.RsaNoPaddingDetector

S

SAFE - com.h3xstream.findsecbugs.taintanalysis.Taint.State
SAFE_CONFIG - Static variable in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig
SamlIgnoreCommentsDetector - Class in com.h3xstream.findsecbugs.saml: More information on the vulnerability: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations https://github.com/spring-projects/spring-security-saml/issues/228
SamlIgnoreCommentsDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.saml.SamlIgnoreCommentsDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.BroadcastDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.ExternalFileAccessDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.WebViewJavascriptEnabledDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.WebViewJavascriptInterfaceDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.WorldWritableDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.cookie.CookieReadDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.cookie.PersistentCookieDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.cookie.UrlRewritingDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.CipherWithNoIntegrityDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.ErrorMessageExposureDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.EsapiEncryptorDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.HazelcastSymmetricEncryptionDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.NullCipherDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.UnencryptedServerSocketDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.UnencryptedSocketDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.WeakMessageDigestDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.WeakTLSDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.csrf.SpringCsrfProtectionDisabledDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.DangerousPermissionCombination
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.endpoint.ServletEndpointDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.file.FileUploadFilenameDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.groovy.GroovyShellDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.ImproperHandlingUnicodeDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.injection.script.SpelViewDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.jsp.JspIncludeDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.jsp.JspSpringEvalDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.ldap.LdapEntryPoisoningDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.ModificationAfterValidationDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.NormalizationAfterValidationDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.password.ConstantPasswordDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.PredictableRandomDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.ReDosDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.saml.SamlIgnoreCommentsDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.scala.PlayUnvalidatedRedirectDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.scala.SslDisablerDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.spring.CorsRegistryCORSDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.template.FreemarkerDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.template.PebbleDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.template.VelocityDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.WeakFilenameUtilsMethodDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xml.EnabledExtensionsInApacheXmlRpcDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xml.SchemaFactoryDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xml.TransformerFactoryDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xml.ValidatorDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xml.XmlDecoderDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xml.XmlStreamReaderDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xml.XxeDetector
ScalaSensitiveDataExposureDetector - Class in com.h3xstream.findsecbugs.scala
ScalaSensitiveDataExposureDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.scala.ScalaSensitiveDataExposureDetector
SchemaFactoryDetector - Class in com.h3xstream.findsecbugs.xml: Detector for XML External Entity and External Schema processing in javax.xml.validation.SchemaFactory
SchemaFactoryDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xml.SchemaFactoryDetector
ScriptInjectionDetector - Class in com.h3xstream.findsecbugs.injection.script
ScriptInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.script.ScriptInjectionDetector
SENSITIVE_DATA - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
ServletEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: This detector cover the Servlet/HttpServlet API which give access to user input.
ServletEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.ServletEndpointDetector
setClassName(String) - Method in class com.h3xstream.findsecbugs.injection.ClassMethodSignature
setConstantValue(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
setCustomConfigFile(String) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setDebugInfo(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Sets info for debugging purposes (consumes much memory)
setDebugOutputTaintConfigs(boolean) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setDebugPrintInstructionVisited(boolean) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setDebugPrintInvocationVisited(boolean) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setDebugTaintState(boolean) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setFindSecBugsVersion(String) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setMethodName(String) - Method in class com.h3xstream.findsecbugs.injection.ClassMethodSignature
setOuputTaint(Taint) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Sets the output taint of the method describing the taint transfer, copy of the parameter is made and variable index is invalidated
setParameterIndex(int) - Method in class com.h3xstream.findsecbugs.taintanalysis.data.UnknownSource
setParameterOutputTaint(int, Taint) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Stores output taint for method parameters to be used for back-propagation.

Please note the stackIndex is in reverse order compared to the method parameters (and frame local variables), i.e.
setParametersOutputTaintsProcessed(boolean) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig
setPotentialValue(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
setReportPotentialXssWrongContext(boolean) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setSignature(String) - Method in class com.h3xstream.findsecbugs.injection.ClassMethodSignature
setSignatureField(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.data.UnknownSource
setSignatureMethod(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.data.UnknownSource
setSourceType(UnknownSourceType) - Method in class com.h3xstream.findsecbugs.taintanalysis.data.UnknownSource
setTaintedMainArgument(boolean) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setTaintedSystemVariables(boolean) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setTypeSignature(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintClassConfig: Set full class and method signature for the analyzed method
setTypeSignature(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFieldConfig: Set full class and method signature for the analyzed method
setTypeSignature(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Set full class and method signature for the analyzed method
setWorkaroundVisitInvokeDynamic(boolean) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
shouldAnalyzeClass(ClassContext) - Method in class com.h3xstream.findsecbugs.injection.AbstractTaintDetector: Allow any concrete implementation of taint detector to skip the analysis of certain files.
shouldAnalyzeClass(ClassContext) - Method in class com.h3xstream.findsecbugs.injection.script.OgnlInjectionDetector
shouldAnalyzeClass(ClassContext) - Method in class com.h3xstream.findsecbugs.injection.xml.XmlInjectionDetector: Before we added new tag to the taint analysis and add more effort, here is a linear search on the constant pool.
shouldAnalyzeClass(ClassContext) - Method in class com.h3xstream.findsecbugs.xss.XssJspDetector
shouldAnalyzeClass(ClassContext) - Method in class com.h3xstream.findsecbugs.xss.XssServletDetector
SignatureParserWithGeneric - Class in com.h3xstream.findsecbugs.spring: Similar to edu.umd.cs.findbugs.ba.SignatureParser It support the extraction of type in format such as: - java/util/List<java/lang/String> => java.util.List & java.lang.String
SignatureParserWithGeneric(String) - Constructor for class com.h3xstream.findsecbugs.spring.SignatureParserWithGeneric
SinksLoader - Class in com.h3xstream.findsecbugs.injection: The sanity of the sinks file is crucial (a typo == missed API == missed vulnerability).
SinksLoader() - Constructor for class com.h3xstream.findsecbugs.injection.SinksLoader
SinksLoader.InjectionPointReceiver - Interface in com.h3xstream.findsecbugs.injection: Interface that imitate lambda pattern.
SmtpHeaderInjectionDetector - Class in com.h3xstream.findsecbugs.injection.smtp
SmtpHeaderInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.smtp.SmtpHeaderInjectionDetector
SpelViewDetector - Class in com.h3xstream.findsecbugs.injection.script: Detect a pattern that was found in multiple Spring components.
SpelViewDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.script.SpelViewDetector
SpringCsrfProtectionDisabledDetector - Class in com.h3xstream.findsecbugs.csrf: Detects the disabling of Spring CSRF protection
SpringCsrfProtectionDisabledDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.csrf.SpringCsrfProtectionDisabledDetector
SpringCsrfUnrestrictedRequestMappingDetector - Class in com.h3xstream.findsecbugs.csrf: Detects Spring CSRF unrestricted RequestMapping
SpringCsrfUnrestrictedRequestMappingDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.csrf.SpringCsrfUnrestrictedRequestMappingDetector
SpringEntityLeakDetector - Class in com.h3xstream.findsecbugs.spring: Detects Persistent Objects leak and mass updation
SpringEntityLeakDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector
SpringMvcEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
SpringMvcEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.SpringMvcEndpointDetector
SpringUnvalidatedRedirectDetector - Class in com.h3xstream.findsecbugs.spring
SpringUnvalidatedRedirectDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.spring.SpringUnvalidatedRedirectDetector
SQL_INJECTION_SAFE - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
SqlInjectionDetector - Class in com.h3xstream.findsecbugs.injection.sql
SqlInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.sql.SqlInjectionDetector
SslDisablerDetector - Class in com.h3xstream.findsecbugs.scala
SslDisablerDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.scala.SslDisablerDetector
SSRFDetector - Class in com.h3xstream.findsecbugs.injection.ssrf
SSRFDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.ssrf.SSRFDetector
StackUtils - Class in com.h3xstream.findsecbugs.common
StackUtils() - Constructor for class com.h3xstream.findsecbugs.common.StackUtils
StaticIvDetector - Class in com.h3xstream.findsecbugs.crypto: The main goal of the this detector is to find encryption being done with static initialization vector (IV).
StaticIvDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.StaticIvDetector
StdXmlTransformDetector - Class in com.h3xstream.findsecbugs.xml: Detect XSLT transformation.
StdXmlTransformDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xml.StdXmlTransformDetector
STRUTS1_ENDPOINT_TYPE - Static variable in class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
Struts1EndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
Struts1EndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
Struts2EndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
Struts2EndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.Struts2EndpointDetector
StrutsValidatorFormDetector - Class in com.h3xstream.findsecbugs
StrutsValidatorFormDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.StrutsValidatorFormDetector
SuspiciousCommandDetector - Class in com.h3xstream.findsecbugs.file
SuspiciousCommandDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.file.SuspiciousCommandDetector

T

Taint - Class in com.h3xstream.findsecbugs.taintanalysis: Representation of taint dataflow facts (dataflow values) for each slot in TaintFrame
Taint(Taint) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.Taint: Creates a hard copy of the specified Taint instance
Taint(Taint.State) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.Taint: Constructs a new empty instance of Taint with the specified state
Taint.State - Enum in com.h3xstream.findsecbugs.taintanalysis
Taint.Tag - Enum in com.h3xstream.findsecbugs.taintanalysis
TaintAnalysis - Class in com.h3xstream.findsecbugs.taintanalysis: Implements taint dataflow operations, in particular meeting facts, transfer function is delegated to TaintFrameModelingVisitor
TaintAnalysis(MethodGen, DepthFirstSearch, MethodDescriptor, TaintConfig, List<TaintFrameAdditionalVisitor>) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis: Constructs analysis for the given method
TaintClassConfig - Class in com.h3xstream.findsecbugs.taintanalysis: Summary of information about a class related to taint analysis, allows to configure default behavior for return types and type casts.
TaintClassConfig() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintClassConfig
TaintConfig - Class in com.h3xstream.findsecbugs.taintanalysis: Map of taint summaries for all known methods and classes This class extends HashMap: The key is the method signature (ie : org/hibernate/Session.createQuery(Ljava/lang/String;)Lorg/hibernate/Query;) The value is the behavior of the method ("0" for param index 0 is tainted, "UNKNOWN" if the method does not become tainted base on the value, "TAINTED" if the result must be consider unsafe)
TaintConfig() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintConfig
TaintConfigLoader - Class in com.h3xstream.findsecbugs.taintanalysis: Helper class for loading configured taint method and class summaries
TaintConfigLoader() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintConfigLoader
TaintConfigLoader.TaintConfigReceiver - Interface in com.h3xstream.findsecbugs.taintanalysis: Specifies what to do for each loaded summary
TaintDataflow - Class in com.h3xstream.findsecbugs.taintanalysis: Analysis object storing the result of taint analysis on a method
TaintDataflow(CFG, TaintAnalysis) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintDataflow
TaintDataflowEngine - Class in com.h3xstream.findsecbugs.taintanalysis: Requests or creates needed objects and execute taint analysis, extends taint summaries with analyzed methods
TaintDataflowEngine() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine: Constructs the engine and loads all configured method summaries
TAINTED - com.h3xstream.findsecbugs.taintanalysis.Taint.State
TaintFieldConfig - Class in com.h3xstream.findsecbugs.taintanalysis: Summary of information about a class field related to taint analysis, allows to configure default behavior for class fields.
TaintFieldConfig() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintFieldConfig
TaintFrame - Class in com.h3xstream.findsecbugs.taintanalysis: Representation of the dataflow value (fact) modeling taint state of local variables and values on stack, consists of Taint values
TaintFrame(int) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintFrame
TaintFrameAdditionalVisitor - Interface in com.h3xstream.findsecbugs.taintanalysis
TaintFrameModelingVisitor - Class in com.h3xstream.findsecbugs.taintanalysis: Visitor to make instruction transfer of taint values easier
TaintFrameModelingVisitor(ConstantPoolGen, MethodDescriptor, TaintConfig, List<TaintFrameAdditionalVisitor>, MethodGen) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor: Constructs the object and stores the parameters
TaintLocation - Class in com.h3xstream.findsecbugs.taintanalysis.data: Global comparable specification of a taint source (or path node) location
TaintLocation(MethodDescriptor, int) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.data.TaintLocation: Constructs a location from the specified method and position inside
TaintMethodConfig - Class in com.h3xstream.findsecbugs.taintanalysis: Summary of information about a method related to taint analysis.

For loading sinks files please see SinksLoader
TaintMethodConfig(boolean) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Constructs an empty summary
TaintMethodConfig(TaintMethodConfig) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Creates a copy of the summary (output taint and output parameters taint not copied)
TaintMethodConfigWithArgumentsAndLocation - Class in com.h3xstream.findsecbugs.taintanalysis: Summary of information about a taint analysis method with configured arguments and location of the call.

Can be used to fine-tune false-positives in specific classes.

Examples:
javax/servlet/http/HttpServletRequest.getAttribute("applicationConstant"):SAFE@org/apache/jsp/edit_jsp
javax/servlet/http/HttpServletRequest.getAttribute(UNKNOWN):SAFE@org/apache/jsp/constants_jsp
TaintMethodConfigWithArgumentsAndLocation() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfigWithArgumentsAndLocation: Constructs an empty configured summary
TaintTypeConfig - Interface in com.h3xstream.findsecbugs.taintanalysis: Predecessor for method and class type summary configs
TaintUtil - Class in com.h3xstream.findsecbugs.common
TaintUtil() - Constructor for class com.h3xstream.findsecbugs.common.TaintUtil
TapestryEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: Identify endpoints using the web framework Tapestry.
TapestryEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.TapestryEndpointDetector
TDesUsageDetector - Class in com.h3xstream.findsecbugs.crypto.cipher: Cipher identify DESede/CBC/NoPadding (168 bit) DESede/CBC/PKCS5Padding (168 bit) DESede/ECB/NoPadding (168 bit) DESede/ECB/PKCS5Padding (168 bit) Ref: Partial list of ciphers
TDesUsageDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.cipher.TDesUsageDetector
toString() - Method in class com.h3xstream.findsecbugs.taintanalysis.data.TaintLocation
toString() - Method in class com.h3xstream.findsecbugs.taintanalysis.data.UnknownSource
toString() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
toString() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrame
toString() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig
toString(String[]) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrame: The toString method are intended for debugging.
toString(MethodGen) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrame
transferInstruction(InstructionHandle, BasicBlock, TaintFrame) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis
TransformerFactoryDetector - Class in com.h3xstream.findsecbugs.xml: Currently the detector look for a specific code sequence.
TransformerFactoryDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xml.TransformerFactoryDetector
TrustBoundaryViolationAttributeDetector - Class in com.h3xstream.findsecbugs.injection.trust: Trust Boundary Violation is fancy name to describe tainted value passed directly to session attribute.
TrustBoundaryViolationAttributeDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.trust.TrustBoundaryViolationAttributeDetector
TrustBoundaryViolationValueDetector - Class in com.h3xstream.findsecbugs.injection.trust
TrustBoundaryViolationValueDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.trust.TrustBoundaryViolationValueDetector

U

UnencryptedServerSocketDetector - Class in com.h3xstream.findsecbugs.crypto
UnencryptedServerSocketDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.UnencryptedServerSocketDetector
UnencryptedSocketDetector - Class in com.h3xstream.findsecbugs.crypto
UnencryptedSocketDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.UnencryptedSocketDetector
UNKNOWN - com.h3xstream.findsecbugs.taintanalysis.Taint.State
UnknownSource - Class in com.h3xstream.findsecbugs.taintanalysis.data
UnknownSource(UnknownSourceType, Taint.State) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.data.UnknownSource
UnknownSourceType - Enum in com.h3xstream.findsecbugs.taintanalysis.data: This enum document the type of unknown source.
UnsafeJacksonDeserializationDetector - Class in com.h3xstream.findsecbugs.serial: Detect unsafe Jackson datatype deserialization
UnsafeJacksonDeserializationDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.serial.UnsafeJacksonDeserializationDetector
UnvalidatedRedirectDetector - Class in com.h3xstream.findsecbugs.injection.redirect
UnvalidatedRedirectDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.redirect.UnvalidatedRedirectDetector
updateSinkPriority(int) - Method in class com.h3xstream.findsecbugs.injection.InjectionSink: Updates the priority if it is higher (which means lower number)
URL_ENCODED - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
UrlRewritingDetector - Class in com.h3xstream.findsecbugs.cookie
UrlRewritingDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.cookie.UrlRewritingDetector

V

ValidatorDetector - Class in com.h3xstream.findsecbugs.xml: Detector for XML External Entity and External Schema processing in javax.xml.validation.Validator
ValidatorDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xml.ValidatorDetector
valueOf(Taint.State) - Static method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Constructs a new instance of taint from the specified state
valueOf(String) - Static method in enum com.h3xstream.findsecbugs.taintanalysis.data.UnknownSourceType: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.h3xstream.findsecbugs.taintanalysis.Taint.State: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.h3xstream.findsecbugs.taintanalysis.Taint.Tag: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Constructs a new instance of taint from the specified state name
values() - Static method in enum com.h3xstream.findsecbugs.taintanalysis.data.UnknownSourceType: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.h3xstream.findsecbugs.taintanalysis.Taint.State: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.h3xstream.findsecbugs.taintanalysis.Taint.Tag: Returns an array containing the constants of this enum type, in the order they are declared.
VelocityDetector - Class in com.h3xstream.findsecbugs.template: This detector does not use taint analysis because it does not make sense to use a template engine build from constant.
VelocityDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.template.VelocityDetector
visit(JavaClass) - Method in class com.h3xstream.findsecbugs.password.ConstantPasswordDetector
visit(Method) - Method in class com.h3xstream.findsecbugs.ModificationAfterValidationDetector
visit(Method) - Method in class com.h3xstream.findsecbugs.NormalizationAfterValidationDetector
visit(Method) - Method in class com.h3xstream.findsecbugs.password.ConstantPasswordDetector
visitAALOAD(AALOAD) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitAASTORE(AASTORE) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitACONST_NULL(ACONST_NULL) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitAfter(JavaClass) - Method in class com.h3xstream.findsecbugs.password.ConstantPasswordDetector
visitANEWARRAY(ANEWARRAY) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitARETURN(ARETURN) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitBIPUSH(BIPUSH) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitCHECKCAST(CHECKCAST) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.android.GeolocationDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.cookie.CookieFlagsDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.BadHexadecimalConversionDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.CustomMessageDigestDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.InsecureSmtpSslDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeBlowfishDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeRsaDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.StaticIvDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.WeakTrustManagerDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.csrf.SpringCsrfUnrestrictedRequestMappingDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.JaxRsEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.JaxWsEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.SpringMvcEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.Struts2EndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.TapestryEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.WicketEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.file.OverlyPermissiveFilePermissionDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.jsp.JstlOutDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.jsp.XslTransformJspDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.ldap.AnonymousLdapDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.password.GoogleApiKeyDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.RedosAnnotationDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.serial.DeserializationGadgetDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.serial.ObjectDeserializationDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.serial.UnsafeJacksonDeserializationDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.spring.SpringUnvalidatedRedirectDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.StrutsValidatorFormDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.wicket.WicketXssComponentDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.xss.XSSRequestWrapperDetector
visitField(FieldInstruction, MethodGen, TaintFrame, Taint, int, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.xml.XmlInjectionDetector
visitField(FieldInstruction, MethodGen, TaintFrame, Taint, int, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.password.AbstractHardcodedPasswordEqualsDetector
visitField(FieldInstruction, MethodGen, TaintFrame, Taint, int, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.password.HashUnsafeEqualsDetector
visitField(FieldInstruction, MethodGen, TaintFrame, Taint, int, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.taintanalysis.extra.JstlExpressionWhiteLister
visitField(FieldInstruction, MethodGen, TaintFrame, Taint, int, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.taintanalysis.extra.PotentialValueTracker
visitField(FieldInstruction, MethodGen, TaintFrame, Taint, int, ConstantPoolGen) - Method in interface com.h3xstream.findsecbugs.taintanalysis.TaintFrameAdditionalVisitor
visitGETFIELD(GETFIELD) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitGETSTATIC(GETSTATIC) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitICONST(ICONST) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitInvoke(InvokeInstruction, MethodGen, TaintFrame, List<Taint>, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.xml.XmlInjectionDetector
visitInvoke(InvokeInstruction, MethodGen, TaintFrame, List<Taint>, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.password.AbstractHardcodedPasswordEqualsDetector
visitInvoke(InvokeInstruction, MethodGen, TaintFrame, List<Taint>, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.password.HashUnsafeEqualsDetector
visitInvoke(InvokeInstruction, MethodGen, TaintFrame, List<Taint>, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.taintanalysis.extra.JstlExpressionWhiteLister
visitInvoke(InvokeInstruction, MethodGen, TaintFrame, List<Taint>, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.taintanalysis.extra.PotentialValueTracker
visitInvoke(InvokeInstruction, MethodGen, TaintFrame, List<Taint>, ConstantPoolGen) - Method in interface com.h3xstream.findsecbugs.taintanalysis.TaintFrameAdditionalVisitor: This method will be triggered for every method invocation (static, interface, special and virtual).
visitINVOKEDYNAMIC(INVOKEDYNAMIC) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitINVOKEINTERFACE(INVOKEINTERFACE) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitINVOKESPECIAL(INVOKESPECIAL) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitINVOKESTATIC(INVOKESTATIC) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitINVOKEVIRTUAL(INVOKEVIRTUAL) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitLDC(LDC) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitLDC2_W(LDC2_W) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitLoad(LoadInstruction, MethodGen, TaintFrame, int, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.xml.XmlInjectionDetector
visitLoad(LoadInstruction, MethodGen, TaintFrame, int, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.password.AbstractHardcodedPasswordEqualsDetector
visitLoad(LoadInstruction, MethodGen, TaintFrame, int, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.password.HashUnsafeEqualsDetector
visitLoad(LoadInstruction, MethodGen, TaintFrame, int, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.taintanalysis.extra.JstlExpressionWhiteLister
visitLoad(LoadInstruction, MethodGen, TaintFrame, int, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.taintanalysis.extra.PotentialValueTracker
visitLoad(LoadInstruction, MethodGen, TaintFrame, int, ConstantPoolGen) - Method in interface com.h3xstream.findsecbugs.taintanalysis.TaintFrameAdditionalVisitor
visitNEW(NEW) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitPUTFIELD(PUTFIELD) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitPutFieldOp(FieldInstruction) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitPUTSTATIC(PUTSTATIC) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitReturn(MethodGen, Taint, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.xml.XmlInjectionDetector
visitReturn(MethodGen, Taint, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.password.AbstractHardcodedPasswordEqualsDetector
visitReturn(MethodGen, Taint, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.password.HashUnsafeEqualsDetector
visitReturn(MethodGen, Taint, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.taintanalysis.extra.JstlExpressionWhiteLister
visitReturn(MethodGen, Taint, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.taintanalysis.extra.PotentialValueTracker
visitReturn(MethodGen, Taint, ConstantPoolGen) - Method in interface com.h3xstream.findsecbugs.taintanalysis.TaintFrameAdditionalVisitor
visitReturnInstruction(ReturnInstruction) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitSIPUSH(SIPUSH) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor

W

WeakFilenameUtilsMethodDetector - Class in com.h3xstream.findsecbugs: Few methods from org.apache.commons.io.FilenameUtils have a common weakness of not filtering properly null byte.
WeakFilenameUtilsMethodDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.WeakFilenameUtilsMethodDetector
WeakMessageDigestDetector - Class in com.h3xstream.findsecbugs.crypto: Identifies the use of MD2, MD5 and SHA1 hash function and recommends the use of modern functions.
WeakMessageDigestDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.WeakMessageDigestDetector
WeakTLSDetector - Class in com.h3xstream.findsecbugs.crypto
WeakTLSDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.WeakTLSDetector
WeakTrustManagerDetector - Class in com.h3xstream.findsecbugs.crypto: The first reflex for developer that encounter web services that have unsigned certificate is often to trust all certificates.
WeakTrustManagerDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.WeakTrustManagerDetector
WebViewJavascriptEnabledDetector - Class in com.h3xstream.findsecbugs.android
WebViewJavascriptEnabledDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.WebViewJavascriptEnabledDetector
WebViewJavascriptInterfaceDetector - Class in com.h3xstream.findsecbugs.android
WebViewJavascriptInterfaceDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.WebViewJavascriptInterfaceDetector
WicketEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: Identify endpoints using the web framework Wicket.
WicketEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.WicketEndpointDetector
WicketXssComponentDetector - Class in com.h3xstream.findsecbugs.wicket: Detect calls to the method setEscapeModelStrings on various Wicket component.
WicketXssComponentDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.wicket.WicketXssComponentDetector
withArgs(String...) - Method in class com.h3xstream.findsecbugs.common.matcher.InvokeMatcherBuilder
WorldWritableDetector - Class in com.h3xstream.findsecbugs.android
WorldWritableDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.WorldWritableDetector
writer - Static variable in class com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine

X

XML_VALUE - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
XmlDecoderDetector - Class in com.h3xstream.findsecbugs.xml
XmlDecoderDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xml.XmlDecoderDetector
XmlInjectionDetector - Class in com.h3xstream.findsecbugs.injection.xml: Detect string concatenation that appears to be constructing XML or HTML documents.
XmlInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.xml.XmlInjectionDetector
XmlStreamReaderDetector - Class in com.h3xstream.findsecbugs.xml: Currently the detector look for a specific code sequence.
XmlStreamReaderDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xml.XmlStreamReaderDetector
XPATH_INJECTION_SAFE - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
XPathInjectionDetector - Class in com.h3xstream.findsecbugs.xpath: Detector for XPath injection
XPathInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xpath.XPathInjectionDetector
XslTransformJspDetector - Class in com.h3xstream.findsecbugs.jsp
XslTransformJspDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.jsp.XslTransformJspDetector
XSS_SAFE - com.h3xstream.findsecbugs.taintanalysis.Taint.Tag
XssJspDetector - Class in com.h3xstream.findsecbugs.xss
XssJspDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xss.XssJspDetector
XssMvcApiDetector - Class in com.h3xstream.findsecbugs.scala
XssMvcApiDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.scala.XssMvcApiDetector
XSSRequestWrapperDetector - Class in com.h3xstream.findsecbugs.xss: Various flavor of XSSRequestWrapper exist to do some debatable prevention.
XSSRequestWrapperDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xss.XSSRequestWrapperDetector
XssServletDetector - Class in com.h3xstream.findsecbugs.xss
XssServletDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xss.XssServletDetector
XssTwirlDetector - Class in com.h3xstream.findsecbugs.scala
XssTwirlDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.scala.XssTwirlDetector
XxeDetector - Class in com.h3xstream.findsecbugs.xml: The SaxParser use the Xerces XML Parser engine.
XxeDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xml.XxeDetector

A B C D E F G H I J K L M N O P Q R S T U V W X
All Classes All Packages