Index (Find Security Bugs Plugin 1.3.0 API)

A B C D E F G H I J L N P R S T U V W X

A

analyseRegexString(String) - Method in class com.h3xstream.findsecbugs.ReDosDetector

B

BadHexadecimalConversionDetector - Class in com.h3xstream.findsecbugs.crypto
BadHexadecimalConversionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.BadHexadecimalConversionDetector
ByteCode - Class in com.h3xstream.findsecbugs.common
ByteCode() - Constructor for class com.h3xstream.findsecbugs.common.ByteCode

C

CipherWithNoIntegrityDetector - Class in com.h3xstream.findsecbugs.crypto: This detector mark cipher usage that doesn't provide integrity.
CipherWithNoIntegrityDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.CipherWithNoIntegrityDetector
classExtends(JavaClass, String) - Static method in class com.h3xstream.findsecbugs.common.InterfaceUtils
classImplements(JavaClass, String) - Static method in class com.h3xstream.findsecbugs.common.InterfaceUtils
com.h3xstream.findsecbugs - package com.h3xstream.findsecbugs
com.h3xstream.findsecbugs.common - package com.h3xstream.findsecbugs.common
com.h3xstream.findsecbugs.crypto - package com.h3xstream.findsecbugs.crypto
com.h3xstream.findsecbugs.endpoint - package com.h3xstream.findsecbugs.endpoint
com.h3xstream.findsecbugs.injection - package com.h3xstream.findsecbugs.injection
com.h3xstream.findsecbugs.injection.ldap - package com.h3xstream.findsecbugs.injection.ldap
com.h3xstream.findsecbugs.injection.redirect - package com.h3xstream.findsecbugs.injection.redirect
com.h3xstream.findsecbugs.injection.script - package com.h3xstream.findsecbugs.injection.script
com.h3xstream.findsecbugs.injection.sql - package com.h3xstream.findsecbugs.injection.sql
com.h3xstream.findsecbugs.jsp - package com.h3xstream.findsecbugs.jsp
com.h3xstream.findsecbugs.password - package com.h3xstream.findsecbugs.password
com.h3xstream.findsecbugs.xpath - package com.h3xstream.findsecbugs.xpath: This package focus on the identification of XPath injection vulnerability from various APIs: javax.xml (JDK API) org.apache.xpath org.apache.commons.jxpath (Apache Commons) TODO org.xmldb.api.modules (Apache Xindice) TODO
com.h3xstream.findsecbugs.xss - package com.h3xstream.findsecbugs.xss
com.h3xstream.findsecbugs.xxe - package com.h3xstream.findsecbugs.xxe
CommandInjectionDetector - Class in com.h3xstream.findsecbugs: Detect the usage of Runtime and ProcessBuilder to execute system command.
CommandInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.CommandInjectionDetector
CookieDetector - Class in com.h3xstream.findsecbugs.endpoint
CookieDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.CookieDetector
CustomMessageDigestDetector - Class in com.h3xstream.findsecbugs.crypto: Implementing a custom solution for message digest should not promote.
CustomMessageDigestDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.CustomMessageDigestDetector

D

DesUsageDetector - Class in com.h3xstream.findsecbugs.crypto: Cipher identify
DesUsageDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.DesUsageDetector

E

EsapiEncryptorDetector - Class in com.h3xstream.findsecbugs.crypto: This detector identify the usage of ESAPI cryptography components.
EsapiEncryptorDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.EsapiEncryptorDetector

F

FileUploadFilenameDetector - Class in com.h3xstream.findsecbugs: The filename given in FileUpload API is directly taken from the HTTP request.
FileUploadFilenameDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.FileUploadFilenameDetector

G

getBugType() - Method in class com.h3xstream.findsecbugs.injection.InjectionPoint
getConstantLDC(InstructionHandle, ConstantPoolGen, Class<T>) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Get the constant value of the given instruction.
getInjectableArguments() - Method in class com.h3xstream.findsecbugs.injection.InjectionPoint
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in interface com.h3xstream.findsecbugs.injection.InjectionSource: The implementation should identify method that are susceptible to injection and return parameters index that can injected.
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.ldap.JndiLdapInjectionSource
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.ldap.UnboundIdLdapInjectionSource
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.redirect.RedirectionSource
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.script.ScriptEngineSource
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.script.SpelSource
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.sql.HibernateInjectionSource
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.sql.JdoInjectionSource
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.sql.JpaInjectionSource
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.InjectionDetector
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.ldap.LdapInjectionDetector
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.redirect.UnvalidatedRedirectDetector
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.script.ScriptInjectionDetector
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.sql.SqlInjectionDetector
getPrevInstruction(InstructionHandle, Class<T>) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Get the previous instruction matching the given type of instruction (second parameter)
getPushNumber(InstructionHandle) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Extract the number from a push operation (BIPUSH/SIPUSH).
GoogleApiKeyDetector - Class in com.h3xstream.findsecbugs.password: GoogleApi provide code sample to sign URL using provided API key.
GoogleApiKeyDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.GoogleApiKeyDetector

H

hasVariableString(OpcodeStack) - Static method in class com.h3xstream.findsecbugs.common.StringTracer
HazelcastSymmetricEncryptionDetector - Class in com.h3xstream.findsecbugs.crypto: http://code.google.com/p/hazelcast/wiki/Encryption
HazelcastSymmetricEncryptionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.HazelcastSymmetricEncryptionDetector
HibernateInjectionSource - Class in com.h3xstream.findsecbugs.injection.sql: Focus on hibernate API for SQL/HQL injection.
HibernateInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.sql.HibernateInjectionSource

I

InjectionDetector - Class in com.h3xstream.findsecbugs.injection: Class inspired by the detector FindSqlInjection
InjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.InjectionDetector
InjectionPoint - Class in com.h3xstream.findsecbugs.injection
InjectionPoint(int[], String) - Constructor for class com.h3xstream.findsecbugs.injection.InjectionPoint
InjectionSource - Interface in com.h3xstream.findsecbugs.injection
InsufficientKeySizeBlowfishDetector - Class in com.h3xstream.findsecbugs.crypto
InsufficientKeySizeBlowfishDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeBlowfishDetector
InsufficientKeySizeRsaDetector - Class in com.h3xstream.findsecbugs.crypto: Similar to the blowfish key size detector
InsufficientKeySizeRsaDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeRsaDetector
InterfaceUtils - Class in com.h3xstream.findsecbugs.common
InterfaceUtils() - Constructor for class com.h3xstream.findsecbugs.common.InterfaceUtils
isCandidate(ConstantPoolGen) - Method in interface com.h3xstream.findsecbugs.injection.InjectionSource: Before starting intensive analysis on variable flow and iterating on every instruction, this function will make sure the injection type can occurs in the current class base on its constant pool gen.
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.ldap.JndiLdapInjectionSource
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.ldap.UnboundIdLdapInjectionSource
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.redirect.RedirectionSource
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.script.ScriptEngineSource
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.script.SpelSource
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.sql.HibernateInjectionSource
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.sql.JdoInjectionSource
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.sql.JpaInjectionSource
isConstantString(OpcodeStack.Item) - Static method in class com.h3xstream.findsecbugs.common.StringTracer
isVariableString(OpcodeStack.Item) - Static method in class com.h3xstream.findsecbugs.common.StringTracer

J

JaxRsEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: JAX-RS (JSR311) defines an api for REST service.
JaxRsEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.JaxRsEndpointDetector
JaxWsEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: JAX-RS (JSR224) defines an api for Web service.
JaxWsEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.JaxWsEndpointDetector
JdoInjectionSource - Class in com.h3xstream.findsecbugs.injection.sql: API reference : http://db.apache.org/jdo/index.html
JdoInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.sql.JdoInjectionSource
JndiCredentialsDetector - Class in com.h3xstream.findsecbugs.password
JndiCredentialsDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.JndiCredentialsDetector
JndiLdapInjectionSource - Class in com.h3xstream.findsecbugs.injection.ldap
JndiLdapInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.ldap.JndiLdapInjectionSource
JpaInjectionSource - Class in com.h3xstream.findsecbugs.injection.sql: API reference : http://www.oracle.com/technetwork/articles/javaee/jpa-137156.html http://docs.oracle.com/javaee/6/api/javax/persistence/package-summary.html
JpaInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.sql.JpaInjectionSource
JspXssDetector - Class in com.h3xstream.findsecbugs.jsp: Basic rule that attempts to find additional XSS that the built-in FB rule didn't find.
JspXssDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.jsp.JspXssDetector

L

LdapInjectionDetector - Class in com.h3xstream.findsecbugs.injection.ldap
LdapInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.ldap.LdapInjectionDetector

N

NONE - Static variable in class com.h3xstream.findsecbugs.injection.InjectionPoint
NullCipherDetector - Class in com.h3xstream.findsecbugs.crypto
NullCipherDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.NullCipherDetector

P

PathTraversalDetector - Class in com.h3xstream.findsecbugs
PathTraversalDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.PathTraversalDetector
PredictableRandomDetector - Class in com.h3xstream.findsecbugs
PredictableRandomDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.PredictableRandomDetector
printOpCode(Instruction, ConstantPoolGen) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Print the the detail of the given instruction (class, method, etc.)

R

RedirectionSource - Class in com.h3xstream.findsecbugs.injection.redirect
RedirectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.redirect.RedirectionSource
ReDosDetector - Class in com.h3xstream.findsecbugs: This detector does minimal effort to find potential REDOS.
ReDosDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.ReDosDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.BadHexadecimalConversionDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.CustomMessageDigestDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeBlowfishDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeRsaDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.StaticIvDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.WeakTrustManagerDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.JaxRsEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.JaxWsEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.SpringMvcEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.Struts2EndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.TapestryEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.WicketEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.injection.InjectionDetector
report() - Method in class com.h3xstream.findsecbugs.jsp.JspXssDetector
report() - Method in class com.h3xstream.findsecbugs.password.GoogleApiKeyDetector
report() - Method in class com.h3xstream.findsecbugs.StrutsValidatorFormDetector
report() - Method in class com.h3xstream.findsecbugs.xss.XSSRequestWrapperDetector
RsaNoPaddingDetector - Class in com.h3xstream.findsecbugs.crypto: Ref: http://cwe.mitre.org/data/definitions/780.html
RsaNoPaddingDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.RsaNoPaddingDetector

S

sawOpcode(int) - Method in class com.h3xstream.findsecbugs.CommandInjectionDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.CipherWithNoIntegrityDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.DesUsageDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.EsapiEncryptorDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.HazelcastSymmetricEncryptionDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.NullCipherDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.RsaNoPaddingDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.UnencryptedSocketDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.WeakMessageDigestDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.endpoint.CookieDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.endpoint.ServletEndpointDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.FileUploadFilenameDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.password.JndiCredentialsDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.PathTraversalDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.PredictableRandomDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.ReDosDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.WeakFilenameUtilsMethodDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.XmlDecoderDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xpath.XPathInjectionApacheXPathApiDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xpath.XPathInjectionJavaxDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xxe.SaxParserXxeDetector
SaxParserXxeDetector - Class in com.h3xstream.findsecbugs.xxe: The SaxParser use the Xerces XML Parser engine.
SaxParserXxeDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xxe.SaxParserXxeDetector
ScriptEngineSource - Class in com.h3xstream.findsecbugs.injection.script
ScriptEngineSource() - Constructor for class com.h3xstream.findsecbugs.injection.script.ScriptEngineSource
ScriptInjectionDetector - Class in com.h3xstream.findsecbugs.injection.script
ScriptInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.script.ScriptInjectionDetector
ServletEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: This detector cover the Servlet/HttpServlet API which give access to user input.
ServletEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.ServletEndpointDetector
SpelSource - Class in com.h3xstream.findsecbugs.injection.script
SpelSource() - Constructor for class com.h3xstream.findsecbugs.injection.script.SpelSource
SpringMvcEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
SpringMvcEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.SpringMvcEndpointDetector
SQL_INJECTION_TYPE - Static variable in class com.h3xstream.findsecbugs.injection.sql.HibernateInjectionSource
SQL_INJECTION_TYPE - Static variable in class com.h3xstream.findsecbugs.injection.sql.JdoInjectionSource
SQL_INJECTION_TYPE - Static variable in class com.h3xstream.findsecbugs.injection.sql.JpaInjectionSource
SqlInjectionDetector - Class in com.h3xstream.findsecbugs.injection.sql
SqlInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.sql.SqlInjectionDetector
StaticIvDetector - Class in com.h3xstream.findsecbugs.crypto: The main goal of the this detector is to find encryption being done with static initialization vector (IV).
StaticIvDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.StaticIvDetector
StringTracer - Class in com.h3xstream.findsecbugs.common
StringTracer() - Constructor for class com.h3xstream.findsecbugs.common.StringTracer
STRUTS1_ENDPOINT_TYPE - Static variable in class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
Struts1EndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
Struts1EndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
Struts2EndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
Struts2EndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.Struts2EndpointDetector
StrutsValidatorFormDetector - Class in com.h3xstream.findsecbugs
StrutsValidatorFormDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.StrutsValidatorFormDetector

T

TapestryEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: Identify endpoints using the web framework Tapestry.
TapestryEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.TapestryEndpointDetector

U

UnboundIdLdapInjectionSource - Class in com.h3xstream.findsecbugs.injection.ldap: UnboundId API offers both a Typed and a string based filters.
UnboundIdLdapInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.ldap.UnboundIdLdapInjectionSource
UnencryptedSocketDetector - Class in com.h3xstream.findsecbugs.crypto
UnencryptedSocketDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.UnencryptedSocketDetector
UnvalidatedRedirectDetector - Class in com.h3xstream.findsecbugs.injection.redirect
UnvalidatedRedirectDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.redirect.UnvalidatedRedirectDetector

V

visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.BadHexadecimalConversionDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.CustomMessageDigestDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeBlowfishDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeRsaDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.StaticIvDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.WeakTrustManagerDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.JaxRsEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.JaxWsEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.SpringMvcEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.Struts2EndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.TapestryEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.WicketEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.injection.InjectionDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.jsp.JspXssDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.password.GoogleApiKeyDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.StrutsValidatorFormDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.xss.XSSRequestWrapperDetector

W

WeakFilenameUtilsMethodDetector - Class in com.h3xstream.findsecbugs: Few methods from org.apache.commons.io.FilenameUtils have a common weakness of not filtering properly null byte.
WeakFilenameUtilsMethodDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.WeakFilenameUtilsMethodDetector
WeakMessageDigestDetector - Class in com.h3xstream.findsecbugs.crypto: Identify the use MD2 and MD5 hashing function and recommend the use of SHA functions.
WeakMessageDigestDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.WeakMessageDigestDetector
WeakTrustManagerDetector - Class in com.h3xstream.findsecbugs.crypto: The first reflex for developer that encounter web services that have unsigned certificate is often to trust all certificates.
WeakTrustManagerDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.WeakTrustManagerDetector
WicketEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: Identify endpoints using the web framework Wicket.
WicketEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.WicketEndpointDetector

X

XmlDecoderDetector - Class in com.h3xstream.findsecbugs
XmlDecoderDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.XmlDecoderDetector
XPathInjectionApacheXPathApiDetector - Class in com.h3xstream.findsecbugs.xpath
XPathInjectionApacheXPathApiDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xpath.XPathInjectionApacheXPathApiDetector
XPathInjectionJavaxDetector - Class in com.h3xstream.findsecbugs.xpath
XPathInjectionJavaxDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xpath.XPathInjectionJavaxDetector
XSSRequestWrapperDetector - Class in com.h3xstream.findsecbugs.xss: Various flavor of XSSRequestWrapper exist to do some debatable prevention.
XSSRequestWrapperDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xss.XSSRequestWrapperDetector

A B C D E F G H I J L N P R S T U V W X