Overview  Package  Class  Use  Tree  Deprecated   Index  Help 
 PREV   NEXT FRAMES    NO FRAMES    
A B C D E F G H I J L N P R S T U V W X

A

analyseRegexString(String) - Method in class com.h3xstream.findsecbugs.ReDosDetector
 

B

BadHexadecimalConversionDetector - Class in com.h3xstream.findsecbugs.crypto
 
BadHexadecimalConversionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.BadHexadecimalConversionDetector
 
BroadcastDetector - Class in com.h3xstream.findsecbugs.android
 
BroadcastDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.BroadcastDetector
 
ByteCode - Class in com.h3xstream.findsecbugs.common
 
ByteCode() - Constructor for class com.h3xstream.findsecbugs.common.ByteCode
 

C

CipherWithNoIntegrityDetector - Class in com.h3xstream.findsecbugs.crypto
This detector mark cipher usage that doesn't provide integrity.
CipherWithNoIntegrityDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.CipherWithNoIntegrityDetector
 
classExtends(JavaClass, String) - Static method in class com.h3xstream.findsecbugs.common.InterfaceUtils
 
classImplements(JavaClass, String) - Static method in class com.h3xstream.findsecbugs.common.InterfaceUtils
 
com.h3xstream.findsecbugs - package com.h3xstream.findsecbugs
 
com.h3xstream.findsecbugs.android - package com.h3xstream.findsecbugs.android
 
com.h3xstream.findsecbugs.common - package com.h3xstream.findsecbugs.common
 
com.h3xstream.findsecbugs.crypto - package com.h3xstream.findsecbugs.crypto
 
com.h3xstream.findsecbugs.endpoint - package com.h3xstream.findsecbugs.endpoint
 
com.h3xstream.findsecbugs.injection - package com.h3xstream.findsecbugs.injection
 
com.h3xstream.findsecbugs.injection.command - package com.h3xstream.findsecbugs.injection.command
 
com.h3xstream.findsecbugs.injection.custom - package com.h3xstream.findsecbugs.injection.custom
 
com.h3xstream.findsecbugs.injection.ldap - package com.h3xstream.findsecbugs.injection.ldap
 
com.h3xstream.findsecbugs.injection.redirect - package com.h3xstream.findsecbugs.injection.redirect
 
com.h3xstream.findsecbugs.injection.script - package com.h3xstream.findsecbugs.injection.script
 
com.h3xstream.findsecbugs.injection.sql - package com.h3xstream.findsecbugs.injection.sql
 
com.h3xstream.findsecbugs.jsp - package com.h3xstream.findsecbugs.jsp
 
com.h3xstream.findsecbugs.password - package com.h3xstream.findsecbugs.password
 
com.h3xstream.findsecbugs.xpath - package com.h3xstream.findsecbugs.xpath
This package focus on the identification of XPath injection vulnerability from various APIs: javax.xml (JDK API) org.apache.xpath org.apache.commons.jxpath (Apache Commons) TODO org.xmldb.api.modules (Apache Xindice) TODO
com.h3xstream.findsecbugs.xss - package com.h3xstream.findsecbugs.xss
 
com.h3xstream.findsecbugs.xxe - package com.h3xstream.findsecbugs.xxe
 
CommandInjectionDetector - Class in com.h3xstream.findsecbugs.injection.command
Detect the usage of Runtime and ProcessBuilder to execute system command.
CommandInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.command.CommandInjectionDetector
 
CommandInjectionSource - Class in com.h3xstream.findsecbugs.injection.command
 
CommandInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.command.CommandInjectionSource
 
CookieDetector - Class in com.h3xstream.findsecbugs.endpoint
 
CookieDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.CookieDetector
 
CustomInjectionDetector - Class in com.h3xstream.findsecbugs.injection.custom
 
CustomInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.custom.CustomInjectionDetector
 
CustomInjectionSource - Class in com.h3xstream.findsecbugs.injection.custom
 
CustomInjectionSource(Properties) - Constructor for class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource
 
CustomInjectionSource(Map<CustomInjectionSource.InvokeIdentifier, InjectionPoint>) - Constructor for class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource
 
CustomInjectionSource.InvokeIdentifier - Class in com.h3xstream.findsecbugs.injection.custom
 
CustomMessageDigestDetector - Class in com.h3xstream.findsecbugs.crypto
Implementing a custom solution for message digest should not promote.
CustomMessageDigestDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.CustomMessageDigestDetector
 

D

DesUsageDetector - Class in com.h3xstream.findsecbugs.crypto
Cipher identify
DesUsageDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.DesUsageDetector
 

E

equals(Object) - Method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource.InvokeIdentifier
 
EsapiEncryptorDetector - Class in com.h3xstream.findsecbugs.crypto
This detector identify the usage of ESAPI cryptography components.
EsapiEncryptorDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.EsapiEncryptorDetector
 
ExternalFileAccessDetector - Class in com.h3xstream.findsecbugs.android
 
ExternalFileAccessDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.ExternalFileAccessDetector
 

F

FileUploadFilenameDetector - Class in com.h3xstream.findsecbugs
The filename given in FileUpload API is directly taken from the HTTP request.
FileUploadFilenameDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.FileUploadFilenameDetector
 

G

GeolocationDetector - Class in com.h3xstream.findsecbugs.android
 
GeolocationDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.GeolocationDetector
 
getBugType() - Method in class com.h3xstream.findsecbugs.injection.InjectionPoint
 
getConstantLDC(InstructionHandle, ConstantPoolGen, Class<T>) - Static method in class com.h3xstream.findsecbugs.common.ByteCode
Get the constant value of the given instruction.
getInjectableArguments() - Method in class com.h3xstream.findsecbugs.injection.InjectionPoint
 
getInjectableMethod() - Method in class com.h3xstream.findsecbugs.injection.InjectionPoint
 
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.command.CommandInjectionSource
 
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource
 
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in interface com.h3xstream.findsecbugs.injection.InjectionSource
The implementation should identify method that are susceptible to injection and return parameters index that can injected.
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.ldap.JndiLdapInjectionSource
 
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.ldap.UnboundIdLdapInjectionSource
 
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.redirect.RedirectionSource
 
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.script.ScriptEngineSource
 
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.script.SpelSource
 
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.sql.HibernateInjectionSource
 
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.sql.JdoInjectionSource
 
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.sql.JpaInjectionSource
 
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.command.CommandInjectionDetector
 
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionDetector
 
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.InjectionDetector
 
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.ldap.LdapInjectionDetector
 
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.redirect.UnvalidatedRedirectDetector
 
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.script.ScriptInjectionDetector
 
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.sql.SqlInjectionDetector
 
getInstance(Class<? extends InjectionDetector>) - Static method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource
 
getInstance(String) - Static method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource
 
getPrevInstruction(InstructionHandle, Class<T>) - Static method in class com.h3xstream.findsecbugs.common.ByteCode
Get the previous instruction matching the given type of instruction (second parameter)
getPushNumber(InstructionHandle) - Static method in class com.h3xstream.findsecbugs.common.ByteCode
Extract the number from a push operation (BIPUSH/SIPUSH).
GoogleApiKeyDetector - Class in com.h3xstream.findsecbugs.password
GoogleApi provide code sample to sign URL using provided API key.
GoogleApiKeyDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.GoogleApiKeyDetector
 

H

hashCode() - Method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource.InvokeIdentifier
 
hasVariableString(OpcodeStack) - Static method in class com.h3xstream.findsecbugs.common.StackUtils
 
HazelcastSymmetricEncryptionDetector - Class in com.h3xstream.findsecbugs.crypto
http://code.google.com/p/hazelcast/wiki/Encryption
HazelcastSymmetricEncryptionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.HazelcastSymmetricEncryptionDetector
 
HibernateInjectionSource - Class in com.h3xstream.findsecbugs.injection.sql
Focus on hibernate API for SQL/HQL injection.
HibernateInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.sql.HibernateInjectionSource
 

I

InjectionDetector - Class in com.h3xstream.findsecbugs.injection
Class inspired by the detector FindSqlInjection
InjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.InjectionDetector
 
InjectionPoint - Class in com.h3xstream.findsecbugs.injection
 
InjectionPoint(int[], String) - Constructor for class com.h3xstream.findsecbugs.injection.InjectionPoint
 
InjectionSource - Interface in com.h3xstream.findsecbugs.injection
 
InsufficientKeySizeBlowfishDetector - Class in com.h3xstream.findsecbugs.crypto
 
InsufficientKeySizeBlowfishDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeBlowfishDetector
 
InsufficientKeySizeRsaDetector - Class in com.h3xstream.findsecbugs.crypto
Similar to the blowfish key size detector
InsufficientKeySizeRsaDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeRsaDetector
 
InterfaceUtils - Class in com.h3xstream.findsecbugs.common
 
InterfaceUtils() - Constructor for class com.h3xstream.findsecbugs.common.InterfaceUtils
 
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.command.CommandInjectionSource
 
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource
 
isCandidate(ConstantPoolGen) - Method in interface com.h3xstream.findsecbugs.injection.InjectionSource
Before starting intensive analysis on variable flow and iterating on every instruction, this function will make sure the injection type can occurs in the current class base on its constant pool gen.
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.ldap.JndiLdapInjectionSource
 
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.ldap.UnboundIdLdapInjectionSource
 
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.redirect.RedirectionSource
 
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.script.ScriptEngineSource
 
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.script.SpelSource
 
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.sql.HibernateInjectionSource
 
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.sql.JdoInjectionSource
 
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.sql.JpaInjectionSource
 
isConstantInteger(OpcodeStack.Item) - Static method in class com.h3xstream.findsecbugs.common.StackUtils
 
isConstantString(OpcodeStack.Item) - Static method in class com.h3xstream.findsecbugs.common.StackUtils
 
isVariableString(OpcodeStack.Item) - Static method in class com.h3xstream.findsecbugs.common.StackUtils
 

J

JaxRsEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
JAX-RS (JSR311) defines an api for REST service.
JaxRsEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.JaxRsEndpointDetector
 
JaxWsEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
JAX-RS (JSR224) defines an api for Web service.
JaxWsEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.JaxWsEndpointDetector
 
JdoInjectionSource - Class in com.h3xstream.findsecbugs.injection.sql
API reference : http://db.apache.org/jdo/index.html
JdoInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.sql.JdoInjectionSource
 
JndiCredentialsDetector - Class in com.h3xstream.findsecbugs.password
 
JndiCredentialsDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.JndiCredentialsDetector
 
JndiLdapInjectionSource - Class in com.h3xstream.findsecbugs.injection.ldap
 
JndiLdapInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.ldap.JndiLdapInjectionSource
 
JpaInjectionSource - Class in com.h3xstream.findsecbugs.injection.sql
API reference : http://www.oracle.com/technetwork/articles/javaee/jpa-137156.html http://docs.oracle.com/javaee/6/api/javax/persistence/package-summary.html
JpaInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.sql.JpaInjectionSource
 
JspXssDetector - Class in com.h3xstream.findsecbugs.jsp
Basic rule that attempts to find additional XSS that the built-in FB rule didn't find.
JspXssDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.jsp.JspXssDetector
 

L

LdapInjectionDetector - Class in com.h3xstream.findsecbugs.injection.ldap
 
LdapInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.ldap.LdapInjectionDetector
 

N

NONE - Static variable in class com.h3xstream.findsecbugs.injection.InjectionPoint
 
NullCipherDetector - Class in com.h3xstream.findsecbugs.crypto
 
NullCipherDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.NullCipherDetector
 

P

PathTraversalDetector - Class in com.h3xstream.findsecbugs
 
PathTraversalDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.PathTraversalDetector
 
PredictableRandomDetector - Class in com.h3xstream.findsecbugs
 
PredictableRandomDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.PredictableRandomDetector
 
printOpCode(Instruction, ConstantPoolGen) - Static method in class com.h3xstream.findsecbugs.common.ByteCode
Print the the detail of the given instruction (class, method, etc.)

R

RedirectionSource - Class in com.h3xstream.findsecbugs.injection.redirect
 
RedirectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.redirect.RedirectionSource
 
ReDosDetector - Class in com.h3xstream.findsecbugs
This detector does minimal effort to find potential REDOS.
ReDosDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.ReDosDetector
 
report() - Method in class com.h3xstream.findsecbugs.android.GeolocationDetector
 
report() - Method in class com.h3xstream.findsecbugs.crypto.BadHexadecimalConversionDetector
 
report() - Method in class com.h3xstream.findsecbugs.crypto.CustomMessageDigestDetector
 
report() - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeBlowfishDetector
 
report() - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeRsaDetector
 
report() - Method in class com.h3xstream.findsecbugs.crypto.StaticIvDetector
 
report() - Method in class com.h3xstream.findsecbugs.crypto.WeakTrustManagerDetector
 
report() - Method in class com.h3xstream.findsecbugs.endpoint.JaxRsEndpointDetector
 
report() - Method in class com.h3xstream.findsecbugs.endpoint.JaxWsEndpointDetector
 
report() - Method in class com.h3xstream.findsecbugs.endpoint.SpringMvcEndpointDetector
 
report() - Method in class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
 
report() - Method in class com.h3xstream.findsecbugs.endpoint.Struts2EndpointDetector
 
report() - Method in class com.h3xstream.findsecbugs.endpoint.TapestryEndpointDetector
 
report() - Method in class com.h3xstream.findsecbugs.endpoint.WicketEndpointDetector
 
report() - Method in class com.h3xstream.findsecbugs.injection.InjectionDetector
 
report() - Method in class com.h3xstream.findsecbugs.jsp.JspXssDetector
 
report() - Method in class com.h3xstream.findsecbugs.password.GoogleApiKeyDetector
 
report() - Method in class com.h3xstream.findsecbugs.StrutsValidatorFormDetector
 
report() - Method in class com.h3xstream.findsecbugs.xss.XSSRequestWrapperDetector
 
RsaNoPaddingDetector - Class in com.h3xstream.findsecbugs.crypto
Ref: http://cwe.mitre.org/data/definitions/780.html
RsaNoPaddingDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.RsaNoPaddingDetector
 

S

sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.BroadcastDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.ExternalFileAccessDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.WebViewJavascriptEnabledDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.WebViewJavascriptInterfaceDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.WorldWritableDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.CipherWithNoIntegrityDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.DesUsageDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.EsapiEncryptorDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.HazelcastSymmetricEncryptionDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.NullCipherDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.RsaNoPaddingDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.UnencryptedSocketDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.WeakMessageDigestDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.endpoint.CookieDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.endpoint.ServletEndpointDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.FileUploadFilenameDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.password.JndiCredentialsDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.PathTraversalDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.PredictableRandomDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.ReDosDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.WeakFilenameUtilsMethodDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.XmlDecoderDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xpath.XPathInjectionApacheXPathApiDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xpath.XPathInjectionJavaxDetector
 
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xxe.SaxParserXxeDetector
 
SaxParserXxeDetector - Class in com.h3xstream.findsecbugs.xxe
The SaxParser use the Xerces XML Parser engine.
SaxParserXxeDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xxe.SaxParserXxeDetector
 
ScriptEngineSource - Class in com.h3xstream.findsecbugs.injection.script
 
ScriptEngineSource() - Constructor for class com.h3xstream.findsecbugs.injection.script.ScriptEngineSource
 
ScriptInjectionDetector - Class in com.h3xstream.findsecbugs.injection.script
 
ScriptInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.script.ScriptInjectionDetector
 
ServletEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
This detector cover the Servlet/HttpServlet API which give access to user input.
ServletEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.ServletEndpointDetector
 
setInjectableMethod(String) - Method in class com.h3xstream.findsecbugs.injection.InjectionPoint
 
SpelSource - Class in com.h3xstream.findsecbugs.injection.script
 
SpelSource() - Constructor for class com.h3xstream.findsecbugs.injection.script.SpelSource
 
SpringMvcEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
 
SpringMvcEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.SpringMvcEndpointDetector
 
SQL_INJECTION_TYPE - Static variable in class com.h3xstream.findsecbugs.injection.sql.HibernateInjectionSource
 
SQL_INJECTION_TYPE - Static variable in class com.h3xstream.findsecbugs.injection.sql.JdoInjectionSource
 
SQL_INJECTION_TYPE - Static variable in class com.h3xstream.findsecbugs.injection.sql.JpaInjectionSource
 
SqlInjectionDetector - Class in com.h3xstream.findsecbugs.injection.sql
 
SqlInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.sql.SqlInjectionDetector
 
StackUtils - Class in com.h3xstream.findsecbugs.common
 
StackUtils() - Constructor for class com.h3xstream.findsecbugs.common.StackUtils
 
StaticIvDetector - Class in com.h3xstream.findsecbugs.crypto
The main goal of the this detector is to find encryption being done with static initialization vector (IV).
StaticIvDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.StaticIvDetector
 
STRUTS1_ENDPOINT_TYPE - Static variable in class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
 
Struts1EndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
 
Struts1EndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
 
Struts2EndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
 
Struts2EndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.Struts2EndpointDetector
 
StrutsValidatorFormDetector - Class in com.h3xstream.findsecbugs
 
StrutsValidatorFormDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.StrutsValidatorFormDetector
 

T

TapestryEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
Identify endpoints using the web framework Tapestry.
TapestryEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.TapestryEndpointDetector
 
toString() - Method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource.InvokeIdentifier
 

U

UnboundIdLdapInjectionSource - Class in com.h3xstream.findsecbugs.injection.ldap
UnboundId API offers both a Typed and a string based filters.
UnboundIdLdapInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.ldap.UnboundIdLdapInjectionSource
 
UnencryptedSocketDetector - Class in com.h3xstream.findsecbugs.crypto
 
UnencryptedSocketDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.UnencryptedSocketDetector
 
UnvalidatedRedirectDetector - Class in com.h3xstream.findsecbugs.injection.redirect
 
UnvalidatedRedirectDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.redirect.UnvalidatedRedirectDetector
 

V

valueOf(String) - Static method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource.InvokeIdentifier
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.android.GeolocationDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.BadHexadecimalConversionDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.CustomMessageDigestDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeBlowfishDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeRsaDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.StaticIvDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.WeakTrustManagerDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.JaxRsEndpointDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.JaxWsEndpointDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.SpringMvcEndpointDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.Struts2EndpointDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.TapestryEndpointDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.WicketEndpointDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.injection.InjectionDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.jsp.JspXssDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.password.GoogleApiKeyDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.StrutsValidatorFormDetector
 
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.xss.XSSRequestWrapperDetector
 

W

WeakFilenameUtilsMethodDetector - Class in com.h3xstream.findsecbugs
Few methods from org.apache.commons.io.FilenameUtils have a common weakness of not filtering properly null byte.
WeakFilenameUtilsMethodDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.WeakFilenameUtilsMethodDetector
 
WeakMessageDigestDetector - Class in com.h3xstream.findsecbugs.crypto
Identify the use MD2 and MD5 hashing function and recommend the use of SHA functions.
WeakMessageDigestDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.WeakMessageDigestDetector
 
WeakTrustManagerDetector - Class in com.h3xstream.findsecbugs.crypto
The first reflex for developer that encounter web services that have unsigned certificate is often to trust all certificates.
WeakTrustManagerDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.WeakTrustManagerDetector
 
WebViewJavascriptEnabledDetector - Class in com.h3xstream.findsecbugs.android
 
WebViewJavascriptEnabledDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.WebViewJavascriptEnabledDetector
 
WebViewJavascriptInterfaceDetector - Class in com.h3xstream.findsecbugs.android
 
WebViewJavascriptInterfaceDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.WebViewJavascriptInterfaceDetector
 
WicketEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
Identify endpoints using the web framework Wicket.
WicketEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.WicketEndpointDetector
 
WorldWritableDetector - Class in com.h3xstream.findsecbugs.android
 
WorldWritableDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.WorldWritableDetector
 

X

XmlDecoderDetector - Class in com.h3xstream.findsecbugs
 
XmlDecoderDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.XmlDecoderDetector
 
XPathInjectionApacheXPathApiDetector - Class in com.h3xstream.findsecbugs.xpath
 
XPathInjectionApacheXPathApiDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xpath.XPathInjectionApacheXPathApiDetector
 
XPathInjectionJavaxDetector - Class in com.h3xstream.findsecbugs.xpath
 
XPathInjectionJavaxDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xpath.XPathInjectionJavaxDetector
 
XSSRequestWrapperDetector - Class in com.h3xstream.findsecbugs.xss
Various flavor of XSSRequestWrapper exist to do some debatable prevention.
XSSRequestWrapperDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xss.XSSRequestWrapperDetector
 
A B C D E F G H I J L N P R S T U V W X
Overview  Package  Class  Use  Tree  Deprecated   Index  Help 
 PREV   NEXT FRAMES    NO FRAMES    
Copyright © 2015. All rights reserved.