com.h3xstream.findsecbugs.crypto
Class WeakTrustManagerDetector
java.lang.Object
com.h3xstream.findsecbugs.crypto.WeakTrustManagerDetector
- All Implemented Interfaces:
- edu.umd.cs.findbugs.Detector, edu.umd.cs.findbugs.Priorities
public class WeakTrustManagerDetector
- extends Object
- implements edu.umd.cs.findbugs.Detector
The first reflex for developer that encounter web services that have unsigned certificate
is often to trust all certificates.
To trust everything, the standard API for SSL communication requires the implementation of a child
interface of "javax.net.ssl.TrustManager" (marker interface). Commonly, X509TrustManager is being used.
Sample of code being used
- See Also:
TrustManager,
X509TrustManager
| Fields inherited from interface edu.umd.cs.findbugs.Priorities |
EXP_PRIORITY, HIGH_PRIORITY, IGNORE_PRIORITY, LOW_PRIORITY, NORMAL_PRIORITY |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
WeakTrustManagerDetector
public WeakTrustManagerDetector(edu.umd.cs.findbugs.BugReporter bugReporter)
visitClassContext
public void visitClassContext(edu.umd.cs.findbugs.ba.ClassContext classContext)
- Specified by:
visitClassContext in interface edu.umd.cs.findbugs.Detector
report
public void report()
- Specified by:
report in interface edu.umd.cs.findbugs.Detector
Copyright © 2015. All rights reserved.