com.h3xstream.findsecbugs.injection
Interface InjectionSource
- All Known Implementing Classes:
- CommandInjectionSource, CustomInjectionSource, HibernateInjectionSource, JdoInjectionSource, JndiLdapInjectionSource, JpaInjectionSource, RedirectionSource, ScriptEngineSource, SpelSource, UnboundIdLdapInjectionSource
public interface InjectionSource
|
Method Summary |
InjectionPoint |
getInjectableParameters(org.apache.bcel.generic.InvokeInstruction ins,
org.apache.bcel.generic.ConstantPoolGen cpg,
org.apache.bcel.generic.InstructionHandle insHandle)
The implementation should identify method that are susceptible to injection and return
parameters index that can injected. |
boolean |
isCandidate(org.apache.bcel.generic.ConstantPoolGen cpg)
Before starting intensive analysis on variable flow and iterating on every instruction,
this function will make sure the injection type can occurs in the current class base on
its constant pool gen. |
isCandidate
boolean isCandidate(org.apache.bcel.generic.ConstantPoolGen cpg)
- Before starting intensive analysis on variable flow and iterating on every instruction,
this function will make sure the injection type can occurs in the current class base on
its constant pool gen. All classes dependencies can be found in this pool.
- Parameters:
cpg -
- Returns:
getInjectableParameters
InjectionPoint getInjectableParameters(org.apache.bcel.generic.InvokeInstruction ins,
org.apache.bcel.generic.ConstantPoolGen cpg,
org.apache.bcel.generic.InstructionHandle insHandle)
- The implementation should identify method that are susceptible to injection and return
parameters index that can injected.
- Parameters:
ins - Instruction visitcpg - ConstantPool (needed to find the class name and method name associate to instruction)insHandle - instruction handle (needed to look at the instruction around the current instruction)
- Returns:
Copyright © 2015. All rights reserved.