Index (Find Security Bugs Plugin 1.4.2 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV NEXT

FRAMES NO FRAMES

A B C D E F G H I J L M N P R S T U V W X

A

addTaintLocation(Location, boolean) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
analyseRegexString(String) - Method in class com.h3xstream.findsecbugs.ReDosDetector
analyze(IAnalysisCache, MethodDescriptor) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine

B

BadHexadecimalConversionDetector - Class in com.h3xstream.findsecbugs.crypto
BadHexadecimalConversionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.BadHexadecimalConversionDetector
BroadcastDetector - Class in com.h3xstream.findsecbugs.android
BroadcastDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.BroadcastDetector
ByteCode - Class in com.h3xstream.findsecbugs.common
ByteCode() - Constructor for class com.h3xstream.findsecbugs.common.ByteCode

C

canRecompute() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine
CipherWithNoIntegrityDetector - Class in com.h3xstream.findsecbugs.crypto: This detector mark cipher usage that doesn't provide integrity.
CipherWithNoIntegrityDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.CipherWithNoIntegrityDetector
classExtends(JavaClass, String) - Static method in class com.h3xstream.findsecbugs.common.InterfaceUtils
classImplements(JavaClass, String) - Static method in class com.h3xstream.findsecbugs.common.InterfaceUtils
com.h3xstream.findsecbugs - package com.h3xstream.findsecbugs
com.h3xstream.findsecbugs.android - package com.h3xstream.findsecbugs.android
com.h3xstream.findsecbugs.common - package com.h3xstream.findsecbugs.common
com.h3xstream.findsecbugs.crypto - package com.h3xstream.findsecbugs.crypto
com.h3xstream.findsecbugs.endpoint - package com.h3xstream.findsecbugs.endpoint
com.h3xstream.findsecbugs.injection - package com.h3xstream.findsecbugs.injection
com.h3xstream.findsecbugs.injection.command - package com.h3xstream.findsecbugs.injection.command
com.h3xstream.findsecbugs.injection.custom - package com.h3xstream.findsecbugs.injection.custom
com.h3xstream.findsecbugs.injection.ldap - package com.h3xstream.findsecbugs.injection.ldap
com.h3xstream.findsecbugs.injection.redirect - package com.h3xstream.findsecbugs.injection.redirect
com.h3xstream.findsecbugs.injection.script - package com.h3xstream.findsecbugs.injection.script
com.h3xstream.findsecbugs.injection.sql - package com.h3xstream.findsecbugs.injection.sql
com.h3xstream.findsecbugs.jsp - package com.h3xstream.findsecbugs.jsp
com.h3xstream.findsecbugs.password - package com.h3xstream.findsecbugs.password
com.h3xstream.findsecbugs.taintanalysis - package com.h3xstream.findsecbugs.taintanalysis
com.h3xstream.findsecbugs.xpath - package com.h3xstream.findsecbugs.xpath: This package focus on the identification of XPath injection vulnerability from various APIs: javax.xml (JDK API) org.apache.xpath org.apache.commons.jxpath (Apache Commons) TODO org.xmldb.api.modules (Apache Xindice) TODO
com.h3xstream.findsecbugs.xss - package com.h3xstream.findsecbugs.xss
com.h3xstream.findsecbugs.xxe - package com.h3xstream.findsecbugs.xxe
CommandInjectionDetector - Class in com.h3xstream.findsecbugs.injection.command: Detect the usage of Runtime and ProcessBuilder to execute system command.
CommandInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.command.CommandInjectionDetector
CommandInjectionSource - Class in com.h3xstream.findsecbugs.injection.command
CommandInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.command.CommandInjectionSource
ConstantPasswordDetector - Class in com.h3xstream.findsecbugs.password: General detector for hard coded passwords and cryptographic keys
ConstantPasswordDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.ConstantPasswordDetector
CookieDetector - Class in com.h3xstream.findsecbugs.endpoint
CookieDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.CookieDetector
createFact() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis
CustomInjectionDetector - Class in com.h3xstream.findsecbugs.injection.custom
CustomInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.custom.CustomInjectionDetector
CustomInjectionSource - Class in com.h3xstream.findsecbugs.injection.custom
CustomInjectionSource(Properties) - Constructor for class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource
CustomInjectionSource(Map<CustomInjectionSource.InvokeIdentifier, InjectionPoint>) - Constructor for class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource
CustomInjectionSource.InvokeIdentifier - Class in com.h3xstream.findsecbugs.injection.custom
CustomMessageDigestDetector - Class in com.h3xstream.findsecbugs.crypto: Implementing a custom solution for message digest should not promote.
CustomMessageDigestDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.CustomMessageDigestDetector

D

DesUsageDetector - Class in com.h3xstream.findsecbugs.crypto: Cipher identify
DesUsageDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.DesUsageDetector
dump(PrintStream) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodSummaryMap

E

EngineRegistrar - Class in com.h3xstream.findsecbugs.taintanalysis: Registers taint analysis with analysis cache
EngineRegistrar() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.EngineRegistrar
equals(Object) - Method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource.InvokeIdentifier
equals(Object) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
EsapiEncryptorDetector - Class in com.h3xstream.findsecbugs.crypto: This detector identify the usage of ESAPI cryptography components.
EsapiEncryptorDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.EsapiEncryptorDetector
ExternalFileAccessDetector - Class in com.h3xstream.findsecbugs.android
ExternalFileAccessDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.ExternalFileAccessDetector

F

FileUploadFilenameDetector - Class in com.h3xstream.findsecbugs: The filename given in FileUpload API is directly taken from the HTTP request.
FileUploadFilenameDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.FileUploadFilenameDetector

G

GeolocationDetector - Class in com.h3xstream.findsecbugs.android
GeolocationDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.GeolocationDetector
getBugType() - Method in class com.h3xstream.findsecbugs.injection.InjectionPoint
getConstantLDC(InstructionHandle, ConstantPoolGen, Class<T>) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Get the constant value of the given instruction.
getDefaultToStringSummary() - Static method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodSummary
getDefaultValue() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
getInjectableArguments() - Method in class com.h3xstream.findsecbugs.injection.InjectionPoint
getInjectableMethod() - Method in class com.h3xstream.findsecbugs.injection.InjectionPoint
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.command.CommandInjectionSource
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in interface com.h3xstream.findsecbugs.injection.InjectionSource: The implementation should identify method that are susceptible to injection and return parameters index that can injected.
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.ldap.JndiLdapInjectionSource
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.ldap.UnboundIdLdapInjectionSource
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.redirect.RedirectionSource
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.script.ScriptEngineSource
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.script.SpelSource
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.sql.HibernateInjectionSource
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.sql.JdoInjectionSource
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.sql.JpaInjectionSource
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.command.CommandInjectionDetector
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionDetector
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.ldap.LdapInjectionDetector
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.redirect.UnvalidatedRedirectDetector
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.script.ScriptInjectionDetector
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.sql.SqlInjectionDetector
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.TaintDetector
getInstance(Class<? extends TaintDetector>) - Static method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource
getInstance(String) - Static method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource
getLocalVariableIndex() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
getMutableStackIndex() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodSummary
getOutputTaint() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodSummary
getPossibleTaintedLocations() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
getPrevInstruction(InstructionHandle, Class<T>) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Get the previous instruction matching the given type of instruction (second parameter)
getPushNumber(InstructionHandle) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Extract the number from a push operation (BIPUSH/SIPUSH).
getState() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
getTaintedLocations() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
getTransferParameters() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodSummary
GoogleApiKeyDetector - Class in com.h3xstream.findsecbugs.password: GoogleApi provide code sample to sign URL using provided API key.
GoogleApiKeyDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.GoogleApiKeyDetector

H

handleLoadInstruction(LoadInstruction) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
hasConstantOutputTaint() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodSummary
hashCode() - Method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource.InvokeIdentifier
hashCode() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
hasMutableStackIndex() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodSummary
hasTaintedLocations() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
hasTransferParameters() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodSummary
hasValidLocalVariableIndex() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
hasVariableString(OpcodeStack) - Static method in class com.h3xstream.findsecbugs.common.StackUtils
HazelcastSymmetricEncryptionDetector - Class in com.h3xstream.findsecbugs.crypto: http://code.google.com/p/hazelcast/wiki/Encryption
HazelcastSymmetricEncryptionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.HazelcastSymmetricEncryptionDetector
HibernateInjectionSource - Class in com.h3xstream.findsecbugs.injection.sql: Focus on hibernate API for SQL/HQL injection.
HibernateInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.sql.HibernateInjectionSource

I

initEntryFact(TaintFrame) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis
InjectionPoint - Class in com.h3xstream.findsecbugs.injection
InjectionPoint(int[], String) - Constructor for class com.h3xstream.findsecbugs.injection.InjectionPoint
InjectionSource - Interface in com.h3xstream.findsecbugs.injection
InsufficientKeySizeBlowfishDetector - Class in com.h3xstream.findsecbugs.crypto
InsufficientKeySizeBlowfishDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeBlowfishDetector
InsufficientKeySizeRsaDetector - Class in com.h3xstream.findsecbugs.crypto: Similar to the blowfish key size detector
InsufficientKeySizeRsaDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeRsaDetector
InterfaceUtils - Class in com.h3xstream.findsecbugs.common
InterfaceUtils() - Constructor for class com.h3xstream.findsecbugs.common.InterfaceUtils
invalidateLocalVariableIndex() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.command.CommandInjectionSource
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource
isCandidate(ConstantPoolGen) - Method in interface com.h3xstream.findsecbugs.injection.InjectionSource: Before starting intensive analysis on variable flow and iterating on every instruction, this function will make sure the injection type can occurs in the current class base on its constant pool gen.
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.ldap.JndiLdapInjectionSource
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.ldap.UnboundIdLdapInjectionSource
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.redirect.RedirectionSource
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.script.ScriptEngineSource
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.script.SpelSource
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.sql.HibernateInjectionSource
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.sql.JdoInjectionSource
isCandidate(ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.injection.sql.JpaInjectionSource
isConstantInteger(OpcodeStack.Item) - Static method in class com.h3xstream.findsecbugs.common.StackUtils
isConstantString(OpcodeStack.Item) - Static method in class com.h3xstream.findsecbugs.common.StackUtils
isSafe() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
isTainted() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
isVariableString(OpcodeStack.Item) - Static method in class com.h3xstream.findsecbugs.common.StackUtils

J

JaxRsEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: JAX-RS (JSR311) defines an api for REST service.
JaxRsEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.JaxRsEndpointDetector
JaxWsEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: JAX-RS (JSR224) defines an api for Web service.
JaxWsEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.JaxWsEndpointDetector
JdoInjectionSource - Class in com.h3xstream.findsecbugs.injection.sql: API reference : http://db.apache.org/jdo/index.html
JdoInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.sql.JdoInjectionSource
JndiCredentialsDetector - Class in com.h3xstream.findsecbugs.password
JndiCredentialsDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.JndiCredentialsDetector
JndiLdapInjectionSource - Class in com.h3xstream.findsecbugs.injection.ldap
JndiLdapInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.ldap.JndiLdapInjectionSource
JpaInjectionSource - Class in com.h3xstream.findsecbugs.injection.sql: API reference : http://www.oracle.com/technetwork/articles/javaee/jpa-137156.html http://docs.oracle.com/javaee/6/api/javax/persistence/package-summary.html
JpaInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.sql.JpaInjectionSource
JspXssDetector - Class in com.h3xstream.findsecbugs.jsp: Basic rule that attempts to find additional XSS that the built-in FB rule didn't find.
JspXssDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.jsp.JspXssDetector

L

LdapInjectionDetector - Class in com.h3xstream.findsecbugs.injection.ldap
LdapInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.ldap.LdapInjectionDetector
load(String) - Static method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodSummary: Loads method summary from String
load(InputStream) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodSummaryMap

M

meetInto(TaintFrame, Edge, TaintFrame) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis
merge(Taint, Taint) - Static method in class com.h3xstream.findsecbugs.taintanalysis.Taint
merge(Taint.State, Taint.State) - Static method in enum com.h3xstream.findsecbugs.taintanalysis.Taint.State
mergeValues(TaintFrame, TaintFrame, int) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis

N

NONE - Static variable in class com.h3xstream.findsecbugs.injection.InjectionPoint
NullCipherDetector - Class in com.h3xstream.findsecbugs.crypto
NullCipherDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.NullCipherDetector

P

PathTraversalDetector - Class in com.h3xstream.findsecbugs
PathTraversalDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.PathTraversalDetector
PredictableRandomDetector - Class in com.h3xstream.findsecbugs
PredictableRandomDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.PredictableRandomDetector
printOpCode(InstructionHandle, ConstantPoolGen) - Static method in class com.h3xstream.findsecbugs.common.ByteCode
printOpCode(Instruction, ConstantPoolGen) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Print the the detail of the given instruction (class, method, etc.)

R

RedirectionSource - Class in com.h3xstream.findsecbugs.injection.redirect
RedirectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.redirect.RedirectionSource
ReDosDetector - Class in com.h3xstream.findsecbugs: This detector does minimal effort to find potential REDOS.
ReDosDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.ReDosDetector
registerAnalysisEngines(IAnalysisCache) - Method in class com.h3xstream.findsecbugs.taintanalysis.EngineRegistrar
registerWith(IAnalysisCache) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine
report() - Method in class com.h3xstream.findsecbugs.android.GeolocationDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.BadHexadecimalConversionDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.CustomMessageDigestDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeBlowfishDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeRsaDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.StaticIvDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.WeakTrustManagerDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.JaxRsEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.JaxWsEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.SpringMvcEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.Struts2EndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.TapestryEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.WicketEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.injection.TaintDetector
report() - Method in class com.h3xstream.findsecbugs.jsp.JspXssDetector
report() - Method in class com.h3xstream.findsecbugs.password.GoogleApiKeyDetector
report() - Method in class com.h3xstream.findsecbugs.StrutsValidatorFormDetector
report() - Method in class com.h3xstream.findsecbugs.xss.XSSRequestWrapperDetector
RsaNoPaddingDetector - Class in com.h3xstream.findsecbugs.crypto: Ref: http://cwe.mitre.org/data/definitions/780.html
RsaNoPaddingDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.RsaNoPaddingDetector

S

sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.BroadcastDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.ExternalFileAccessDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.WebViewJavascriptEnabledDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.WebViewJavascriptInterfaceDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.WorldWritableDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.CipherWithNoIntegrityDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.DesUsageDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.EsapiEncryptorDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.HazelcastSymmetricEncryptionDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.NullCipherDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.RsaNoPaddingDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.UnencryptedSocketDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.WeakMessageDigestDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.endpoint.CookieDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.endpoint.ServletEndpointDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.FileUploadFilenameDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.password.ConstantPasswordDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.password.JndiCredentialsDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.PathTraversalDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.PredictableRandomDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.ReDosDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.WeakFilenameUtilsMethodDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.XmlDecoderDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xpath.XPathInjectionApacheXPathApiDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xpath.XPathInjectionJavaxDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xxe.SaxParserXxeDetector
SaxParserXxeDetector - Class in com.h3xstream.findsecbugs.xxe: The SaxParser use the Xerces XML Parser engine.
SaxParserXxeDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xxe.SaxParserXxeDetector
ScriptEngineSource - Class in com.h3xstream.findsecbugs.injection.script
ScriptEngineSource() - Constructor for class com.h3xstream.findsecbugs.injection.script.ScriptEngineSource
ScriptInjectionDetector - Class in com.h3xstream.findsecbugs.injection.script
ScriptInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.script.ScriptInjectionDetector
ServletEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: This detector cover the Servlet/HttpServlet API which give access to user input.
ServletEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.ServletEndpointDetector
setInjectableMethod(String) - Method in class com.h3xstream.findsecbugs.injection.InjectionPoint
setLocalVariableIndex(int) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
setMutableStackIndex(int) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodSummary
setOuputTaint(Taint) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodSummary
setState(Taint.State) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
setTransferParameters(Collection<Integer>) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodSummary
SpelSource - Class in com.h3xstream.findsecbugs.injection.script
SpelSource() - Constructor for class com.h3xstream.findsecbugs.injection.script.SpelSource
SpringMvcEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
SpringMvcEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.SpringMvcEndpointDetector
SQL_INJECTION_TYPE - Static variable in class com.h3xstream.findsecbugs.injection.sql.HibernateInjectionSource
SQL_INJECTION_TYPE - Static variable in class com.h3xstream.findsecbugs.injection.sql.JdoInjectionSource
SQL_INJECTION_TYPE - Static variable in class com.h3xstream.findsecbugs.injection.sql.JpaInjectionSource
SqlInjectionDetector - Class in com.h3xstream.findsecbugs.injection.sql
SqlInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.sql.SqlInjectionDetector
StackUtils - Class in com.h3xstream.findsecbugs.common
StackUtils() - Constructor for class com.h3xstream.findsecbugs.common.StackUtils
StaticIvDetector - Class in com.h3xstream.findsecbugs.crypto: The main goal of the this detector is to find encryption being done with static initialization vector (IV).
StaticIvDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.StaticIvDetector
STRUTS1_ENDPOINT_TYPE - Static variable in class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
Struts1EndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
Struts1EndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
Struts2EndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
Struts2EndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.Struts2EndpointDetector
StrutsValidatorFormDetector - Class in com.h3xstream.findsecbugs
StrutsValidatorFormDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.StrutsValidatorFormDetector

T

Taint - Class in com.h3xstream.findsecbugs.taintanalysis: Representation of taint dataflow facts (dataflow values) for each slot in TaintFrame
Taint(Taint.State) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.Taint
Taint(Taint) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.Taint
Taint.State - Enum in com.h3xstream.findsecbugs.taintanalysis
TaintAnalysis - Class in com.h3xstream.findsecbugs.taintanalysis: Implements taint dataflow operations, in particular meeting facts, transfer function is delegated to TaintFrameModelingVisitor
TaintAnalysis(MethodGen, DepthFirstSearch, TaintMethodSummaryMap) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis
TaintDataflow - Class in com.h3xstream.findsecbugs.taintanalysis: Analysis object storing the result of taint analysis on a method
TaintDataflow(CFG, TaintAnalysis) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintDataflow
TaintDataflowEngine - Class in com.h3xstream.findsecbugs.taintanalysis: Requests or creates needed objects and execute taint analysis
TaintDataflowEngine() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine
TaintDetector - Class in com.h3xstream.findsecbugs.injection: Detector designed for extension to detect injection vulnerabilities
TaintDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.TaintDetector
TaintFrame - Class in com.h3xstream.findsecbugs.taintanalysis: Representation of the dataflow value (fact) modeling taint state of local variables and values on stack, consists of Taint values
TaintFrame(int) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintFrame
TaintFrameModelingVisitor - Class in com.h3xstream.findsecbugs.taintanalysis: Visitor to make instruction transfer of taint values easier
TaintFrameModelingVisitor(ConstantPoolGen, TaintMethodSummaryMap) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
TaintMethodSummary - Class in com.h3xstream.findsecbugs.taintanalysis: Summary of information about a method related to taint analysis
TaintMethodSummary() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintMethodSummary
TaintMethodSummaryMap - Class in com.h3xstream.findsecbugs.taintanalysis: Map of taint summaries for all known methods
TaintMethodSummaryMap() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintMethodSummaryMap
TapestryEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: Identify endpoints using the web framework Tapestry.
TapestryEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.TapestryEndpointDetector
toString() - Method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource.InvokeIdentifier
toString() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
toString() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodSummary
transferInstruction(InstructionHandle, BasicBlock, TaintFrame) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis

U

UnboundIdLdapInjectionSource - Class in com.h3xstream.findsecbugs.injection.ldap: UnboundId API offers both a Typed and a string based filters.
UnboundIdLdapInjectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.ldap.UnboundIdLdapInjectionSource
UnencryptedSocketDetector - Class in com.h3xstream.findsecbugs.crypto
UnencryptedSocketDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.UnencryptedSocketDetector
UnvalidatedRedirectDetector - Class in com.h3xstream.findsecbugs.injection.redirect
UnvalidatedRedirectDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.redirect.UnvalidatedRedirectDetector

V

valueOf(String) - Static method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionSource.InvokeIdentifier
valueOf(String) - Static method in enum com.h3xstream.findsecbugs.taintanalysis.Taint.State: Returns the enum constant of this type with the specified name.
values() - Static method in enum com.h3xstream.findsecbugs.taintanalysis.Taint.State: Returns an array containing the constants of this enum type, in the order they are declared.
visit(JavaClass) - Method in class com.h3xstream.findsecbugs.password.ConstantPasswordDetector
visit(Method) - Method in class com.h3xstream.findsecbugs.password.ConstantPasswordDetector
visitAALOAD(AALOAD) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitACONST_NULL(ACONST_NULL) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitAfter(JavaClass) - Method in class com.h3xstream.findsecbugs.password.ConstantPasswordDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.android.GeolocationDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.BadHexadecimalConversionDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.CustomMessageDigestDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeBlowfishDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeRsaDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.StaticIvDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.WeakTrustManagerDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.JaxRsEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.JaxWsEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.SpringMvcEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.Struts2EndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.TapestryEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.WicketEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.injection.TaintDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.jsp.JspXssDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.password.GoogleApiKeyDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.StrutsValidatorFormDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.xss.XSSRequestWrapperDetector
visitINVOKEINTERFACE(INVOKEINTERFACE) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitINVOKESPECIAL(INVOKESPECIAL) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitINVOKESTATIC(INVOKESTATIC) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitINVOKEVIRTUAL(INVOKEVIRTUAL) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitLDC(LDC) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitLDC2_W(LDC2_W) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitNEW(NEW) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor

W

WeakFilenameUtilsMethodDetector - Class in com.h3xstream.findsecbugs: Few methods from org.apache.commons.io.FilenameUtils have a common weakness of not filtering properly null byte.
WeakFilenameUtilsMethodDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.WeakFilenameUtilsMethodDetector
WeakMessageDigestDetector - Class in com.h3xstream.findsecbugs.crypto: Identify the use MD2 and MD5 hashing function and recommend the use of SHA functions.
WeakMessageDigestDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.WeakMessageDigestDetector
WeakTrustManagerDetector - Class in com.h3xstream.findsecbugs.crypto: The first reflex for developer that encounter web services that have unsigned certificate is often to trust all certificates.
WeakTrustManagerDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.WeakTrustManagerDetector
WebViewJavascriptEnabledDetector - Class in com.h3xstream.findsecbugs.android
WebViewJavascriptEnabledDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.WebViewJavascriptEnabledDetector
WebViewJavascriptInterfaceDetector - Class in com.h3xstream.findsecbugs.android
WebViewJavascriptInterfaceDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.WebViewJavascriptInterfaceDetector
WicketEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: Identify endpoints using the web framework Wicket.
WicketEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.WicketEndpointDetector
WorldWritableDetector - Class in com.h3xstream.findsecbugs.android
WorldWritableDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.WorldWritableDetector

X

XmlDecoderDetector - Class in com.h3xstream.findsecbugs
XmlDecoderDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.XmlDecoderDetector
XPathInjectionApacheXPathApiDetector - Class in com.h3xstream.findsecbugs.xpath
XPathInjectionApacheXPathApiDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xpath.XPathInjectionApacheXPathApiDetector
XPathInjectionJavaxDetector - Class in com.h3xstream.findsecbugs.xpath
XPathInjectionJavaxDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xpath.XPathInjectionJavaxDetector
XSSRequestWrapperDetector - Class in com.h3xstream.findsecbugs.xss: Various flavor of XSSRequestWrapper exist to do some debatable prevention.
XSSRequestWrapperDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xss.XSSRequestWrapperDetector

A B C D E F G H I J L M N P R S T U V W X

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV NEXT

FRAMES NO FRAMES