OgnlInjectionDetector (Find Security Bugs Plugin 1.7.0 API)

Skip navigation links

Prev Class
Next Class

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- com.h3xstream.findsecbugs.injection.AbstractTaintDetector
- - com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
  - - com.h3xstream.findsecbugs.injection.BasicInjectionDetector
    - - com.h3xstream.findsecbugs.injection.script.OgnlInjectionDetector

All Implemented Interfaces:

edu.umd.cs.findbugs.Detector, edu.umd.cs.findbugs.Priorities
```
public class OgnlInjectionDetector
extends BasicInjectionDetector
```

Field Summary

Fields
Modifier and Type Field and Description

static String[] STRUTS_UTILITY_CLASSES
The utility class from Struts2 are skip to avoid false positive.
- Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
  injectionSinks
- Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
  bugReporter
- Fields inherited from interface edu.umd.cs.findbugs.Priorities
  EXP_PRIORITY, HIGH_PRIORITY, IGNORE_PRIORITY, LOW_PRIORITY, NORMAL_PRIORITY

Constructor Summary

Constructors
Constructor and Description

OgnlInjectionDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`shouldAnalyzeClass(edu.umd.cs.findbugs.ba.ClassContext classContext)` Allow any concrete implementation of taint detector to skip the analysis of certain files.

Methods inherited from class com.h3xstream.findsecbugs.injection.BasicInjectionDetector
addParsedInjectionPoint, getInjectionPoint, loadConfiguredSinks, loadConfiguredSinks, loadCustomConfigFiles, loadCustomSinks, loadSink

Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
analyzeLocation, getPriority, getPriorityFromTaintFrame, report

Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
analyzeMethod, visitClassContext

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - STRUTS_UTILITY_CLASSES
```
public static final String[] STRUTS_UTILITY_CLASSES
```
    The utility class from Struts2 are skip to avoid false positive.
- Constructor Detail
  - OgnlInjectionDetector
```
public OgnlInjectionDetector(edu.umd.cs.findbugs.BugReporter bugReporter)
```
- Method Detail
  - shouldAnalyzeClass
```
public boolean shouldAnalyzeClass(edu.umd.cs.findbugs.ba.ClassContext classContext)
```
    Description copied from class: AbstractTaintDetector
    
    Allow any concrete implementation of taint detector to skip the analysis of certain files. The purpose can be for optimisation or to trigger bug in specific context. The default implementation returns true to all classes visited.
    
    Overrides:
    
    shouldAnalyzeClass in class AbstractTaintDetector
    
    Parameters:
    
    classContext - Information about the class that is about to be analyzed
    
    Returns:
    
    If the given class should be analyze.

Skip navigation links

Prev Class
Next Class

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2017. All rights reserved.