com.h3xstream.findsecbugs.password

Class HardcodePasswordInMapDetector

java.lang.Object

com.h3xstream.findsecbugs.injection.AbstractTaintDetector

com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

com.h3xstream.findsecbugs.injection.BasicInjectionDetector

com.h3xstream.findsecbugs.password.HardcodePasswordInMapDetector

All Implemented Interfaces:

edu.umd.cs.findbugs.Detector, edu.umd.cs.findbugs.Priorities

public class HardcodePasswordInMapDetector
extends BasicInjectionDetector

Detect hard-code password in settings map (key value configurations constructed at runtime)

Field Summary

Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

injectionSinks

Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector

bugReporter

Fields inherited from interface edu.umd.cs.findbugs.Priorities

EXP_PRIORITY, HIGH_PRIORITY, IGNORE_PRIORITY, LOW_PRIORITY, NORMAL_PRIORITY

Constructor Summary

Constructors

Constructor and Description
HardcodePasswordInMapDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Method Summary

Modifier and Type	Method and Description
protected InjectionPoint	getInjectionPoint(org.apache.bcel.generic.InvokeInstruction invoke, org.apache.bcel.generic.ConstantPoolGen cpg, org.apache.bcel.generic.InstructionHandle handle)
protected int	getPriorityFromTaintFrame(TaintFrame fact, int offset) The default implementation of getPriorityFromTaintFrame() can be overridden if the detector must base its priority on multiple parameters or special conditions like constant values.

Methods inherited from class com.h3xstream.findsecbugs.injection.BasicInjectionDetector

addParsedInjectionPoint, loadConfiguredSinks, loadConfiguredSinks, loadCustomConfigFiles, loadCustomSinks, loadSink

Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

analyzeLocation, getPriority, report

Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector

analyzeMethod, shouldAnalyzeClass, visitClassContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HardcodePasswordInMapDetector

public HardcodePasswordInMapDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Method Detail

getPriorityFromTaintFrame

protected int getPriorityFromTaintFrame(TaintFrame fact,
                                        int offset)
                                 throws edu.umd.cs.findbugs.ba.DataflowAnalysisException

Description copied from class: AbstractInjectionDetector

The default implementation of getPriorityFromTaintFrame() can be overridden if the detector must base its priority on multiple parameters or special conditions like constant values. By default, this method will call the getPriority() method with the parameter taint at the specified offset.

Overrides:

getPriorityFromTaintFrame in class AbstractInjectionDetector

Parameters:

fact - The TaintFrame for the inspected instruction call.

offset - The offset of the checked parameter.

Returns:

Priorities interface values from 1 to 5 (Enum-like interface)

Throws:

edu.umd.cs.findbugs.ba.DataflowAnalysisException - An exception thrown when the TaintFrame cannot be analyzed.

getInjectionPoint

protected InjectionPoint getInjectionPoint(org.apache.bcel.generic.InvokeInstruction invoke,
                                           org.apache.bcel.generic.ConstantPoolGen cpg,
                                           org.apache.bcel.generic.InstructionHandle handle)

Overrides:

getInjectionPoint in class BasicInjectionDetector