com.h3xstream.findsecbugs.password

Class IntuitiveHardcodePasswordDetector

java.lang.Object

com.h3xstream.findsecbugs.injection.AbstractTaintDetector

com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

com.h3xstream.findsecbugs.injection.BasicInjectionDetector

com.h3xstream.findsecbugs.password.IntuitiveHardcodePasswordDetector

All Implemented Interfaces:

edu.umd.cs.findbugs.Detector, edu.umd.cs.findbugs.Priorities

public class IntuitiveHardcodePasswordDetector
extends BasicInjectionDetector

This detector will find what look like password hardcode on unknown API. Such as: MyCustomClient.setPassword("abc123!");

It will also find API written in other language. MonClient.defMotDePasse("abc123!");

It will match method that contains other keywords prefixing or suffixing. MyClient.setConnectionPwd("abc123!");

Field Summary

Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

injectionSinks

Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector

bugReporter

Fields inherited from interface edu.umd.cs.findbugs.Priorities

EXP_PRIORITY, HIGH_PRIORITY, IGNORE_PRIORITY, LOW_PRIORITY, NORMAL_PRIORITY

Constructor Summary

Constructors

Constructor and Description
IntuitiveHardcodePasswordDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Method Summary

Modifier and Type	Method and Description
protected InjectionPoint	getInjectionPoint(org.apache.bcel.generic.InvokeInstruction invoke, org.apache.bcel.generic.ConstantPoolGen cpg, org.apache.bcel.generic.InstructionHandle handle)
protected int	getPriorityFromTaintFrame(TaintFrame fact, int offset) The default implementation of getPriorityFromTaintFrame() can be overridden if the detector must base its priority on multiple parameters or special conditions like constant values.

Methods inherited from class com.h3xstream.findsecbugs.injection.BasicInjectionDetector

addParsedInjectionPoint, loadConfiguredSinks, loadConfiguredSinks, loadCustomConfigFiles, loadCustomSinks, loadSink

Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

analyzeLocation, getPriority, report

Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector

analyzeMethod, shouldAnalyzeClass, visitClassContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

IntuitiveHardcodePasswordDetector

public IntuitiveHardcodePasswordDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Method Detail

getPriorityFromTaintFrame

protected int getPriorityFromTaintFrame(TaintFrame fact,
                                        int offset)
                                 throws edu.umd.cs.findbugs.ba.DataflowAnalysisException

Description copied from class: AbstractInjectionDetector

The default implementation of getPriorityFromTaintFrame() can be overridden if the detector must base its priority on multiple parameters or special conditions like constant values. By default, this method will call the getPriority() method with the parameter taint at the specified offset.

Overrides:

getPriorityFromTaintFrame in class AbstractInjectionDetector

Parameters:

fact - The TaintFrame for the inspected instruction call.

offset - The offset of the checked parameter.

Returns:

Priorities interface values from 1 to 5 (Enum-like interface)

Throws:

edu.umd.cs.findbugs.ba.DataflowAnalysisException - An exception thrown when the TaintFrame cannot be analyzed.

getInjectionPoint

protected InjectionPoint getInjectionPoint(org.apache.bcel.generic.InvokeInstruction invoke,
                                           org.apache.bcel.generic.ConstantPoolGen cpg,
                                           org.apache.bcel.generic.InstructionHandle handle)

Overrides:

getInjectionPoint in class BasicInjectionDetector