| Interface | Description |
|---|---|
| TaintConfigLoader.TaintConfigReceiver |
Specifies what to do for each loaded summary
|
| TaintTypeConfig |
Predecessor for method and class type summary configs
|
| Class | Description |
|---|---|
| EngineRegistrar |
Registers taint analysis (dataflow engine) with analysis cache
|
| Taint |
Representation of taint dataflow facts (dataflow values) for each slot in
TaintFrame |
| TaintAnalysis |
Implements taint dataflow operations, in particular meeting facts, transfer
function is delegated to
TaintFrameModelingVisitor |
| TaintClassConfig |
Summary of information about a class related to taint analysis,
allows to configure default behavior for return types and type casts.
|
| TaintConfig |
Map of taint summaries for all known methods and classes
This class extends HashMap:
The key is the method signature (ie :
org/hibernate/Session.createQuery(Ljava/lang/String;)Lorg/hibernate/Query;)
The value is the behavior of the method
("0" for param index 0 is tainted,
"UNKNOWN" if the method does not become tainted base on the value,
"TAINTED" if the result must be consider unsafe)
|
| TaintConfigLoader |
Helper class for loading configured taint method and class summaries
|
| TaintDataflow |
Analysis object storing the result of taint analysis on a method
|
| TaintDataflowEngine |
Requests or creates needed objects and execute taint analysis,
extends taint summaries with analyzed methods
|
| TaintFrame |
Representation of the dataflow value (fact) modeling taint state of local
variables and values on stack, consists of
Taint values |
| TaintFrameModelingVisitor |
Visitor to make instruction transfer of taint values easier
|
| TaintLocation |
Global comparable specification of a taint source (or path node) location
|
| TaintMethodConfig |
Summary of information about a method related to taint analysis.
For loading sinks files please see SinksLoader |
| TaintMethodConfigWithArgumentsAndLocation |
Summary of information about a taint analysis method with configured arguments and location of the call.
Can be used to fine-tune false-positives in specific classes. Examples: javax/servlet/http/HttpServletRequest.getAttribute("applicationConstant"):SAFE@org/apache/jsp/edit_jspjavax/servlet/http/HttpServletRequest.getAttribute(UNKNOWN):SAFE@org/apache/jsp/constants_jsp |
| Enum | Description |
|---|---|
| Taint.State | |
| Taint.Tag |
Copyright © 2017. All rights reserved.