| Package | Description |
|---|---|
| com.h3xstream.findsecbugs | |
| com.h3xstream.findsecbugs.injection | |
| com.h3xstream.findsecbugs.injection.command | |
| com.h3xstream.findsecbugs.injection.crlf | |
| com.h3xstream.findsecbugs.injection.custom | |
| com.h3xstream.findsecbugs.injection.formatter | |
| com.h3xstream.findsecbugs.injection.http | |
| com.h3xstream.findsecbugs.injection.ldap | |
| com.h3xstream.findsecbugs.injection.sql | |
| com.h3xstream.findsecbugs.injection.trust |
Trust Boundary Violation is fancy name to describe tainted value passed directly to session attribute.
|
| com.h3xstream.findsecbugs.password | |
| com.h3xstream.findsecbugs.scala | |
| com.h3xstream.findsecbugs.taintanalysis | |
| com.h3xstream.findsecbugs.xpath |
This package focus on the identification of XPath injection
vulnerability from various APIs:
javax.xml (JDK API)
org.apache.xpath
org.apache.commons.jxpath (Apache Commons) TODO
org.xmldb.api.modules (Apache Xindice) TODO
|
| com.h3xstream.findsecbugs.xss |
| Class and Description |
|---|
| Taint
Representation of taint dataflow facts (dataflow values) for each slot in
TaintFrame |
| Class and Description |
|---|
| Taint
Representation of taint dataflow facts (dataflow values) for each slot in
TaintFrame |
| TaintFrame
Representation of the dataflow value (fact) modeling taint state of local
variables and values on stack, consists of
Taint values |
| TaintLocation
Global comparable specification of a taint source (or path node) location
|
| Class and Description |
|---|
| Taint
Representation of taint dataflow facts (dataflow values) for each slot in
TaintFrame |
| Class and Description |
|---|
| Taint
Representation of taint dataflow facts (dataflow values) for each slot in
TaintFrame |
| Class and Description |
|---|
| Taint
Representation of taint dataflow facts (dataflow values) for each slot in
TaintFrame |
| Class and Description |
|---|
| Taint
Representation of taint dataflow facts (dataflow values) for each slot in
TaintFrame |
| Class and Description |
|---|
| Taint
Representation of taint dataflow facts (dataflow values) for each slot in
TaintFrame |
| Class and Description |
|---|
| Taint
Representation of taint dataflow facts (dataflow values) for each slot in
TaintFrame |
| Class and Description |
|---|
| Taint
Representation of taint dataflow facts (dataflow values) for each slot in
TaintFrame |
| Class and Description |
|---|
| Taint
Representation of taint dataflow facts (dataflow values) for each slot in
TaintFrame |
| Class and Description |
|---|
| TaintFrame
Representation of the dataflow value (fact) modeling taint state of local
variables and values on stack, consists of
Taint values |
| Class and Description |
|---|
| Taint
Representation of taint dataflow facts (dataflow values) for each slot in
TaintFrame |
| TaintFrame
Representation of the dataflow value (fact) modeling taint state of local
variables and values on stack, consists of
Taint values |
| Class and Description |
|---|
| Taint
Representation of taint dataflow facts (dataflow values) for each slot in
TaintFrame |
| Taint.State |
| Taint.Tag |
| TaintAnalysis
Implements taint dataflow operations, in particular meeting facts, transfer
function is delegated to
TaintFrameModelingVisitor |
| TaintClassConfig
Summary of information about a class related to taint analysis,
allows to configure default behavior for return types and type casts.
|
| TaintConfig
Map of taint summaries for all known methods and classes
This class extends HashMap:
The key is the method signature (ie :
org/hibernate/Session.createQuery(Ljava/lang/String;)Lorg/hibernate/Query;)
The value is the behavior of the method
("0" for param index 0 is tainted,
"UNKNOWN" if the method does not become tainted base on the value,
"TAINTED" if the result must be consider unsafe)
|
| TaintConfigLoader.TaintConfigReceiver
Specifies what to do for each loaded summary
|
| TaintDataflow
Analysis object storing the result of taint analysis on a method
|
| TaintFrame
Representation of the dataflow value (fact) modeling taint state of local
variables and values on stack, consists of
Taint values |
| TaintLocation
Global comparable specification of a taint source (or path node) location
|
| TaintMethodConfig
Summary of information about a method related to taint analysis.
For loading sinks files please see SinksLoader |
| TaintMethodConfigWithArgumentsAndLocation
Summary of information about a taint analysis method with configured arguments and location of the call.
Can be used to fine-tune false-positives in specific classes. Examples: javax/servlet/http/HttpServletRequest.getAttribute("applicationConstant"):SAFE@org/apache/jsp/edit_jspjavax/servlet/http/HttpServletRequest.getAttribute(UNKNOWN):SAFE@org/apache/jsp/constants_jsp |
| TaintTypeConfig
Predecessor for method and class type summary configs
|
| Class and Description |
|---|
| Taint
Representation of taint dataflow facts (dataflow values) for each slot in
TaintFrame |
| Class and Description |
|---|
| Taint
Representation of taint dataflow facts (dataflow values) for each slot in
TaintFrame |
Copyright © 2017. All rights reserved.