com.h3xstream.findsecbugs.xss

Class XssServletDetector

java.lang.Object

com.h3xstream.findsecbugs.injection.AbstractTaintDetector

com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

com.h3xstream.findsecbugs.injection.BasicInjectionDetector

com.h3xstream.findsecbugs.xss.XssServletDetector

All Implemented Interfaces:

edu.umd.cs.findbugs.Detector, edu.umd.cs.findbugs.Priorities

public class XssServletDetector
extends BasicInjectionDetector

Field Summary

Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

injectionSinks

Fields inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector

bugReporter

Fields inherited from interface edu.umd.cs.findbugs.Priorities

EXP_PRIORITY, HIGH_PRIORITY, IGNORE_PRIORITY, LOW_PRIORITY, NORMAL_PRIORITY

Constructor Summary

Constructors

Constructor and Description
XssServletDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Method Summary

Modifier and Type	Method and Description
protected int	getPriority(Taint taint) The default implementation of getPriority() can be overridden if the severity and the confidence for risk is particular.
boolean	shouldAnalyzeClass(edu.umd.cs.findbugs.ba.ClassContext classContext) Allow any concrete implementation of taint detector to skip the analysis of certain files.

Methods inherited from class com.h3xstream.findsecbugs.injection.BasicInjectionDetector

addParsedInjectionPoint, getInjectionPoint, loadConfiguredSinks, loadConfiguredSinks, loadCustomConfigFiles, loadCustomSinks, loadSink

Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector

analyzeLocation, getPriorityFromTaintFrame, report

Methods inherited from class com.h3xstream.findsecbugs.injection.AbstractTaintDetector

analyzeMethod, visitClassContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

XssServletDetector

public XssServletDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Method Detail

getPriority

protected int getPriority(Taint taint)

Description copied from class: AbstractInjectionDetector

The default implementation of getPriority() can be overridden if the severity and the confidence for risk is particular. By default, injection will be rated "High" if the complete link between source and sink is made. If it is not the case but concatenation with external source is made, "Medium" is used.

Overrides:

getPriority in class AbstractInjectionDetector

Parameters:

taint - Detail about the state of the value passed (Cumulative information leading to the variable passed).

Returns:

Priorities interface values from 1 to 5 (Enum-like interface)

shouldAnalyzeClass

public boolean shouldAnalyzeClass(edu.umd.cs.findbugs.ba.ClassContext classContext)

Description copied from class: AbstractTaintDetector

Allow any concrete implementation of taint detector to skip the analysis of certain files. The purpose can be for optimisation or to trigger bug in specific context. The default implementation returns true to all classes visited.

Overrides:

shouldAnalyzeClass in class AbstractTaintDetector

Parameters:

classContext - Information about the class that is about to be analyzed

Returns:

If the given class should be analyze.