Index (Find Security Bugs Plugin 1.7.0 API)

A B C D E F G H I J L M N O P R S T U V W X

A

AbstractInjectionDetector - Class in com.h3xstream.findsecbugs.injection: Detector designed for extension to detect injection vulnerabilities
AbstractInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
AbstractTaintDetector - Class in com.h3xstream.findsecbugs.injection: Detector designed for extension to allow usage of taint analysis
AbstractTaintDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
accepts(String, String) - Static method in class com.h3xstream.findsecbugs.taintanalysis.TaintClassConfig
accepts(String, String) - Static method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig
accepts(String, String) - Static method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfigWithArgumentsAndLocation
addLine(SourceLineAnnotation) - Method in class com.h3xstream.findsecbugs.injection.InjectionSink: Adds a line with tainted source or path for reporting
addLines(Collection<TaintLocation>) - Method in class com.h3xstream.findsecbugs.injection.InjectionSink: Adds lines with tainted source or path for reporting
addLocation(TaintLocation, boolean) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Adds location for a taint source or path to remember for reporting
addMutableStackIndex(int) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Adds a stack index modified by method
addParsedInjectionPoint(String, InjectionPoint) - Method in class com.h3xstream.findsecbugs.injection.BasicInjectionDetector
addSink(String, int[], String, SinksLoader.InjectionPointReceiver) - Method in class com.h3xstream.findsecbugs.injection.SinksLoader
addTag(Taint.Tag) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Adds the specified taint tag to this fact or marks this tag to add if this fact acts like a derivation of taint transfer behaviour
addUnknownSources(Collection<TaintLocation>) - Method in class com.h3xstream.findsecbugs.injection.InjectionSink
analyseRegexString(String) - Method in class com.h3xstream.findsecbugs.ReDosDetector
analyze(IAnalysisCache, MethodDescriptor) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine
analyzeInstruction(Instruction) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
analyzeLocation(ClassContext, Method, InstructionHandle, ConstantPoolGen, InvokeInstruction, TaintFrame, String) - Method in class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
analyzeLocation(ClassContext, Method, InstructionHandle, ConstantPoolGen, InvokeInstruction, TaintFrame, String) - Method in class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
analyzeMethod(ClassContext, Method) - Method in class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
AndroidSqlInjectionDetector - Class in com.h3xstream.findsecbugs.injection.sql
AndroidSqlInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.sql.AndroidSqlInjectionDetector
AnonymousLdapDetector - Class in com.h3xstream.findsecbugs.ldap
AnonymousLdapDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.ldap.AnonymousLdapDetector
atClass(String...) - Method in class com.h3xstream.findsecbugs.common.matcher.InvokeMatcherBuilder
atMethod(String...) - Method in class com.h3xstream.findsecbugs.common.matcher.InvokeMatcherBuilder
AwsQueryInjectionDetector - Class in com.h3xstream.findsecbugs.injection.aws
AwsQueryInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.aws.AwsQueryInjectionDetector

B

BadHexadecimalConversionDetector - Class in com.h3xstream.findsecbugs.crypto
BadHexadecimalConversionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.BadHexadecimalConversionDetector
BasicInjectionDetector - Class in com.h3xstream.findsecbugs.injection: Detector designed for extension to detect basic injections with a list of full method names with specified injectable arguments as taint sinks
BasicInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.BasicInjectionDetector
BeanInjectionDetector - Class in com.h3xstream.findsecbugs.injection.beans
BeanInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.beans.BeanInjectionDetector
BroadcastDetector - Class in com.h3xstream.findsecbugs.android
BroadcastDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.BroadcastDetector
bugReporter - Variable in class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
ByteCode - Class in com.h3xstream.findsecbugs.common
ByteCode() - Constructor for class com.h3xstream.findsecbugs.common.ByteCode

C

CipherWithNoIntegrityDetector - Class in com.h3xstream.findsecbugs.crypto: This detector mark cipher usage that doesn't provide integrity.
CipherWithNoIntegrityDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.CipherWithNoIntegrityDetector
com.h3xstream.findsecbugs - package com.h3xstream.findsecbugs
com.h3xstream.findsecbugs.android - package com.h3xstream.findsecbugs.android
com.h3xstream.findsecbugs.common - package com.h3xstream.findsecbugs.common
com.h3xstream.findsecbugs.common.matcher - package com.h3xstream.findsecbugs.common.matcher
com.h3xstream.findsecbugs.cookie - package com.h3xstream.findsecbugs.cookie
com.h3xstream.findsecbugs.crypto - package com.h3xstream.findsecbugs.crypto
com.h3xstream.findsecbugs.csrf - package com.h3xstream.findsecbugs.csrf
com.h3xstream.findsecbugs.endpoint - package com.h3xstream.findsecbugs.endpoint
com.h3xstream.findsecbugs.file - package com.h3xstream.findsecbugs.file
com.h3xstream.findsecbugs.injection - package com.h3xstream.findsecbugs.injection
com.h3xstream.findsecbugs.injection.aws - package com.h3xstream.findsecbugs.injection.aws
com.h3xstream.findsecbugs.injection.beans - package com.h3xstream.findsecbugs.injection.beans
com.h3xstream.findsecbugs.injection.command - package com.h3xstream.findsecbugs.injection.command
com.h3xstream.findsecbugs.injection.crlf - package com.h3xstream.findsecbugs.injection.crlf
com.h3xstream.findsecbugs.injection.custom - package com.h3xstream.findsecbugs.injection.custom
com.h3xstream.findsecbugs.injection.fileDisclosure - package com.h3xstream.findsecbugs.injection.fileDisclosure
com.h3xstream.findsecbugs.injection.formatter - package com.h3xstream.findsecbugs.injection.formatter
com.h3xstream.findsecbugs.injection.http - package com.h3xstream.findsecbugs.injection.http
com.h3xstream.findsecbugs.injection.ldap - package com.h3xstream.findsecbugs.injection.ldap
com.h3xstream.findsecbugs.injection.redirect - package com.h3xstream.findsecbugs.injection.redirect
com.h3xstream.findsecbugs.injection.script - package com.h3xstream.findsecbugs.injection.script
com.h3xstream.findsecbugs.injection.sql - package com.h3xstream.findsecbugs.injection.sql
com.h3xstream.findsecbugs.injection.trust - package com.h3xstream.findsecbugs.injection.trust: Trust Boundary Violation is fancy name to describe tainted value passed directly to session attribute.
com.h3xstream.findsecbugs.jsp - package com.h3xstream.findsecbugs.jsp
com.h3xstream.findsecbugs.ldap - package com.h3xstream.findsecbugs.ldap
com.h3xstream.findsecbugs.password - package com.h3xstream.findsecbugs.password
com.h3xstream.findsecbugs.scala - package com.h3xstream.findsecbugs.scala
com.h3xstream.findsecbugs.serial - package com.h3xstream.findsecbugs.serial
com.h3xstream.findsecbugs.spring - package com.h3xstream.findsecbugs.spring
com.h3xstream.findsecbugs.taintanalysis - package com.h3xstream.findsecbugs.taintanalysis
com.h3xstream.findsecbugs.template - package com.h3xstream.findsecbugs.template
com.h3xstream.findsecbugs.xml - package com.h3xstream.findsecbugs.xml
com.h3xstream.findsecbugs.xpath - package com.h3xstream.findsecbugs.xpath: This package focus on the identification of XPath injection vulnerability from various APIs: javax.xml (JDK API) org.apache.xpath org.apache.commons.jxpath (Apache Commons) TODO org.xmldb.api.modules (Apache Xindice) TODO
com.h3xstream.findsecbugs.xss - package com.h3xstream.findsecbugs.xss
CommandInjectionDetector - Class in com.h3xstream.findsecbugs.injection.command: Detect the usage of Runtime and ProcessBuilder to execute system command.
CommandInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.command.CommandInjectionDetector
compareTo(TaintLocation) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintLocation
configPattern - Static variable in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig
ConstantPasswordDetector - Class in com.h3xstream.findsecbugs.password: General detector for hard coded passwords and cryptographic keys
ConstantPasswordDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.ConstantPasswordDetector
CONTENT_PROVIDER_TYPES - Static variable in class com.h3xstream.findsecbugs.injection.sql.AndroidSqlInjectionDetector
CookieFlagsDetector - Class in com.h3xstream.findsecbugs.cookie
CookieFlagsDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.cookie.CookieFlagsDetector
CookieReadDetector - Class in com.h3xstream.findsecbugs.cookie
CookieReadDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.cookie.CookieReadDetector
createFact() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis
CrlfLogInjectionDetector - Class in com.h3xstream.findsecbugs.injection.crlf: Detects logging of tainted values - CRLF injection (or Improper Output Neutralization for Logs)
CrlfLogInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.crlf.CrlfLogInjectionDetector
CustomInjectionDetector - Class in com.h3xstream.findsecbugs.injection.custom
CustomInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.custom.CustomInjectionDetector
CustomMessageDigestDetector - Class in com.h3xstream.findsecbugs.crypto: Implementing a custom solution for message digest should not promote.
CustomMessageDigestDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.CustomMessageDigestDetector

D

DEFAULT_TAINT_STATE - Static variable in class com.h3xstream.findsecbugs.taintanalysis.TaintClassConfig
DeserializationGadgetDetector - Class in com.h3xstream.findsecbugs.serial
DeserializationGadgetDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.serial.DeserializationGadgetDetector
DesUsageDetector - Class in com.h3xstream.findsecbugs.crypto: Cipher identify DES/CBC/NoPadding (56 bit) DES/CBC/PKCS5Padding (56 bit) DES/ECB/NoPadding (56 bit) DES/ECB/PKCS5Padding (56 bit) DESede/CBC/NoPadding (168 bit) DESede/CBC/PKCS5Padding (168 bit) DESede/ECB/NoPadding (168 bit) DESede/ECB/PKCS5Padding (168 bit) Ref: Partial list of ciphers
DesUsageDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.DesUsageDetector
dump(PrintStream) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig: Dumps all the summaries for debugging

E

EngineRegistrar - Class in com.h3xstream.findsecbugs.taintanalysis: Registers taint analysis (dataflow engine) with analysis cache
EngineRegistrar() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.EngineRegistrar
equals(Object) - Method in class com.h3xstream.findsecbugs.injection.InjectionSink
equals(Object) - Method in class com.h3xstream.findsecbugs.injection.MethodAndSink
equals(Object) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
equals(Object) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintLocation
EsapiEncryptorDetector - Class in com.h3xstream.findsecbugs.crypto: This detector identify the usage of ESAPI cryptography components.
EsapiEncryptorDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.EsapiEncryptorDetector
ExternalConfigurationControlDetector - Class in com.h3xstream.findsecbugs: Detects External Control of System or Configuration Setting weakness using setCatalog method of java.sql.Connection
ExternalConfigurationControlDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.ExternalConfigurationControlDetector
ExternalFileAccessDetector - Class in com.h3xstream.findsecbugs.android
ExternalFileAccessDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.ExternalFileAccessDetector

F

FileDisclosureDetector - Class in com.h3xstream.findsecbugs.injection.fileDisclosure
FileDisclosureDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.fileDisclosure.FileDisclosureDetector
FileUploadFilenameDetector - Class in com.h3xstream.findsecbugs.file: The filename given in FileUpload API is directly taken from the HTTP request.
FileUploadFilenameDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.file.FileUploadFilenameDetector
FindSecBugsGlobalConfig - Class in com.h3xstream.findsecbugs: This class contains some flag that can be used to create global configuration.
FindSecBugsGlobalConfig() - Constructor for class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
finishAnalysis() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis: This method must be called after executing the data flow
finishAnalysis() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor: This method must be called from outside at the end of the method analysis
FormatStringManipulationDetector - Class in com.h3xstream.findsecbugs.injection.formatter
FormatStringManipulationDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.formatter.FormatStringManipulationDetector
FreemarkerDetector - Class in com.h3xstream.findsecbugs.template: Equivalent to Velocity template detector.
FreemarkerDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.template.FreemarkerDetector
fullMethodPattern - Static variable in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig

G

generateBugInstance(boolean) - Method in class com.h3xstream.findsecbugs.injection.InjectionSink: Uses immutable values, updated priority and added lines for reporting
GeolocationDetector - Class in com.h3xstream.findsecbugs.android
GeolocationDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.GeolocationDetector
getAllLocations() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
getBugType() - Method in class com.h3xstream.findsecbugs.injection.InjectionPoint
getClassTaintState(String, Taint.State) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig
getConstantInt(InstructionHandle) - Static method in class com.h3xstream.findsecbugs.common.ByteCode
getConstantLDC(InstructionHandle, ConstantPoolGen, Class<T>) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Get the constant value of the given instruction.
getConstantValue() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Returns the constant value of the string or char if known
getContanstBooleanAsString(LinkedList<Instruction>, ConstantPoolGen) - Static method in class com.h3xstream.findsecbugs.common.JspUtils
getCustomConfigFile(String) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
getCustomConfigFile() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
getDebugInfo() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Gets the info for debugging merged from all used facts
getDefaultConstructorConfig(int) - Static method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Constructs a default constructor summary (modifies 2 stack items with UNKNOWN taint state)
getDefaultValue() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
getFindSecBugsVersion() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig: Getters and setters only
getInjectableArguments() - Method in class com.h3xstream.findsecbugs.injection.InjectionPoint
getInjectableMethod() - Method in class com.h3xstream.findsecbugs.injection.InjectionPoint
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in interface com.h3xstream.findsecbugs.injection.InjectionSource: The implementation should identify method that are susceptible to injection and return parameters index that can injected.
getInjectableParameters(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.redirect.RedirectionSource
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.BasicInjectionDetector
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.injection.LegacyInjectionDetector
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.password.HardcodePasswordInMapDetector
getInjectionPoint(InvokeInstruction, ConstantPoolGen, InstructionHandle) - Method in class com.h3xstream.findsecbugs.password.IntuitiveHardcodePasswordDetector
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.LegacyInjectionDetector
getInjectionSource() - Method in class com.h3xstream.findsecbugs.injection.redirect.UnvalidatedRedirectDetector
getInstance() - Static method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
getLocation() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfigWithArgumentsAndLocation
getMethod() - Method in class com.h3xstream.findsecbugs.injection.MethodAndSink
getMethodConfig(TaintFrame, MethodDescriptor, String, String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig
getMethodDescriptor() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintLocation: Returns the method of this location
getMutableStackIndices() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Returns all stack indices modified by method if there are any
getNonParametricState() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Gets the state influencing the state of this fact if dependant on method arguments, final state is given by merge of that state and arguments
getOutputTaint() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Returns the output taint of the method describing the taint transfer
getParameters() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Returns the method arguments influencing the taint state of this fact
getPosition() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintLocation: Returns the position in the method of this location
getPrevInstruction(InstructionHandle, Class<T>) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Get the previous instruction matching the given type of instruction (second parameter)
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.HttpResponseSplittingDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector: The default implementation of getPriority() can be overridden if the severity and the confidence for risk is particular.
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.command.CommandInjectionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.crlf.CrlfLogInjectionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.custom.CustomInjectionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.formatter.FormatStringManipulationDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.http.HttpParameterPollutionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.ldap.LdapInjectionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.sql.AndroidSqlInjectionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.sql.SqlInjectionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.trust.TrustBoundaryViolationAttributeDetector: All or nothing : If the taint to sink path is found, it is mark as high If the source is not confirm, it is mark as low.
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.injection.trust.TrustBoundaryViolationValueDetector: = All or nothing : If the taint to sink path is found, it is mark as high If the source is not confirm, it is mark as low.
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.scala.ScalaSensitiveDataExposureDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.scala.XssMvcApiDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.scala.XssTwirlDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.xpath.XPathInjectionDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.xss.XssJspDetector
getPriority(Taint) - Method in class com.h3xstream.findsecbugs.xss.XssServletDetector
getPriorityFromTaintFrame(TaintFrame, int) - Method in class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector: The default implementation of getPriorityFromTaintFrame() can be overridden if the detector must base its priority on multiple parameters or special conditions like constant values.
getPriorityFromTaintFrame(TaintFrame, int) - Method in class com.h3xstream.findsecbugs.password.HardcodePasswordInMapDetector
getPriorityFromTaintFrame(TaintFrame, int) - Method in class com.h3xstream.findsecbugs.password.IntuitiveHardcodePasswordDetector
getPriorityFromTaintFrame(TaintFrame, int) - Method in class com.h3xstream.findsecbugs.scala.XssMvcApiDetector
getPushNumber(InstructionHandle) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Extract the number from a push operation (BIPUSH/SIPUSH).
getRealInstanceClass() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Finds out the real type of instance matching this fact if possible
getRealInstanceClassName() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Finds out the real class name of instance matching this fact if possible
getSink() - Method in class com.h3xstream.findsecbugs.injection.MethodAndSink
getState() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Returns the taint state of this fact
getSuperMethodConfig(String, String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig
getTags() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Returns all present taint tags for this fact
getTagsToRemove() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Returns tags to remove (if this fact acts like a taint derivation spec.)
getTaintClassConfig(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig
getTaintedLocations() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Returns locations with taint sources or nodes on path from those sources, if there are some locations confirmed to be tainted, only those are returned
getTaintSource() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintLocation
getTaintState() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintClassConfig
getTaintState(Taint.State) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintClassConfig
getUnknownLocations() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
getVariableIndex() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: If known (check first), returns the index of the local variable, where the value matching this fact is stored
GoogleApiKeyDetector - Class in com.h3xstream.findsecbugs.password: GoogleApi provide code sample to sign URL using provided API key.
GoogleApiKeyDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.GoogleApiKeyDetector

H

handleLoadInstruction(LoadInstruction) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
handleStoreInstruction(StoreInstruction) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
HardcodePasswordInMapDetector - Class in com.h3xstream.findsecbugs.password: Detect hard-code password in settings map (key value configurations constructed at runtime)
HardcodePasswordInMapDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.HardcodePasswordInMapDetector
hashCode() - Method in class com.h3xstream.findsecbugs.injection.InjectionSink
hashCode() - Method in class com.h3xstream.findsecbugs.injection.MethodAndSink
hashCode() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
hashCode() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintLocation
hasMutableStackIndices() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Checks if there are any indices modified by method
hasParameters() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks if the taint state of this fact depends on the method arguments
hasTag(Taint.Tag) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks whether the specified taint tag is present for this fact
hasTags() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks if there are any taint tags for this fact
hasValidVariableIndex() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks if the index of the local variable matching this fact is known
HazelcastSymmetricEncryptionDetector - Class in com.h3xstream.findsecbugs.crypto: http://code.google.com/p/hazelcast/wiki/Encryption
HazelcastSymmetricEncryptionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.HazelcastSymmetricEncryptionDetector
HttpParameterPollutionDetector - Class in com.h3xstream.findsecbugs.injection.http
HttpParameterPollutionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.http.HttpParameterPollutionDetector
HttpResponseSplittingDetector - Class in com.h3xstream.findsecbugs: Detects HTTP Response splitting weakness
HttpResponseSplittingDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.HttpResponseSplittingDetector

I

initEntryFact(TaintFrame) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis: Initialize the initial state of a TaintFrame.
InjectionPoint - Class in com.h3xstream.findsecbugs.injection
InjectionPoint(int[], String) - Constructor for class com.h3xstream.findsecbugs.injection.InjectionPoint
InjectionSink - Class in com.h3xstream.findsecbugs.injection: Used to represent location of a taint sink
InjectionSink(Detector, String, int, ClassContext, Method, InstructionHandle, String) - Constructor for class com.h3xstream.findsecbugs.injection.InjectionSink: Constructs the instance and stores immutable values for reporting
injectionSinks - Variable in class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
InjectionSource - Interface in com.h3xstream.findsecbugs.injection
InsecureSmtpSslDetector - Class in com.h3xstream.findsecbugs.crypto
InsecureSmtpSslDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.InsecureSmtpSslDetector
InstructionDSL - Class in com.h3xstream.findsecbugs.common.matcher
InstructionDSL() - Constructor for class com.h3xstream.findsecbugs.common.matcher.InstructionDSL
InsufficientKeySizeBlowfishDetector - Class in com.h3xstream.findsecbugs.crypto
InsufficientKeySizeBlowfishDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeBlowfishDetector
InsufficientKeySizeRsaDetector - Class in com.h3xstream.findsecbugs.crypto: Similar to the blowfish key size detector
InsufficientKeySizeRsaDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeRsaDetector
InterfaceUtils - Class in com.h3xstream.findsecbugs.common
InterfaceUtils() - Constructor for class com.h3xstream.findsecbugs.common.InterfaceUtils
IntuitiveHardcodePasswordDetector - Class in com.h3xstream.findsecbugs.password: This detector will find what look like password hardcode on unknown API.
IntuitiveHardcodePasswordDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.password.IntuitiveHardcodePasswordDetector
invokeInstruction() - Static method in class com.h3xstream.findsecbugs.common.matcher.InstructionDSL
InvokeMatcherBuilder - Class in com.h3xstream.findsecbugs.common.matcher
InvokeMatcherBuilder() - Constructor for class com.h3xstream.findsecbugs.common.matcher.InvokeMatcherBuilder
isClassImmutable(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig
isClassTaintSafe(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig
isConfigured() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Checks if the summary is configured or derived
isConstantInteger(OpcodeStack.Item) - Static method in class com.h3xstream.findsecbugs.common.StackUtils
isConstantString(OpcodeStack.Item) - Static method in class com.h3xstream.findsecbugs.common.StackUtils
isDebugOutputTaintConfigs() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
isDebugPrintInstructionVisited() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
isDebugPrintInvocationVisited() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
isDebugTaintState() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
isImmutable() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintClassConfig
isInformative() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Checks if the summary needs to be saved or has no information value
isRemovingTags() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks if there are some tags to remove (if this fact acts like a taint derivation spec.)
isReportPotentialXssWrongContext() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
isSafe() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks whether values matching this fact are always trusted
isSubtype(JavaClass, String...) - Static method in class com.h3xstream.findsecbugs.common.InterfaceUtils: Test if the given class is a subtype of ONE of the super classes given.
isSubtype(String, String...) - Static method in class com.h3xstream.findsecbugs.common.InterfaceUtils: Test if the given class is a subtype of ONE of the super classes given.
isTainted() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks whether values matching this fact are probably untrusted
isTaintedMainArgument() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
isTaintedSystemVariables() - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
isUnknown() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Checks whether values matching this fact can be untrusted but also safe
isVariableString(OpcodeStack.Item) - Static method in class com.h3xstream.findsecbugs.common.StackUtils

J

JaxRsEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: JAX-RS (JSR311) defines an api for REST service.
JaxRsEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.JaxRsEndpointDetector
JaxWsEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: JAX-RS (JSR224) defines an api for Web service.
JaxWsEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.JaxWsEndpointDetector
JSP_PARENT_CLASSES - Static variable in class com.h3xstream.findsecbugs.xss.XssJspDetector
JspIncludeDetector - Class in com.h3xstream.findsecbugs.jsp
JspIncludeDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.jsp.JspIncludeDetector
JspSpringEvalDetector - Class in com.h3xstream.findsecbugs.jsp
JspSpringEvalDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.jsp.JspSpringEvalDetector
JspUtils - Class in com.h3xstream.findsecbugs.common
JspUtils() - Constructor for class com.h3xstream.findsecbugs.common.JspUtils
JstlOutDetector - Class in com.h3xstream.findsecbugs.jsp
JstlOutDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.jsp.JstlOutDetector

L

LdapEntryPoisoningDetector - Class in com.h3xstream.findsecbugs.ldap
LdapEntryPoisoningDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.ldap.LdapEntryPoisoningDetector
LdapInjectionDetector - Class in com.h3xstream.findsecbugs.injection.ldap
LdapInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.ldap.LdapInjectionDetector
LegacyInjectionDetector - Class in com.h3xstream.findsecbugs.injection: Detector designed for extension to detect injection vulnerabilities using the original mechanism with InjectionSource class
LegacyInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.LegacyInjectionDetector
load(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintClassConfig: Loads class summary from String

The summary should have the following syntax:
defaultTaintState #IMMUTABLE, where defaultTaintState means the Taint state for type casting and return types.
load(InputStream, boolean) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfig: Loads summaries from stream checking the format
load(InputStream, TaintConfigLoader.TaintConfigReceiver) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintConfigLoader: Loads the summaries and do what is specified
load(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Loads method summary from String.
load(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfigWithArgumentsAndLocation: Loads method config from String, the method config contains a current class as the context

The method accepts syntax similar to TaintMethodConfig.load(String) with small difference.
The summary must ends with '@' character followed by class name
load(String) - Method in interface com.h3xstream.findsecbugs.taintanalysis.TaintTypeConfig: Initializes the taint config object from String
loadConfiguredSinks(InputStream, String) - Method in class com.h3xstream.findsecbugs.injection.BasicInjectionDetector
loadConfiguredSinks(String, String) - Method in class com.h3xstream.findsecbugs.injection.BasicInjectionDetector: Loads taint sinks from configuration
loadConfiguredSinks(String, String, SinksLoader.InjectionPointReceiver) - Method in class com.h3xstream.findsecbugs.injection.SinksLoader
loadCustomConfigFiles() - Method in class com.h3xstream.findsecbugs.injection.BasicInjectionDetector: Loads taint sinks from custom file.
loadCustomSinks(String, String) - Method in class com.h3xstream.findsecbugs.injection.BasicInjectionDetector: Loads taint sinks configuration file from file system.
loadFromSystem(String, String) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
loadSink(String, String) - Method in class com.h3xstream.findsecbugs.injection.BasicInjectionDetector: Loads a single taint sink (like a line of configuration)
loadSink(String, String, SinksLoader.InjectionPointReceiver) - Method in class com.h3xstream.findsecbugs.injection.SinksLoader
loadSinks(InputStream, String, SinksLoader.InjectionPointReceiver) - Method in class com.h3xstream.findsecbugs.injection.SinksLoader

M

matches(OpcodeStackDetector) - Method in class com.h3xstream.findsecbugs.common.matcher.InvokeMatcherBuilder
matches(Instruction, ConstantPoolGen) - Method in class com.h3xstream.findsecbugs.common.matcher.InvokeMatcherBuilder
meetInto(TaintFrame, Edge, TaintFrame) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis
merge(Taint, Taint) - Static method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Returns the merge of the facts such that it can represent any of them
merge(Taint.State, Taint.State) - Static method in enum com.h3xstream.findsecbugs.taintanalysis.Taint.State: Returns the "more dangerous" state (TAINTED > UNKNOWN > SAFE > NULL > INVALID) as a merge of two states
mergeValues(TaintFrame, TaintFrame, int) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis
MethodAndSink - Class in com.h3xstream.findsecbugs.injection: String and InjectionSink tuple
MethodAndSink(String, InjectionSink) - Constructor for class com.h3xstream.findsecbugs.injection.MethodAndSink

N

NONE - Static variable in class com.h3xstream.findsecbugs.injection.InjectionPoint: This instance is use to represent "null" as no injection point.
NullCipherDetector - Class in com.h3xstream.findsecbugs.crypto
NullCipherDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.NullCipherDetector

O

ObjectDeserializationDetector - Class in com.h3xstream.findsecbugs.serial: Detect Java object deserialization
ObjectDeserializationDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.serial.ObjectDeserializationDetector
OgnlInjectionDetector - Class in com.h3xstream.findsecbugs.injection.script
OgnlInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.script.OgnlInjectionDetector

P

PathTraversalDetector - Class in com.h3xstream.findsecbugs.file
PathTraversalDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.file.PathTraversalDetector
PermissiveCORSDetector - Class in com.h3xstream.findsecbugs
PermissiveCORSDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.PermissiveCORSDetector
PersistentCookieDetector - Class in com.h3xstream.findsecbugs.cookie
PersistentCookieDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.cookie.PersistentCookieDetector
PlayUnvalidatedRedirectDetector - Class in com.h3xstream.findsecbugs.scala
PlayUnvalidatedRedirectDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.scala.PlayUnvalidatedRedirectDetector
PredictableRandomDetector - Class in com.h3xstream.findsecbugs
PredictableRandomDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.PredictableRandomDetector
printOpCode(InstructionHandle, ConstantPoolGen) - Static method in class com.h3xstream.findsecbugs.common.ByteCode
printOpCode(Instruction, ConstantPoolGen) - Static method in class com.h3xstream.findsecbugs.common.ByteCode: Print the the detail of the given instruction (class, method, etc.)

R

receiveInjectionPoint(String, InjectionPoint) - Method in interface com.h3xstream.findsecbugs.injection.SinksLoader.InjectionPointReceiver
receiveTaintConfig(String, String) - Method in interface com.h3xstream.findsecbugs.taintanalysis.TaintConfigLoader.TaintConfigReceiver
RedirectionSource - Class in com.h3xstream.findsecbugs.injection.redirect
RedirectionSource() - Constructor for class com.h3xstream.findsecbugs.injection.redirect.RedirectionSource
ReDosDetector - Class in com.h3xstream.findsecbugs: This detector does minimal effort to find potential REDOS.
ReDosDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.ReDosDetector
registerAnalysisEngines(IAnalysisCache) - Method in class com.h3xstream.findsecbugs.taintanalysis.EngineRegistrar
registerWith(IAnalysisCache) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine
removeTag(Taint.Tag) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Removes the specified tag (if present) or marks this tag to remove if this fact acts like a derivation of taint transfer behaviour
report() - Method in class com.h3xstream.findsecbugs.android.GeolocationDetector
report() - Method in class com.h3xstream.findsecbugs.cookie.CookieFlagsDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.BadHexadecimalConversionDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.CustomMessageDigestDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.InsecureSmtpSslDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeBlowfishDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeRsaDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.StaticIvDetector
report() - Method in class com.h3xstream.findsecbugs.crypto.WeakTrustManagerDetector
report() - Method in class com.h3xstream.findsecbugs.csrf.SpringCsrfUnrestrictedRequestMappingDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.JaxRsEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.JaxWsEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.SpringMvcEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.Struts2EndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.TapestryEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.endpoint.WicketEndpointDetector
report() - Method in class com.h3xstream.findsecbugs.injection.AbstractInjectionDetector: Once the analysis is completed, all the collected sinks are reported as bugs.
report() - Method in class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
report() - Method in class com.h3xstream.findsecbugs.jsp.JstlOutDetector
report() - Method in class com.h3xstream.findsecbugs.jsp.XslTransformJspDetector
report() - Method in class com.h3xstream.findsecbugs.ldap.AnonymousLdapDetector
report() - Method in class com.h3xstream.findsecbugs.password.GoogleApiKeyDetector
report() - Method in class com.h3xstream.findsecbugs.PermissiveCORSDetector
report() - Method in class com.h3xstream.findsecbugs.serial.DeserializationGadgetDetector
report() - Method in class com.h3xstream.findsecbugs.serial.ObjectDeserializationDetector
report() - Method in class com.h3xstream.findsecbugs.serial.UnsafeJacksonDeserializationDetector
report() - Method in class com.h3xstream.findsecbugs.spring.SpringUnvalidatedRedirectDetector
report() - Method in class com.h3xstream.findsecbugs.StrutsValidatorFormDetector
report() - Method in class com.h3xstream.findsecbugs.xss.XSSRequestWrapperDetector
RsaNoPaddingDetector - Class in com.h3xstream.findsecbugs.crypto: Ref: http://cwe.mitre.org/data/definitions/780.html
RsaNoPaddingDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.RsaNoPaddingDetector

S

SAFE_CONFIG - Static variable in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.BroadcastDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.ExternalFileAccessDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.WebViewJavascriptEnabledDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.WebViewJavascriptInterfaceDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.android.WorldWritableDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.cookie.CookieReadDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.cookie.PersistentCookieDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.cookie.UrlRewritingDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.CipherWithNoIntegrityDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.DesUsageDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.EsapiEncryptorDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.HazelcastSymmetricEncryptionDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.NullCipherDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.RsaNoPaddingDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.UnencryptedServerSocketDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.UnencryptedSocketDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.WeakMessageDigestDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.crypto.WeakTLSDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.csrf.SpringCsrfProtectionDisabledDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.endpoint.ServletEndpointDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.file.FileUploadFilenameDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.jsp.JspIncludeDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.jsp.JspSpringEvalDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.ldap.LdapEntryPoisoningDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.password.ConstantPasswordDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.PredictableRandomDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.ReDosDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.scala.PlayUnvalidatedRedirectDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.scala.SslDisablerDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.template.FreemarkerDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.template.VelocityDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.WeakFilenameUtilsMethodDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xml.XmlDecoderDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xml.XmlStreamReaderDetector
sawOpcode(int) - Method in class com.h3xstream.findsecbugs.xml.XxeDetector
ScalaSensitiveDataExposureDetector - Class in com.h3xstream.findsecbugs.scala
ScalaSensitiveDataExposureDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.scala.ScalaSensitiveDataExposureDetector
ScriptInjectionDetector - Class in com.h3xstream.findsecbugs.injection.script
ScriptInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.script.ScriptInjectionDetector
ServletEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: This detector cover the Servlet/HttpServlet API which give access to user input.
ServletEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.ServletEndpointDetector
setCustomConfigFile(String) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setDebugInfo(String) - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Sets info for debugging purposes (consumes much memory)
setDebugOutputTaintConfigs(boolean) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setDebugPrintInstructionVisited(boolean) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setDebugPrintInvocationVisited(boolean) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setDebugTaintState(boolean) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setFindSecBugsVersion(String) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setInjectableMethod(String) - Method in class com.h3xstream.findsecbugs.injection.InjectionPoint
setOuputTaint(Taint) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Sets the output taint of the method describing the taint transfer, copy of the parameter is made and variable index is invalidated
setReportPotentialXssWrongContext(boolean) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setTaintedMainArgument(boolean) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
setTaintedSystemVariables(boolean) - Method in class com.h3xstream.findsecbugs.FindSecBugsGlobalConfig
shouldAnalyzeClass(ClassContext) - Method in class com.h3xstream.findsecbugs.injection.AbstractTaintDetector: Allow any concrete implementation of taint detector to skip the analysis of certain files.
shouldAnalyzeClass(ClassContext) - Method in class com.h3xstream.findsecbugs.injection.script.OgnlInjectionDetector
shouldAnalyzeClass(ClassContext) - Method in class com.h3xstream.findsecbugs.xss.XssJspDetector
shouldAnalyzeClass(ClassContext) - Method in class com.h3xstream.findsecbugs.xss.XssServletDetector
SinksLoader - Class in com.h3xstream.findsecbugs.injection: The sanity of the sinks file is crucial (a typo == missed API == missed vulnerability).
SinksLoader() - Constructor for class com.h3xstream.findsecbugs.injection.SinksLoader
SinksLoader.InjectionPointReceiver - Interface in com.h3xstream.findsecbugs.injection: Interface that imitate lambda pattern.
SpringCsrfProtectionDisabledDetector - Class in com.h3xstream.findsecbugs.csrf: Detects the disabling of Spring CSRF protection
SpringCsrfProtectionDisabledDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.csrf.SpringCsrfProtectionDisabledDetector
SpringCsrfUnrestrictedRequestMappingDetector - Class in com.h3xstream.findsecbugs.csrf: Detects Spring CSRF unrestricted RequestMapping
SpringCsrfUnrestrictedRequestMappingDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.csrf.SpringCsrfUnrestrictedRequestMappingDetector
SpringMvcEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
SpringMvcEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.SpringMvcEndpointDetector
SpringUnvalidatedRedirectDetector - Class in com.h3xstream.findsecbugs.spring
SpringUnvalidatedRedirectDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.spring.SpringUnvalidatedRedirectDetector
SqlInjectionDetector - Class in com.h3xstream.findsecbugs.injection.sql
SqlInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.sql.SqlInjectionDetector
SslDisablerDetector - Class in com.h3xstream.findsecbugs.scala
SslDisablerDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.scala.SslDisablerDetector
SSRFDetector - Class in com.h3xstream.findsecbugs.scala
SSRFDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.scala.SSRFDetector
StackUtils - Class in com.h3xstream.findsecbugs.common
StackUtils() - Constructor for class com.h3xstream.findsecbugs.common.StackUtils
StaticIvDetector - Class in com.h3xstream.findsecbugs.crypto: The main goal of the this detector is to find encryption being done with static initialization vector (IV).
StaticIvDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.StaticIvDetector
StdXmlTransformDetector - Class in com.h3xstream.findsecbugs.xml: Detect XSLT transformation.
StdXmlTransformDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xml.StdXmlTransformDetector
STRUTS1_ENDPOINT_TYPE - Static variable in class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
Struts1EndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
Struts1EndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
Struts2EndpointDetector - Class in com.h3xstream.findsecbugs.endpoint
Struts2EndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.Struts2EndpointDetector
STRUTS_UTILITY_CLASSES - Static variable in class com.h3xstream.findsecbugs.injection.script.OgnlInjectionDetector: The utility class from Struts2 are skip to avoid false positive.
StrutsValidatorFormDetector - Class in com.h3xstream.findsecbugs
StrutsValidatorFormDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.StrutsValidatorFormDetector

T

Taint - Class in com.h3xstream.findsecbugs.taintanalysis: Representation of taint dataflow facts (dataflow values) for each slot in TaintFrame
Taint(Taint.State) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.Taint: Constructs a new empty instance of Taint with the specified state
Taint(Taint) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.Taint: Creates a hard copy of the specified Taint instance
Taint.State - Enum in com.h3xstream.findsecbugs.taintanalysis
Taint.Tag - Enum in com.h3xstream.findsecbugs.taintanalysis
TaintAnalysis - Class in com.h3xstream.findsecbugs.taintanalysis: Implements taint dataflow operations, in particular meeting facts, transfer function is delegated to TaintFrameModelingVisitor
TaintAnalysis(MethodGen, DepthFirstSearch, MethodDescriptor, TaintConfig) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis: Constructs analysis for the given method
TaintClassConfig - Class in com.h3xstream.findsecbugs.taintanalysis: Summary of information about a class related to taint analysis, allows to configure default behavior for return types and type casts.
TaintClassConfig() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintClassConfig
TaintConfig - Class in com.h3xstream.findsecbugs.taintanalysis: Map of taint summaries for all known methods and classes This class extends HashMap: The key is the method signature (ie : org/hibernate/Session.createQuery(Ljava/lang/String;)Lorg/hibernate/Query;) The value is the behavior of the method ("0" for param index 0 is tainted, "UNKNOWN" if the method does not become tainted base on the value, "TAINTED" if the result must be consider unsafe)
TaintConfig() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintConfig
TaintConfigLoader - Class in com.h3xstream.findsecbugs.taintanalysis: Helper class for loading configured taint method and class summaries
TaintConfigLoader() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintConfigLoader
TaintConfigLoader.TaintConfigReceiver - Interface in com.h3xstream.findsecbugs.taintanalysis: Specifies what to do for each loaded summary
TaintDataflow - Class in com.h3xstream.findsecbugs.taintanalysis: Analysis object storing the result of taint analysis on a method
TaintDataflow(CFG, TaintAnalysis) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintDataflow
TaintDataflowEngine - Class in com.h3xstream.findsecbugs.taintanalysis: Requests or creates needed objects and execute taint analysis, extends taint summaries with analyzed methods
TaintDataflowEngine() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine: Constructs the engine and loads all configured method summaries
TaintFrame - Class in com.h3xstream.findsecbugs.taintanalysis: Representation of the dataflow value (fact) modeling taint state of local variables and values on stack, consists of Taint values
TaintFrame(int) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintFrame
TaintFrameModelingVisitor - Class in com.h3xstream.findsecbugs.taintanalysis: Visitor to make instruction transfer of taint values easier
TaintFrameModelingVisitor(ConstantPoolGen, MethodDescriptor, TaintConfig) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor: Constructs the object and stores the parameters
TaintLocation - Class in com.h3xstream.findsecbugs.taintanalysis: Global comparable specification of a taint source (or path node) location
TaintLocation(MethodDescriptor, int, String) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintLocation: Constructs a location from the specified method and position inside
TaintMethodConfig - Class in com.h3xstream.findsecbugs.taintanalysis: Summary of information about a method related to taint analysis.

For loading sinks files please see SinksLoader
TaintMethodConfig(boolean) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Constructs an empty summary
TaintMethodConfig(TaintMethodConfig) - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig: Creates a copy of the summary (output taint not copied)
TaintMethodConfigWithArgumentsAndLocation - Class in com.h3xstream.findsecbugs.taintanalysis: Summary of information about a taint analysis method with configured arguments and location of the call.

Can be used to fine-tune false-positives in specific classes.

Examples:
javax/servlet/http/HttpServletRequest.getAttribute("applicationConstant"):SAFE@org/apache/jsp/edit_jsp
javax/servlet/http/HttpServletRequest.getAttribute(UNKNOWN):SAFE@org/apache/jsp/constants_jsp
TaintMethodConfigWithArgumentsAndLocation() - Constructor for class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfigWithArgumentsAndLocation: Constructs an empty configured summary
TaintTypeConfig - Interface in com.h3xstream.findsecbugs.taintanalysis: Predecessor for method and class type summary configs
TapestryEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: Identify endpoints using the web framework Tapestry.
TapestryEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.TapestryEndpointDetector
toString() - Method in class com.h3xstream.findsecbugs.taintanalysis.Taint
toString(MethodGen) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrame
toString() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrame
toString(String[]) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrame: The toString method are intended for debugging.
toString() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintLocation
toString() - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintMethodConfig
transferInstruction(InstructionHandle, BasicBlock, TaintFrame) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis
TrustBoundaryViolationAttributeDetector - Class in com.h3xstream.findsecbugs.injection.trust: Trust Boundary Violation is fancy name to describe tainted value passed directly to session attribute.
TrustBoundaryViolationAttributeDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.trust.TrustBoundaryViolationAttributeDetector
TrustBoundaryViolationValueDetector - Class in com.h3xstream.findsecbugs.injection.trust
TrustBoundaryViolationValueDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.trust.TrustBoundaryViolationValueDetector

U

UnencryptedServerSocketDetector - Class in com.h3xstream.findsecbugs.crypto
UnencryptedServerSocketDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.UnencryptedServerSocketDetector
UnencryptedSocketDetector - Class in com.h3xstream.findsecbugs.crypto
UnencryptedSocketDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.UnencryptedSocketDetector
UnsafeJacksonDeserializationDetector - Class in com.h3xstream.findsecbugs.serial: Detect unsafe Jackson datatype deserialization
UnsafeJacksonDeserializationDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.serial.UnsafeJacksonDeserializationDetector
UnvalidatedRedirectDetector - Class in com.h3xstream.findsecbugs.injection.redirect
UnvalidatedRedirectDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.injection.redirect.UnvalidatedRedirectDetector
updateSinkPriority(int) - Method in class com.h3xstream.findsecbugs.injection.InjectionSink: Updates the priority if it is higher (which means lower number)
UrlRewritingDetector - Class in com.h3xstream.findsecbugs.cookie
UrlRewritingDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.cookie.UrlRewritingDetector

V

valueOf(String) - Static method in enum com.h3xstream.findsecbugs.taintanalysis.Taint.State: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum com.h3xstream.findsecbugs.taintanalysis.Taint.Tag: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Constructs a new instance of taint from the specified state name
valueOf(Taint.State) - Static method in class com.h3xstream.findsecbugs.taintanalysis.Taint: Constructs a new instance of taint from the specified state
values() - Static method in enum com.h3xstream.findsecbugs.taintanalysis.Taint.State: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum com.h3xstream.findsecbugs.taintanalysis.Taint.Tag: Returns an array containing the constants of this enum type, in the order they are declared.
VelocityDetector - Class in com.h3xstream.findsecbugs.template: This detector does not use taint analysis because it does not make sense to use a template engine build from constant.
VelocityDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.template.VelocityDetector
visit(JavaClass) - Method in class com.h3xstream.findsecbugs.password.ConstantPasswordDetector
visit(Method) - Method in class com.h3xstream.findsecbugs.password.ConstantPasswordDetector
visitAALOAD(AALOAD) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitAASTORE(AASTORE) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitACONST_NULL(ACONST_NULL) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitAfter(JavaClass) - Method in class com.h3xstream.findsecbugs.password.ConstantPasswordDetector
visitANEWARRAY(ANEWARRAY) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitARETURN(ARETURN) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitBIPUSH(BIPUSH) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitCHECKCAST(CHECKCAST) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.android.GeolocationDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.cookie.CookieFlagsDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.BadHexadecimalConversionDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.CustomMessageDigestDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.InsecureSmtpSslDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeBlowfishDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.InsufficientKeySizeRsaDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.StaticIvDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.crypto.WeakTrustManagerDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.csrf.SpringCsrfUnrestrictedRequestMappingDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.JaxRsEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.JaxWsEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.SpringMvcEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.Struts1EndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.Struts2EndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.TapestryEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.endpoint.WicketEndpointDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.injection.AbstractTaintDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.jsp.JstlOutDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.jsp.XslTransformJspDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.ldap.AnonymousLdapDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.password.GoogleApiKeyDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.PermissiveCORSDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.serial.DeserializationGadgetDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.serial.ObjectDeserializationDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.serial.UnsafeJacksonDeserializationDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.spring.SpringUnvalidatedRedirectDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.StrutsValidatorFormDetector
visitClassContext(ClassContext) - Method in class com.h3xstream.findsecbugs.xss.XSSRequestWrapperDetector
visitGETFIELD(GETFIELD) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitGETSTATIC(GETSTATIC) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitICONST(ICONST) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitINVOKEINTERFACE(INVOKEINTERFACE) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitINVOKESPECIAL(INVOKESPECIAL) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitINVOKESTATIC(INVOKESTATIC) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitINVOKEVIRTUAL(INVOKEVIRTUAL) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitLDC(LDC) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitLDC2_W(LDC2_W) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitNEW(NEW) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor
visitSIPUSH(SIPUSH) - Method in class com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor

W

WeakFilenameUtilsMethodDetector - Class in com.h3xstream.findsecbugs: Few methods from org.apache.commons.io.FilenameUtils have a common weakness of not filtering properly null byte.
WeakFilenameUtilsMethodDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.WeakFilenameUtilsMethodDetector
WeakMessageDigestDetector - Class in com.h3xstream.findsecbugs.crypto: Identifies the use of MD2, MD5 and SHA1 hash function and recommends the use of modern functions.
WeakMessageDigestDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.WeakMessageDigestDetector
WeakTLSDetector - Class in com.h3xstream.findsecbugs.crypto
WeakTLSDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.WeakTLSDetector
WeakTrustManagerDetector - Class in com.h3xstream.findsecbugs.crypto: The first reflex for developer that encounter web services that have unsigned certificate is often to trust all certificates.
WeakTrustManagerDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.crypto.WeakTrustManagerDetector
WebViewJavascriptEnabledDetector - Class in com.h3xstream.findsecbugs.android
WebViewJavascriptEnabledDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.WebViewJavascriptEnabledDetector
WebViewJavascriptInterfaceDetector - Class in com.h3xstream.findsecbugs.android
WebViewJavascriptInterfaceDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.WebViewJavascriptInterfaceDetector
WicketEndpointDetector - Class in com.h3xstream.findsecbugs.endpoint: Identify endpoints using the web framework Wicket.
WicketEndpointDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.endpoint.WicketEndpointDetector
withArgs(String...) - Method in class com.h3xstream.findsecbugs.common.matcher.InvokeMatcherBuilder
WorldWritableDetector - Class in com.h3xstream.findsecbugs.android
WorldWritableDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.android.WorldWritableDetector

X

XmlDecoderDetector - Class in com.h3xstream.findsecbugs.xml
XmlDecoderDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xml.XmlDecoderDetector
XmlStreamReaderDetector - Class in com.h3xstream.findsecbugs.xml: Currently the detector look for a specific code sequence.
XmlStreamReaderDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xml.XmlStreamReaderDetector
XPathInjectionDetector - Class in com.h3xstream.findsecbugs.xpath: Detector for XPath injection
XPathInjectionDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xpath.XPathInjectionDetector
XslTransformJspDetector - Class in com.h3xstream.findsecbugs.jsp
XslTransformJspDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.jsp.XslTransformJspDetector
XssJspDetector - Class in com.h3xstream.findsecbugs.xss
XssJspDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xss.XssJspDetector
XssMvcApiDetector - Class in com.h3xstream.findsecbugs.scala
XssMvcApiDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.scala.XssMvcApiDetector
XSSRequestWrapperDetector - Class in com.h3xstream.findsecbugs.xss: Various flavor of XSSRequestWrapper exist to do some debatable prevention.
XSSRequestWrapperDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xss.XSSRequestWrapperDetector
XssServletDetector - Class in com.h3xstream.findsecbugs.xss
XssServletDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xss.XssServletDetector
XssTwirlDetector - Class in com.h3xstream.findsecbugs.scala
XssTwirlDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.scala.XssTwirlDetector
XxeDetector - Class in com.h3xstream.findsecbugs.xml: The SaxParser use the Xerces XML Parser engine.
XxeDetector(BugReporter) - Constructor for class com.h3xstream.findsecbugs.xml.XxeDetector

A B C D E F G H I J L M N O P R S T U V W X