本文整理汇总了Java中edu.umd.cs.findbugs.Priorities类的典型用法代码示例。如果您正苦于以下问题:Java Priorities类的具体用法?Java Priorities怎么用?Java Priorities使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
Priorities类属于edu.umd.cs.findbugs包,在下文中一共展示了Priorities类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getPriority
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
/**=
* All or nothing :
* <ul>
* <li>If the taint to sink path is found, it is mark as high</li>
* <li>If the source is not confirm, it is mark as low. This is will be the most common case.</li>
* </ul>
* @param taint Taint state
* @return High or low confidence
*/
@Override
protected int getPriority(Taint taint) {
//**Low risk**
//It is very common that variable are not sanetize and store in session.
//By it self it pose little risk. The thinking is the injection or the critical operation
//will be catch.
//After all storing value in the session is not so different to storing value in local variables or any indirection.
//**False positive**
//The usual and most common configuration is to hide LOW priority (confidence).
//This way this FP producer will not polute day to day review by developers.
if (taint.isTainted() || !taint.isSafe()) {
return Priorities.LOW_PRIORITY;
}
else {
return Priorities.IGNORE_PRIORITY;
}
}
示例2: getPriority
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe()) {
//(Condition extracted for clarity)
//Either specifically safe for new line or URL encoded which encoded few other characters
boolean newLineSafe = (taint.hasTag(Taint.Tag.CR_ENCODED) && taint.hasTag(Taint.Tag.LF_ENCODED));
boolean urlSafe = (taint.hasTag(Taint.Tag.URL_ENCODED));
if(newLineSafe || urlSafe) {
return Priorities.IGNORE_PRIORITY;
}
}
if (taint.isTainted()) {
return Priorities.NORMAL_PRIORITY;
} else if (!taint.isSafe()) {
return Priorities.LOW_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
}
示例3: sawOpcode
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void sawOpcode(int seen) {
if (seen == Constants.INVOKEVIRTUAL && getClassConstantOperand().equals("javax/servlet/http/Cookie")
&& getNameConstantOperand().equals("setMaxAge")) {
Object maxAge = stack.getStackItem(0).getConstant();
Integer n = (maxAge instanceof Integer) ? (Integer)maxAge : 0;
//Max age equal or greater than one year
if (n >= 31536000) {
bugReporter.reportBug(new BugInstance(this, "COOKIE_PERSISTENT", Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
}
}
示例4: sawOpcode
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void sawOpcode(int seen) {
//printOpCode(seen);
// JspSpringEvalDetector: [0039] ldc "${expression}"
// JspSpringEvalDetector: [0041] ldc java/lang/String
// JspSpringEvalDetector: [0043] aload_2
// JspSpringEvalDetector: [0044] aconst_null
// JspSpringEvalDetector: [0045] invokestatic org/apache/jasper/runtime/PageContextImpl.evaluateExpression (Ljava/lang/String;Ljava/lang/Class;Ljavax/servlet/jsp/PageContext;Lorg/apache/jasper/runtime/ProtectedFunctionMapper;)Ljava/lang/Object;
// JspSpringEvalDetector: [0048] checkcast
// JspSpringEvalDetector: [0051] invokevirtual org/springframework/web/servlet/tags/EvalTag.setExpression (Ljava/lang/String;)V
if (seen == Constants.INVOKEVIRTUAL && getClassConstantOperand().equals("org/springframework/web/servlet/tags/EvalTag")
&& getNameConstantOperand().equals("setExpression") && getSigConstantOperand().equals("(Ljava/lang/String;)V")) {
if (StackUtils.isVariableString(stack.getStackItem(0))) {
bugReporter.reportBug(new BugInstance(this, JSP_SPRING_EVAL, Priorities.HIGH_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
}
}
示例5: reportBadSink
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
private void reportBadSink() {
if (!sinkMethods.containsKey(calledMethod)) {
return;
}
Collection<Integer> offsets = sinkMethods.get(calledMethod);
Collection<Integer> offsetsToReport = new ArrayList<Integer>();
for (Integer offset : offsets) {
if (hasHardCodedStackItem(offset) && !stack.getStackItem(offset).isNull()) {
offsetsToReport.add(offset);
String sourceField = getStackFieldName(offset);
if (sourceField != null) {
reportedFields.add(sourceField);
}
}
}
if (!offsetsToReport.isEmpty()) {
reportBugSink(Priorities.HIGH_PRIORITY, offsets);
}
}
示例6: getPriorityFromTaintFrame
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
throws DataflowAnalysisException {
Taint valueTaint = fact.getStackValue(0);
Taint parameterTaint = fact.getStackValue(1);
if(valueTaint.getConstantValue() == null || parameterTaint.getConstantValue() == null) {
return Priorities.IGNORE_PRIORITY;
}
String parameterValue = parameterTaint.getConstantValue().toLowerCase();
if(parameterValue.equals("java.naming.security.credentials")) {
return Priorities.NORMAL_PRIORITY;
}
for (String password : PASSWORD_WORDS) {
if (parameterValue.contains(password)) {//Is a constant value
return Priorities.NORMAL_PRIORITY;
}
}
return Priorities.IGNORE_PRIORITY;
}
示例7: getPriority
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
if(FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
return Priorities.LOW_PRIORITY;
}
else {
return Priorities.IGNORE_PRIORITY;
}
} else if (!taint.isSafe()
&& (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
&& taint.hasTag(Taint.Tag.LT_ENCODED)) {
return Priorities.LOW_PRIORITY;
} else {
return super.getPriority(taint);
}
}
示例8: getPriorityFromTaintFrame
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
throws DataflowAnalysisException {
Taint mvcResultTaint = fact.getStackValue(offset);
// The MVC Result object was tainted - This could still be safe if the content-type is a safe one
if (!mvcResultTaint.isSafe()) {
// Get the value of the content-type parameter
Taint parameterTaint = fact.getStackValue(0);
if ( !parameterTaint.isSafe()
|| VULNERABLE_CONTENT_TYPE.equalsIgnoreCase(parameterTaint.getConstantValue())) {
return getPriority(mvcResultTaint);
}
}
return Priorities.IGNORE_PRIORITY;
}
示例9: getPriority
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
if (FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
return Priorities.LOW_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
} else if (!taint.isSafe()
&& (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
&& taint.hasTag(Taint.Tag.LT_ENCODED)) {
return Priorities.LOW_PRIORITY;
} else {
return super.getPriority(taint);
}
}
示例10: sawOpcode
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void sawOpcode(int seen) {
if (seen == Constants.INVOKESTATIC
&& getClassConstantOperand().equals("javax/crypto/Cipher")
&& getNameConstantOperand().equals("getInstance")) {
OpcodeStack.Item item = stack.getStackItem(getSigConstantOperand().contains(";L") ? 1 : 0);
if (StackUtils.isConstantString(item)) {
String cipherValue = (String) item.getConstant();
// default padding for "RSA" only is PKCS1 so it is not reported
if (cipherValue.startsWith("RSA/") && cipherValue.endsWith("/NoPadding")) {
bugReporter.reportBug(new BugInstance(this, RSA_NO_PADDING_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
}
}
}
示例11: visitClassContext
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void visitClassContext(ClassContext classContext) {
JavaClass javaClass = classContext.getJavaClass();
//The class extends WebChromeClient
boolean isWebChromeClient = InterfaceUtils.isSubtype(javaClass, "android.webkit.WebChromeClient");
//Not the target of this detector
if (!isWebChromeClient) {
return;
}
Method[] methodList = javaClass.getMethods();
for (Method m : methodList) {
if (DEBUG) {
System.out.println(">>> Method: " + m.getName());
}
//The presence of onGeolocationPermissionsShowPrompt is not enforce for the moment
if (!m.getName().equals("onGeolocationPermissionsShowPrompt")) {
continue;
}
//Since the logic implemented need to be analyze by a human, all implementation will be flagged.
bugReporter.reportBug(new BugInstance(this, ANDROID_GEOLOCATION_TYPE, Priorities.NORMAL_PRIORITY) //
.addClassAndMethod(javaClass, m));
}
}
示例12: sawOpcode
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void sawOpcode(int seen) {
//printOpCode(seen);
// getClassConstantOperand().equals("java/net/Socket")
if (seen == Constants.INVOKEVIRTUAL && ( //List of method mark as external file access
getNameConstantOperand().equals("sendStickyBroadcast") ||
getNameConstantOperand().equals("sendStickyOrderedBroadcast") ||
getNameConstantOperand().equals("sendStickyBroadcastAsUser") ||
getNameConstantOperand().equals("sendStickyOrderedBroadcastAsUser")
)) {
// System.out.println(getSigConstantOperand());
bugReporter.reportBug(new BugInstance(this, ANDROID_STICKY_BROADCAST_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
}
示例13: sawOpcode
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void sawOpcode(int seen) {
//printOpCode(seen);
if (seen == Constants.INVOKEVIRTUAL && getClassConstantOperand().equals("android/webkit/WebSettings") &&
(getNameConstantOperand().equals("setJavaScriptEnabled") ||
getNameConstantOperand().equals("setAllowFileAccess") ||
getNameConstantOperand().equals("setAllowFileAccessFromFileURLs") ||
getNameConstantOperand().equals("setAllowUniversalAccessFromFileURLs"))) {
OpcodeStack.Item item = stack.getStackItem(0); //First item on the stack is the last
if(StackUtils.isConstantInteger(item)) {
Integer value = (Integer) item.getConstant();
if(value == null || value == 1) {
bugReporter.reportBug(new BugInstance(this, ANDROID_WEB_VIEW_JAVASCRIPT_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
}
}
}
示例14: sawOpcode
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void sawOpcode(int seen) {
// printOpCode(seen);
// getClassConstantOperand().equals("java/net/Socket")
if (seen == Constants.INVOKEVIRTUAL && ( //List of method mark as external file access
getNameConstantOperand().equals("getExternalCacheDir") ||
getNameConstantOperand().equals("getExternalCacheDirs") ||
getNameConstantOperand().equals("getExternalFilesDir") ||
getNameConstantOperand().equals("getExternalFilesDirs") ||
getNameConstantOperand().equals("getExternalMediaDirs")
)) {
// System.out.println(getSigConstantOperand());
bugReporter.reportBug(new BugInstance(this, ANDROID_EXTERNAL_FILE_ACCESS_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
else if(seen == Constants.INVOKESTATIC && getClassConstantOperand().equals("android/os/Environment") && (
getNameConstantOperand().equals("getExternalStorageDirectory") ||
getNameConstantOperand().equals("getExternalStoragePublicDirectory")
)) {
bugReporter.reportBug(new BugInstance(this, ANDROID_EXTERNAL_FILE_ACCESS_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
}
示例15: getPriority
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
if(FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
return Priorities.LOW_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
} else if (!taint.isSafe()
&& (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
&& taint.hasTag(Taint.Tag.LT_ENCODED)) {
return Priorities.LOW_PRIORITY;
} else {
return super.getPriority(taint);
}
}