当前位置: 首页>>代码示例>>Java>>正文


Java Priorities类代码示例

本文整理汇总了Java中edu.umd.cs.findbugs.Priorities的典型用法代码示例。如果您正苦于以下问题:Java Priorities类的具体用法?Java Priorities怎么用?Java Priorities使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。


Priorities类属于edu.umd.cs.findbugs包,在下文中一共展示了Priorities类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: getPriority

import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
/**=
 * All or nothing :
 * <ul>
 * <li>If the taint to sink path is found, it is mark as high</li>
 * <li>If the source is not confirm, it is mark as low. This is will be the most common case.</li>
 * </ul>
 * @param taint Taint state
 * @return High or low confidence
 */
@Override
protected int getPriority(Taint taint) {
    //**Low risk**
    //It is very common that variable are not sanetize and store in session.
    //By it self it pose little risk. The thinking is the injection or the critical operation
    //will be catch.
    //After all storing value in the session is not so different to storing value in local variables or any indirection.
    //**False positive**
    //The usual and most common configuration is to hide LOW priority (confidence).
    //This way this FP producer will not polute day to day review by developers.

    if (taint.isTainted() || !taint.isSafe()) {
        return Priorities.LOW_PRIORITY;
    }
    else {
        return Priorities.IGNORE_PRIORITY;
    }
}
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:28,代码来源:TrustBoundaryViolationValueDetector.java

示例2: getPriority

import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriority(Taint taint) {
    if (!taint.isSafe()) {
        //(Condition extracted for clarity)
        //Either specifically safe for new line or URL encoded which encoded few other characters
        boolean newLineSafe = (taint.hasTag(Taint.Tag.CR_ENCODED) && taint.hasTag(Taint.Tag.LF_ENCODED));
        boolean urlSafe = (taint.hasTag(Taint.Tag.URL_ENCODED));
        if(newLineSafe || urlSafe) {
            return Priorities.IGNORE_PRIORITY;
        }
    }
    if (taint.isTainted()) {
        return Priorities.NORMAL_PRIORITY;
    } else if (!taint.isSafe()) {
        return Priorities.LOW_PRIORITY;
    } else {
        return Priorities.IGNORE_PRIORITY;
    }
}
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:20,代码来源:CrlfLogInjectionDetector.java

示例3: sawOpcode

import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void sawOpcode(int seen) {

    if (seen == Constants.INVOKEVIRTUAL && getClassConstantOperand().equals("javax/servlet/http/Cookie")
            && getNameConstantOperand().equals("setMaxAge")) {

        Object maxAge = stack.getStackItem(0).getConstant();
        Integer n = (maxAge instanceof Integer) ? (Integer)maxAge : 0;

        //Max age equal or greater than one year
        if (n >= 31536000) {
            bugReporter.reportBug(new BugInstance(this, "COOKIE_PERSISTENT", Priorities.NORMAL_PRIORITY) //
                    .addClass(this).addMethod(this).addSourceLine(this));
        }
    }
}
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:17,代码来源:PersistentCookieDetector.java

示例4: sawOpcode

import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
    public void sawOpcode(int seen) {
        //printOpCode(seen);

//        JspSpringEvalDetector: [0039]  ldc   "${expression}"
//        JspSpringEvalDetector: [0041]  ldc   java/lang/String
//        JspSpringEvalDetector: [0043]  aload_2
//        JspSpringEvalDetector: [0044]  aconst_null
//        JspSpringEvalDetector: [0045]  invokestatic   org/apache/jasper/runtime/PageContextImpl.evaluateExpression (Ljava/lang/String;Ljava/lang/Class;Ljavax/servlet/jsp/PageContext;Lorg/apache/jasper/runtime/ProtectedFunctionMapper;)Ljava/lang/Object;
//        JspSpringEvalDetector: [0048]  checkcast
//        JspSpringEvalDetector: [0051]  invokevirtual   org/springframework/web/servlet/tags/EvalTag.setExpression (Ljava/lang/String;)V

        if (seen == Constants.INVOKEVIRTUAL && getClassConstantOperand().equals("org/springframework/web/servlet/tags/EvalTag")
                && getNameConstantOperand().equals("setExpression") && getSigConstantOperand().equals("(Ljava/lang/String;)V")) {

            if (StackUtils.isVariableString(stack.getStackItem(0))) {
                bugReporter.reportBug(new BugInstance(this, JSP_SPRING_EVAL, Priorities.HIGH_PRIORITY) //
                        .addClass(this).addMethod(this).addSourceLine(this));
            }
        }
    }
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:22,代码来源:JspSpringEvalDetector.java

示例5: reportBadSink

import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
private void reportBadSink() {
    if (!sinkMethods.containsKey(calledMethod)) {
        return;
    }
    Collection<Integer> offsets = sinkMethods.get(calledMethod);
    Collection<Integer> offsetsToReport = new ArrayList<Integer>();
    for (Integer offset : offsets) {
        if (hasHardCodedStackItem(offset) && !stack.getStackItem(offset).isNull()) {
            offsetsToReport.add(offset);
            String sourceField = getStackFieldName(offset);
            if (sourceField != null) {
                reportedFields.add(sourceField);
            }
        }
    }
    if (!offsetsToReport.isEmpty()) {
        reportBugSink(Priorities.HIGH_PRIORITY, offsets);
    }
}
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:20,代码来源:ConstantPasswordDetector.java

示例6: getPriorityFromTaintFrame

import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
        throws DataflowAnalysisException {
    Taint valueTaint = fact.getStackValue(0);
    Taint parameterTaint = fact.getStackValue(1);

    if(valueTaint.getConstantValue() == null || parameterTaint.getConstantValue() == null) {
        return Priorities.IGNORE_PRIORITY;
    }

    String parameterValue = parameterTaint.getConstantValue().toLowerCase();
    if(parameterValue.equals("java.naming.security.credentials")) {
        return Priorities.NORMAL_PRIORITY;
    }
    for (String password : PASSWORD_WORDS) {
        if (parameterValue.contains(password)) {//Is a constant value
            return Priorities.NORMAL_PRIORITY;
        }
    }
    return Priorities.IGNORE_PRIORITY;
}
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:22,代码来源:HardcodePasswordInMapDetector.java

示例7: getPriority

import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriority(Taint taint) {
    if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
        if(FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
            return Priorities.LOW_PRIORITY;
        }
        else {
            return Priorities.IGNORE_PRIORITY;
        }
    } else if (!taint.isSafe()
            && (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
            && taint.hasTag(Taint.Tag.LT_ENCODED)) {
        return Priorities.LOW_PRIORITY;
    } else {
        return super.getPriority(taint);
    }
}
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:18,代码来源:XssTwirlDetector.java

示例8: getPriorityFromTaintFrame

import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
        throws DataflowAnalysisException {
    Taint mvcResultTaint = fact.getStackValue(offset);

    // The MVC Result object was tainted - This could still be safe if the content-type is a safe one
    if (!mvcResultTaint.isSafe()) {
        // Get the value of the content-type parameter
        Taint parameterTaint = fact.getStackValue(0);

        if ( !parameterTaint.isSafe()
                || VULNERABLE_CONTENT_TYPE.equalsIgnoreCase(parameterTaint.getConstantValue())) {
            return getPriority(mvcResultTaint);
        }
    }

    return Priorities.IGNORE_PRIORITY;
}
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:19,代码来源:XssMvcApiDetector.java

示例9: getPriority

import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriority(Taint taint) {
    if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
        if (FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
            return Priorities.LOW_PRIORITY;
        } else {
            return Priorities.IGNORE_PRIORITY;
        }
    } else if (!taint.isSafe()
            && (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
            && taint.hasTag(Taint.Tag.LT_ENCODED)) {
        return Priorities.LOW_PRIORITY;
    } else {
        return super.getPriority(taint);
    }
}
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:17,代码来源:XssMvcApiDetector.java

示例10: sawOpcode

import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void sawOpcode(int seen) {
    if (seen == Constants.INVOKESTATIC
            && getClassConstantOperand().equals("javax/crypto/Cipher")
            && getNameConstantOperand().equals("getInstance")) {
        OpcodeStack.Item item = stack.getStackItem(getSigConstantOperand().contains(";L") ? 1 : 0);
        if (StackUtils.isConstantString(item)) {
            String cipherValue = (String) item.getConstant();
            // default padding for "RSA" only is PKCS1 so it is not reported
            if (cipherValue.startsWith("RSA/") && cipherValue.endsWith("/NoPadding")) {
                bugReporter.reportBug(new BugInstance(this, RSA_NO_PADDING_TYPE, Priorities.NORMAL_PRIORITY) //
                        .addClass(this).addMethod(this).addSourceLine(this));
            }
        }
    }
}
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:17,代码来源:RsaNoPaddingDetector.java

示例11: visitClassContext

import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void visitClassContext(ClassContext classContext) {
    JavaClass javaClass = classContext.getJavaClass();
    
    //The class extends WebChromeClient
    boolean isWebChromeClient = InterfaceUtils.isSubtype(javaClass, "android.webkit.WebChromeClient");
    
    //Not the target of this detector
    if (!isWebChromeClient) {
        return;
    }
    Method[] methodList = javaClass.getMethods();
    for (Method m : methodList) {
        if (DEBUG) {
            System.out.println(">>> Method: " + m.getName());
        }
        //The presence of onGeolocationPermissionsShowPrompt is not enforce for the moment
        if (!m.getName().equals("onGeolocationPermissionsShowPrompt")) {
            continue;
        }
        //Since the logic implemented need to be analyze by a human, all implementation will be flagged.
        bugReporter.reportBug(new BugInstance(this, ANDROID_GEOLOCATION_TYPE, Priorities.NORMAL_PRIORITY) //
                .addClassAndMethod(javaClass, m));
    }
}
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:26,代码来源:GeolocationDetector.java

示例12: sawOpcode

import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
    public void sawOpcode(int seen) {
        //printOpCode(seen);

        // getClassConstantOperand().equals("java/net/Socket")

        if (seen == Constants.INVOKEVIRTUAL && ( //List of method mark as external file access
                getNameConstantOperand().equals("sendStickyBroadcast") ||
                        getNameConstantOperand().equals("sendStickyOrderedBroadcast") ||
                        getNameConstantOperand().equals("sendStickyBroadcastAsUser") ||
                        getNameConstantOperand().equals("sendStickyOrderedBroadcastAsUser")
        )) {
//            System.out.println(getSigConstantOperand());
            bugReporter.reportBug(new BugInstance(this, ANDROID_STICKY_BROADCAST_TYPE, Priorities.NORMAL_PRIORITY) //
                    .addClass(this).addMethod(this).addSourceLine(this));
        }
    }
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:18,代码来源:StickyBroadcastDetector.java

示例13: sawOpcode

import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void sawOpcode(int seen) {
    //printOpCode(seen);
    if (seen == Constants.INVOKEVIRTUAL && getClassConstantOperand().equals("android/webkit/WebSettings") &&
            (getNameConstantOperand().equals("setJavaScriptEnabled") ||
             getNameConstantOperand().equals("setAllowFileAccess") ||
             getNameConstantOperand().equals("setAllowFileAccessFromFileURLs") ||
             getNameConstantOperand().equals("setAllowUniversalAccessFromFileURLs"))) {
        OpcodeStack.Item item = stack.getStackItem(0); //First item on the stack is the last
        if(StackUtils.isConstantInteger(item)) {
            Integer value = (Integer) item.getConstant();
            if(value == null || value == 1) {
                bugReporter.reportBug(new BugInstance(this, ANDROID_WEB_VIEW_JAVASCRIPT_TYPE, Priorities.NORMAL_PRIORITY) //
                        .addClass(this).addMethod(this).addSourceLine(this));
            }
        }
    }
}
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:19,代码来源:WebViewJavascriptEnabledDetector.java

示例14: sawOpcode

import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
    public void sawOpcode(int seen) {
//        printOpCode(seen);

        // getClassConstantOperand().equals("java/net/Socket")

        if (seen == Constants.INVOKEVIRTUAL && ( //List of method mark as external file access
                getNameConstantOperand().equals("getExternalCacheDir") ||
                getNameConstantOperand().equals("getExternalCacheDirs") ||
                getNameConstantOperand().equals("getExternalFilesDir") ||
                getNameConstantOperand().equals("getExternalFilesDirs") ||
                getNameConstantOperand().equals("getExternalMediaDirs")
            )) {
//            System.out.println(getSigConstantOperand());
            bugReporter.reportBug(new BugInstance(this, ANDROID_EXTERNAL_FILE_ACCESS_TYPE, Priorities.NORMAL_PRIORITY) //
                    .addClass(this).addMethod(this).addSourceLine(this));
        }
        else if(seen == Constants.INVOKESTATIC && getClassConstantOperand().equals("android/os/Environment") && (
                getNameConstantOperand().equals("getExternalStorageDirectory") ||
                getNameConstantOperand().equals("getExternalStoragePublicDirectory")
            )) {
            bugReporter.reportBug(new BugInstance(this, ANDROID_EXTERNAL_FILE_ACCESS_TYPE, Priorities.NORMAL_PRIORITY) //
                    .addClass(this).addMethod(this).addSourceLine(this));
        }
    }
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:26,代码来源:ExternalFileAccessDetector.java

示例15: getPriority

import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriority(Taint taint) {
    if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
        if(FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
            return Priorities.LOW_PRIORITY;
        } else {
            return Priorities.IGNORE_PRIORITY;
        }
    } else if (!taint.isSafe()
            && (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
            && taint.hasTag(Taint.Tag.LT_ENCODED)) {
        return Priorities.LOW_PRIORITY;
    } else {
        return super.getPriority(taint);
    }
}
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:17,代码来源:XssServletDetector.java


注:本文中的edu.umd.cs.findbugs.Priorities类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。