Java Code Examples for edu.umd.cs.findbugs.Priorities#IGNORE_PRIORITY
The following examples show how to use
edu.umd.cs.findbugs.Priorities#IGNORE_PRIORITY .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: XssServletDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
|
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
if(FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
return Priorities.LOW_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
} else if (!taint.isSafe()
&& (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
&& taint.hasTag(Taint.Tag.LT_ENCODED)) {
return Priorities.LOW_PRIORITY;
} else {
return super.getPriority(taint);
}
}
Example 2
| Source File: TrustBoundaryViolationValueDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
|
/**=
* All or nothing :
* <ul>
* <li>If the taint to sink path is found, it is mark as high</li>
* <li>If the source is not confirm, it is mark as low. This is will be the most common case.</li>
* </ul>
* @param taint Taint state
* @return High or low confidence
*/
@Override
protected int getPriority(Taint taint) {
//**Low risk**
//It is very common that variable are not sanetize and store in session.
//By it self it pose little risk. The thinking is the injection or the critical operation
//will be catch.
//After all storing value in the session is not so different to storing value in local variables or any indirection.
//**False positive**
//The usual and most common configuration is to hide LOW priority (confidence).
//This way this FP producer will not polute day to day review by developers.
if (taint.isTainted() || !taint.isSafe()) {
return Priorities.LOW_PRIORITY;
}
else {
return Priorities.IGNORE_PRIORITY;
}
}
Example 3
| Source File: CrlfLogInjectionDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
|
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe()) {
//(Condition extracted for clarity)
//Either specifically safe for new line or URL encoded which encoded few other characters
boolean newLineSafe = (taint.hasTag(Taint.Tag.CR_ENCODED) && taint.hasTag(Taint.Tag.LF_ENCODED));
boolean urlSafe = (taint.hasTag(Taint.Tag.URL_ENCODED));
if(newLineSafe || urlSafe) {
return Priorities.IGNORE_PRIORITY;
}
}
if (taint.isTainted()) {
return Priorities.NORMAL_PRIORITY;
} else if (!taint.isSafe()) {
return Priorities.LOW_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
}
Example 4
| Source File: Noise.java From spotbugs with GNU Lesser General Public License v2.1 | 6 votes |
|
public int getPriority() {
int hash = getHash();
if ((hash & 0x1ff0) == 0) {
hash = hash & 0xf;
if (hash < 1) {
return Priorities.HIGH_PRIORITY;
} else if (hash < 1 + 2) {
return Priorities.NORMAL_PRIORITY;
} else if (hash < 1 + 2 + 4) {
return Priorities.LOW_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
} else {
return Priorities.IGNORE_PRIORITY + 1;
}
}
Example 5
| Source File: XssMvcApiDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
|
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
throws DataflowAnalysisException {
Taint mvcResultTaint = fact.getStackValue(offset);
// The MVC Result object was tainted - This could still be safe if the content-type is a safe one
if (!mvcResultTaint.isSafe()) {
// Get the value of the content-type parameter
Taint parameterTaint = fact.getStackValue(0);
if ( !parameterTaint.isSafe()
|| VULNERABLE_CONTENT_TYPE.equalsIgnoreCase(parameterTaint.getConstantValue())) {
return getPriority(mvcResultTaint);
}
}
return Priorities.IGNORE_PRIORITY;
}
Example 6
| Source File: HardcodePasswordInMapDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
|
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
throws DataflowAnalysisException {
Taint valueTaint = fact.getStackValue(0);
Taint parameterTaint = fact.getStackValue(1);
if(valueTaint.getConstantValue() == null || parameterTaint.getConstantValue() == null) {
return Priorities.IGNORE_PRIORITY;
}
String parameterValue = parameterTaint.getConstantValue().toLowerCase();
if(parameterValue.equals("java.naming.security.credentials")) {
return Priorities.NORMAL_PRIORITY;
}
for (String password : PASSWORD_WORDS) {
if (parameterValue.contains(password)) {//Is a constant value
return Priorities.NORMAL_PRIORITY;
}
}
return Priorities.IGNORE_PRIORITY;
}
Example 7
| Source File: RegisterReceiverPermissionDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
throws DataflowAnalysisException {
Taint stringValue = fact.getStackValue(offset);
System.out.println(stringValue.getConstantValue());
if (stringValue.getConstantValue() == null) { //Is a constant value
return Priorities.NORMAL_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
}
Example 8
| Source File: HttpResponseSplittingDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
protected int getPriority(Taint taint) {
boolean newLineSafe = taint.hasTag(Taint.Tag.CR_ENCODED) && taint.hasTag(Taint.Tag.LF_ENCODED);
if (!taint.isSafe() && newLineSafe || taint.hasTag(Taint.Tag.URL_ENCODED)) {
return Priorities.IGNORE_PRIORITY;
} else if (taint.isTainted()) {
return Priorities.NORMAL_PRIORITY;
} else if (!taint.isSafe()) {
return Priorities.LOW_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
}
Example 9
| Source File: XPathInjectionDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.XPATH_INJECTION_SAFE)) {
return Priorities.IGNORE_PRIORITY;
} else {
return super.getPriority(taint);
}
}
Example 10
| Source File: BroadcastDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
throws DataflowAnalysisException {
Taint stringValue = fact.getStackValue(offset);
// System.out.println(stringValue.getConstantValue());
if (stringValue.getConstantValue() == null) { //Is a constant value
return Priorities.NORMAL_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
}
Example 11
| Source File: ScalaSensitiveDataExposureDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
protected int getPriority(Taint taint) {
// If this call doesn't contain any sensitive data - There is no reason to report it.
if (!taint.hasTag(Taint.Tag.SENSITIVE_DATA)) {
return Priorities.IGNORE_PRIORITY;
}
return super.getPriority(taint);
}
Example 12
| Source File: IntuitiveHardcodePasswordDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
throws DataflowAnalysisException {
Taint stringValue = fact.getStackValue(offset);
if (stringValue.isSafe() && stringValue.getConstantValue() != null) { //Is a constant value
return Priorities.NORMAL_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
}
Example 13
| Source File: CommandInjectionDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.COMMAND_INJECTION_SAFE)) {
return Priorities.IGNORE_PRIORITY;
} else {
return super.getPriority(taint);
}
}
Example 14
| Source File: CollectorBugReporter.java From sputnik with Apache License 2.0 | 5 votes |
|
@NotNull
private Severity convert(int priority) {
switch (priority) {
case Priorities.IGNORE_PRIORITY:
return Severity.IGNORE;
case Priorities.EXP_PRIORITY:
case Priorities.LOW_PRIORITY:
case Priorities.NORMAL_PRIORITY:
return Severity.INFO;
case Priorities.HIGH_PRIORITY:
return Severity.WARNING;
default:
throw new IllegalArgumentException("Priority " + priority + " is not supported");
}
}
Example 15
| Source File: AndroidSqlInjectionDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.SQL_INJECTION_SAFE)) {
return Priorities.IGNORE_PRIORITY;
} else if (!taint.isSafe() && taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED)) {
return Priorities.LOW_PRIORITY;
}
else {
return super.getPriority(taint);
}
}
Example 16
| Source File: SqlInjectionDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.SQL_INJECTION_SAFE)) {
return Priorities.IGNORE_PRIORITY;
} else if (!taint.isSafe() && taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED)) {
return Priorities.LOW_PRIORITY;
} else {
return super.getPriority(taint);
}
}
Example 17
| Source File: HttpParameterPollutionDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && (taint.hasTag(Taint.Tag.HTTP_POLLUTION_SAFE) || taint.hasTag(Taint.Tag.URL_ENCODED))) {
return Priorities.IGNORE_PRIORITY;
} else {
return super.getPriority(taint);
}
}
Example 18
| Source File: TrustBoundaryViolationAttributeDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
/**
* All or nothing :
* <ul>
* <li>If the taint to sink path is found, it is mark as high</li>
* <li>If the source is not confirm, it is mark as low. This is will be the most common case.</li>
* </ul>
* @param taint Taint state
* @return High or low confidence
*/
@Override
protected int getPriority(Taint taint) {
if (taint.isTainted()) {
return Priorities.NORMAL_PRIORITY;
}
else if (!taint.isSafe()) {
return Priorities.LOW_PRIORITY;
}
else {
return Priorities.IGNORE_PRIORITY;
}
}
Example 19
| Source File: DontIgnoreResultOfPutIfAbsent.java From spotbugs with GNU Lesser General Public License v2.1 | 4 votes |
|
private static int getPriorityForBeingMutable(Type type) {
if (type instanceof ArrayType) {
return HIGH_PRIORITY;
} else if (type instanceof ObjectType) {
UnreadFieldsData unreadFields = AnalysisContext.currentAnalysisContext().getUnreadFieldsData();
ClassDescriptor cd = DescriptorFactory.getClassDescriptor((ObjectType) type);
@SlashedClassName
String className = cd.getClassName();
if (immutableClassNames.contains(className)) {
return Priorities.LOW_PRIORITY;
}
XClass xClass = AnalysisContext.currentXFactory().getXClass(cd);
if (xClass == null) {
return Priorities.IGNORE_PRIORITY;
}
ClassDescriptor superclassDescriptor = xClass.getSuperclassDescriptor();
if (superclassDescriptor != null) {
@SlashedClassName
String superClassName = superclassDescriptor.getClassName();
if ("java/lang/Enum".equals(superClassName)) {
return Priorities.LOW_PRIORITY;
}
}
boolean hasMutableField = false;
boolean hasUpdates = false;
for (XField f : xClass.getXFields()) {
if (!f.isStatic()) {
if (!f.isFinal() && !f.isSynthetic()) {
hasMutableField = true;
if (unreadFields.isWrittenOutsideOfInitialization(f)) {
hasUpdates = true;
}
}
String signature = f.getSignature();
if (signature.startsWith("Ljava/util/concurrent") || signature.startsWith("Ljava/lang/StringB")
|| signature.charAt(0) == '[' || signature.indexOf("Map") >= 0 || signature.indexOf("List") >= 0
|| signature.indexOf("Set") >= 0) {
hasMutableField = hasUpdates = true;
}
}
}
if (!hasMutableField && !xClass.isInterface() && !xClass.isAbstract()) {
return Priorities.LOW_PRIORITY;
}
if (hasUpdates || className.startsWith("java/util") || className.indexOf("Map") >= 0
|| className.indexOf("List") >= 0) {
return Priorities.HIGH_PRIORITY;
}
return Priorities.NORMAL_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
}
Example 20
| Source File: AbstractInjectionDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 3 votes |
|
/**
* The default implementation of <code>getPriority()</code> can be overridden if the severity and the confidence for risk
* is particular.
*
* By default, injection will be rated "High" if the complete link between source and sink is made.
* If it is not the case but concatenation with external source is made, "Medium" is used.
*
* @param taint Detail about the state of the value passed (Cumulative information leading to the variable passed).
* @return Priorities interface values from 1 to 5 (Enum-like interface)
*/
protected int getPriority(Taint taint) {
if (taint.isTainted()) {
return Priorities.HIGH_PRIORITY;
} else if (!taint.isSafe()) {
return Priorities.NORMAL_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
}
