本文整理汇总了Java中edu.umd.cs.findbugs.Priorities类的典型用法代码示例。如果您正苦于以下问题:Java Priorities类的具体用法?Java Priorities怎么用?Java Priorities使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
Priorities类属于edu.umd.cs.findbugs包,在下文中一共展示了Priorities类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: getPriority
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
/**=
* All or nothing :
* <ul>
* <li>If the taint to sink path is found, it is mark as high</li>
* <li>If the source is not confirm, it is mark as low. This is will be the most common case.</li>
* </ul>
* @param taint Taint state
* @return High or low confidence
*/
@Override
protected int getPriority(Taint taint) {
//**Low risk**
//It is very common that variable are not sanetize and store in session.
//By it self it pose little risk. The thinking is the injection or the critical operation
//will be catch.
//After all storing value in the session is not so different to storing value in local variables or any indirection.
//**False positive**
//The usual and most common configuration is to hide LOW priority (confidence).
//This way this FP producer will not polute day to day review by developers.
if (taint.isTainted() || !taint.isSafe()) {
return Priorities.LOW_PRIORITY;
}
else {
return Priorities.IGNORE_PRIORITY;
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:28,代码来源:TrustBoundaryViolationValueDetector.java
示例2: getPriority
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe()) {
//(Condition extracted for clarity)
//Either specifically safe for new line or URL encoded which encoded few other characters
boolean newLineSafe = (taint.hasTag(Taint.Tag.CR_ENCODED) && taint.hasTag(Taint.Tag.LF_ENCODED));
boolean urlSafe = (taint.hasTag(Taint.Tag.URL_ENCODED));
if(newLineSafe || urlSafe) {
return Priorities.IGNORE_PRIORITY;
}
}
if (taint.isTainted()) {
return Priorities.NORMAL_PRIORITY;
} else if (!taint.isSafe()) {
return Priorities.LOW_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:20,代码来源:CrlfLogInjectionDetector.java
示例3: sawOpcode
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void sawOpcode(int seen) {
if (seen == Constants.INVOKEVIRTUAL && getClassConstantOperand().equals("javax/servlet/http/Cookie")
&& getNameConstantOperand().equals("setMaxAge")) {
Object maxAge = stack.getStackItem(0).getConstant();
Integer n = (maxAge instanceof Integer) ? (Integer)maxAge : 0;
//Max age equal or greater than one year
if (n >= 31536000) {
bugReporter.reportBug(new BugInstance(this, "COOKIE_PERSISTENT", Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:17,代码来源:PersistentCookieDetector.java
示例4: sawOpcode
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void sawOpcode(int seen) {
//printOpCode(seen);
// JspSpringEvalDetector: [0039] ldc "${expression}"
// JspSpringEvalDetector: [0041] ldc java/lang/String
// JspSpringEvalDetector: [0043] aload_2
// JspSpringEvalDetector: [0044] aconst_null
// JspSpringEvalDetector: [0045] invokestatic org/apache/jasper/runtime/PageContextImpl.evaluateExpression (Ljava/lang/String;Ljava/lang/Class;Ljavax/servlet/jsp/PageContext;Lorg/apache/jasper/runtime/ProtectedFunctionMapper;)Ljava/lang/Object;
// JspSpringEvalDetector: [0048] checkcast
// JspSpringEvalDetector: [0051] invokevirtual org/springframework/web/servlet/tags/EvalTag.setExpression (Ljava/lang/String;)V
if (seen == Constants.INVOKEVIRTUAL && getClassConstantOperand().equals("org/springframework/web/servlet/tags/EvalTag")
&& getNameConstantOperand().equals("setExpression") && getSigConstantOperand().equals("(Ljava/lang/String;)V")) {
if (StackUtils.isVariableString(stack.getStackItem(0))) {
bugReporter.reportBug(new BugInstance(this, JSP_SPRING_EVAL, Priorities.HIGH_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:22,代码来源:JspSpringEvalDetector.java
示例5: reportBadSink
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
private void reportBadSink() {
if (!sinkMethods.containsKey(calledMethod)) {
return;
}
Collection<Integer> offsets = sinkMethods.get(calledMethod);
Collection<Integer> offsetsToReport = new ArrayList<Integer>();
for (Integer offset : offsets) {
if (hasHardCodedStackItem(offset) && !stack.getStackItem(offset).isNull()) {
offsetsToReport.add(offset);
String sourceField = getStackFieldName(offset);
if (sourceField != null) {
reportedFields.add(sourceField);
}
}
}
if (!offsetsToReport.isEmpty()) {
reportBugSink(Priorities.HIGH_PRIORITY, offsets);
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:20,代码来源:ConstantPasswordDetector.java
示例6: getPriorityFromTaintFrame
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
throws DataflowAnalysisException {
Taint valueTaint = fact.getStackValue(0);
Taint parameterTaint = fact.getStackValue(1);
if(valueTaint.getConstantValue() == null || parameterTaint.getConstantValue() == null) {
return Priorities.IGNORE_PRIORITY;
}
String parameterValue = parameterTaint.getConstantValue().toLowerCase();
if(parameterValue.equals("java.naming.security.credentials")) {
return Priorities.NORMAL_PRIORITY;
}
for (String password : PASSWORD_WORDS) {
if (parameterValue.contains(password)) {//Is a constant value
return Priorities.NORMAL_PRIORITY;
}
}
return Priorities.IGNORE_PRIORITY;
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:22,代码来源:HardcodePasswordInMapDetector.java
示例7: getPriority
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
if(FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
return Priorities.LOW_PRIORITY;
}
else {
return Priorities.IGNORE_PRIORITY;
}
} else if (!taint.isSafe()
&& (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
&& taint.hasTag(Taint.Tag.LT_ENCODED)) {
return Priorities.LOW_PRIORITY;
} else {
return super.getPriority(taint);
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:18,代码来源:XssTwirlDetector.java
示例8: getPriorityFromTaintFrame
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
throws DataflowAnalysisException {
Taint mvcResultTaint = fact.getStackValue(offset);
// The MVC Result object was tainted - This could still be safe if the content-type is a safe one
if (!mvcResultTaint.isSafe()) {
// Get the value of the content-type parameter
Taint parameterTaint = fact.getStackValue(0);
if ( !parameterTaint.isSafe()
|| VULNERABLE_CONTENT_TYPE.equalsIgnoreCase(parameterTaint.getConstantValue())) {
return getPriority(mvcResultTaint);
}
}
return Priorities.IGNORE_PRIORITY;
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:19,代码来源:XssMvcApiDetector.java
示例9: getPriority
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
if (FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
return Priorities.LOW_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
} else if (!taint.isSafe()
&& (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
&& taint.hasTag(Taint.Tag.LT_ENCODED)) {
return Priorities.LOW_PRIORITY;
} else {
return super.getPriority(taint);
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:17,代码来源:XssMvcApiDetector.java
示例10: sawOpcode
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void sawOpcode(int seen) {
if (seen == Constants.INVOKESTATIC
&& getClassConstantOperand().equals("javax/crypto/Cipher")
&& getNameConstantOperand().equals("getInstance")) {
OpcodeStack.Item item = stack.getStackItem(getSigConstantOperand().contains(";L") ? 1 : 0);
if (StackUtils.isConstantString(item)) {
String cipherValue = (String) item.getConstant();
// default padding for "RSA" only is PKCS1 so it is not reported
if (cipherValue.startsWith("RSA/") && cipherValue.endsWith("/NoPadding")) {
bugReporter.reportBug(new BugInstance(this, RSA_NO_PADDING_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
}
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:17,代码来源:RsaNoPaddingDetector.java
示例11: visitClassContext
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void visitClassContext(ClassContext classContext) {
JavaClass javaClass = classContext.getJavaClass();
//The class extends WebChromeClient
boolean isWebChromeClient = InterfaceUtils.isSubtype(javaClass, "android.webkit.WebChromeClient");
//Not the target of this detector
if (!isWebChromeClient) {
return;
}
Method[] methodList = javaClass.getMethods();
for (Method m : methodList) {
if (DEBUG) {
System.out.println(">>> Method: " + m.getName());
}
//The presence of onGeolocationPermissionsShowPrompt is not enforce for the moment
if (!m.getName().equals("onGeolocationPermissionsShowPrompt")) {
continue;
}
//Since the logic implemented need to be analyze by a human, all implementation will be flagged.
bugReporter.reportBug(new BugInstance(this, ANDROID_GEOLOCATION_TYPE, Priorities.NORMAL_PRIORITY) //
.addClassAndMethod(javaClass, m));
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:26,代码来源:GeolocationDetector.java
示例12: sawOpcode
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void sawOpcode(int seen) {
//printOpCode(seen);
// getClassConstantOperand().equals("java/net/Socket")
if (seen == Constants.INVOKEVIRTUAL && ( //List of method mark as external file access
getNameConstantOperand().equals("sendStickyBroadcast") ||
getNameConstantOperand().equals("sendStickyOrderedBroadcast") ||
getNameConstantOperand().equals("sendStickyBroadcastAsUser") ||
getNameConstantOperand().equals("sendStickyOrderedBroadcastAsUser")
)) {
// System.out.println(getSigConstantOperand());
bugReporter.reportBug(new BugInstance(this, ANDROID_STICKY_BROADCAST_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:18,代码来源:StickyBroadcastDetector.java
示例13: sawOpcode
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void sawOpcode(int seen) {
//printOpCode(seen);
if (seen == Constants.INVOKEVIRTUAL && getClassConstantOperand().equals("android/webkit/WebSettings") &&
(getNameConstantOperand().equals("setJavaScriptEnabled") ||
getNameConstantOperand().equals("setAllowFileAccess") ||
getNameConstantOperand().equals("setAllowFileAccessFromFileURLs") ||
getNameConstantOperand().equals("setAllowUniversalAccessFromFileURLs"))) {
OpcodeStack.Item item = stack.getStackItem(0); //First item on the stack is the last
if(StackUtils.isConstantInteger(item)) {
Integer value = (Integer) item.getConstant();
if(value == null || value == 1) {
bugReporter.reportBug(new BugInstance(this, ANDROID_WEB_VIEW_JAVASCRIPT_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
}
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:19,代码来源:WebViewJavascriptEnabledDetector.java
示例14: sawOpcode
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void sawOpcode(int seen) {
// printOpCode(seen);
// getClassConstantOperand().equals("java/net/Socket")
if (seen == Constants.INVOKEVIRTUAL && ( //List of method mark as external file access
getNameConstantOperand().equals("getExternalCacheDir") ||
getNameConstantOperand().equals("getExternalCacheDirs") ||
getNameConstantOperand().equals("getExternalFilesDir") ||
getNameConstantOperand().equals("getExternalFilesDirs") ||
getNameConstantOperand().equals("getExternalMediaDirs")
)) {
// System.out.println(getSigConstantOperand());
bugReporter.reportBug(new BugInstance(this, ANDROID_EXTERNAL_FILE_ACCESS_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
else if(seen == Constants.INVOKESTATIC && getClassConstantOperand().equals("android/os/Environment") && (
getNameConstantOperand().equals("getExternalStorageDirectory") ||
getNameConstantOperand().equals("getExternalStoragePublicDirectory")
)) {
bugReporter.reportBug(new BugInstance(this, ANDROID_EXTERNAL_FILE_ACCESS_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:26,代码来源:ExternalFileAccessDetector.java
示例15: getPriority
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
if(FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
return Priorities.LOW_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
} else if (!taint.isSafe()
&& (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
&& taint.hasTag(Taint.Tag.LT_ENCODED)) {
return Priorities.LOW_PRIORITY;
} else {
return super.getPriority(taint);
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:17,代码来源:XssServletDetector.java
示例16: visitClassContext
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
public void visitClassContext(ClassContext classContext) {
JavaClass javaClass = classContext.getJavaClass();
//The class extends HttpServletRequestWrapper
boolean isRequestWrapper = InterfaceUtils.isSubtype(javaClass, "javax.servlet.http.HttpServletRequestWrapper");
//Not the target of this detector
if (!isRequestWrapper) return;
Method[] methodList = javaClass.getMethods();
for (Method m : methodList) {
if (m.getName().equals("stripXSS")) {
bugReporter.reportBug(new BugInstance(this, XSS_REQUEST_WRAPPER_TYPE, Priorities.NORMAL_PRIORITY) //
.addClassAndMethod(javaClass, m));
return;
}
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:22,代码来源:XSSRequestWrapperDetector.java
示例17: analyzeMethod
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
if (inst instanceof LDC) {
LDC ldc = (LDC) inst;
if (ldc != null) {
if("java.naming.security.authentication".equals(ldc.getValue(cpg)) &&
"none".equals(ByteCode.getConstantLDC(location.getHandle().getNext(), cpg, String.class))){
JavaClass clz = classContext.getJavaClass();
bugReporter.reportBug(new BugInstance(this, LDAP_ANONYMOUS, Priorities.LOW_PRIORITY) //
.addClass(clz)
.addMethod(clz, m)
.addSourceLine(classContext, m, location));
break;
}
}
}
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:27,代码来源:AnonymousLdapDetector.java
示例18: analyzeFindBugs
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Override
protected FindBugsResult analyzeFindBugs() {
final BugCollector collector = new BugCollector().minPriority(Priorities.NORMAL_PRIORITY)
.apply(PredefConfig.dependencyTestIgnore(CodeAnalysisTest.class))
.because("It's SVG salamander", In.loc("com.kitfox.svg*").ignoreAll())
.because("It's examples", In.loc("ReadmeTest").ignore("DLS_DEAD_LOCAL_STORE"))
.because("GraphvizServer is on localhost",
In.locs("GraphvizServer", "GraphvizServerEngine")
.ignore("UNENCRYPTED_SERVER_SOCKET", "UNENCRYPTED_SOCKET"))
.because("We don't execute user submitted JS code",
In.clazz(GraphvizJdkEngine.class).ignore("SCRIPT_ENGINE_INJECTION"))
.because("It's ok",
In.clazz(MutableGraph.class).ignore("SE_COMPARATOR_SHOULD_BE_SERIALIZABLE"),
In.loc("DefaultExecutor").ignore("DM_DEFAULT_ENCODING"),
In.loc("GraphvizServer").ignore("COMMAND_INJECTION", "CRLF_INJECTION_LOGS"),
In.locs("GraphvizCmdLineEngine", "EngineTest").ignore("PATH_TRAVERSAL_IN"),
In.loc("EngineTest").ignore("RV_RETURN_VALUE_IGNORED_BAD_PRACTICE"),
In.loc("Communicator").ignore("RR_NOT_CHECKED"));
return new FindBugsAnalyzer(AnalyzerConfig.maven().mainAndTest(), collector).analyze();
}
开发者ID:nidi3,项目名称:graphviz-java,代码行数:21,代码来源:CodeAnalysisTest.java
示例19: findBugs
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
@Test
public void findBugs() {
// Analyze all sources in src/main/java
AnalyzerConfig config = AnalyzerConfig.maven().main();
// Only treat bugs with rank < 17 and with NORMAL_PRIORITY or higher
// Ignore the given bug types in the given classes / methods.
BugCollector collector = new BugCollector().maxRank(17).minPriority(Priorities.NORMAL_PRIORITY)
.just(In.everywhere().ignore("UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR"))
.because("It's checked and OK like this",
In.classes(DependencyRules.class, PmdRuleset.class).ignore("DP_DO_INSIDE_DO_PRIVILEGED"),
In.classes("*Test", "Rulesets")
.and(In.classes("ClassFileParser").withMethods("doParse"))
.ignore("URF_UNREAD_FIELD"));
FindBugsResult result = new FindBugsAnalyzer(config, collector).analyze();
assertThat(result, hasNoBugs());
}
开发者ID:nidi3,项目名称:code-assert,代码行数:19,代码来源:FindBugsTest.java
示例20: checkForCompatibleLongComparison
import edu.umd.cs.findbugs.Priorities; //导入依赖的package包/类
private void checkForCompatibleLongComparison(OpcodeStack.Item left, OpcodeStack.Item right) {
if (left.getSpecialKind() == Item.RESULT_OF_I2L && right.getConstant() != null) {
long value = ((Number) right.getConstant()).longValue();
if ( (value > Integer.MAX_VALUE || value < Integer.MIN_VALUE)) {
int priority = Priorities.HIGH_PRIORITY;
if (value == Integer.MAX_VALUE+1 || value == Integer.MIN_VALUE -1)
priority = Priorities.NORMAL_PRIORITY;
String stringValue = IntAnnotation.getShortInteger(value)+"L";
if (value == 0xffffffffL)
stringValue = "0xffffffffL";
else if (value == 0x80000000L)
stringValue = "0x80000000L";
accumulator.accumulateBug(new BugInstance(this, "INT_BAD_COMPARISON_WITH_INT_VALUE", priority ).addClassAndMethod(this)
.addString(stringValue).describe(StringAnnotation.STRING_NONSTRING_CONSTANT_ROLE)
.addValueSource(left, this) , this);
}
}
}
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:19,代码来源:DumbMethods.java
注:本文中的edu.umd.cs.findbugs.Priorities类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论