Java Code Examples for edu.umd.cs.findbugs.Priorities#LOW_PRIORITY
The following examples show how to use
edu.umd.cs.findbugs.Priorities#LOW_PRIORITY .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: TrustBoundaryViolationValueDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
|
/**=
* All or nothing :
* <ul>
* <li>If the taint to sink path is found, it is mark as high</li>
* <li>If the source is not confirm, it is mark as low. This is will be the most common case.</li>
* </ul>
* @param taint Taint state
* @return High or low confidence
*/
@Override
protected int getPriority(Taint taint) {
//**Low risk**
//It is very common that variable are not sanetize and store in session.
//By it self it pose little risk. The thinking is the injection or the critical operation
//will be catch.
//After all storing value in the session is not so different to storing value in local variables or any indirection.
//**False positive**
//The usual and most common configuration is to hide LOW priority (confidence).
//This way this FP producer will not polute day to day review by developers.
if (taint.isTainted() || !taint.isSafe()) {
return Priorities.LOW_PRIORITY;
}
else {
return Priorities.IGNORE_PRIORITY;
}
}
Example 2
| Source File: ProjectFilterSettings.java From spotbugs with GNU Lesser General Public License v2.1 | 6 votes |
|
/**
* Convert an integer warning priority threshold value to a String.
*/
public static String getIntPriorityAsString(int prio) {
String minPriority;
switch (prio) {
case Priorities.EXP_PRIORITY:
minPriority = ProjectFilterSettings.EXPERIMENTAL_PRIORITY;
break;
case Priorities.LOW_PRIORITY:
minPriority = ProjectFilterSettings.LOW_PRIORITY;
break;
case Priorities.NORMAL_PRIORITY:
minPriority = ProjectFilterSettings.MEDIUM_PRIORITY;
break;
case Priorities.HIGH_PRIORITY:
minPriority = ProjectFilterSettings.HIGH_PRIORITY;
break;
default:
minPriority = ProjectFilterSettings.DEFAULT_PRIORITY;
break;
}
return minPriority;
}
Example 3
| Source File: CrlfLogInjectionDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
|
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe()) {
//(Condition extracted for clarity)
//Either specifically safe for new line or URL encoded which encoded few other characters
boolean newLineSafe = (taint.hasTag(Taint.Tag.CR_ENCODED) && taint.hasTag(Taint.Tag.LF_ENCODED));
boolean urlSafe = (taint.hasTag(Taint.Tag.URL_ENCODED));
if(newLineSafe || urlSafe) {
return Priorities.IGNORE_PRIORITY;
}
}
if (taint.isTainted()) {
return Priorities.NORMAL_PRIORITY;
} else if (!taint.isSafe()) {
return Priorities.LOW_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
}
Example 4
| Source File: StartInConstructor.java From spotbugs with GNU Lesser General Public License v2.1 | 6 votes |
|
@Override
public void sawOpcode(int seen) {
if (seen == Const.INVOKEVIRTUAL && "start".equals(getNameConstantOperand()) && "()V".equals(getSigConstantOperand())) {
try {
if (Hierarchy.isSubtype(getDottedClassConstantOperand(), "java.lang.Thread")) {
int priority = Priorities.NORMAL_PRIORITY;
if (getPC() + 4 >= getCode().getCode().length) {
priority = Priorities.LOW_PRIORITY;
}
BugInstance bug = new BugInstance(this, "SC_START_IN_CTOR", priority).addClassAndMethod(this)
.addCalledMethod(this);
Subtypes2 subtypes2 = AnalysisContext.currentAnalysisContext().getSubtypes2();
Set<ClassDescriptor> directSubtypes = subtypes2.getDirectSubtypes(getClassDescriptor());
if (!directSubtypes.isEmpty()) {
for (ClassDescriptor sub : directSubtypes) {
bug.addClass(sub).describe(ClassAnnotation.SUBCLASS_ROLE);
}
bug.setPriority(Priorities.HIGH_PRIORITY);
}
bugAccumulator.accumulateBug(bug, this);
}
} catch (ClassNotFoundException e) {
bugReporter.reportMissingClass(e);
}
}
}
Example 5
| Source File: Noise.java From spotbugs with GNU Lesser General Public License v2.1 | 6 votes |
|
public int getPriority() {
int hash = getHash();
if ((hash & 0x1ff0) == 0) {
hash = hash & 0xf;
if (hash < 1) {
return Priorities.HIGH_PRIORITY;
} else if (hash < 1 + 2) {
return Priorities.NORMAL_PRIORITY;
} else if (hash < 1 + 2 + 4) {
return Priorities.LOW_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
} else {
return Priorities.IGNORE_PRIORITY + 1;
}
}
Example 6
| Source File: XssTwirlDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
|
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
if(FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
return Priorities.LOW_PRIORITY;
}
else {
return Priorities.IGNORE_PRIORITY;
}
} else if (!taint.isSafe()
&& (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
&& taint.hasTag(Taint.Tag.LT_ENCODED)) {
return Priorities.LOW_PRIORITY;
} else {
return super.getPriority(taint);
}
}
Example 7
| Source File: XssMvcApiDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
|
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
if (FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
return Priorities.LOW_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
} else if (!taint.isSafe()
&& (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
&& taint.hasTag(Taint.Tag.LT_ENCODED)) {
return Priorities.LOW_PRIORITY;
} else {
return super.getPriority(taint);
}
}
Example 8
| Source File: XssJspDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
|
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
if(FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
return Priorities.LOW_PRIORITY;
}
else {
return Priorities.IGNORE_PRIORITY;
}
} else if (!taint.isSafe()
&& (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
&& taint.hasTag(Taint.Tag.LT_ENCODED)) {
return Priorities.LOW_PRIORITY;
} else {
return super.getPriority(taint);
}
}
Example 9
| Source File: XssServletDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
|
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
if(FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
return Priorities.LOW_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
} else if (!taint.isSafe()
&& (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
&& taint.hasTag(Taint.Tag.LT_ENCODED)) {
return Priorities.LOW_PRIORITY;
} else {
return super.getPriority(taint);
}
}
Example 10
| Source File: InsufficientKeySizeRsaDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
private void addToReport(Method m, ClassContext classContext, Location locationWeakness, Number n){
JavaClass clz = classContext.getJavaClass();
int priority = (n.intValue() < 1024) ? Priorities.NORMAL_PRIORITY : Priorities.LOW_PRIORITY;
bugReporter.reportBug(new BugInstance(this, RSA_KEY_SIZE_TYPE, priority) //
.addClass(clz)
.addMethod(clz, m)
.addSourceLine(classContext, m, locationWeakness));
}
Example 11
| Source File: CollectorBugReporter.java From sputnik with Apache License 2.0 | 5 votes |
|
@NotNull
private Severity convert(int priority) {
switch (priority) {
case Priorities.IGNORE_PRIORITY:
return Severity.IGNORE;
case Priorities.EXP_PRIORITY:
case Priorities.LOW_PRIORITY:
case Priorities.NORMAL_PRIORITY:
return Severity.INFO;
case Priorities.HIGH_PRIORITY:
return Severity.WARNING;
default:
throw new IllegalArgumentException("Priority " + priority + " is not supported");
}
}
Example 12
| Source File: HttpResponseSplittingDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
protected int getPriority(Taint taint) {
boolean newLineSafe = taint.hasTag(Taint.Tag.CR_ENCODED) && taint.hasTag(Taint.Tag.LF_ENCODED);
if (!taint.isSafe() && newLineSafe || taint.hasTag(Taint.Tag.URL_ENCODED)) {
return Priorities.IGNORE_PRIORITY;
} else if (taint.isTainted()) {
return Priorities.NORMAL_PRIORITY;
} else if (!taint.isSafe()) {
return Priorities.LOW_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
}
Example 13
| Source File: AndroidSqlInjectionDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.SQL_INJECTION_SAFE)) {
return Priorities.IGNORE_PRIORITY;
} else if (!taint.isSafe() && taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED)) {
return Priorities.LOW_PRIORITY;
}
else {
return super.getPriority(taint);
}
}
Example 14
| Source File: SqlInjectionDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
protected int getPriority(Taint taint) {
if (!taint.isSafe() && taint.hasTag(Taint.Tag.SQL_INJECTION_SAFE)) {
return Priorities.IGNORE_PRIORITY;
} else if (!taint.isSafe() && taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED)) {
return Priorities.LOW_PRIORITY;
} else {
return super.getPriority(taint);
}
}
Example 15
| Source File: TrustBoundaryViolationAttributeDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
/**
* All or nothing :
* <ul>
* <li>If the taint to sink path is found, it is mark as high</li>
* <li>If the source is not confirm, it is mark as low. This is will be the most common case.</li>
* </ul>
* @param taint Taint state
* @return High or low confidence
*/
@Override
protected int getPriority(Taint taint) {
if (taint.isTainted()) {
return Priorities.NORMAL_PRIORITY;
}
else if (!taint.isSafe()) {
return Priorities.LOW_PRIORITY;
}
else {
return Priorities.IGNORE_PRIORITY;
}
}
Example 16
| Source File: FormatStringManipulationDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
protected int getPriority(Taint taint) {
if (taint.isTainted()) {
return Priorities.NORMAL_PRIORITY;
}
else if (!taint.isSafe()) {
return Priorities.LOW_PRIORITY;
}
else {
return Priorities.IGNORE_PRIORITY;
}
}
Example 17
| Source File: Noise.java From spotbugs with GNU Lesser General Public License v2.1 | 4 votes |
|
@Override
public void sawOpcode(int seen) {
int priority;
switch (seen) {
case Const.INVOKEINTERFACE:
case Const.INVOKEVIRTUAL:
case Const.INVOKESPECIAL:
case Const.INVOKESTATIC:
hq.pushHash(getClassConstantOperand());
if (getNameConstantOperand().indexOf('$') == -1) {
hq.pushHash(getNameConstantOperand());
}
hq.pushHash(getSigConstantOperand());
priority = hq.getPriority();
if (priority <= Priorities.LOW_PRIORITY) {
accumulator.accumulateBug(new BugInstance(this, "NOISE_METHOD_CALL", priority).addClassAndMethod(this)
.addCalledMethod(this), this);
}
break;
case Const.GETFIELD:
case Const.PUTFIELD:
case Const.GETSTATIC:
case Const.PUTSTATIC:
hq.pushHash(getClassConstantOperand());
if (getNameConstantOperand().indexOf('$') == -1) {
hq.pushHash(getNameConstantOperand());
}
hq.pushHash(getSigConstantOperand());
priority = hq.getPriority();
if (priority <= Priorities.LOW_PRIORITY) {
accumulator.accumulateBug(new BugInstance(this, "NOISE_FIELD_REFERENCE", priority).addClassAndMethod(this)
.addReferencedField(this), this);
}
break;
case Const.CHECKCAST:
case Const.INSTANCEOF:
case Const.NEW:
hq.pushHash(getClassConstantOperand());
break;
case Const.IFEQ:
case Const.IFNE:
case Const.IFNONNULL:
case Const.IFNULL:
case Const.IF_ICMPEQ:
case Const.IF_ICMPNE:
case Const.IF_ICMPLE:
case Const.IF_ICMPGE:
case Const.IF_ICMPGT:
case Const.IF_ICMPLT:
case Const.IF_ACMPEQ:
case Const.IF_ACMPNE:
case Const.RETURN:
case Const.ARETURN:
case Const.IRETURN:
case Const.MONITORENTER:
case Const.MONITOREXIT:
case Const.IINC:
case Const.NEWARRAY:
case Const.TABLESWITCH:
case Const.LOOKUPSWITCH:
case Const.LCMP:
case Const.INEG:
case Const.IADD:
case Const.IMUL:
case Const.ISUB:
case Const.IDIV:
case Const.IREM:
case Const.IXOR:
case Const.ISHL:
case Const.ISHR:
case Const.IUSHR:
case Const.IAND:
case Const.IOR:
case Const.LAND:
case Const.LOR:
case Const.LADD:
case Const.LMUL:
case Const.LSUB:
case Const.LDIV:
case Const.LSHL:
case Const.LSHR:
case Const.LUSHR:
case Const.AALOAD:
case Const.AASTORE:
case Const.IALOAD:
case Const.IASTORE:
case Const.BALOAD:
case Const.BASTORE:
hq.push(seen);
priority = hq.getPriority();
if (priority <= Priorities.LOW_PRIORITY) {
accumulator.accumulateBug(
new BugInstance(this, "NOISE_OPERATION", priority).addClassAndMethod(this).addString(Const.getOpcodeName(seen)),
this);
}
break;
default:
break;
}
}
Example 18
| Source File: DontIgnoreResultOfPutIfAbsent.java From spotbugs with GNU Lesser General Public License v2.1 | 4 votes |
|
private static int getPriorityForBeingMutable(Type type) {
if (type instanceof ArrayType) {
return HIGH_PRIORITY;
} else if (type instanceof ObjectType) {
UnreadFieldsData unreadFields = AnalysisContext.currentAnalysisContext().getUnreadFieldsData();
ClassDescriptor cd = DescriptorFactory.getClassDescriptor((ObjectType) type);
@SlashedClassName
String className = cd.getClassName();
if (immutableClassNames.contains(className)) {
return Priorities.LOW_PRIORITY;
}
XClass xClass = AnalysisContext.currentXFactory().getXClass(cd);
if (xClass == null) {
return Priorities.IGNORE_PRIORITY;
}
ClassDescriptor superclassDescriptor = xClass.getSuperclassDescriptor();
if (superclassDescriptor != null) {
@SlashedClassName
String superClassName = superclassDescriptor.getClassName();
if ("java/lang/Enum".equals(superClassName)) {
return Priorities.LOW_PRIORITY;
}
}
boolean hasMutableField = false;
boolean hasUpdates = false;
for (XField f : xClass.getXFields()) {
if (!f.isStatic()) {
if (!f.isFinal() && !f.isSynthetic()) {
hasMutableField = true;
if (unreadFields.isWrittenOutsideOfInitialization(f)) {
hasUpdates = true;
}
}
String signature = f.getSignature();
if (signature.startsWith("Ljava/util/concurrent") || signature.startsWith("Ljava/lang/StringB")
|| signature.charAt(0) == '[' || signature.indexOf("Map") >= 0 || signature.indexOf("List") >= 0
|| signature.indexOf("Set") >= 0) {
hasMutableField = hasUpdates = true;
}
}
}
if (!hasMutableField && !xClass.isInterface() && !xClass.isAbstract()) {
return Priorities.LOW_PRIORITY;
}
if (hasUpdates || className.startsWith("java/util") || className.indexOf("Map") >= 0
|| className.indexOf("List") >= 0) {
return Priorities.HIGH_PRIORITY;
}
return Priorities.NORMAL_PRIORITY;
} else {
return Priorities.IGNORE_PRIORITY;
}
}
