safe-encoders.other.txt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of findsecbugs-plugin Show documentation
Show all versions of findsecbugs-plugin Show documentation
Core module of the project. It include all the SpotBugs detectors.
The resulting jar is the published plugin.
The newest version!
java/net/URLEncoder.encode(Ljava/lang/String;)Ljava/lang/String;:0|+URL_ENCODED,+XSS_SAFE
java/net/URLEncoder.encode(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;:1|+URL_ENCODED,+XSS_SAFE
java/net/URLDecoder.decode(Ljava/lang/String;)Ljava/lang/String;:0|-URL_ENCODED,-XSS_SAFE
java/net/URLDecoder.decode(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;:1|-URL_ENCODED,-XSS_SAFE
--Spring Framework
org/springframework/web/util/HtmlUtils.htmlEscape(Ljava/lang/String;)Ljava/lang/String;:0|+XSS_SAFE
org/springframework/web/util/HtmlUtils.htmlEscape(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;:1|+XSS_SAFE
org/springframework/web/util/HtmlUtils.htmlUnescape(Ljava/lang/String;)Ljava/lang/String;:0|-XSS_SAFE
org/springframework/web/util/HtmlUtils.htmlEscapeDecimal(Ljava/lang/String;)Ljava/lang/String;:0|+XSS_SAFE
org/springframework/web/util/HtmlUtils.htmlEscapeDecimal(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;:1|+XSS_SAFE
org/springframework/web/util/HtmlUtils.htmlEscapeHex(Ljava/lang/String;)Ljava/lang/String;:0|+XSS_SAFE
org/springframework/web/util/HtmlUtils.htmlEscapeHex(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;:1|+XSS_SAFE
org/springframework/web/util/JavaScriptUtils.javaScriptEscape(Ljava/lang/String;)Ljava/lang/String;:0|+XSS_SAFE
org/springframework/util/StringUtils.getFilename(Ljava/lang/String;)Ljava/lang/String;:SAFE
org/springframework/util/StringUtils.getFilenameExtension(Ljava/lang/String;)Ljava/lang/String;:SAFE
--Safe date values
java/util/Calendar.getDisplayName(IILjava/util/Locale;)Ljava/lang/String;:SAFE
java/util/Calendar.getDisplayNames(IILjava/util/Locale;)Ljava/util/Map;:SAFE
java/util/UUID.randomUUID()Ljava/util/UUID;:SAFE
--Hash values should not be malicious even if the input is controlled by the user (exploitability is unlikely)
java/security/MessageDigest.digest([B)[B:SAFE
--Hexadecimal representation
javax/xml/bind/DatatypeConverter.printHexBinary([B)Ljava/lang/String;:SAFE
org/apache/commons/codec/binary/Hex.encodeHex([B)[C:SAFE
org/apache/commons/codec/binary/Hex.encodeHex([BZ)[C:SAFE
org/apache/commons/codec/binary/Hex.encodeHexString([B)Ljava/lang/String;:SAFE
org/apache/commons/codec/binary/Hex.encodeHexString([BZ)Ljava/lang/String;:SAFE
--Google Guava
com/google/common/escape/Escaper.escape(Ljava/lang/String;)Ljava/lang/String;:0|+URL_ENCODED,+XSS_SAFE
--HTTPClient
org/apache/http/client/utils/URIBuilder.build()Ljava/net/URI;:SAFE
org/apache/http/client/utils/URIBuilder.toString()Ljava/lang/String;:SAFE