• Home
• com.h3xstream.findsecbugs
• findsecbugs-plugin
• 1.13.0
• source code
• java-lang.txt

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

taint-config.java-lang.txt Maven / Gradle / Ivy

-- Following classes are immutable
Ljava/lang/Character;:#IMMUTABLE
Ljava/lang/String;:#IMMUTABLE
Ljava/io/File;:#IMMUTABLE
Ljava/util/Locale;:#IMMUTABLE
Ljava/net/Inet4Address;:#IMMUTABLE
Ljava/net/Inet6Address;:#IMMUTABLE
Ljava/net/InetSocketAddress;:#IMMUTABLE
Ljava/net/URI;:#IMMUTABLE
Ljava/net/URL;:#IMMUTABLE

-- Following classes are SAFE (and also immutable in sense of being tainted)
Ljava/lang/Boolean;:SAFE#IMMUTABLE
Ljava/lang/Double;:SAFE#IMMUTABLE
Ljava/lang/Float;:SAFE#IMMUTABLE
Ljava/lang/Integer;:SAFE#IMMUTABLE
Ljava/lang/Long;:SAFE#IMMUTABLE
Ljava/lang/Byte;:SAFE#IMMUTABLE
Ljava/lang/Short;:SAFE#IMMUTABLE
Ljava/math/BigInteger;:SAFE#IMMUTABLE
Ljava/math/BigDecimal;:SAFE#IMMUTABLE
Ljava/util/Date;:SAFE#IMMUTABLE
Ljava/sql/Time;:SAFE#IMMUTABLE
Ljava/time/Duration;:SAFE#IMMUTABLE
Ljava/time/Instant;:SAFE#IMMUTABLE
Ljava/time/LocalDate;:SAFE#IMMUTABLE
Ljava/time/LocalDateTime;:SAFE#IMMUTABLE
Ljava/time/LocalTime;:SAFE#IMMUTABLE
Ljava/time/MonthDay;:SAFE#IMMUTABLE
Ljava/time/OffsetDateTime;:SAFE#IMMUTABLE
Ljava/time/OffsetTime;:SAFE#IMMUTABLE
Ljava/time/Period;:SAFE#IMMUTABLE
Ljava/time/Year;:SAFE#IMMUTABLE
Ljava/time/YearMonth;:SAFE#IMMUTABLE
Ljava/time/ZonedDateTime;:SAFE#IMMUTABLE
Ljava/time/ZonedId;:SAFE#IMMUTABLE
Ljava/time/ZoneOffset;:SAFE#IMMUTABLE
Ljava/text/Format;:SAFE#IMMUTABLE
Ljava/text/DateFormat;:SAFE#IMMUTABLE
Ljava/text/SimpleDateFormat;:SAFE#IMMUTABLE
Ljava/text/MessageFormat;:SAFE#IMMUTABLE
Ljava/text/NumberFormat;:SAFE#IMMUTABLE
Ljava/text/ChoiceFormat;:SAFE#IMMUTABLE
Ljava/text/DecimalFormat;:SAFE#IMMUTABLE

java/text/MessageFormat.format(Ljava/lang/String;[Ljava/lang/Object;)Ljava/lang/String;:0,1

java/lang/Object.clone()Ljava/lang/Object;:0
java/lang/Object.equals(Ljava/lang/Object;)Z:UNKNOWN

- Not true, but allows analysis of methods calling toString on Object instances
java/lang/Object.toString()Ljava/lang/String;:0

java/lang/Enum.name()Ljava/lang/String;:SAFE
java/lang/Enum.toString()Ljava/lang/String;:SAFE

- Objects from Java 8 function package are UNKNOWN by default, some could be made SAFE or TAINTED in the future
java/lang/Iterable.forEach(Ljava/util/function/Consumer;)V:0,1#1
java/lang/Iterable.iterator()Ljava/util/Iterator;:0

- usually safe for web applications
java/lang/System.clearProperty(Ljava/lang/String;)Ljava/lang/String;:SAFE
java/lang/System.getenv()Ljava/util/Map;:SAFE
java/lang/System.getenv(Ljava/lang/String;)Ljava/lang/String;:SAFE
java/lang/System.getProperty(Ljava/lang/String;)Ljava/lang/String;:SAFE
java/lang/System.getProperty(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;:SAFE
java/lang/System.lineSeparator()Ljava/lang/String;:SAFE
java/lang/System.setProperty(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;:SAFE


java/lang/Appendable.append(Ljava/lang/CharSequence;)Ljava/lang/Appendable;:0,1#1
java/lang/Appendable.append(Ljava/lang/CharSequence;II)Ljava/lang/Appendable;:2,3#3


java/lang/StringBuilder.()V:SAFE
java/lang/StringBuilder.(Ljava/lang/CharSequence;)V:0#1,2
java/lang/StringBuilder.(I)V:SAFE
java/lang/StringBuilder.(Ljava/lang/String;)V:0#1,2

java/lang/StringBuilder.append(Ljava/lang/String;)Ljava/lang/StringBuilder;:0,1#1
java/lang/StringBuilder.append(Ljava/lang/StringBuffer;)Ljava/lang/StringBuilder;:0,1#1
java/lang/StringBuilder.append(Ljava/lang/CharSequence;)Ljava/lang/StringBuilder;:0,1#1
java/lang/StringBuilder.append(Ljava/lang/CharSequence;II)Ljava/lang/StringBuilder;:2,3#3
java/lang/StringBuilder.append(Z)Ljava/lang/StringBuilder;:1
java/lang/StringBuilder.append(C)Ljava/lang/StringBuilder;:0,1
java/lang/StringBuilder.append(D)Ljava/lang/StringBuilder;:2
java/lang/StringBuilder.append(F)Ljava/lang/StringBuilder;:1
java/lang/StringBuilder.append(I)Ljava/lang/StringBuilder;:1
java/lang/StringBuilder.append(J)Ljava/lang/StringBuilder;:2
java/lang/StringBuilder.append(Ljava/lang/Object;)Ljava/lang/StringBuilder;:0,1#1

java/lang/StringBuilder.insert(ILjava/lang/String;)Ljava/lang/StringBuilder;:0,2#2
java/lang/StringBuilder.insert(ILjava/lang/Object;)Ljava/lang/StringBuilder;:0,2#2
java/lang/StringBuilder.insert(ILjava/lang/CharSequence;)Ljava/lang/StringBuilder;:0,2#2
java/lang/StringBuilder.insert(ILjava/lang/CharSequence;II)Ljava/lang/StringBuilder;:2,4#4
java/lang/StringBuilder.insert(IZ)Ljava/lang/StringBuilder;:2
java/lang/StringBuilder.insert(IC)Ljava/lang/StringBuilder;:2
java/lang/StringBuilder.insert(ID)Ljava/lang/StringBuilder;:3
java/lang/StringBuilder.insert(IF)Ljava/lang/StringBuilder;:2
java/lang/StringBuilder.insert(II)Ljava/lang/StringBuilder;:2
java/lang/StringBuilder.insert(IJ)Ljava/lang/StringBuilder;:3

java/lang/StringBuilder.delete(II)Ljava/lang/StringBuilder;:2#2
java/lang/StringBuilder.deleteCharAt(I)Ljava/lang/StringBuilder;:1#1
java/lang/StringBuilder.ensureCapacity(I)Ljava/lang/StringBuilder;:1#1
java/lang/StringBuilder.replace(IILjava/lang/String;)Ljava/lang/StringBuilder;:0,3#3
java/lang/StringBuilder.reverse()Ljava/lang/StringBuilder;:0#0
java/lang/StringBuilder.substring(I)Ljava/lang/String;:1
java/lang/StringBuilder.substring(II)Ljava/lang/String;:2
java/lang/StringBuilder.subSequence(II)Ljava/lang/CharSequence;:2
java/lang/StringBuilder.trimToSize()V:0#0


java/lang/StringBuffer.()V:SAFE
java/lang/StringBuffer.(Ljava/lang/CharSequence;)V:0#1,2
java/lang/StringBuffer.(I)V:SAFE
java/lang/StringBuffer.(Ljava/lang/String;)V:0#1,2

java/lang/StringBuffer.append(Ljava/lang/String;)Ljava/lang/StringBuffer;:0,1#1
java/lang/StringBuffer.append(Ljava/lang/StringBuffer;)Ljava/lang/StringBuffer;:0,1#1
java/lang/StringBuffer.append(Ljava/lang/CharSequence;)Ljava/lang/StringBuffer;:0,1#1
java/lang/StringBuffer.append(Ljava/lang/CharSequence;II)Ljava/lang/StringBuffer;:2,3#3
java/lang/StringBuffer.append(Z)Ljava/lang/StringBuffer;:1
java/lang/StringBuffer.append(C)Ljava/lang/StringBuffer;:0,1
java/lang/StringBuffer.append(D)Ljava/lang/StringBuffer;:2
java/lang/StringBuffer.append(F)Ljava/lang/StringBuffer;:1
java/lang/StringBuffer.append(I)Ljava/lang/StringBuffer;:1
java/lang/StringBuffer.append(J)Ljava/lang/StringBuffer;:2
java/lang/StringBuffer.append(Ljava/lang/Object;)Ljava/lang/StringBuffer;:0,1#1

java/lang/StringBuffer.insert(ILjava/lang/String;)Ljava/lang/StringBuffer;:0,2#2
java/lang/StringBuffer.insert(ILjava/lang/Object;)Ljava/lang/StringBuffer;:0,2#2
java/lang/StringBuffer.insert(ILjava/lang/CharSequence;)Ljava/lang/StringBuffer;:0,2#2
java/lang/StringBuffer.insert(ILjava/lang/CharSequence;II)Ljava/lang/StringBuffer;:2,4#4
java/lang/StringBuffer.insert(IZ)Ljava/lang/StringBuffer;:2
java/lang/StringBuffer.insert(IC)Ljava/lang/StringBuffer;:2
java/lang/StringBuffer.insert(ID)Ljava/lang/StringBuffer;:3
java/lang/StringBuffer.insert(IF)Ljava/lang/StringBuffer;:2
java/lang/StringBuffer.insert(II)Ljava/lang/StringBuffer;:2
java/lang/StringBuffer.insert(IJ)Ljava/lang/StringBuffer;:3

java/lang/StringBuffer.delete(II)Ljava/lang/StringBuffer;:2#2
java/lang/StringBuffer.deleteCharAt(I)Ljava/lang/StringBuffer;:1#1
java/lang/StringBuffer.ensureCapacity(I)Ljava/lang/StringBuffer;:1#1
java/lang/StringBuffer.replace(IILjava/lang/String;)Ljava/lang/StringBuffer;:0,3#3
java/lang/StringBuffer.reverse()Ljava/lang/StringBuffer;:0#0
java/lang/StringBuffer.substring(I)Ljava/lang/String;:1
java/lang/StringBuffer.substring(II)Ljava/lang/String;:2
java/lang/StringBuffer.subSequence(II)Ljava/lang/CharSequence;:2
java/lang/StringBuffer.trimToSize()V:0#0

java/lang/Appendable.append(C)Ljava/lang/Appendable;:0,1#1

java/lang/String.()V:SAFE
java/lang/String.(Ljava/lang/String;)V:0#1,2
java/lang/String.(Ljava/lang/StringBuilder;)V:0#1,2
java/lang/String.(Ljava/lang/StringBuffer;)V:0#1,2

java/lang/String.concat(Ljava/lang/String;)Ljava/lang/String;:0,1
java/lang/String.intern()Ljava/lang/String;:0
java/lang/String.format(Ljava/util/Locale;Ljava/lang/String;[Ljava/lang/Object;)Ljava/lang/String;:0
java/lang/String.format(Ljava/lang/String;[Ljava/lang/Object;)Ljava/lang/String;:0
java/lang/String.join(Ljava/lang/CharSequence;[Ljava/lang/CharSequence;)Ljava/lang/String;:0,1
java/lang/String.join(Ljava/lang/CharSequence;Ljava/lang/Iterable;)Ljava/lang/String;:0,1
java/lang/String.replace(CC)Ljava/lang/String;:2
java/lang/String.replace(Ljava/lang/CharSequence;Ljava/lang/CharSequence;)Ljava/lang/String;:0,2
java/lang/String.replaceAll(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;:0,2
java/lang/String.replaceFirst(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;:0,2
java/lang/String.split(Ljava/lang/String;)[Ljava/lang/String;:1
java/lang/String.split(Ljava/lang/String;I)[Ljava/lang/String;:2
java/lang/String.substring(I)Ljava/lang/String;:1
java/lang/String.substring(II)Ljava/lang/String;:2
java/lang/String.subSequence(II)Ljava/lang/CharSequence;:2
java/lang/String.toLowerCase()Ljava/lang/String;:0
java/lang/String.toLowerCase(Ljava/util/Locale;)Ljava/lang/String;:1
java/lang/String.toUpperCase()Ljava/lang/String;:0
java/lang/String.toUpperCase(Ljava/util/Locale;)Ljava/lang/String;:1
java/lang/String.trim()Ljava/lang/String;:0
java/lang/String.valueOf(Z)Ljava/lang/String;:SAFE
java/lang/String.valueOf(C)Ljava/lang/String;:0
java/lang/String.valueOf(D)Ljava/lang/String;:SAFE
java/lang/String.valueOf(F)Ljava/lang/String;:SAFE
java/lang/String.valueOf(I)Ljava/lang/String;:SAFE
java/lang/String.valueOf(J)Ljava/lang/String;:SAFE
java/lang/String.valueOf(Ljava/lang/Object;)Ljava/lang/String;:0
java/lang/String.valueOf([C)Ljava/lang/String;:0
java/lang/String.toCharArray()[C:0

java/util/Arrays.toString([Ljava/lang/Object;)Ljava/lang/String;:0

java/lang/CharSequence.subSequence(II)Ljava/lang/CharSequence;:2


java/lang/Boolean.toString()Ljava/lang/String;:SAFE
java/lang/Boolean.toString(B)Ljava/lang/String;:SAFE
java/lang/Character.getName(I)Ljava/lang/String;:0
java/lang/Character.toString()Ljava/lang/String;:0
java/lang/Character.toString(C)Ljava/lang/String;:0
java/lang/Double.toString()Ljava/lang/String;:SAFE
java/lang/Double.toString(D)Ljava/lang/String;:SAFE
java/lang/Float.toHexString(F)Ljava/lang/String;:SAFE
java/lang/Float.toString()Ljava/lang/String;:SAFE
java/lang/Float.toString(F)Ljava/lang/String;:SAFE
java/lang/Integer.toBinaryString(I)Ljava/lang/String;:SAFE
java/lang/Integer.toHexString(I)Ljava/lang/String;:SAFE
java/lang/Integer.toOctalString(I)Ljava/lang/String;:SAFE
java/lang/Integer.toString()Ljava/lang/String;:SAFE
java/lang/Integer.toString(I)Ljava/lang/String;:SAFE
java/lang/Integer.toString(II)Ljava/lang/String;:SAFE
java/lang/Long.toBinaryString(J)Ljava/lang/String;:SAFE
java/lang/Long.toHexString(J)Ljava/lang/String;:SAFE
java/lang/Long.toOctalString(J)Ljava/lang/String;:SAFE
java/lang/Long.toString()Ljava/lang/String;:SAFE
java/lang/Long.toString(J)Ljava/lang/String;:SAFE
java/lang/Long.toString(JI)Ljava/lang/String;:SAFE
java/lang/Byte.toString()Ljava/lang/String;:SAFE
java/lang/Byte.toString(B)Ljava/lang/String;:SAFE
java/lang/Short.toString()Ljava/lang/String;:SAFE
java/lang/Short.toString(S)Ljava/lang/String;:SAFE
java/math/BigDecimal.toEngineeringString()Ljava/lang/String;:SAFE
java/math/BigDecimal.toPlainString()Ljava/lang/String;:SAFE
java/math/BigDecimal.toString()Ljava/lang/String;:SAFE


java/lang/reflect/Type.getTypeName()Ljava/lang/String;:SAFE
java/lang/Class.getCanonicalName()Ljava/lang/String;:SAFE
java/lang/Class.getName()Ljava/lang/String;:SAFE
java/lang/Class.getResource(Ljava/lang/String;)Ljava/net/URL;:SAFE
java/lang/ClassLoader.getResource(Ljava/lang/String;)Ljava/net/URL;:SAFE
java/lang/ClassLoader.getResources(Ljava/lang/String;)Ljava/util/Enumeration;:SAFE
java/lang/ClassLoader.getSystemResource(Ljava/lang/String;)Ljava/net/URL;:SAFE
java/lang/ClassLoader.getSystemResources(Ljava/lang/String;)Ljava/util/Enumeration;:SAFE
java/lang/Class.getSimpleName()Ljava/lang/String;:SAFE
java/lang/Class.toGenericString()Ljava/lang/String;:SAFE
java/lang/Class.toString()Ljava/lang/String;:SAFE
java/lang/reflect/Member.getName()Ljava/lang/String;:SAFE
java/lang/reflect/Executable.toGenericString()Ljava/lang/String;:SAFE
java/lang/reflect/Method.toString()Ljava/lang/String;:SAFE
java/lang/reflect/Constructor.toString()Ljava/lang/String;:SAFE
java/lang/reflect/Field.toGenericString()Ljava/lang/String;:SAFE
java/lang/reflect/Field.toString()Ljava/lang/String;:SAFE
java/lang/Package.getName()Ljava/lang/String;:SAFE
java/lang/Package.toString()Ljava/lang/String;:SAFE

java/lang/Class.getResourceAsStream(Ljava/lang/String;)Ljava/io/InputStream;:0#1
javax/xml/transform/stream/StreamSource.(Ljava/io/InputStream;)V:0#2

java/io/FileInputStream.(Ljava/lang/String;)V:0#1,2
java/io/ByteArrayInputStream.([B)V:0#1,2
java/lang/String.getBytes()[B:0#0

--ResourceBundle is typically locale strings that are loaded from static files
java/util/ResourceBundle.getString(Ljava/lang/String;)Ljava/lang/String;:SAFE
java/util/ResourceBundle.getStringArray(Ljava/lang/String;)[Ljava/lang/String;:SAFE
java/util/ResourceBundle.getObject(Ljava/lang/String;)Ljava/lang/Object;:SAFE

--Kotlin code that adds methods to String class in Java
kotlin/text/StringsKt.replace$default(Ljava/lang/String;CCZILjava/lang/Object;)Ljava/lang/String;:5
kotlin/text/StringsKt.replace$default(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;ZILjava/lang/Object;)Ljava/lang/String;:5
kotlin/text/Regex.replace(Ljava/lang/CharSequence;Ljava/lang/String;)Ljava/lang/String;:1
kotlin/text/Regex.(Ljava/lang/String;)V:SAFE