• Home
• com.h3xstream.findsecbugs
• findsecbugs-plugin
• 1.9.0
• source code
• package-info.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.h3xstream.findsecbugs.injection.trust.package-info Maven / Gradle / Ivy

/**
 * 

 * Trust Boundary Violation is fancy name to describe tainted value passed directly to session attribute.
 * This could be an expected behavior that allow an attacker to change the session state.
 * 
 * 

 * When the parameter is dynamic, it is a lot more suspicious than when it is a dynamic value.
 * setAttribute( suspiciousValue, "true")
 * vs
 * setAttribute( "language" , commonDynamicValue)
 * 
 * 

 * For this reason, the trust boundary violation was split in two detectors.
 * This will allow user to hide the low priority of this detector.
 * 
 *
 * @see com.h3xstream.findsecbugs.injection.trust.TrustBoundaryViolationAttributeDetector
 * @see com.h3xstream.findsecbugs.injection.trust.TrustBoundaryViolationValueDetector
 */
package com.h3xstream.findsecbugs.injection.trust;