Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor injection detectors #96

Closed
formanek opened this issue Sep 18, 2015 · 0 comments · Fixed by #115
Closed

Refactor injection detectors #96

formanek opened this issue Sep 18, 2015 · 0 comments · Fixed by #115
Labels
enhancement New feature or improvement to existing detector.
Milestone
version-1.4.4

Comments

@formanek
Copy link
Contributor

I want to refactor detectors using taint analysis to use hash maps and full method names instead of confused and slow conditional statements. It should be very easy to add a new sink and check the existing sinks. I would also put another abstract class between TaintDetector and concrete detectors and make more methods abstract to enable alter the behaviour for concrete injection types for the future improvements. InjectionSource class can be removed - instances of InjectionPoint will be in the map, isCandidate method is obsolete. Injectable method need not to be set and can be replaced by calling methods from FindBugs SignatureConverter. We will also need to modify CustomInjectionDetector.

@h3xstream Do you agree? Can I start to implement this?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or improvement to existing detector.
Projects
None yet
Milestone
version-1.4.4
Development

Successfully merging a pull request may close this issue.

Refactored and fixed injection detectors formanek/find-sec-bugs
2 participants
@h3xstream @formanek