-
$event_callback_list
-
Holds the event array for callbacks
-
ellipsize
-
-
endsWith
-
-
error2string
-
Converts an error value to a string.
-
evict
-
-
execute
-
Executes the PMD function. This calls out to pmd.bat which then calls Java, but process output comes back here.
-
execute
-
The execute function renders the particular report. Since this is is an abstract class, this function should never actually be called, but should be overriden by a subclass.
-
execute
-
This function should not be called, since this class is abstract. The execute() function should be overridden by child classes.
-
execute
-
-
execute
-
-
execute
-
-
execute
-
-
execute
-
-
execute
-
Executes an XMLReport, with output going to $options['output']
-
execute
-
-
execute
-
-
execute
-
-
execute
-
-
execute
-
-
execute
-
-
execute
-
-
execute
-
-
execute
-
Executes a CSVReport, with output going to $options['output']
-
execute
-
Executes the plugin to scan a particular file. Uses a cache to speed things up.
-
execute
-
-
execute
-
-
execute
-
-
execute
-
-
execute
-
Executes a DetailedReport, with output going to $options['output']
-
execute
-
Executes an HTMLReport, with output going to $options['output']
-
execute
-
Executes this plugin, scanning for files, placing them into an attachment.
-
execute
-
Executes an HTMLReport, with output going to $options['output']
-
execute
-
-
execute
-
-
execute
-
Executes the scanning function. This calls out to findbugs.bat which then calls Java, but process output comes back here.
-
execute
-
Executes the plugin to scan a particular file. Uses a cache to speed things up.
-
execute_callback
-
Executes callbacks for a particular event.
-
$general_cache
-
The general_cache array contains arrays of data to be cached. Read-Write by anyone.
-
$grep
-
-
generate_attachment_list
-
Generates a list of DIVs that contain the attachment contents.
-
generate_attachment_select_box
-
Generates a dropdown select box to choose a particular attachment to show.
-
get
-
-
getInstance
-
Gets the singleton instance of the Yasca object
-
get_adjusted_alternate_name
-
Gets the adjusted alternate name for a specific plugin.
-
get_adjusted_description
-
Gets the adjusted description of the finding.
-
get_adjusted_severity
-
Gets the adjusted severity for a specific plugin.
-
get_adjustment
-
Retrieves a specific adjustment.
-
get_class_from_file
-
Extracts class name from a file.
-
get_file_contents
-
-
get_method_contents
-
Gets method contents from a specific file.
-
get_owasp_vulnerability_content
-
Loads an external vulnerability from OWASP
-
get_postamble
-
-
get_postamble
-
-
get_postamble
-
-
get_postamble
-
-
get_postamble
-
-
get_preamble
-
-
get_preamble
-
-
get_preamble
-
-
get_preamble
-
-
get_preamble
-
-
get_report_extension
-
Finds the actual extension to be used for the report chosen. Includes the period (.).
-
get_rulesets
-
Gets the specific rulesets to be included. The rule is that any plugin that has an .xml extension is fair game, except for those starting with an underscore (_).
-
get_severity_description
-
Translated a severity number into a description.
-
Grep.php
-
-
$pattern_list
-
-
$plugin_file_list
-
-
$plugin_list
-
The list of available plugin functions.
-
$plugin_name
-
-
$progress_callback
-
-
Plugin.php
-
-
parse_command_line_arguments
-
Parses the command line arguments (argc, argv).
-
Plugin
-
Creates a new generic Plugin.
-
Plugin
-
Plugin Class
-
PMD.php
-
-
Plugin_AllTargetsFinder
-
This class looks for all scanned files, placing them in an attachment.
-
Plugin_Antic
-
The Antic Plugin uses Antic to discover potential vulnerabilities in Java or C/C++ files.
-
Plugin_authentication_weak
-
This class looks for weak authentication values, where *.username = *.password.
-
Plugin_BasicSummaryGrid
-
This plugin creates a basic summary grids and adds it as an attachment to the report.
-
Plugin_code_quality_javascript_obfuscated
-
This class looks for obfuscated JavaScript.
-
Plugin_code_quality_null_redundant
-
This class looks for cases in code like this:
-
Plugin_code_quality_resource_leak_getmain
-
This class looks for GETMAIN/FREEMAIN resource leaks in COBOL source code.
-
Plugin_error_handling_catch_empty
-
This class looks for empty catch blocks: try { ...
-
Plugin_file_system_non_current_libraries
-
This class looks for library files (.jar, .so, .dll) that are not of the latest version, or not known at all. Uses resources/current_libraries/*.
-
Plugin_file_system_temporary_files
-
This class looks for temporary files.
-
Plugin_FindBugs
-
The FindBugs Plugin uses the open source tool FindBugs to discover potential vulnerabilities in compiled Java code.
-
Plugin_Grep
-
The Grep Plugin is a special plugin that faciliates .grep psuedo-plugins, which are just files in the PLUGINS directory that contain necessary information to scan the target files.
-
Plugin_information_disclosure_email_external
-
This class looks for e-mail addresses that aren't UBS ones.
-
Plugin_injection_xss_jsp
-
This class looks for XSS vulnerabilities of the form: String foo = request.getParameter("foo"); ...
-
Plugin_injection_xss_println
-
This class looks for XSS vulnerabilities of the form: String foo = request.getParameter("foo"); ...
-
Plugin_JLint
-
The JLint Plugin uses JLint to discover potential vulnerabilities in .class files.
-
Plugin_links_external
-
This class looks for external links (to non-UBS resources).
-
Plugin_Lint4J
-
The Lint4J Plugin uses Lint4J to discover potential vulnerabilities in .class files.
-
Plugin_logging_logviewer
-
This class looks for Java source code that might indicate an online log viewer.
-
Plugin_PMD
-
The PMD Plugin uses PMD to discover potential vulnerabilities in .java files.
-
Plugin_StrutsValidator
-
This class looks finds all calls to request.getParameter, extracts all of the variable names, and puts them in a spreadsheet.
-
Plugin_struts_membernotreset
-
This class looks for ActionMapping classes that do not reset all member variables.
-
Plugin_struts_noresetfunction
-
This class looks for ActionMapping classes that do not have reset() functions.
-
Plugin_URLFinder
-
This class looks for all URLs located in the source code.
-
profile
-
Function profiler for PHP.
-
put
-
-
put_file_contents
-