Plugin Class
This (abstract) class is the parent of all plugin classes.
Located in /lib/Plugin.php (line 14)
Class | Description |
---|---|
Plugin_Antic | The Antic Plugin uses Antic to discover potential vulnerabilities in Java or C/C++ files. |
Plugin_authentication_weak | This class looks for weak authentication values, where *.username = *.password. |
Plugin_code_quality_javascript_obfuscated | This class looks for obfuscated JavaScript. |
Plugin_code_quality_null_redundant | This class looks for cases in code like this: |
Plugin_code_quality_resource_leak_getmain | This class looks for GETMAIN/FREEMAIN resource leaks in COBOL source code. |
Plugin_file_system_non_current_libraries | This class looks for library files (.jar, .so, .dll) that are not of the latest version, or not known at all. Uses resources/current_libraries/*. |
Plugin_file_system_temporary_files | This class looks for temporary files. |
Plugin_injection_xss_jsp | This class looks for XSS vulnerabilities of the form: String foo = request.getParameter("foo"); ... |
Plugin_injection_xss_println | This class looks for XSS vulnerabilities of the form: String foo = request.getParameter("foo"); ... |
Plugin_logging_logviewer | This class looks for Java source code that might indicate an online log viewer. |
Plugin_AllTargetsFinder | This class looks for all scanned files, placing them in an attachment. |
Plugin_BasicSummaryGrid | This plugin creates a basic summary grids and adds it as an attachment to the report. |
Plugin_URLFinder | This class looks for all URLs located in the source code. |
Plugin_struts_membernotreset | This class looks for ActionMapping classes that do not reset all member variables. |
Plugin_struts_noresetfunction | This class looks for ActionMapping classes that do not have reset() functions. |
Plugin_error_handling_catch_empty | This class looks for empty catch blocks: try { ... |
Plugin_StrutsValidator | This class looks finds all calls to request.getParameter, extracts all of the variable names, and puts them in a spreadsheet. |
Plugin_FindBugs | The FindBugs Plugin uses the open source tool FindBugs to discover potential vulnerabilities in compiled Java code. |
Plugin_Grep | The Grep Plugin is a special plugin that faciliates .grep psuedo-plugins, which are just files in the PLUGINS directory that contain necessary information to scan the target files. |
Plugin_JLint | The JLint Plugin uses JLint to discover potential vulnerabilities in .class files. |
Plugin_PMD | The PMD Plugin uses PMD to discover potential vulnerabilities in .java files. |
Plugin_information_disclosure_email_external | This class looks for e-mail addresses that aren't UBS ones. |
Plugin_links_external | This class looks for external links (to non-UBS resources). |
Plugin_Lint4J | The Lint4J Plugin uses Lint4J to discover potential vulnerabilities in .class files. |
How many lines to include in the context returned.
Description of this plugin (what it looks for, why it's important, how to remediate.
Holds the filename that this Plugin happens to be working on.
Holds the file contents that this Plugin is working on. This can be either an array of strings or just a \n-separated string, in which case it will be exploded when the object is created.
Internal variable set to true at the end of the constructor.
True iff this object is to be only invoked once. The object itself should prevent multiple executions.
True iff this object was initialized (i.e. has a valid extension)
Holds the results of the scan.
Valid file types that this Plugin can operate on.
Creates a new generic Plugin.
Checks for the current version of Java. The version must be greater than or equal to 1.4, or else the function will return true.
This function is called to de-allocate as much of the object as possible.
This function should not be called, since this class is abstract. The execute() function should be overridden by child classes.
Starts execution of the specific plugin. Calls the overridden method of child classes to perform the scan. This function just wraps that.
Documentation generated on Mon, 28 Apr 2008 12:52:01 -0400 by phpDocumentor 1.4.0a2