Class Plugin

Description

Plugin Class

This (abstract) class is the parent of all plugin classes.

Located in /lib/Plugin.php (line 14)


	
			
Direct descendents
Class Description
Plugin_Antic The Antic Plugin uses Antic to discover potential vulnerabilities in Java or C/C++ files.
Plugin_authentication_weak This class looks for weak authentication values, where *.username = *.password.
Plugin_code_quality_javascript_obfuscated This class looks for obfuscated JavaScript.
Plugin_code_quality_null_redundant This class looks for cases in code like this:
Plugin_code_quality_resource_leak_getmain This class looks for GETMAIN/FREEMAIN resource leaks in COBOL source code.
Plugin_file_system_non_current_libraries This class looks for library files (.jar, .so, .dll) that are not of the latest version, or not known at all. Uses resources/current_libraries/*.
Plugin_file_system_temporary_files This class looks for temporary files.
Plugin_injection_xss_jsp This class looks for XSS vulnerabilities of the form: String foo = request.getParameter("foo"); ...
Plugin_injection_xss_println This class looks for XSS vulnerabilities of the form: String foo = request.getParameter("foo"); ...
Plugin_logging_logviewer This class looks for Java source code that might indicate an online log viewer.
Plugin_AllTargetsFinder This class looks for all scanned files, placing them in an attachment.
Plugin_BasicSummaryGrid This plugin creates a basic summary grids and adds it as an attachment to the report.
Plugin_URLFinder This class looks for all URLs located in the source code.
Plugin_struts_membernotreset This class looks for ActionMapping classes that do not reset all member variables.
Plugin_struts_noresetfunction This class looks for ActionMapping classes that do not have reset() functions.
Plugin_error_handling_catch_empty This class looks for empty catch blocks: try { ...
Plugin_StrutsValidator This class looks finds all calls to request.getParameter, extracts all of the variable names, and puts them in a spreadsheet.
Plugin_FindBugs The FindBugs Plugin uses the open source tool FindBugs to discover potential vulnerabilities in compiled Java code.
Plugin_Grep The Grep Plugin is a special plugin that faciliates .grep psuedo-plugins, which are just files in the PLUGINS directory that contain necessary information to scan the target files.
Plugin_JLint The JLint Plugin uses JLint to discover potential vulnerabilities in .class files.
Plugin_PMD The PMD Plugin uses PMD to discover potential vulnerabilities in .java files.
Plugin_information_disclosure_email_external This class looks for e-mail addresses that aren't UBS ones.
Plugin_links_external This class looks for external links (to non-UBS resources).
Plugin_Lint4J The Lint4J Plugin uses Lint4J to discover potential vulnerabilities in .class files.
Variable Summary
Method Summary
Plugin Plugin (string $filename,  &$file_contents, mixed $file_contents)
void check_for_java ([ $minimum_version = 1.40])
void destructor ()
void execute ()
void run ()
Variables
mixed $context_size = 7 (line 40)

How many lines to include in the context returned.

  • access: public
mixed $description = "default" (line 51)

Description of this plugin (what it looks for, why it's important, how to remediate.

  • access: public

Redefined in descendants as:
mixed $filename = "" (line 18)

Holds the filename that this Plugin happens to be working on.

  • access: public
mixed $file_contents = array() (line 25)

Holds the file contents that this Plugin is working on. This can be either an array of strings or just a \n-separated string, in which case it will be exploded when the object is created.

  • access: public
mixed $initialized = false (line 62)

Internal variable set to true at the end of the constructor.

  • access: public
mixed $is_multi_target = false (line 57)

True iff this object is to be only invoked once. The object itself should prevent multiple executions.

  • access: public

Redefined in descendants as:
mixed $is_valid_filetype = false (line 35)

True iff this object was initialized (i.e. has a valid extension)

  • access: public
mixed $result_list = array() (line 45)

Holds the results of the scan.

  • access: public
Methods
Constructor Plugin (line 69)

Creates a new generic Plugin.

  • access: public
Plugin Plugin (string $filename,  &$file_contents, mixed $file_contents)
  • string $filename: that is being examined.
  • mixed $file_contents: array or string of the file contents.
  • &$file_contents
check_for_java (line 137)

Checks for the current version of Java. The version must be greater than or equal to 1.4, or else the function will return true.

void check_for_java ([ $minimum_version = 1.40])
  • $minimum_version
destructor (line 84)

This function is called to de-allocate as much of the object as possible.

  • access: public
void destructor ()
execute (line 95)

This function should not be called, since this class is abstract. The execute() function should be overridden by child classes.

void execute ()

Redefined in descendants as:
run (line 105)

Starts execution of the specific plugin. Calls the overridden method of child classes to perform the scan. This function just wraps that.

void run ()

Documentation generated on Mon, 28 Apr 2008 12:52:01 -0400 by phpDocumentor 1.4.0a2