Class SAST
java.lang.Object
com.onenetwork.platform.tools.util.SAST
public class SAST
extends java.lang.Object
This class was built to help clean up SAST false positives and other issues
-
Constructor Summary
Constructors Constructor Description SAST()
-
Method Summary
Modifier and Type Method Description static java.lang.Boolean
falsePositiveBooleanCodeInjection(java.lang.Boolean b)
Checkmarx is wrongly identifying vulnerabilities on boolean variables.static java.lang.Boolean
falsePositiveBooleanReflectedXSS(java.lang.Boolean b)
Checkmarx is wrongly identifying vulnerabilities on boolean variables.static <T> T
falsePositiveClearTxtSubmSensitiveInfo(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic java.lang.String
falsePositiveCodeInjection(java.lang.String s)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic java.lang.String
falsePositiveConnectionStringInjection(java.lang.String s)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic java.lang.String
falsePositiveDateCodeInjection(java.lang.String d)
Checkmarx is wrongly identifying vulnerabilities on boolean variables.static java.text.SimpleDateFormat
falsePositiveDateCodeInjection(java.text.SimpleDateFormat d)
Checkmarx is wrongly identifying vulnerabilities on boolean variables.static java.lang.String
falsePositiveDateReflectedXSS(java.lang.String d)
This utility provides a Checkmarx pseudo-sanitizer to be used to be used on strings that have been validated as datestatic java.util.Date
falsePositiveDateReflectedXSS(java.util.Date d)
This utility provides a Checkmarx pseudo-sanitizer to be used to be used on strings that have been validated as datestatic java.lang.String
falsePositiveDownloadCodeWithoutIntegCheck(java.lang.String s)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic java.lang.String
falsePositiveExprLanguageInjection(java.lang.String s)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic <T> T
falsePositiveExternalControl(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic <T> T
falsePositiveHashWithoutProperSalt(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic <T> T
falsePositiveHttpOnlyCookies(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a falsestatic <T> T
falsePositiveHTTPResponseSplitting(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a falsestatic <T> T
falsePositiveInputPathNotCanonicalized(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic int
falsePositiveIntSQLInjection(int i)
Checkmarx is identifying false positives in SQL Injection This utility provides a pseudo-sanitizer to be used to be used such situationsstatic int
falsePositiveIntStoredXSS(int i)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable outputstatic java.lang.Long
falsePositiveLongCodeInjection(java.lang.Long l)
Checkmarx is wrongly identifying vulnerabilities on boolean variables.static java.lang.Long
falsePositiveLongParameterTampering(java.lang.Long l)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic long
falsePositiveLongReflectedXSS(long l)
Checkmarx is wrongly identifying vulnerabilities on long type variables.static java.lang.Long
falsePositiveLongSQLInjection(java.lang.Long l)
Checkmarx is identifying false positives in SQL Injection This utility provides a pseudo-sanitizer to be used to be used such situationsstatic <T> T
falsePositiveObjCodeInjection(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic <T> T
falsePositiveObjExprLanguageInjection(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic <T> T
falsePositiveObjPathTransversal(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic <T> T
falsePositiveObjReflectedXSS(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable outputstatic <T> T
falsePositiveObjSQLInjection(T obj)
Checkmarx is identifying false positives in SQL Injection This utility provides a pseudo-sanitizer to be used to be used such situationsstatic <T> T
falsePositiveObjStoredXSS(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable outputstatic java.lang.String
falsePositiveParameterTampering(java.lang.String s)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic <T> T
falsePositivePrivacyViolation(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a falsestatic <T> T
falsePositiveReDoSRegexInjection(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic java.lang.String
falsePositiveReflectedXSS(java.lang.String s)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable outputstatic <T> T
falsePositiveSameSeedInPRNG(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic <T> T
falsePositiveServerDoSByLoop(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic short
falsePositiveShortCodeInjection(short s)
Checkmarx is wrongly identifying vulnerabilities on boolean variables.static java.lang.String
falsePositiveSQLInjection(java.lang.String s)
Checkmarx is identifying false positives in SQL Injection This utility provides a pseudo-sanitizer to be used to be used such situationsstatic <T> T
falsePositiveSSRF(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic java.lang.String
falsePositiveStoredXSS(java.lang.String s)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable outputstatic <T> T
falsePositiveValidatedObjSQLInjection(T obj)
Checkmarx is identifying false positives in SQL Injection when an input is properly validated.static java.lang.String
falsePositiveValidatedReflectedXSS(java.lang.String s)
Checkmarx is identifying false positives when an input is properly validated.static java.lang.String
falsePositiveValidatedSQLInjection(java.lang.String s)
Checkmarx is identifying false positives in SQL Injection when an input is properly validated.static <T> T
falsePositiveXXE(T obj)
Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false
-
Constructor Details
-
SAST
public SAST()
-
-
Method Details
-
falsePositiveStoredXSS
public static java.lang.String falsePositiveStoredXSS(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable output- Parameters:
s
- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveObjStoredXSS
public static <T> T falsePositiveObjStoredXSS(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable output- Parameters:
obj
- the object that needs to be sanitized- Returns:
- Object - the unaltered input object
-
falsePositiveIntStoredXSS
public static int falsePositiveIntStoredXSS(int i)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable output- Parameters:
i
- the integer that needs to be sanitized- Returns:
- i - the unaltered input integer
-
falsePositiveReflectedXSS
public static java.lang.String falsePositiveReflectedXSS(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable output- Parameters:
s
- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveObjReflectedXSS
public static <T> T falsePositiveObjReflectedXSS(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable output- Parameters:
obj
- the object that needs to be sanitized- Returns:
- Object - the unaltered input object
-
falsePositiveLongReflectedXSS
public static long falsePositiveLongReflectedXSS(long l)Checkmarx is wrongly identifying vulnerabilities on long type variables. This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
l
- the Long that needs to be sanitized- Returns:
- long - the unaltered input long
-
falsePositiveBooleanReflectedXSS
public static java.lang.Boolean falsePositiveBooleanReflectedXSS(java.lang.Boolean b)Checkmarx is wrongly identifying vulnerabilities on boolean variables. This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
b
- the boolean that needs to be sanitized- Returns:
- Boolean - the unaltered input boolean
-
falsePositiveDateReflectedXSS
public static java.lang.String falsePositiveDateReflectedXSS(java.lang.String d)This utility provides a Checkmarx pseudo-sanitizer to be used to be used on strings that have been validated as date -
falsePositiveDateReflectedXSS
public static java.util.Date falsePositiveDateReflectedXSS(java.util.Date d)This utility provides a Checkmarx pseudo-sanitizer to be used to be used on strings that have been validated as date- Parameters:
d
- the date that needs to be sanitized- Returns:
- Date - the unaltered input date
-
falsePositiveValidatedReflectedXSS
public static java.lang.String falsePositiveValidatedReflectedXSS(java.lang.String s)Checkmarx is identifying false positives when an input is properly validated. This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
s
- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveValidatedObjSQLInjection
public static <T> T falsePositiveValidatedObjSQLInjection(T obj)Checkmarx is identifying false positives in SQL Injection when an input is properly validated. This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
obj
- the object that needs to be sanitized- Returns:
- Object - the unaltered input object
-
falsePositiveValidatedSQLInjection
public static java.lang.String falsePositiveValidatedSQLInjection(java.lang.String s)Checkmarx is identifying false positives in SQL Injection when an input is properly validated. This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
s
- the string that needs to be sanitized- Returns:
- s - the unaltered input object
-
falsePositiveSQLInjection
public static java.lang.String falsePositiveSQLInjection(java.lang.String s)Checkmarx is identifying false positives in SQL Injection This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
s
- the string that needs to be sanitized- Returns:
- s - the unaltered input object
-
falsePositiveObjSQLInjection
public static <T> T falsePositiveObjSQLInjection(T obj)Checkmarx is identifying false positives in SQL Injection This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
s
- the string that needs to be sanitized- Returns:
- Object - the unaltered input object
-
falsePositiveIntSQLInjection
public static int falsePositiveIntSQLInjection(int i)Checkmarx is identifying false positives in SQL Injection This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
i
- the integer that needs to be sanitized- Returns:
- i - the unaltered input integer
-
falsePositiveLongSQLInjection
public static java.lang.Long falsePositiveLongSQLInjection(java.lang.Long l)Checkmarx is identifying false positives in SQL Injection This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
l
- the Long that needs to be sanitized- Returns:
- l - the unaltered input Long
-
falsePositiveBooleanCodeInjection
public static java.lang.Boolean falsePositiveBooleanCodeInjection(java.lang.Boolean b)Checkmarx is wrongly identifying vulnerabilities on boolean variables. This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
b
- the boolean that needs to be sanitized- Returns:
- Boolean - the unaltered input boolean
-
falsePositiveLongCodeInjection
public static java.lang.Long falsePositiveLongCodeInjection(java.lang.Long l)Checkmarx is wrongly identifying vulnerabilities on boolean variables. This utility provides a pseudo-sanitizer to be used to be used such situations -
falsePositiveShortCodeInjection
public static short falsePositiveShortCodeInjection(short s)Checkmarx is wrongly identifying vulnerabilities on boolean variables. This utility provides a pseudo-sanitizer to be used to be used such situations -
falsePositiveDateCodeInjection
public static java.text.SimpleDateFormat falsePositiveDateCodeInjection(java.text.SimpleDateFormat d)Checkmarx is wrongly identifying vulnerabilities on boolean variables. This utility provides a pseudo-sanitizer to be used to be used such situations -
falsePositiveDateCodeInjection
public static java.lang.String falsePositiveDateCodeInjection(java.lang.String d)Checkmarx is wrongly identifying vulnerabilities on boolean variables. This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
d
- the variable that has been validated to be a date date and which needs to be sanitized- Returns:
- String - the unaltered input String
-
falsePositiveCodeInjection
public static java.lang.String falsePositiveCodeInjection(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
s
- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveObjCodeInjection
public static <T> T falsePositiveObjCodeInjection(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj
- the object that needs to be sanitized- Returns:
- Object - the unaltered input object
-
falsePositiveExprLanguageInjection
public static java.lang.String falsePositiveExprLanguageInjection(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
s
- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveObjExprLanguageInjection
public static <T> T falsePositiveObjExprLanguageInjection(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj
- the object that needs to be sanitized- Returns:
- obj - the unaltered input string
-
falsePositiveConnectionStringInjection
public static java.lang.String falsePositiveConnectionStringInjection(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
s
- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveObjPathTransversal
public static <T> T falsePositiveObjPathTransversal(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj
- the object that needs to be sanitized- Returns:
- obj - the unaltered input string
-
falsePositiveParameterTampering
public static java.lang.String falsePositiveParameterTampering(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
s
- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveLongParameterTampering
public static java.lang.Long falsePositiveLongParameterTampering(java.lang.Long l)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
s
- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveDownloadCodeWithoutIntegCheck
public static java.lang.String falsePositiveDownloadCodeWithoutIntegCheck(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
s
- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveSSRF
public static <T> T falsePositiveSSRF(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj
- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveHashWithoutProperSalt
public static <T> T falsePositiveHashWithoutProperSalt(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj
- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveInputPathNotCanonicalized
public static <T> T falsePositiveInputPathNotCanonicalized(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj
- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositivePrivacyViolation
public static <T> T falsePositivePrivacyViolation(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false- Parameters:
obj
- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveHttpOnlyCookies
public static <T> T falsePositiveHttpOnlyCookies(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false- Parameters:
obj
- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveXXE
public static <T> T falsePositiveXXE(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false- Parameters:
obj
- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveHTTPResponseSplitting
public static <T> T falsePositiveHTTPResponseSplitting(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false- Parameters:
obj
- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveClearTxtSubmSensitiveInfo
public static <T> T falsePositiveClearTxtSubmSensitiveInfo(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj
- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveSameSeedInPRNG
public static <T> T falsePositiveSameSeedInPRNG(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj
- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveServerDoSByLoop
public static <T> T falsePositiveServerDoSByLoop(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj
- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveExternalControl
public static <T> T falsePositiveExternalControl(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj
- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveReDoSRegexInjection
public static <T> T falsePositiveReDoSRegexInjection(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj
- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-