Class SAST
java.lang.Object
com.onenetwork.platform.tools.util.SAST
public class SAST
extends java.lang.Object
This class was built to help clean up SAST false positives and other issues
-
Constructor Summary
Constructors Constructor Description SAST() -
Method Summary
Modifier and Type Method Description static java.lang.BooleanfalsePositiveBooleanCodeInjection(java.lang.Boolean b)Checkmarx is wrongly identifying vulnerabilities on boolean variables.static java.lang.BooleanfalsePositiveBooleanReflectedXSS(java.lang.Boolean b)Checkmarx is wrongly identifying vulnerabilities on boolean variables.static <T> TfalsePositiveClearTxtSubmSensitiveInfo(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic java.lang.StringfalsePositiveCodeInjection(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic java.lang.StringfalsePositiveConnectionStringInjection(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic java.lang.StringfalsePositiveDateCodeInjection(java.lang.String d)Checkmarx is wrongly identifying vulnerabilities on boolean variables.static java.text.SimpleDateFormatfalsePositiveDateCodeInjection(java.text.SimpleDateFormat d)Checkmarx is wrongly identifying vulnerabilities on boolean variables.static java.lang.StringfalsePositiveDateReflectedXSS(java.lang.String d)This utility provides a Checkmarx pseudo-sanitizer to be used to be used on strings that have been validated as datestatic java.util.DatefalsePositiveDateReflectedXSS(java.util.Date d)This utility provides a Checkmarx pseudo-sanitizer to be used to be used on strings that have been validated as datestatic java.lang.StringfalsePositiveDownloadCodeWithoutIntegCheck(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic java.lang.StringfalsePositiveExprLanguageInjection(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic <T> TfalsePositiveExternalControl(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic <T> TfalsePositiveHashWithoutProperSalt(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic <T> TfalsePositiveHttpOnlyCookies(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a falsestatic <T> TfalsePositiveHTTPResponseSplitting(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a falsestatic <T> TfalsePositiveInputPathNotCanonicalized(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic intfalsePositiveIntSQLInjection(int i)Checkmarx is identifying false positives in SQL Injection This utility provides a pseudo-sanitizer to be used to be used such situationsstatic intfalsePositiveIntStoredXSS(int i)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable outputstatic java.lang.LongfalsePositiveLongCodeInjection(java.lang.Long l)Checkmarx is wrongly identifying vulnerabilities on boolean variables.static java.lang.LongfalsePositiveLongParameterTampering(java.lang.Long l)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic longfalsePositiveLongReflectedXSS(long l)Checkmarx is wrongly identifying vulnerabilities on long type variables.static java.lang.LongfalsePositiveLongSQLInjection(java.lang.Long l)Checkmarx is identifying false positives in SQL Injection This utility provides a pseudo-sanitizer to be used to be used such situationsstatic <T> TfalsePositiveObjCodeInjection(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic <T> TfalsePositiveObjExprLanguageInjection(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic <T> TfalsePositiveObjPathTransversal(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic <T> TfalsePositiveObjReflectedXSS(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable outputstatic <T> TfalsePositiveObjSQLInjection(T obj)Checkmarx is identifying false positives in SQL Injection This utility provides a pseudo-sanitizer to be used to be used such situationsstatic <T> TfalsePositiveObjStoredXSS(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable outputstatic java.lang.StringfalsePositiveParameterTampering(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic <T> TfalsePositivePrivacyViolation(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a falsestatic <T> TfalsePositiveReDoSRegexInjection(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic java.lang.StringfalsePositiveReflectedXSS(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable outputstatic <T> TfalsePositiveSameSeedInPRNG(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic <T> TfalsePositiveServerDoSByLoop(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic shortfalsePositiveShortCodeInjection(short s)Checkmarx is wrongly identifying vulnerabilities on boolean variables.static java.lang.StringfalsePositiveSQLInjection(java.lang.String s)Checkmarx is identifying false positives in SQL Injection This utility provides a pseudo-sanitizer to be used to be used such situationsstatic <T> TfalsePositiveSSRF(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positivestatic java.lang.StringfalsePositiveStoredXSS(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable outputstatic <T> TfalsePositiveValidatedObjSQLInjection(T obj)Checkmarx is identifying false positives in SQL Injection when an input is properly validated.static java.lang.StringfalsePositiveValidatedReflectedXSS(java.lang.String s)Checkmarx is identifying false positives when an input is properly validated.static java.lang.StringfalsePositiveValidatedSQLInjection(java.lang.String s)Checkmarx is identifying false positives in SQL Injection when an input is properly validated.static <T> TfalsePositiveXXE(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false
-
Constructor Details
-
SAST
public SAST()
-
-
Method Details
-
falsePositiveStoredXSS
public static java.lang.String falsePositiveStoredXSS(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable output- Parameters:
s- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveObjStoredXSS
public static <T> T falsePositiveObjStoredXSS(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable output- Parameters:
obj- the object that needs to be sanitized- Returns:
- Object - the unaltered input object
-
falsePositiveIntStoredXSS
public static int falsePositiveIntStoredXSS(int i)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable output- Parameters:
i- the integer that needs to be sanitized- Returns:
- i - the unaltered input integer
-
falsePositiveReflectedXSS
public static java.lang.String falsePositiveReflectedXSS(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable output- Parameters:
s- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveObjReflectedXSS
public static <T> T falsePositiveObjReflectedXSS(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive either because the source is safe or because the data will not be exposed to the browser or other vulnerable output- Parameters:
obj- the object that needs to be sanitized- Returns:
- Object - the unaltered input object
-
falsePositiveLongReflectedXSS
public static long falsePositiveLongReflectedXSS(long l)Checkmarx is wrongly identifying vulnerabilities on long type variables. This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
l- the Long that needs to be sanitized- Returns:
- long - the unaltered input long
-
falsePositiveBooleanReflectedXSS
public static java.lang.Boolean falsePositiveBooleanReflectedXSS(java.lang.Boolean b)Checkmarx is wrongly identifying vulnerabilities on boolean variables. This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
b- the boolean that needs to be sanitized- Returns:
- Boolean - the unaltered input boolean
-
falsePositiveDateReflectedXSS
public static java.lang.String falsePositiveDateReflectedXSS(java.lang.String d)This utility provides a Checkmarx pseudo-sanitizer to be used to be used on strings that have been validated as date -
falsePositiveDateReflectedXSS
public static java.util.Date falsePositiveDateReflectedXSS(java.util.Date d)This utility provides a Checkmarx pseudo-sanitizer to be used to be used on strings that have been validated as date- Parameters:
d- the date that needs to be sanitized- Returns:
- Date - the unaltered input date
-
falsePositiveValidatedReflectedXSS
public static java.lang.String falsePositiveValidatedReflectedXSS(java.lang.String s)Checkmarx is identifying false positives when an input is properly validated. This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
s- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveValidatedObjSQLInjection
public static <T> T falsePositiveValidatedObjSQLInjection(T obj)Checkmarx is identifying false positives in SQL Injection when an input is properly validated. This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
obj- the object that needs to be sanitized- Returns:
- Object - the unaltered input object
-
falsePositiveValidatedSQLInjection
public static java.lang.String falsePositiveValidatedSQLInjection(java.lang.String s)Checkmarx is identifying false positives in SQL Injection when an input is properly validated. This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
s- the string that needs to be sanitized- Returns:
- s - the unaltered input object
-
falsePositiveSQLInjection
public static java.lang.String falsePositiveSQLInjection(java.lang.String s)Checkmarx is identifying false positives in SQL Injection This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
s- the string that needs to be sanitized- Returns:
- s - the unaltered input object
-
falsePositiveObjSQLInjection
public static <T> T falsePositiveObjSQLInjection(T obj)Checkmarx is identifying false positives in SQL Injection This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
s- the string that needs to be sanitized- Returns:
- Object - the unaltered input object
-
falsePositiveIntSQLInjection
public static int falsePositiveIntSQLInjection(int i)Checkmarx is identifying false positives in SQL Injection This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
i- the integer that needs to be sanitized- Returns:
- i - the unaltered input integer
-
falsePositiveLongSQLInjection
public static java.lang.Long falsePositiveLongSQLInjection(java.lang.Long l)Checkmarx is identifying false positives in SQL Injection This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
l- the Long that needs to be sanitized- Returns:
- l - the unaltered input Long
-
falsePositiveBooleanCodeInjection
public static java.lang.Boolean falsePositiveBooleanCodeInjection(java.lang.Boolean b)Checkmarx is wrongly identifying vulnerabilities on boolean variables. This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
b- the boolean that needs to be sanitized- Returns:
- Boolean - the unaltered input boolean
-
falsePositiveLongCodeInjection
public static java.lang.Long falsePositiveLongCodeInjection(java.lang.Long l)Checkmarx is wrongly identifying vulnerabilities on boolean variables. This utility provides a pseudo-sanitizer to be used to be used such situations -
falsePositiveShortCodeInjection
public static short falsePositiveShortCodeInjection(short s)Checkmarx is wrongly identifying vulnerabilities on boolean variables. This utility provides a pseudo-sanitizer to be used to be used such situations -
falsePositiveDateCodeInjection
public static java.text.SimpleDateFormat falsePositiveDateCodeInjection(java.text.SimpleDateFormat d)Checkmarx is wrongly identifying vulnerabilities on boolean variables. This utility provides a pseudo-sanitizer to be used to be used such situations -
falsePositiveDateCodeInjection
public static java.lang.String falsePositiveDateCodeInjection(java.lang.String d)Checkmarx is wrongly identifying vulnerabilities on boolean variables. This utility provides a pseudo-sanitizer to be used to be used such situations- Parameters:
d- the variable that has been validated to be a date date and which needs to be sanitized- Returns:
- String - the unaltered input String
-
falsePositiveCodeInjection
public static java.lang.String falsePositiveCodeInjection(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
s- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveObjCodeInjection
public static <T> T falsePositiveObjCodeInjection(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj- the object that needs to be sanitized- Returns:
- Object - the unaltered input object
-
falsePositiveExprLanguageInjection
public static java.lang.String falsePositiveExprLanguageInjection(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
s- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveObjExprLanguageInjection
public static <T> T falsePositiveObjExprLanguageInjection(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj- the object that needs to be sanitized- Returns:
- obj - the unaltered input string
-
falsePositiveConnectionStringInjection
public static java.lang.String falsePositiveConnectionStringInjection(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
s- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveObjPathTransversal
public static <T> T falsePositiveObjPathTransversal(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj- the object that needs to be sanitized- Returns:
- obj - the unaltered input string
-
falsePositiveParameterTampering
public static java.lang.String falsePositiveParameterTampering(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
s- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveLongParameterTampering
public static java.lang.Long falsePositiveLongParameterTampering(java.lang.Long l)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
s- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveDownloadCodeWithoutIntegCheck
public static java.lang.String falsePositiveDownloadCodeWithoutIntegCheck(java.lang.String s)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
s- the string that needs to be sanitized- Returns:
- String - the unaltered input string
-
falsePositiveSSRF
public static <T> T falsePositiveSSRF(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveHashWithoutProperSalt
public static <T> T falsePositiveHashWithoutProperSalt(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveInputPathNotCanonicalized
public static <T> T falsePositiveInputPathNotCanonicalized(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositivePrivacyViolation
public static <T> T falsePositivePrivacyViolation(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false- Parameters:
obj- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveHttpOnlyCookies
public static <T> T falsePositiveHttpOnlyCookies(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false- Parameters:
obj- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveXXE
public static <T> T falsePositiveXXE(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false- Parameters:
obj- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveHTTPResponseSplitting
public static <T> T falsePositiveHTTPResponseSplitting(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false- Parameters:
obj- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveClearTxtSubmSensitiveInfo
public static <T> T falsePositiveClearTxtSubmSensitiveInfo(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveSameSeedInPRNG
public static <T> T falsePositiveSameSeedInPRNG(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveServerDoSByLoop
public static <T> T falsePositiveServerDoSByLoop(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveExternalControl
public static <T> T falsePositiveExternalControl(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-
falsePositiveReDoSRegexInjection
public static <T> T falsePositiveReDoSRegexInjection(T obj)Utility to provide Checkmarx with a sanitizer when the vulnerability found is a false positive- Parameters:
obj- the Object that needs to be sanitized- Returns:
- Object - the unaltered Object
-