├── README.md └── XXEBugFind ├── XXEBugFind Evaluation Results └── Evaluation Results │ ├── FindBugs Test Results │ └── findbugs-noUpdateChecks-2.0.3 │ │ ├── Read Me.txt │ │ ├── findbugs-2.0.3 │ │ ├── README.txt │ │ ├── bin │ │ │ ├── addMessages │ │ │ ├── computeBugHistory │ │ │ ├── convertXmlToText │ │ │ ├── copyBuggySource │ │ │ ├── defectDensity │ │ │ ├── deprecated │ │ │ │ ├── bugHistory │ │ │ │ ├── unionBugs │ │ │ │ ├── unionResults │ │ │ │ └── updateBugs │ │ │ ├── experimental │ │ │ │ ├── backdateHistoryUsingSource │ │ │ │ ├── churn │ │ │ │ ├── obfuscate │ │ │ │ └── treemapVisualization │ │ │ ├── fb │ │ │ ├── fbwrap │ │ │ ├── filterBugs │ │ │ ├── findbugs │ │ │ ├── findbugs-csr │ │ │ ├── findbugs-dbStats │ │ │ ├── findbugs-msv │ │ │ ├── findbugs.bat │ │ │ ├── findbugs.ico │ │ │ ├── findbugs2 │ │ │ ├── listBugDatabaseInfo │ │ │ ├── mineBugHistory │ │ │ ├── printAppVersion │ │ │ ├── printClass │ │ │ ├── rejarForAnalysis │ │ │ ├── setBugDatabaseInfo │ │ │ ├── unionBugs │ │ │ └── xpathFind │ │ ├── doc │ │ │ ├── AddingDetectors.txt │ │ │ ├── Changes.html │ │ │ ├── FAQ.html │ │ │ ├── FilterFile.txt │ │ │ ├── allBugDescriptions.html │ │ │ ├── bug-logo.png │ │ │ ├── bugDescriptions.html │ │ │ ├── buggy-sm.png │ │ │ ├── contributing.html │ │ │ ├── customers │ │ │ │ ├── ITAsoftware.png │ │ │ │ ├── geoLocation.png │ │ │ │ ├── geoMap.png │ │ │ │ ├── glassfish.png │ │ │ │ ├── google.png │ │ │ │ ├── logo_umd.png │ │ │ │ ├── nsf.png │ │ │ │ ├── sat4j.png │ │ │ │ ├── sleepycat.png │ │ │ │ └── sun.png │ │ │ ├── demo.html │ │ │ ├── downloads.html │ │ │ ├── eclipse-filters-icon.png │ │ │ ├── factSheet.html │ │ │ ├── findbugs.css │ │ │ ├── findbugs2.html │ │ │ ├── guaranteedDereference.png │ │ │ ├── index.html │ │ │ ├── infiniteRecursiveLoops.png │ │ │ ├── informal.png │ │ │ ├── ja │ │ │ │ └── manual │ │ │ │ │ ├── acknowledgments.html │ │ │ │ │ ├── analysisprops.html │ │ │ │ │ ├── annotations.html │ │ │ │ │ ├── anttask.html │ │ │ │ │ ├── building.html │ │ │ │ │ ├── datamining.html │ │ │ │ │ ├── eclipse.html │ │ │ │ │ ├── example-code.png │ │ │ │ │ ├── example-details.png │ │ │ │ │ ├── example.png │ │ │ │ │ ├── filter.html │ │ │ │ │ ├── gui.html │ │ │ │ │ ├── important.png │ │ │ │ │ ├── index.html │ │ │ │ │ ├── infiniteRecursiveLoops.png │ │ │ │ │ ├── installing.html │ │ │ │ │ ├── introduction.html │ │ │ │ │ ├── license.html │ │ │ │ │ ├── note.png │ │ │ │ │ ├── project-dialog.png │ │ │ │ │ ├── rejarForAnalysis.html │ │ │ │ │ ├── running.html │ │ │ │ │ └── warning.png │ │ │ ├── links.html │ │ │ ├── mailingLists.html │ │ │ ├── manual-fo.xsl │ │ │ ├── manual.xml │ │ │ ├── manual.xsl │ │ │ ├── manual │ │ │ │ ├── acknowledgments.html │ │ │ │ ├── analysisprops.html │ │ │ │ ├── annotations.html │ │ │ │ ├── anttask.html │ │ │ │ ├── building.html │ │ │ │ ├── datamining.html │ │ │ │ ├── eclipse.html │ │ │ │ ├── example-code.png │ │ │ │ ├── example-details.png │ │ │ │ ├── example.png │ │ │ │ ├── filter.html │ │ │ │ ├── gui.html │ │ │ │ ├── important.png │ │ │ │ ├── index.html │ │ │ │ ├── infiniteRecursiveLoops.png │ │ │ │ ├── installing.html │ │ │ │ ├── introduction.html │ │ │ │ ├── license.html │ │ │ │ ├── note.png │ │ │ │ ├── project-dialog.png │ │ │ │ ├── rejarForAnalysis.html │ │ │ │ ├── running.html │ │ │ │ └── warning.png │ │ │ ├── manual_ja.xml │ │ │ ├── performance.html │ │ │ ├── performingARelease.txt │ │ │ ├── pluginStructure.txt │ │ │ ├── plugins.txt │ │ │ ├── pressRelease.pdf │ │ │ ├── publications.html │ │ │ ├── reportingBugs.html │ │ │ ├── sourceInfo.html │ │ │ ├── sysprops.html │ │ │ ├── team.html │ │ │ ├── umdFindbugs.png │ │ │ ├── updateChecking.html │ │ │ └── users.html │ │ ├── lib │ │ │ ├── annotations.jar │ │ │ ├── ant.jar │ │ │ ├── asm-3.3.jar │ │ │ ├── asm-analysis-3.3.jar │ │ │ ├── asm-commons-3.3.jar │ │ │ ├── asm-tree-3.3.jar │ │ │ ├── asm-util-3.3.jar │ │ │ ├── asm-xml-3.3.jar │ │ │ ├── bcel.jar │ │ │ ├── buggy.icns │ │ │ ├── commons-lang-2.6.jar │ │ │ ├── dom4j-1.6.1.jar │ │ │ ├── findbugs-ant.jar │ │ │ ├── findbugs.jar │ │ │ ├── jFormatString.jar │ │ │ ├── jaxen-1.1.6.jar │ │ │ ├── jcip-annotations.jar │ │ │ ├── jdepend-2.9.jar │ │ │ ├── jsr305.jar │ │ │ └── yjp-controller-api-redist.jar │ │ ├── optionalPlugin │ │ │ ├── bugCollectionCloud.jar │ │ │ └── poweruser.jar │ │ ├── plugin │ │ │ ├── README │ │ │ └── noUpdateChecks.jar │ │ └── src │ │ │ └── xsl │ │ │ ├── default.xsl │ │ │ ├── fancy-hist.xsl │ │ │ ├── fancy.xsl │ │ │ ├── plain.xsl │ │ │ └── summary.xsl │ │ ├── findsecbug-plugin │ │ └── findsecbugs-plugin-1.2.0.jar │ │ ├── test data │ │ ├── MyXMLTest.jar │ │ ├── lib │ │ │ ├── Piccolo.jar │ │ │ ├── dom4j-1.6.1.jar │ │ │ ├── jaxen-1.1-beta-6.jar │ │ │ ├── jaxen-1.1.6.jar │ │ │ ├── jdom-2.0.5.jar │ │ │ ├── kxml2-2.3.0.jar │ │ │ ├── pull-parser-2.1.10.jar │ │ │ ├── resolver.jar │ │ │ ├── serializer.jar │ │ │ ├── stax2-api-3.1.1.jar │ │ │ ├── woodstox-core-asl-4.2.0.jar │ │ │ ├── woodstox-core-lgpl-4.2.0.jar │ │ │ ├── xercesImpl.jar │ │ │ └── xml-apis.jar │ │ ├── play_2.0.7.jar │ │ ├── play_2.0.8.jar │ │ ├── play_2.14.jar │ │ └── play_2.15.jar │ │ └── test results │ │ ├── igpp.xml │ │ ├── myxmltest.xml │ │ ├── play_2.0.8.xml │ │ ├── play_2.10.xml │ │ ├── play_2.14.xml │ │ └── play_2.15.xml │ └── XXEBugFind Test Results │ ├── MyXMLTest.jar │ ├── MyXMLTest.txt │ ├── Read Me.txt │ ├── igpp.jar │ ├── lib │ ├── Piccolo.jar │ ├── dom4j-1.6.1.jar │ ├── jaxen-1.1-beta-6.jar │ ├── jaxen-1.1.6.jar │ ├── jdom-2.0.5.jar │ ├── kxml2-2.3.0.jar │ ├── pull-parser-2.1.10.jar │ ├── resolver.jar │ ├── serializer.jar │ ├── stax2-api-3.1.1.jar │ ├── woodstox-core-asl-4.2.0.jar │ ├── woodstox-core-lgpl-4.2.0.jar │ ├── xercesImpl.jar │ └── xml-apis.jar │ ├── play_2.0.7.jar │ ├── play_2.0.7.txt │ ├── play_2.0.8.jar │ ├── play_2.0.8.txt │ ├── play_2.14.jar │ ├── play_2.14.txt │ ├── play_2.15.jar │ └── play_2.15.txt ├── XXEBugFind Standalone ├── README.TXT ├── XXEBugFind.jar └── lib │ ├── junit-4.10.jar │ └── soot-2.5.0.jar ├── build.xml ├── junit-4.10-lib └── junit-4.10.jar ├── manifest.mf ├── nbproject ├── build-impl.xml ├── genfiles.properties ├── project.properties └── project.xml ├── soot-2.5.0-lib └── soot-2.5.0.jar ├── sootOutput ├── a │ └── PrettyPrinter.class ├── b │ └── PrettyPrinter2.class ├── dom4j │ └── Dom4JExample.class ├── jaxb │ └── JAXBExample.class ├── kxml2 │ └── KXMLExample.class ├── mydom │ └── DomParserExample.class ├── myjdom │ └── PrettyPrinter.class ├── mysax │ └── SAXParserExample.class ├── mysax2 │ └── XMLReaderExample.class ├── myxmltest │ ├── Employee.class │ ├── GUIFrame$1.class │ ├── GUIFrame$2.class │ ├── GUIFrame$3.class │ ├── GUIFrame$4.class │ ├── GUIFrame.class │ ├── MyDefaultHandler.class │ ├── MyXMLTest.class │ └── basic │ │ └── Utils.class ├── piccolotest │ └── MyPiccoloExample.class └── stax │ └── StAXExample.class ├── src └── bugfind │ ├── main │ ├── BugFindMain.java │ └── OptionsParser.java │ ├── sootadapters │ ├── CallGraphObject.java │ ├── CallSite.java │ ├── MethodAnalysis.java │ ├── MethodDefinition.java │ ├── SimpleIntraDataFlowAnalysis.java │ ├── SootClassWrapper.java │ ├── SootMethodWrapper.java │ ├── SootRunner.java │ ├── ValueString.java │ └── Variable.java │ ├── utils │ └── misc │ │ ├── BugFindConstants.java │ │ ├── FileExtensionFilter.java │ │ ├── FileUtil.java │ │ ├── Utils.java │ │ ├── XMLUtils.java │ │ └── logging.properties │ └── xxe │ ├── ActualVulnerabilityItem.java │ ├── MethodParameterValue.java │ ├── MitigationSpoiler.java │ ├── VulnerabilityDefinitionItem.java │ ├── VulnerabilityDefinitionItems.java │ ├── VulnerabilityMitigationItem.java │ ├── VulnerableXMLMethodDefinitions.java │ ├── XXEVulnerabilityDetector.java │ ├── rulesets │ └── default.xml │ └── xmlobjects │ ├── ActualVulnerabilityItemForXML.java │ └── ActualVulnerabilityItems.java ├── test ├── bugfind │ ├── main │ │ └── OptionsParserTest.java │ ├── sootadapters │ │ ├── MethodDefinitionTest.java │ │ ├── SootMethodWrapperTest.java │ │ ├── SootRunnerTest.java │ │ ├── ValueStringTest.java │ │ └── VariableTest.java │ ├── utils │ │ └── misc │ │ │ ├── FileExtensionFilterTest.java │ │ │ ├── FileUtilTest.java │ │ │ └── UtilsTest.java │ └── xxe │ │ └── VulnerabilityDefinitionItemTest.java └── sootsetup │ ├── Setup.java │ └── TestTransformer.java └── tutorial ├── MyXXETestApp ├── build.xml ├── manifest.mf ├── nbproject │ ├── build-impl.xml │ ├── genfiles.properties │ ├── project.properties │ └── project.xml ├── src │ ├── dom4j │ │ └── Dom4JExample.java │ ├── mydom │ │ └── DomParserExample.java │ ├── myjdom │ │ └── PrettyPrinter.java │ ├── mysax │ │ └── SAXParserExample.java │ ├── myxetestapp │ │ └── utils │ │ │ ├── Employee.java │ │ │ └── Utils.java │ ├── myxxetestapp │ │ └── MyXXETestApp.java │ ├── piccolotest │ │ └── MyPiccoloExample.java │ └── stax │ │ └── StAXExample.java └── xml-libs │ ├── Piccolo.jar │ ├── dom4j-1.6.1.jar │ ├── jdom-2.0.5.jar │ ├── stax2-api-3.1.1.jar │ ├── woodstox-core-asl-4.2.0.jar │ ├── woodstox-core-lgpl-4.2.0.jar │ └── xercesImpl.jar ├── XXEBugFind User Guide.pdf └── piccolo-ruleset.xml /README.md: -------------------------------------------------------------------------------- 1 | XXEBugFind 2 | ========== 3 | 4 | A tool for detecting XML External Entity (XXE) vulnerabilities in Java applications 5 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/Read Me.txt: -------------------------------------------------------------------------------- 1 | Navigate through findbugs-2.0.3\bin\findbugs.bat (for Windows) or findbugs-2.0.3\bin\findbugs for linux. 2 | 3 | Our test results are in the test results folder 4 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/README.txt: -------------------------------------------------------------------------------- 1 | To get started, see doc/index.html and doc/manual/index.html 2 | 3 | The FindBugs source license is in the file LICENSE.txt 4 | 5 | Both the name FindBugs and the FindBugs bug mark are 6 | trademarked by the University of Maryland. 7 | 8 | The Apache BCEL license is in the file LICENSE-bcel.txt 9 | 10 | The ASM license is in the file LICENSE-ASM.txt 11 | 12 | The dom4j license is in the file LICENSE-dom4j.txt 13 | 14 | The AppleJavaExtensions license is in the file LICENSE-AppleJavaExtensions.txt 15 | 16 | The Docbook 4.2 XML DTD license is in the file LICENSE-docbook.txt 17 | 18 | The JSR-305 reference implementation license is in LICENSE-jsr305.txt 19 | 20 | The Jaxen license is in LICENSE-jaxen.txt 21 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/addMessages: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | program="$0" 4 | 5 | # Follow symlinks until we get to the actual file. 6 | while [ -h "$program" ]; do 7 | link=`ls -ld "$program"` 8 | link=`expr "$link" : '.*-> \(.*\)'` 9 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 10 | # Relative 11 | dir=`dirname "$program"` 12 | program="$dir/$link" 13 | else 14 | # Absolute 15 | program="$link" 16 | fi 17 | done 18 | 19 | # Assume findbugs home directory is the parent 20 | # of the directory containing the script (which should 21 | # normally be "$findbugs_home/bin"). 22 | dir=`dirname "$program"` 23 | findbugs_home="$dir/.." 24 | 25 | # Handle FHS-compliant installations (e.g., Fink) 26 | if [ -d "$findbugs_home/share/findbugs" ]; then 27 | findbugs_home="$findbugs_home/share/findbugs" 28 | fi 29 | 30 | # Make absolute 31 | findbugs_home=`cd "$findbugs_home" && pwd` 32 | 33 | fb_pathsep=':' 34 | 35 | # Handle cygwin, courtesy of Peter D. Stout 36 | fb_osname=`uname` 37 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 38 | findbugs_home=`cygpath --mixed "$findbugs_home"` 39 | fb_pathsep=';' 40 | fi 41 | # Handle MKS, courtesy of Kelly O'Hair 42 | if [ "${fb_osname}" = "Windows_NT" ]; then 43 | fb_pathsep=';' 44 | fi 45 | 46 | if [ ! -d "$findbugs_home" ]; then 47 | echo "The path $findbugs_home," 48 | echo "which is where I think FindBugs is located," 49 | echo "does not seem to be a directory." 50 | exit 1 51 | fi 52 | 53 | # Choose default java binary 54 | fb_javacmd=java 55 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 56 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 57 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 58 | else 59 | fb_javacmd="$JAVA_HOME/bin/java" 60 | fi 61 | fi 62 | 63 | fb_mainclass=edu.umd.cs.findbugs.AddMessages 64 | 65 | fb_javacmd=${fb_javacmd:-"java"} 66 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 67 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 68 | set -f 69 | #echo command: \ 70 | exec "$fb_javacmd" \ 71 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 72 | -Dfindbugs.home="$findbugs_home"\ 73 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 74 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/computeBugHistory: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | # Merge a historical bug collection and a bug collection, producing an updated 4 | # historical bug collection 5 | 6 | program="$0" 7 | 8 | # Follow symlinks until we get to the actual file. 9 | while [ -h "$program" ]; do 10 | link=`ls -ld "$program"` 11 | link=`expr "$link" : '.*-> \(.*\)'` 12 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 13 | # Relative 14 | dir=`dirname "$program"` 15 | program="$dir/$link" 16 | else 17 | # Absolute 18 | program="$link" 19 | fi 20 | done 21 | 22 | # Assume findbugs home directory is the parent 23 | # of the directory containing the script (which should 24 | # normally be "$findbugs_home/bin"). 25 | dir=`dirname "$program"` 26 | findbugs_home="$dir/.." 27 | 28 | # Handle FHS-compliant installations (e.g., Fink) 29 | if [ -d "$findbugs_home/share/findbugs" ]; then 30 | findbugs_home="$findbugs_home/share/findbugs" 31 | fi 32 | 33 | # Make absolute 34 | findbugs_home=`cd "$findbugs_home" && pwd` 35 | 36 | fb_pathsep=':' 37 | 38 | # Handle cygwin, courtesy of Peter D. Stout 39 | fb_osname=`uname` 40 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 41 | findbugs_home=`cygpath --mixed "$findbugs_home"` 42 | fb_pathsep=';' 43 | fi 44 | # Handle MKS, courtesy of Kelly O'Hair 45 | if [ "${fb_osname}" = "Windows_NT" ]; then 46 | fb_pathsep=';' 47 | fi 48 | 49 | if [ ! -d "$findbugs_home" ]; then 50 | echo "The path $findbugs_home," 51 | echo "which is where I think FindBugs is located," 52 | echo "does not seem to be a directory." 53 | exit 1 54 | fi 55 | 56 | # Choose default java binary 57 | fb_javacmd=java 58 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 59 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 60 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 61 | else 62 | fb_javacmd="$JAVA_HOME/bin/java" 63 | fi 64 | fi 65 | 66 | fb_mainclass=edu.umd.cs.findbugs.workflow.Update 67 | 68 | fb_javacmd=${fb_javacmd:-"java"} 69 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 70 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 71 | set -f 72 | #echo command: \ 73 | exec "$fb_javacmd" \ 74 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 75 | -Dfindbugs.home="$findbugs_home"\ 76 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 77 | 78 | # vim:ts=3 79 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/convertXmlToText: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | program="$0" 4 | 5 | # Follow symlinks until we get to the actual file. 6 | while [ -h "$program" ]; do 7 | link=`ls -ld "$program"` 8 | link=`expr "$link" : '.*-> \(.*\)'` 9 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 10 | # Relative 11 | dir=`dirname "$program"` 12 | program="$dir/$link" 13 | else 14 | # Absolute 15 | program="$link" 16 | fi 17 | done 18 | 19 | # Assume findbugs home directory is the parent 20 | # of the directory containing the script (which should 21 | # normally be "$findbugs_home/bin"). 22 | dir=`dirname "$program"` 23 | findbugs_home="$dir/.." 24 | 25 | # Handle FHS-compliant installations (e.g., Fink) 26 | if [ -d "$findbugs_home/share/findbugs" ]; then 27 | findbugs_home="$findbugs_home/share/findbugs" 28 | fi 29 | 30 | # Make absolute 31 | findbugs_home=`cd "$findbugs_home" && pwd` 32 | 33 | fb_pathsep=':' 34 | 35 | # Handle cygwin, courtesy of Peter D. Stout 36 | fb_osname=`uname` 37 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 38 | findbugs_home=`cygpath --mixed "$findbugs_home"` 39 | fb_pathsep=';' 40 | fi 41 | # Handle MKS, courtesy of Kelly O'Hair 42 | if [ "${fb_osname}" = "Windows_NT" ]; then 43 | fb_pathsep=';' 44 | fi 45 | 46 | if [ ! -d "$findbugs_home" ]; then 47 | echo "The path $findbugs_home," 48 | echo "which is where I think FindBugs is located," 49 | echo "does not seem to be a directory." 50 | exit 1 51 | fi 52 | 53 | # Choose default java binary 54 | fb_javacmd=java 55 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 56 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 57 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 58 | else 59 | fb_javacmd="$JAVA_HOME/bin/java" 60 | fi 61 | fi 62 | 63 | fb_mainclass=edu.umd.cs.findbugs.PrintingBugReporter 64 | 65 | fb_javacmd=${fb_javacmd:-"java"} 66 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 67 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 68 | set -f 69 | #echo command: \ 70 | exec "$fb_javacmd" \ 71 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 72 | -Dfindbugs.home="$findbugs_home"\ 73 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 74 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/copyBuggySource: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | program="$0" 4 | 5 | # Follow symlinks until we get to the actual file. 6 | while [ -h "$program" ]; do 7 | link=`ls -ld "$program"` 8 | link=`expr "$link" : '.*-> \(.*\)'` 9 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 10 | # Relative 11 | dir=`dirname "$program"` 12 | program="$dir/$link" 13 | else 14 | # Absolute 15 | program="$link" 16 | fi 17 | done 18 | 19 | # Assume findbugs home directory is the parent 20 | # of the directory containing the script (which should 21 | # normally be "$findbugs_home/bin"). 22 | dir=`dirname "$program"` 23 | findbugs_home="$dir/.." 24 | 25 | # Handle FHS-compliant installations (e.g., Fink) 26 | if [ -d "$findbugs_home/share/findbugs" ]; then 27 | findbugs_home="$findbugs_home/share/findbugs" 28 | fi 29 | 30 | # Make absolute 31 | findbugs_home=`cd "$findbugs_home" && pwd` 32 | 33 | fb_pathsep=':' 34 | 35 | # Handle cygwin, courtesy of Peter D. Stout 36 | fb_osname=`uname` 37 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 38 | findbugs_home=`cygpath --mixed "$findbugs_home"` 39 | fb_pathsep=';' 40 | fi 41 | # Handle MKS, courtesy of Kelly O'Hair 42 | if [ "${fb_osname}" = "Windows_NT" ]; then 43 | fb_pathsep=';' 44 | fi 45 | 46 | if [ ! -d "$findbugs_home" ]; then 47 | echo "The path $findbugs_home," 48 | echo "which is where I think FindBugs is located," 49 | echo "does not seem to be a directory." 50 | exit 1 51 | fi 52 | 53 | # Choose default java binary 54 | fb_javacmd=java 55 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 56 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 57 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 58 | else 59 | fb_javacmd="$JAVA_HOME/bin/java" 60 | fi 61 | fi 62 | 63 | fb_mainclass=edu.umd.cs.findbugs.workflow.CopyBuggySource 64 | 65 | fb_javacmd=${fb_javacmd:-"java"} 66 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 67 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 68 | set -f 69 | #echo command: \ 70 | exec "$fb_javacmd" \ 71 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 72 | -Dfindbugs.home="$findbugs_home"\ 73 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 74 | 75 | # vim:ts=3 76 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/defectDensity: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | # Generate a defect density table from a bug collection 4 | 5 | program="$0" 6 | 7 | # Follow symlinks until we get to the actual file. 8 | while [ -h "$program" ]; do 9 | link=`ls -ld "$program"` 10 | link=`expr "$link" : '.*-> \(.*\)'` 11 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 12 | # Relative 13 | dir=`dirname "$program"` 14 | program="$dir/$link" 15 | else 16 | # Absolute 17 | program="$link" 18 | fi 19 | done 20 | 21 | # Assume findbugs home directory is the parent 22 | # of the directory containing the script (which should 23 | # normally be "$findbugs_home/bin"). 24 | dir=`dirname "$program"` 25 | findbugs_home="$dir/.." 26 | 27 | # Handle FHS-compliant installations (e.g., Fink) 28 | if [ -d "$findbugs_home/share/findbugs" ]; then 29 | findbugs_home="$findbugs_home/share/findbugs" 30 | fi 31 | 32 | # Make absolute 33 | findbugs_home=`cd "$findbugs_home" && pwd` 34 | 35 | fb_pathsep=':' 36 | 37 | # Handle cygwin, courtesy of Peter D. Stout 38 | fb_osname=`uname` 39 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 40 | findbugs_home=`cygpath --mixed "$findbugs_home"` 41 | fb_pathsep=';' 42 | fi 43 | # Handle MKS, courtesy of Kelly O'Hair 44 | if [ "${fb_osname}" = "Windows_NT" ]; then 45 | fb_pathsep=';' 46 | fi 47 | 48 | if [ ! -d "$findbugs_home" ]; then 49 | echo "The path $findbugs_home," 50 | echo "which is where I think FindBugs is located," 51 | echo "does not seem to be a directory." 52 | exit 1 53 | fi 54 | 55 | # Choose default java binary 56 | fb_javacmd=java 57 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 58 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 59 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 60 | else 61 | fb_javacmd="$JAVA_HOME/bin/java" 62 | fi 63 | fi 64 | 65 | fb_mainclass=edu.umd.cs.findbugs.workflow.DefectDensity 66 | 67 | fb_javacmd=${fb_javacmd:-"java"} 68 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 69 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 70 | set -f 71 | #echo command: \ 72 | exec "$fb_javacmd" \ 73 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 74 | -Dfindbugs.home="$findbugs_home"\ 75 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 76 | 77 | # vim:ts=3 78 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/deprecated/bugHistory: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | program="$0" 4 | 5 | # Follow symlinks until we get to the actual file. 6 | while [ -h "$program" ]; do 7 | link=`ls -ld "$program"` 8 | link=`expr "$link" : '.*-> \(.*\)'` 9 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 10 | # Relative 11 | dir=`dirname "$program"` 12 | program="$dir/$link" 13 | else 14 | # Absolute 15 | program="$link" 16 | fi 17 | done 18 | 19 | # Assume findbugs home directory is the parent 20 | # of the directory containing the script (which should 21 | # normally be "$findbugs_home/bin"). 22 | dir=`dirname "$program"` 23 | findbugs_home="$dir/.." 24 | 25 | # Handle FHS-compliant installations (e.g., Fink) 26 | if [ -d "$findbugs_home/share/findbugs" ]; then 27 | findbugs_home="$findbugs_home/share/findbugs" 28 | fi 29 | 30 | # Make absolute 31 | findbugs_home=`cd "$findbugs_home" && pwd` 32 | 33 | fb_pathsep=':' 34 | 35 | # Handle cygwin, courtesy of Peter D. Stout 36 | fb_osname=`uname` 37 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 38 | findbugs_home=`cygpath --mixed "$findbugs_home"` 39 | fb_pathsep=';' 40 | fi 41 | # Handle MKS, courtesy of Kelly O'Hair 42 | if [ "${fb_osname}" = "Windows_NT" ]; then 43 | fb_pathsep=';' 44 | fi 45 | 46 | if [ ! -d "$findbugs_home" ]; then 47 | echo "The path $findbugs_home," 48 | echo "which is where I think FindBugs is located," 49 | echo "does not seem to be a directory." 50 | exit 1 51 | fi 52 | 53 | # Choose default java binary 54 | fb_javacmd=java 55 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 56 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 57 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 58 | else 59 | fb_javacmd="$JAVA_HOME/bin/java" 60 | fi 61 | fi 62 | 63 | fb_mainclass=edu.umd.cs.findbugs.workflow.BugHistory 64 | 65 | fb_javacmd=${fb_javacmd:-"java"} 66 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 67 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 68 | set -f 69 | #echo command: \ 70 | exec "$fb_javacmd" \ 71 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 72 | -Dfindbugs.home="$findbugs_home"\ 73 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 74 | 75 | # vim:ts=3 76 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/deprecated/unionBugs: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | # Create the union of two results files, preserving 4 | # annotations in both files in the result. 5 | 6 | program="$0" 7 | 8 | # Follow symlinks until we get to the actual file. 9 | while [ -h "$program" ]; do 10 | link=`ls -ld "$program"` 11 | link=`expr "$link" : '.*-> \(.*\)'` 12 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 13 | # Relative 14 | dir=`dirname "$program"` 15 | program="$dir/$link" 16 | else 17 | # Absolute 18 | program="$link" 19 | fi 20 | done 21 | 22 | # Assume findbugs home directory is the parent 23 | # of the directory containing the script (which should 24 | # normally be "$findbugs_home/bin"). 25 | dir=`dirname "$program"` 26 | findbugs_home="$dir/.." 27 | 28 | # Handle FHS-compliant installations (e.g., Fink) 29 | if [ -d "$findbugs_home/share/findbugs" ]; then 30 | findbugs_home="$findbugs_home/share/findbugs" 31 | fi 32 | 33 | # Make absolute 34 | findbugs_home=`cd "$findbugs_home" && pwd` 35 | 36 | fb_pathsep=':' 37 | 38 | # Handle cygwin, courtesy of Peter D. Stout 39 | fb_osname=`uname` 40 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 41 | findbugs_home=`cygpath --mixed "$findbugs_home"` 42 | fb_pathsep=';' 43 | fi 44 | # Handle MKS, courtesy of Kelly O'Hair 45 | if [ "${fb_osname}" = "Windows_NT" ]; then 46 | fb_pathsep=';' 47 | fi 48 | 49 | if [ ! -d "$findbugs_home" ]; then 50 | echo "The path $findbugs_home," 51 | echo "which is where I think FindBugs is located," 52 | echo "does not seem to be a directory." 53 | exit 1 54 | fi 55 | 56 | # Choose default java binary 57 | fb_javacmd=java 58 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 59 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 60 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 61 | else 62 | fb_javacmd="$JAVA_HOME/bin/java" 63 | fi 64 | fi 65 | 66 | fb_mainclass=edu.umd.cs.findbugs.UnionResults 67 | 68 | fb_javacmd=${fb_javacmd:-"java"} 69 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 70 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 71 | set -f 72 | #echo command: \ 73 | exec "$fb_javacmd" \ 74 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 75 | -Dfindbugs.home="$findbugs_home"\ 76 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 77 | 78 | # vim:ts=3 79 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/deprecated/unionResults: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | # Deprecated 4 | 5 | # Create the union of two results files, preserving 6 | # annotations in both files in the result. 7 | 8 | program="$0" 9 | 10 | # Follow symlinks until we get to the actual file. 11 | while [ -h "$program" ]; do 12 | link=`ls -ld "$program"` 13 | link=`expr "$link" : '.*-> \(.*\)'` 14 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 15 | # Relative 16 | dir=`dirname "$program"` 17 | program="$dir/$link" 18 | else 19 | # Absolute 20 | program="$link" 21 | fi 22 | done 23 | 24 | # Assume findbugs home directory is the parent 25 | # of the directory containing the script (which should 26 | # normally be "$findbugs_home/bin"). 27 | dir=`dirname "$program"` 28 | findbugs_home="$dir/.." 29 | 30 | # Handle FHS-compliant installations (e.g., Fink) 31 | if [ -d "$findbugs_home/share/findbugs" ]; then 32 | findbugs_home="$findbugs_home/share/findbugs" 33 | fi 34 | 35 | # Make absolute 36 | findbugs_home=`cd "$findbugs_home" && pwd` 37 | 38 | fb_pathsep=':' 39 | 40 | # Handle cygwin, courtesy of Peter D. Stout 41 | fb_osname=`uname` 42 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 43 | findbugs_home=`cygpath --mixed "$findbugs_home"` 44 | fb_pathsep=';' 45 | fi 46 | # Handle MKS, courtesy of Kelly O'Hair 47 | if [ "${fb_osname}" = "Windows_NT" ]; then 48 | fb_pathsep=';' 49 | fi 50 | 51 | if [ ! -d "$findbugs_home" ]; then 52 | echo "The path $findbugs_home," 53 | echo "which is where I think FindBugs is located," 54 | echo "does not seem to be a directory." 55 | exit 1 56 | fi 57 | 58 | # Choose default java binary 59 | fb_javacmd=java 60 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 61 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 62 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 63 | else 64 | fb_javacmd="$JAVA_HOME/bin/java" 65 | fi 66 | fi 67 | 68 | fb_mainclass=edu.umd.cs.findbugs.workflow.UnionResults 69 | 70 | fb_javacmd=${fb_javacmd:-"java"} 71 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 72 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 73 | set -f 74 | #echo command: \ 75 | exec "$fb_javacmd" \ 76 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 77 | -Dfindbugs.home="$findbugs_home"\ 78 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 79 | 80 | # vim:ts=3 81 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/deprecated/updateBugs: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | # Merge a historical bug collection and a bug collection, producing an updated 4 | # historical bug collection 5 | 6 | program="$0" 7 | 8 | # Follow symlinks until we get to the actual file. 9 | while [ -h "$program" ]; do 10 | link=`ls -ld "$program"` 11 | link=`expr "$link" : '.*-> \(.*\)'` 12 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 13 | # Relative 14 | dir=`dirname "$program"` 15 | program="$dir/$link" 16 | else 17 | # Absolute 18 | program="$link" 19 | fi 20 | done 21 | 22 | # Assume findbugs home directory is the parent 23 | # of the directory containing the script (which should 24 | # normally be "$findbugs_home/bin"). 25 | dir=`dirname "$program"` 26 | findbugs_home="$dir/.." 27 | 28 | # Handle FHS-compliant installations (e.g., Fink) 29 | if [ -d "$findbugs_home/share/findbugs" ]; then 30 | findbugs_home="$findbugs_home/share/findbugs" 31 | fi 32 | 33 | # Make absolute 34 | findbugs_home=`cd "$findbugs_home" && pwd` 35 | 36 | fb_pathsep=':' 37 | 38 | # Handle cygwin, courtesy of Peter D. Stout 39 | fb_osname=`uname` 40 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 41 | findbugs_home=`cygpath --mixed "$findbugs_home"` 42 | fb_pathsep=';' 43 | fi 44 | # Handle MKS, courtesy of Kelly O'Hair 45 | if [ "${fb_osname}" = "Windows_NT" ]; then 46 | fb_pathsep=';' 47 | fi 48 | 49 | if [ ! -d "$findbugs_home" ]; then 50 | echo "The path $findbugs_home," 51 | echo "which is where I think FindBugs is located," 52 | echo "does not seem to be a directory." 53 | exit 1 54 | fi 55 | 56 | # Choose default java binary 57 | fb_javacmd=java 58 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 59 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 60 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 61 | else 62 | fb_javacmd="$JAVA_HOME/bin/java" 63 | fi 64 | fi 65 | 66 | fb_mainclass=edu.umd.cs.findbugs.workflow.Update 67 | 68 | fb_javacmd=${fb_javacmd:-"java"} 69 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 70 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 71 | set -f 72 | #echo command: \ 73 | exec "$fb_javacmd" \ 74 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 75 | -Dfindbugs.home="$findbugs_home"\ 76 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 77 | 78 | # vim:ts=3 79 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/experimental/backdateHistoryUsingSource: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | program="$0" 4 | 5 | # Follow symlinks until we get to the actual file. 6 | while [ -h "$program" ]; do 7 | link=`ls -ld "$program"` 8 | link=`expr "$link" : '.*-> \(.*\)'` 9 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 10 | # Relative 11 | dir=`dirname "$program"` 12 | program="$dir/$link" 13 | else 14 | # Absolute 15 | program="$link" 16 | fi 17 | done 18 | 19 | # Assume findbugs home directory is the parent 20 | # of the directory containing the script (which should 21 | # normally be "$findbugs_home/bin"). 22 | dir=`dirname "$program"` 23 | findbugs_home="$dir/.." 24 | 25 | # Handle FHS-compliant installations (e.g., Fink) 26 | if [ -d "$findbugs_home/share/findbugs" ]; then 27 | findbugs_home="$findbugs_home/share/findbugs" 28 | fi 29 | 30 | # Make absolute 31 | findbugs_home=`cd "$findbugs_home" && pwd` 32 | 33 | fb_pathsep=':' 34 | 35 | # Handle cygwin, courtesy of Peter D. Stout 36 | fb_osname=`uname` 37 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 38 | findbugs_home=`cygpath --mixed "$findbugs_home"` 39 | fb_pathsep=';' 40 | fi 41 | # Handle MKS, courtesy of Kelly O'Hair 42 | if [ "${fb_osname}" = "Windows_NT" ]; then 43 | fb_pathsep=';' 44 | fi 45 | 46 | if [ ! -d "$findbugs_home" ]; then 47 | echo "The path $findbugs_home," 48 | echo "which is where I think FindBugs is located," 49 | echo "does not seem to be a directory." 50 | exit 1 51 | fi 52 | 53 | # Choose default java binary 54 | fb_javacmd=java 55 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 56 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 57 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 58 | else 59 | fb_javacmd="$JAVA_HOME/bin/java" 60 | fi 61 | fi 62 | 63 | fb_mainclass=edu.umd.cs.findbugs.workflow.BackdateHistoryUsingSource 64 | 65 | fb_javacmd=${fb_javacmd:-"java"} 66 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 67 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 68 | set -f 69 | #echo command: \ 70 | exec "$fb_javacmd" \ 71 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 72 | -Dfindbugs.home="$findbugs_home"\ 73 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 74 | 75 | # vim:ts=3 76 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/experimental/churn: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | program="$0" 4 | 5 | # Follow symlinks until we get to the actual file. 6 | while [ -h "$program" ]; do 7 | link=`ls -ld "$program"` 8 | link=`expr "$link" : '.*-> \(.*\)'` 9 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 10 | # Relative 11 | dir=`dirname "$program"` 12 | program="$dir/$link" 13 | else 14 | # Absolute 15 | program="$link" 16 | fi 17 | done 18 | 19 | # Assume findbugs home directory is the parent 20 | # of the directory containing the script (which should 21 | # normally be "$findbugs_home/bin"). 22 | dir=`dirname "$program"` 23 | findbugs_home="$dir/.." 24 | 25 | # Handle FHS-compliant installations (e.g., Fink) 26 | if [ -d "$findbugs_home/share/findbugs" ]; then 27 | findbugs_home="$findbugs_home/share/findbugs" 28 | fi 29 | 30 | # Make absolute 31 | findbugs_home=`cd "$findbugs_home" && pwd` 32 | 33 | fb_pathsep=':' 34 | 35 | # Handle cygwin, courtesy of Peter D. Stout 36 | fb_osname=`uname` 37 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 38 | findbugs_home=`cygpath --mixed "$findbugs_home"` 39 | fb_pathsep=';' 40 | fi 41 | # Handle MKS, courtesy of Kelly O'Hair 42 | if [ "${fb_osname}" = "Windows_NT" ]; then 43 | fb_pathsep=';' 44 | fi 45 | 46 | if [ ! -d "$findbugs_home" ]; then 47 | echo "The path $findbugs_home," 48 | echo "which is where I think FindBugs is located," 49 | echo "does not seem to be a directory." 50 | exit 1 51 | fi 52 | 53 | # Choose default java binary 54 | fb_javacmd=java 55 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 56 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 57 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 58 | else 59 | fb_javacmd="$JAVA_HOME/bin/java" 60 | fi 61 | fi 62 | 63 | fb_mainclass=edu.umd.cs.findbugs.workflow.Churn 64 | 65 | fb_javacmd=${fb_javacmd:-"java"} 66 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 67 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 68 | set -f 69 | #echo command: \ 70 | exec "$fb_javacmd" \ 71 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 72 | -Dfindbugs.home="$findbugs_home"\ 73 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 74 | 75 | # vim:ts=3 76 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/experimental/obfuscate: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | program="$0" 4 | 5 | # Follow symlinks until we get to the actual file. 6 | while [ -h "$program" ]; do 7 | link=`ls -ld "$program"` 8 | link=`expr "$link" : '.*-> \(.*\)'` 9 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 10 | # Relative 11 | dir=`dirname "$program"` 12 | program="$dir/$link" 13 | else 14 | # Absolute 15 | program="$link" 16 | fi 17 | done 18 | 19 | # Assume findbugs home directory is the parent 20 | # of the directory containing the script (which should 21 | # normally be "$findbugs_home/bin"). 22 | dir=`dirname "$program"` 23 | findbugs_home="$dir/.." 24 | 25 | # Handle FHS-compliant installations (e.g., Fink) 26 | if [ -d "$findbugs_home/share/findbugs" ]; then 27 | findbugs_home="$findbugs_home/share/findbugs" 28 | fi 29 | 30 | # Make absolute 31 | findbugs_home=`cd "$findbugs_home" && pwd` 32 | 33 | fb_pathsep=':' 34 | 35 | # Handle cygwin, courtesy of Peter D. Stout 36 | fb_osname=`uname` 37 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 38 | findbugs_home=`cygpath --mixed "$findbugs_home"` 39 | fb_pathsep=';' 40 | fi 41 | # Handle MKS, courtesy of Kelly O'Hair 42 | if [ "${fb_osname}" = "Windows_NT" ]; then 43 | fb_pathsep=';' 44 | fi 45 | 46 | if [ ! -d "$findbugs_home" ]; then 47 | echo "The path $findbugs_home," 48 | echo "which is where I think FindBugs is located," 49 | echo "does not seem to be a directory." 50 | exit 1 51 | fi 52 | 53 | # Choose default java binary 54 | fb_javacmd=java 55 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 56 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 57 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 58 | else 59 | fb_javacmd="$JAVA_HOME/bin/java" 60 | fi 61 | fi 62 | 63 | fb_mainclass=edu.umd.cs.findbugs.workflow.ObfuscateBugs 64 | 65 | fb_javacmd=${fb_javacmd:-"java"} 66 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 67 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 68 | set -f 69 | #echo command: \ 70 | exec "$fb_javacmd" \ 71 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 72 | -Dfindbugs.home="$findbugs_home"\ 73 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 74 | 75 | # vim:ts=3 76 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/experimental/treemapVisualization: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | program="$0" 4 | 5 | # Follow symlinks until we get to the actual file. 6 | while [ -h "$program" ]; do 7 | link=`ls -ld "$program"` 8 | link=`expr "$link" : '.*-> \(.*\)'` 9 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 10 | # Relative 11 | dir=`dirname "$program"` 12 | program="$dir/$link" 13 | else 14 | # Absolute 15 | program="$link" 16 | fi 17 | done 18 | 19 | # Assume findbugs home directory is the parent 20 | # of the directory containing the script (which should 21 | # normally be "$findbugs_home/bin"). 22 | dir=`dirname "$program"` 23 | findbugs_home="$dir/.." 24 | 25 | # Handle FHS-compliant installations (e.g., Fink) 26 | if [ -d "$findbugs_home/share/findbugs" ]; then 27 | findbugs_home="$findbugs_home/share/findbugs" 28 | fi 29 | 30 | # Make absolute 31 | findbugs_home=`cd "$findbugs_home" && pwd` 32 | 33 | fb_pathsep=':' 34 | 35 | # Handle cygwin, courtesy of Peter D. Stout 36 | fb_osname=`uname` 37 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 38 | findbugs_home=`cygpath --mixed "$findbugs_home"` 39 | fb_pathsep=';' 40 | fi 41 | # Handle MKS, courtesy of Kelly O'Hair 42 | if [ "${fb_osname}" = "Windows_NT" ]; then 43 | fb_pathsep=';' 44 | fi 45 | 46 | if [ ! -d "$findbugs_home" ]; then 47 | echo "The path $findbugs_home," 48 | echo "which is where I think FindBugs is located," 49 | echo "does not seem to be a directory." 50 | exit 1 51 | fi 52 | 53 | # Choose default java binary 54 | fb_javacmd=java 55 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 56 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 57 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 58 | else 59 | fb_javacmd="$JAVA_HOME/bin/java" 60 | fi 61 | fi 62 | 63 | fb_mainclass=edu.umd.cs.findbugs.workflow.TreemapVisualization 64 | 65 | fb_javacmd=${fb_javacmd:-"java"} 66 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 67 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 68 | set -f 69 | #echo command: \ 70 | exec "$fb_javacmd" \ 71 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 72 | -Dfindbugs.home="$findbugs_home"\ 73 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 74 | 75 | # vim:ts=3 76 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/fbwrap: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | # A convenient way to call the main() method of a class 4 | # in findbugs.jar. 5 | 6 | program="$0" 7 | 8 | # Follow symlinks until we get to the actual file. 9 | while [ -h "$program" ]; do 10 | link=`ls -ld "$program"` 11 | link=`expr "$link" : '.*-> \(.*\)'` 12 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 13 | # Relative 14 | dir=`dirname "$program"` 15 | program="$dir/$link" 16 | else 17 | # Absolute 18 | program="$link" 19 | fi 20 | done 21 | 22 | # Assume findbugs home directory is the parent 23 | # of the directory containing the script (which should 24 | # normally be "$findbugs_home/bin"). 25 | dir=`dirname "$program"` 26 | findbugs_home="$dir/.." 27 | 28 | # Handle FHS-compliant installations (e.g., Fink) 29 | if [ -d "$findbugs_home/share/findbugs" ]; then 30 | findbugs_home="$findbugs_home/share/findbugs" 31 | fi 32 | 33 | # Make absolute 34 | findbugs_home=`cd "$findbugs_home" && pwd` 35 | 36 | fb_pathsep=':' 37 | 38 | # Handle cygwin, courtesy of Peter D. Stout 39 | fb_osname=`uname` 40 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 41 | findbugs_home=`cygpath --mixed "$findbugs_home"` 42 | fb_pathsep=';' 43 | fi 44 | # Handle MKS, courtesy of Kelly O'Hair 45 | if [ "${fb_osname}" = "Windows_NT" ]; then 46 | fb_pathsep=';' 47 | fi 48 | 49 | if [ ! -d "$findbugs_home" ]; then 50 | echo "The path $findbugs_home," 51 | echo "which is where I think FindBugs is located," 52 | echo "does not seem to be a directory." 53 | exit 1 54 | fi 55 | 56 | # Choose default java binary 57 | fb_javacmd=java 58 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 59 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 60 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 61 | else 62 | fb_javacmd="$JAVA_HOME/bin/java" 63 | fi 64 | fi 65 | 66 | if [ $# -eq 0 ]; then 67 | echo "Usage: fbwrap
" 68 | exit 1 69 | fi 70 | 71 | fb_mainclass="$1" 72 | shift 73 | 74 | fb_javacmd=${fb_javacmd:-"java"} 75 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 76 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 77 | set -f 78 | #echo command: \ 79 | exec "$fb_javacmd" \ 80 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 81 | -Dfindbugs.home="$findbugs_home"\ 82 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 83 | 84 | # vim:ts=3 85 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/filterBugs: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | # General purpose utility for filtering/transforming 4 | # bug collection and/or historical bug collections 5 | 6 | program="$0" 7 | 8 | # Follow symlinks until we get to the actual file. 9 | while [ -h "$program" ]; do 10 | link=`ls -ld "$program"` 11 | link=`expr "$link" : '.*-> \(.*\)'` 12 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 13 | # Relative 14 | dir=`dirname "$program"` 15 | program="$dir/$link" 16 | else 17 | # Absolute 18 | program="$link" 19 | fi 20 | done 21 | 22 | # Assume findbugs home directory is the parent 23 | # of the directory containing the script (which should 24 | # normally be "$findbugs_home/bin"). 25 | dir=`dirname "$program"` 26 | findbugs_home="$dir/.." 27 | 28 | # Handle FHS-compliant installations (e.g., Fink) 29 | if [ -d "$findbugs_home/share/findbugs" ]; then 30 | findbugs_home="$findbugs_home/share/findbugs" 31 | fi 32 | 33 | # Make absolute 34 | findbugs_home=`cd "$findbugs_home" && pwd` 35 | 36 | fb_pathsep=':' 37 | 38 | # Handle cygwin, courtesy of Peter D. Stout 39 | fb_osname=`uname` 40 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 41 | findbugs_home=`cygpath --mixed "$findbugs_home"` 42 | fb_pathsep=';' 43 | fi 44 | # Handle MKS, courtesy of Kelly O'Hair 45 | if [ "${fb_osname}" = "Windows_NT" ]; then 46 | fb_pathsep=';' 47 | fi 48 | 49 | if [ ! -d "$findbugs_home" ]; then 50 | echo "The path $findbugs_home," 51 | echo "which is where I think FindBugs is located," 52 | echo "does not seem to be a directory." 53 | exit 1 54 | fi 55 | 56 | # Choose default java binary 57 | fb_javacmd=java 58 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 59 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 60 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 61 | else 62 | fb_javacmd="$JAVA_HOME/bin/java" 63 | fi 64 | fi 65 | 66 | fb_mainclass=edu.umd.cs.findbugs.workflow.Filter 67 | 68 | fb_javacmd=${fb_javacmd:-"java"} 69 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 70 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 71 | set -f 72 | #echo command: \ 73 | exec "$fb_javacmd" \ 74 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 75 | -Dfindbugs.home="$findbugs_home"\ 76 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 77 | 78 | # vim:ts=3 79 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/findbugs-csr: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | 4 | program="$0" 5 | 6 | # Follow symlinks until we get to the actual file. 7 | while [ -h "$program" ]; do 8 | link=`ls -ld "$program"` 9 | link=`expr "$link" : '.*-> \(.*\)'` 10 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 11 | # Relative 12 | dir=`dirname "$program"` 13 | program="$dir/$link" 14 | else 15 | # Absolute 16 | program="$link" 17 | fi 18 | done 19 | 20 | # Assume findbugs home directory is the parent 21 | # of the directory containing the script (which should 22 | # normally be "$findbugs_home/bin"). 23 | dir=`dirname "$program"` 24 | findbugs_home="$dir/.." 25 | 26 | # Handle FHS-compliant installations (e.g., Fink) 27 | if [ -d "$findbugs_home/share/findbugs" ]; then 28 | findbugs_home="$findbugs_home/share/findbugs" 29 | fi 30 | 31 | # Make absolute 32 | findbugs_home=`cd "$findbugs_home" && pwd` 33 | 34 | fb_pathsep=':' 35 | 36 | # Handle cygwin, courtesy of Peter D. Stout 37 | fb_osname=`uname` 38 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 39 | findbugs_home=`cygpath --mixed "$findbugs_home"` 40 | fb_pathsep=';' 41 | fi 42 | # Handle MKS, courtesy of Kelly O'Hair 43 | if [ "${fb_osname}" = "Windows_NT" ]; then 44 | fb_pathsep=';' 45 | fi 46 | 47 | if [ ! -d "$findbugs_home" ]; then 48 | echo "The path $findbugs_home," 49 | echo "which is where I think FindBugs is located," 50 | echo "does not seem to be a directory." 51 | exit 1 52 | fi 53 | 54 | # Choose default java binary 55 | fb_javacmd=java 56 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 57 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 58 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 59 | else 60 | fb_javacmd="$JAVA_HOME/bin/java" 61 | fi 62 | fi 63 | 64 | fb_mainclass=edu.umd.cs.findbugs.workflow.CloudSyncAndReport 65 | 66 | fb_javacmd=${fb_javacmd:-"java"} 67 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 68 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 69 | set -f 70 | #echo command: \ 71 | exec "$fb_javacmd" \ 72 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 73 | -Dfindbugs.home="$findbugs_home"\ 74 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 75 | 76 | # vim:ts=3 77 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/findbugs-dbStats: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | 4 | program="$0" 5 | 6 | # Follow symlinks until we get to the actual file. 7 | while [ -h "$program" ]; do 8 | link=`ls -ld "$program"` 9 | link=`expr "$link" : '.*-> \(.*\)'` 10 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 11 | # Relative 12 | dir=`dirname "$program"` 13 | program="$dir/$link" 14 | else 15 | # Absolute 16 | program="$link" 17 | fi 18 | done 19 | 20 | # Assume findbugs home directory is the parent 21 | # of the directory containing the script (which should 22 | # normally be "$findbugs_home/bin"). 23 | dir=`dirname "$program"` 24 | findbugs_home="$dir/.." 25 | 26 | # Handle FHS-compliant installations (e.g., Fink) 27 | if [ -d "$findbugs_home/share/findbugs" ]; then 28 | findbugs_home="$findbugs_home/share/findbugs" 29 | fi 30 | 31 | # Make absolute 32 | findbugs_home=`cd "$findbugs_home" && pwd` 33 | 34 | fb_pathsep=':' 35 | 36 | # Handle cygwin, courtesy of Peter D. Stout 37 | fb_osname=`uname` 38 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 39 | findbugs_home=`cygpath --mixed "$findbugs_home"` 40 | fb_pathsep=';' 41 | fi 42 | # Handle MKS, courtesy of Kelly O'Hair 43 | if [ "${fb_osname}" = "Windows_NT" ]; then 44 | fb_pathsep=';' 45 | fi 46 | 47 | if [ ! -d "$findbugs_home" ]; then 48 | echo "The path $findbugs_home," 49 | echo "which is where I think FindBugs is located," 50 | echo "does not seem to be a directory." 51 | exit 1 52 | fi 53 | 54 | # Choose default java binary 55 | fb_javacmd=java 56 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 57 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 58 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 59 | else 60 | fb_javacmd="$JAVA_HOME/bin/java" 61 | fi 62 | fi 63 | 64 | fb_mainclass=edu.umd.cs.findbugs.cloud.db.DBStats 65 | 66 | fb_javacmd=${fb_javacmd:-"java"} 67 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 68 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 69 | set -f 70 | #echo command: \ 71 | exec "$fb_javacmd" \ 72 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 73 | -Dfindbugs.home="$findbugs_home"\ 74 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 75 | 76 | # vim:ts=3 77 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/findbugs-msv: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | 4 | program="$0" 5 | 6 | # Follow symlinks until we get to the actual file. 7 | while [ -h "$program" ]; do 8 | link=`ls -ld "$program"` 9 | link=`expr "$link" : '.*-> \(.*\)'` 10 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 11 | # Relative 12 | dir=`dirname "$program"` 13 | program="$dir/$link" 14 | else 15 | # Absolute 16 | program="$link" 17 | fi 18 | done 19 | 20 | # Assume findbugs home directory is the parent 21 | # of the directory containing the script (which should 22 | # normally be "$findbugs_home/bin"). 23 | dir=`dirname "$program"` 24 | findbugs_home="$dir/.." 25 | 26 | # Handle FHS-compliant installations (e.g., Fink) 27 | if [ -d "$findbugs_home/share/findbugs" ]; then 28 | findbugs_home="$findbugs_home/share/findbugs" 29 | fi 30 | 31 | # Make absolute 32 | findbugs_home=`cd "$findbugs_home" && pwd` 33 | 34 | fb_pathsep=':' 35 | 36 | # Handle cygwin, courtesy of Peter D. Stout 37 | fb_osname=`uname` 38 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 39 | findbugs_home=`cygpath --mixed "$findbugs_home"` 40 | fb_pathsep=';' 41 | fi 42 | # Handle MKS, courtesy of Kelly O'Hair 43 | if [ "${fb_osname}" = "Windows_NT" ]; then 44 | fb_pathsep=';' 45 | fi 46 | 47 | if [ ! -d "$findbugs_home" ]; then 48 | echo "The path $findbugs_home," 49 | echo "which is where I think FindBugs is located," 50 | echo "does not seem to be a directory." 51 | exit 1 52 | fi 53 | 54 | # Choose default java binary 55 | fb_javacmd=java 56 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 57 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 58 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 59 | else 60 | fb_javacmd="$JAVA_HOME/bin/java" 61 | fi 62 | fi 63 | 64 | fb_mainclass=edu.umd.cs.findbugs.workflow.MergeSummarizeAndView 65 | 66 | fb_javacmd=${fb_javacmd:-"java"} 67 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 68 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 69 | set -f 70 | #echo command: \ 71 | exec "$fb_javacmd" \ 72 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 73 | -Dfindbugs.home="$findbugs_home"\ 74 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 75 | 76 | # vim:ts=3 77 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/findbugs.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/findbugs.ico -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/listBugDatabaseInfo: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | program="$0" 4 | 5 | # Follow symlinks until we get to the actual file. 6 | while [ -h "$program" ]; do 7 | link=`ls -ld "$program"` 8 | link=`expr "$link" : '.*-> \(.*\)'` 9 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 10 | # Relative 11 | dir=`dirname "$program"` 12 | program="$dir/$link" 13 | else 14 | # Absolute 15 | program="$link" 16 | fi 17 | done 18 | 19 | # Assume findbugs home directory is the parent 20 | # of the directory containing the script (which should 21 | # normally be "$findbugs_home/bin"). 22 | dir=`dirname "$program"` 23 | findbugs_home="$dir/.." 24 | 25 | # Handle FHS-compliant installations (e.g., Fink) 26 | if [ -d "$findbugs_home/share/findbugs" ]; then 27 | findbugs_home="$findbugs_home/share/findbugs" 28 | fi 29 | 30 | # Make absolute 31 | findbugs_home=`cd "$findbugs_home" && pwd` 32 | 33 | fb_pathsep=':' 34 | 35 | # Handle cygwin, courtesy of Peter D. Stout 36 | fb_osname=`uname` 37 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 38 | findbugs_home=`cygpath --mixed "$findbugs_home"` 39 | fb_pathsep=';' 40 | fi 41 | # Handle MKS, courtesy of Kelly O'Hair 42 | if [ "${fb_osname}" = "Windows_NT" ]; then 43 | fb_pathsep=';' 44 | fi 45 | 46 | if [ ! -d "$findbugs_home" ]; then 47 | echo "The path $findbugs_home," 48 | echo "which is where I think FindBugs is located," 49 | echo "does not seem to be a directory." 50 | exit 1 51 | fi 52 | 53 | # Choose default java binary 54 | fb_javacmd=java 55 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 56 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 57 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 58 | else 59 | fb_javacmd="$JAVA_HOME/bin/java" 60 | fi 61 | fi 62 | 63 | fb_mainclass=edu.umd.cs.findbugs.workflow.ListBugDatabaseInfo 64 | 65 | fb_javacmd=${fb_javacmd:-"java"} 66 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 67 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 68 | set -f 69 | #echo command: \ 70 | exec "$fb_javacmd" \ 71 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 72 | -Dfindbugs.home="$findbugs_home"\ 73 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 74 | 75 | # vim:ts=3 76 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/mineBugHistory: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | program="$0" 4 | 5 | # Follow symlinks until we get to the actual file. 6 | while [ -h "$program" ]; do 7 | link=`ls -ld "$program"` 8 | link=`expr "$link" : '.*-> \(.*\)'` 9 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 10 | # Relative 11 | dir=`dirname "$program"` 12 | program="$dir/$link" 13 | else 14 | # Absolute 15 | program="$link" 16 | fi 17 | done 18 | 19 | # Assume findbugs home directory is the parent 20 | # of the directory containing the script (which should 21 | # normally be "$findbugs_home/bin"). 22 | dir=`dirname "$program"` 23 | findbugs_home="$dir/.." 24 | 25 | # Handle FHS-compliant installations (e.g., Fink) 26 | if [ -d "$findbugs_home/share/findbugs" ]; then 27 | findbugs_home="$findbugs_home/share/findbugs" 28 | fi 29 | 30 | # Make absolute 31 | findbugs_home=`cd "$findbugs_home" && pwd` 32 | 33 | fb_pathsep=':' 34 | 35 | # Handle cygwin, courtesy of Peter D. Stout 36 | fb_osname=`uname` 37 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 38 | findbugs_home=`cygpath --mixed "$findbugs_home"` 39 | fb_pathsep=';' 40 | fi 41 | # Handle MKS, courtesy of Kelly O'Hair 42 | if [ "${fb_osname}" = "Windows_NT" ]; then 43 | fb_pathsep=';' 44 | fi 45 | 46 | if [ ! -d "$findbugs_home" ]; then 47 | echo "The path $findbugs_home," 48 | echo "which is where I think FindBugs is located," 49 | echo "does not seem to be a directory." 50 | exit 1 51 | fi 52 | 53 | # Choose default java binary 54 | fb_javacmd=java 55 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 56 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 57 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 58 | else 59 | fb_javacmd="$JAVA_HOME/bin/java" 60 | fi 61 | fi 62 | 63 | fb_mainclass=edu.umd.cs.findbugs.workflow.MineBugHistory 64 | 65 | fb_javacmd=${fb_javacmd:-"java"} 66 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 67 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 68 | set -f 69 | #echo command: \ 70 | exec "$fb_javacmd" \ 71 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 72 | -Dfindbugs.home="$findbugs_home"\ 73 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 74 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/printAppVersion: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | program="$0" 4 | 5 | # Follow symlinks until we get to the actual file. 6 | while [ -h "$program" ]; do 7 | link=`ls -ld "$program"` 8 | link=`expr "$link" : '.*-> \(.*\)'` 9 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 10 | # Relative 11 | dir=`dirname "$program"` 12 | program="$dir/$link" 13 | else 14 | # Absolute 15 | program="$link" 16 | fi 17 | done 18 | 19 | # Assume findbugs home directory is the parent 20 | # of the directory containing the script (which should 21 | # normally be "$findbugs_home/bin"). 22 | dir=`dirname "$program"` 23 | findbugs_home="$dir/.." 24 | 25 | # Handle FHS-compliant installations (e.g., Fink) 26 | if [ -d "$findbugs_home/share/findbugs" ]; then 27 | findbugs_home="$findbugs_home/share/findbugs" 28 | fi 29 | 30 | # Make absolute 31 | findbugs_home=`cd "$findbugs_home" && pwd` 32 | 33 | fb_pathsep=':' 34 | 35 | # Handle cygwin, courtesy of Peter D. Stout 36 | fb_osname=`uname` 37 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 38 | findbugs_home=`cygpath --mixed "$findbugs_home"` 39 | fb_pathsep=';' 40 | fi 41 | # Handle MKS, courtesy of Kelly O'Hair 42 | if [ "${fb_osname}" = "Windows_NT" ]; then 43 | fb_pathsep=';' 44 | fi 45 | 46 | if [ ! -d "$findbugs_home" ]; then 47 | echo "The path $findbugs_home," 48 | echo "which is where I think FindBugs is located," 49 | echo "does not seem to be a directory." 50 | exit 1 51 | fi 52 | 53 | # Choose default java binary 54 | fb_javacmd=java 55 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 56 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 57 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 58 | else 59 | fb_javacmd="$JAVA_HOME/bin/java" 60 | fi 61 | fi 62 | 63 | fb_mainclass=edu.umd.cs.findbugs.workflow.PrintAppVersion 64 | 65 | fb_javacmd=${fb_javacmd:-"java"} 66 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 67 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 68 | set -f 69 | #echo command: \ 70 | exec "$fb_javacmd" \ 71 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 72 | -Dfindbugs.home="$findbugs_home"\ 73 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 74 | 75 | # vim:ts=3 76 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/printClass: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | program="$0" 4 | 5 | # Follow symlinks until we get to the actual file. 6 | while [ -h "$program" ]; do 7 | link=`ls -ld "$program"` 8 | link=`expr "$link" : '.*-> \(.*\)'` 9 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 10 | # Relative 11 | dir=`dirname "$program"` 12 | program="$dir/$link" 13 | else 14 | # Absolute 15 | program="$link" 16 | fi 17 | done 18 | 19 | # Assume findbugs home directory is the parent 20 | # of the directory containing the script (which should 21 | # normally be "$findbugs_home/bin"). 22 | dir=`dirname "$program"` 23 | findbugs_home="$dir/.." 24 | 25 | # Handle FHS-compliant installations (e.g., Fink) 26 | if [ -d "$findbugs_home/share/findbugs" ]; then 27 | findbugs_home="$findbugs_home/share/findbugs" 28 | fi 29 | 30 | # Make absolute 31 | findbugs_home=`cd "$findbugs_home" && pwd` 32 | 33 | fb_pathsep=':' 34 | 35 | # Handle cygwin, courtesy of Peter D. Stout 36 | fb_osname=`uname` 37 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 38 | findbugs_home=`cygpath --mixed "$findbugs_home"` 39 | fb_pathsep=';' 40 | fi 41 | # Handle MKS, courtesy of Kelly O'Hair 42 | if [ "${fb_osname}" = "Windows_NT" ]; then 43 | fb_pathsep=';' 44 | fi 45 | 46 | if [ ! -d "$findbugs_home" ]; then 47 | echo "The path $findbugs_home," 48 | echo "which is where I think FindBugs is located," 49 | echo "does not seem to be a directory." 50 | exit 1 51 | fi 52 | 53 | # Choose default java binary 54 | fb_javacmd=java 55 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 56 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 57 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 58 | else 59 | fb_javacmd="$JAVA_HOME/bin/java" 60 | fi 61 | fi 62 | 63 | fb_mainclass=edu.umd.cs.findbugs.visitclass.PrintClass 64 | 65 | fb_javacmd=${fb_javacmd:-"java"} 66 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 67 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 68 | set -f 69 | #echo command: \ 70 | exec "$fb_javacmd" \ 71 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 72 | -Dfindbugs.home="$findbugs_home"\ 73 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 74 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/rejarForAnalysis: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | program="$0" 4 | 5 | # Follow symlinks until we get to the actual file. 6 | while [ -h "$program" ]; do 7 | link=`ls -ld "$program"` 8 | link=`expr "$link" : '.*-> \(.*\)'` 9 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 10 | # Relative 11 | dir=`dirname "$program"` 12 | program="$dir/$link" 13 | else 14 | # Absolute 15 | program="$link" 16 | fi 17 | done 18 | 19 | # Assume findbugs home directory is the parent 20 | # of the directory containing the script (which should 21 | # normally be "$findbugs_home/bin"). 22 | dir=`dirname "$program"` 23 | findbugs_home="$dir/.." 24 | 25 | # Handle FHS-compliant installations (e.g., Fink) 26 | if [ -d "$findbugs_home/share/findbugs" ]; then 27 | findbugs_home="$findbugs_home/share/findbugs" 28 | fi 29 | 30 | # Make absolute 31 | findbugs_home=`cd "$findbugs_home" && pwd` 32 | 33 | fb_pathsep=':' 34 | 35 | # Handle cygwin, courtesy of Peter D. Stout 36 | fb_osname=`uname` 37 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 38 | findbugs_home=`cygpath --mixed "$findbugs_home"` 39 | fb_pathsep=';' 40 | fi 41 | # Handle MKS, courtesy of Kelly O'Hair 42 | if [ "${fb_osname}" = "Windows_NT" ]; then 43 | fb_pathsep=';' 44 | fi 45 | 46 | if [ ! -d "$findbugs_home" ]; then 47 | echo "The path $findbugs_home," 48 | echo "which is where I think FindBugs is located," 49 | echo "does not seem to be a directory." 50 | exit 1 51 | fi 52 | 53 | # Choose default java binary 54 | fb_javacmd=java 55 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 56 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 57 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 58 | else 59 | fb_javacmd="$JAVA_HOME/bin/java" 60 | fi 61 | fi 62 | 63 | fb_mainclass=edu.umd.cs.findbugs.workflow.RejarClassesForAnalysis 64 | 65 | fb_javacmd=${fb_javacmd:-"java"} 66 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 67 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 68 | set -f 69 | #echo command: \ 70 | exec "$fb_javacmd" \ 71 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 72 | -Dfindbugs.home="$findbugs_home"\ 73 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 74 | 75 | # vim:ts=3 76 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/setBugDatabaseInfo: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | program="$0" 4 | 5 | # Follow symlinks until we get to the actual file. 6 | while [ -h "$program" ]; do 7 | link=`ls -ld "$program"` 8 | link=`expr "$link" : '.*-> \(.*\)'` 9 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 10 | # Relative 11 | dir=`dirname "$program"` 12 | program="$dir/$link" 13 | else 14 | # Absolute 15 | program="$link" 16 | fi 17 | done 18 | 19 | # Assume findbugs home directory is the parent 20 | # of the directory containing the script (which should 21 | # normally be "$findbugs_home/bin"). 22 | dir=`dirname "$program"` 23 | findbugs_home="$dir/.." 24 | 25 | # Handle FHS-compliant installations (e.g., Fink) 26 | if [ -d "$findbugs_home/share/findbugs" ]; then 27 | findbugs_home="$findbugs_home/share/findbugs" 28 | fi 29 | 30 | # Make absolute 31 | findbugs_home=`cd "$findbugs_home" && pwd` 32 | 33 | fb_pathsep=':' 34 | 35 | # Handle cygwin, courtesy of Peter D. Stout 36 | fb_osname=`uname` 37 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 38 | findbugs_home=`cygpath --mixed "$findbugs_home"` 39 | fb_pathsep=';' 40 | fi 41 | # Handle MKS, courtesy of Kelly O'Hair 42 | if [ "${fb_osname}" = "Windows_NT" ]; then 43 | fb_pathsep=';' 44 | fi 45 | 46 | if [ ! -d "$findbugs_home" ]; then 47 | echo "The path $findbugs_home," 48 | echo "which is where I think FindBugs is located," 49 | echo "does not seem to be a directory." 50 | exit 1 51 | fi 52 | 53 | # Choose default java binary 54 | fb_javacmd=java 55 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 56 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 57 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 58 | else 59 | fb_javacmd="$JAVA_HOME/bin/java" 60 | fi 61 | fi 62 | 63 | fb_mainclass=edu.umd.cs.findbugs.workflow.SetBugDatabaseInfo 64 | 65 | fb_javacmd=${fb_javacmd:-"java"} 66 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 67 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 68 | set -f 69 | #echo command: \ 70 | exec "$fb_javacmd" \ 71 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 72 | -Dfindbugs.home="$findbugs_home"\ 73 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 74 | 75 | # vim:ts=3 76 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/unionBugs: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | # Deprecated 4 | 5 | # Create the union of two results files, preserving 6 | # annotations in both files in the result. 7 | 8 | program="$0" 9 | 10 | # Follow symlinks until we get to the actual file. 11 | while [ -h "$program" ]; do 12 | link=`ls -ld "$program"` 13 | link=`expr "$link" : '.*-> \(.*\)'` 14 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 15 | # Relative 16 | dir=`dirname "$program"` 17 | program="$dir/$link" 18 | else 19 | # Absolute 20 | program="$link" 21 | fi 22 | done 23 | 24 | # Assume findbugs home directory is the parent 25 | # of the directory containing the script (which should 26 | # normally be "$findbugs_home/bin"). 27 | dir=`dirname "$program"` 28 | findbugs_home="$dir/.." 29 | 30 | # Handle FHS-compliant installations (e.g., Fink) 31 | if [ -d "$findbugs_home/share/findbugs" ]; then 32 | findbugs_home="$findbugs_home/share/findbugs" 33 | fi 34 | 35 | # Make absolute 36 | findbugs_home=`cd "$findbugs_home" && pwd` 37 | 38 | fb_pathsep=':' 39 | 40 | # Handle cygwin, courtesy of Peter D. Stout 41 | fb_osname=`uname` 42 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 43 | findbugs_home=`cygpath --mixed "$findbugs_home"` 44 | fb_pathsep=';' 45 | fi 46 | # Handle MKS, courtesy of Kelly O'Hair 47 | if [ "${fb_osname}" = "Windows_NT" ]; then 48 | fb_pathsep=';' 49 | fi 50 | 51 | if [ ! -d "$findbugs_home" ]; then 52 | echo "The path $findbugs_home," 53 | echo "which is where I think FindBugs is located," 54 | echo "does not seem to be a directory." 55 | exit 1 56 | fi 57 | 58 | # Choose default java binary 59 | fb_javacmd=java 60 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 61 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 62 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 63 | else 64 | fb_javacmd="$JAVA_HOME/bin/java" 65 | fi 66 | fi 67 | 68 | fb_mainclass=edu.umd.cs.findbugs.workflow.UnionResults 69 | 70 | fb_javacmd=${fb_javacmd:-"java"} 71 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 72 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 73 | set -f 74 | #echo command: \ 75 | exec "$fb_javacmd" \ 76 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 77 | -Dfindbugs.home="$findbugs_home"\ 78 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 79 | 80 | # vim:ts=3 81 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/bin/xpathFind: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | program="$0" 4 | 5 | # Follow symlinks until we get to the actual file. 6 | while [ -h "$program" ]; do 7 | link=`ls -ld "$program"` 8 | link=`expr "$link" : '.*-> \(.*\)'` 9 | if [ "`expr "$link" : '/.*'`" = 0 ]; then 10 | # Relative 11 | dir=`dirname "$program"` 12 | program="$dir/$link" 13 | else 14 | # Absolute 15 | program="$link" 16 | fi 17 | done 18 | 19 | # Assume findbugs home directory is the parent 20 | # of the directory containing the script (which should 21 | # normally be "$findbugs_home/bin"). 22 | dir=`dirname "$program"` 23 | findbugs_home="$dir/.." 24 | 25 | # Handle FHS-compliant installations (e.g., Fink) 26 | if [ -d "$findbugs_home/share/findbugs" ]; then 27 | findbugs_home="$findbugs_home/share/findbugs" 28 | fi 29 | 30 | # Make absolute 31 | findbugs_home=`cd "$findbugs_home" && pwd` 32 | 33 | fb_pathsep=':' 34 | 35 | # Handle cygwin, courtesy of Peter D. Stout 36 | fb_osname=`uname` 37 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 38 | findbugs_home=`cygpath --mixed "$findbugs_home"` 39 | fb_pathsep=';' 40 | fi 41 | # Handle MKS, courtesy of Kelly O'Hair 42 | if [ "${fb_osname}" = "Windows_NT" ]; then 43 | fb_pathsep=';' 44 | fi 45 | 46 | if [ ! -d "$findbugs_home" ]; then 47 | echo "The path $findbugs_home," 48 | echo "which is where I think FindBugs is located," 49 | echo "does not seem to be a directory." 50 | exit 1 51 | fi 52 | 53 | # Choose default java binary 54 | fb_javacmd=java 55 | if [ ! -z "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ]; then 56 | if [ `expr "$fb_osname" : CYGWIN` -ne 0 ]; then 57 | fb_javacmd=`cygpath --mixed "$JAVA_HOME"`/bin/java 58 | else 59 | fb_javacmd="$JAVA_HOME/bin/java" 60 | fi 61 | fi 62 | 63 | fb_mainclass=edu.umd.cs.findbugs.xml.XPathFind 64 | 65 | fb_javacmd=${fb_javacmd:-"java"} 66 | fb_maxheap=${fb_maxheap:-"-Xmx768m"} 67 | fb_appjar=${fb_appjar:-"$findbugs_home/lib/findbugs.jar"} 68 | set -f 69 | #echo command: \ 70 | exec "$fb_javacmd" \ 71 | -classpath "$fb_appjar$fb_pathsep$CLASSPATH" \ 72 | -Dfindbugs.home="$findbugs_home"\ 73 | $fb_maxheap $fb_jvmargs $fb_mainclass ${@:+"$@"} $fb_appargs 74 | 75 | # vim:ts=3 76 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/bug-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/bug-logo.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/buggy-sm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/buggy-sm.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/ITAsoftware.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/ITAsoftware.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/geoLocation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/geoLocation.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/geoMap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/geoMap.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/glassfish.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/glassfish.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/google.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/google.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/logo_umd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/logo_umd.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/nsf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/nsf.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/sat4j.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/sat4j.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/sleepycat.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/sleepycat.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/sun.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/customers/sun.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/eclipse-filters-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/eclipse-filters-icon.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/findbugs.css: -------------------------------------------------------------------------------- 1 | BODY { 2 | background: white; 3 | } 4 | 5 | A.plain { 6 | text-decoration: none; 7 | } 8 | 9 | A.sidebar { 10 | text-decoration: none; 11 | } 12 | 13 | A.sidebar:hover, A.sidebar:active { 14 | text-decoration: underline; 15 | } 16 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/guaranteedDereference.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/guaranteedDereference.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/infiniteRecursiveLoops.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/infiniteRecursiveLoops.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/informal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/informal.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/example-code.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/example-code.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/example-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/example-details.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/example.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/important.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/important.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/infiniteRecursiveLoops.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/infiniteRecursiveLoops.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/license.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 第13章 ライセンス
第13章 ライセンス
戻る   次へ

第13章 ライセンス

名称「FindBugs」および FindBugs のロゴは、メリーランド大学の登録商標です。FindBugs はフリーソフトウェアであり、 Lesser GNU Public License の条件で配布されています。使用承諾書を入手したい場合は、 FindBugs 配布物に含まれる LICENSE.txt ファイルを参照してください。

最新バージョンの FindBugs および そのソースコードは FindBugs web ページ で入手できます。

戻る   次へ
第12章 FindBugs™ によるデータ・マイニング ホーム 第14章 謝辞
-------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/note.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/note.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/project-dialog.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/project-dialog.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/warning.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/ja/manual/warning.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual-fo.xsl: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | 8 | 9 | 10 | 11 | 1 12 | 13 | 14 | 1 15 | 16 | 17 | manual/ 18 | 19 | 20 | manual/ 21 | 22 | 25 | 5in 26 | 27 | 28 | 1 29 | 30 | 31 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual.xsl: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 16 | 0 17 | 18 | 19 | manual/ 20 | 21 | 22 | 1 23 | 24 | 25 | 1 26 | 27 | 28 | 1 29 | 30 | 31 | 32 | 33 | 34 | 1 35 | 36 | 37 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/example-code.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/example-code.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/example-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/example-details.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/example.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/important.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/important.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/infiniteRecursiveLoops.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/infiniteRecursiveLoops.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/introduction.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | Chapter 1. Introduction
Chapter 1. Introduction
Prev   Next

Chapter 1. Introduction

Table of Contents

1. Requirements

FindBugs™ is a program to find bugs in Java programs. It looks for instances 4 | of "bug patterns" --- code instances that are likely to be errors.

This document describes version 2.0.3 of FindBugs.We 5 | are very interested in getting your feedback on FindBugs. Please visit 6 | the FindBugs web page for 7 | the latest information on FindBugs, contact information, and support resources such 8 | as information about the FindBugs mailing lists.

1. Requirements

To use FindBugs, you need a runtime environment compatible with 9 | Java 2 Standard Edition, version 1.5 or later. 10 | FindBugs is platform independent, and is known to run on GNU/Linux, Windows, and 11 | MacOS X platforms.

You should have at least 512 MB of memory to use FindBugs. 12 | To analyze very large projects, more memory may be needed.

Prev   Next
FindBugs™ Manual Home Chapter 2. Installing FindBugs
-------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/license.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | Chapter 13. License
Chapter 13. License
Prev   Next

Chapter 13. License

4 | The name FindBugs and the FindBugs logo is trademarked by the University 5 | of Maryland. 6 | FindBugs is free software distributed under the terms of the 7 | Lesser GNU Public License. 8 | You should have received a copy of the license in the file LICENSE.txt 9 | in the FindBugs distribution. 10 |

11 | You can find the latest version of FindBugs, along with its source code, from the 12 | FindBugs web page. 13 |

Prev   Next
Chapter 12. Data mining of bugs with FindBugs™ Home Chapter 14. Acknowledgments
-------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/note.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/note.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/project-dialog.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/project-dialog.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/warning.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/manual/warning.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/performingARelease.txt: -------------------------------------------------------------------------------- 1 | Create a directory that contains exactly all the files to upload. For example: 2 | eclipsePlugin-1.3.6.20081104-source.zip findbugs-1.3.6-rc3-source.zip findbugs-1.3.6-rc3.zip 3 | edu.umd.cs.findbugs.plugin.eclipse_1.3.6.20081104.zip findbugs-1.3.6-rc3.tar.gz 4 | 5 | cd to that directory 6 | sftp username,findbugs@frs.sourceforge.net 7 | sftp> cd /home/frs/project/f/fi/findbugs/findbugs/RELEASE 8 | sftp> mput findbugs-* 9 | sftp> cd "../../findbugs eclipse plugin/RELEASE 10 | fstp> mput edu.* eclipsePlugin* 11 | fstp> quit 12 | 13 | Add releases via: 14 | https://sourceforge.net/project/admin/editpackages.php?group_id=96405 15 | 16 | 17 | release daily/candidate/final eclipse plugins 18 | 19 | From findbugs directory, do: 20 | rsync -avz web/ username,findbugs@web.sourceforge.net:htdocs/ 21 | 22 | For a full release, make a branch in the svn repository: 23 | 24 | 25 | svn copy "https://findbugs.googlecode.com/svn/trunk" "https://findbugs.googlecode.com/svn/branches/1.X.X" 26 | 27 | For a release candidate, send email to findbugs-discuss and findbugs-core. For a full release, send email to findbugs-announce. 28 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/pluginStructure.txt: -------------------------------------------------------------------------------- 1 | 2 | We have a list of plugins. 3 | 4 | In any particular context, some plugins are enabled. 5 | 6 | DetectorFactoryCollection: 7 | Core plugin 8 | Collection of plugins 9 | Collection of DetectorFactories 10 | Adjustment ranker 11 | 12 | I18N 13 | ResourceBundles 14 | bugPatternMap 15 | bugCodeMap 16 | categoryDescriptionMap 17 | 18 | Plugin 19 | collection of DetectorFactory 20 | bug patterns, codes, etc. 21 | component plugins 22 | bug ranker 23 | enabled 24 | plugin loader 25 | 26 | CloudFactory 27 | registeredClouds 28 | 29 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/plugins.txt: -------------------------------------------------------------------------------- 1 | 2 | Plugins can be specified in three different ways: 3 | * For a standard FindBugd distro, they can be put into the plugins directory 4 | * For a JAWS distro, the file pluginlist.properties contains 5 | a list of URLs to plugins. These URLs can be relative or absolute. If they 6 | are absolute, they are relative to jar file that contained the pluginlist.properties 7 | file. 8 | * You can define properties findbugs.plugin.*. Each such property defines a URL 9 | for a plugin 10 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/pressRelease.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/pressRelease.pdf -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/umdFindbugs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/doc/umdFindbugs.png -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/annotations.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/annotations.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/ant.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/ant.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/asm-3.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/asm-3.3.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/asm-analysis-3.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/asm-analysis-3.3.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/asm-commons-3.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/asm-commons-3.3.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/asm-tree-3.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/asm-tree-3.3.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/asm-util-3.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/asm-util-3.3.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/asm-xml-3.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/asm-xml-3.3.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/bcel.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/bcel.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/buggy.icns: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/buggy.icns -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/commons-lang-2.6.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/commons-lang-2.6.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/dom4j-1.6.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/dom4j-1.6.1.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/findbugs-ant.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/findbugs-ant.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/findbugs.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/findbugs.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/jFormatString.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/jFormatString.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/jaxen-1.1.6.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/jaxen-1.1.6.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/jcip-annotations.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/jcip-annotations.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/jdepend-2.9.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/jdepend-2.9.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/jsr305.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/jsr305.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/yjp-controller-api-redist.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/lib/yjp-controller-api-redist.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/optionalPlugin/bugCollectionCloud.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/optionalPlugin/bugCollectionCloud.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/optionalPlugin/poweruser.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/optionalPlugin/poweruser.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/plugin/README: -------------------------------------------------------------------------------- 1 | 2 | Put the jar files for FindBugs plugins in this directory. 3 | For example, you can download the fb-contrib plugin from: 4 | http://fb-contrib.sourceforge.net/ 5 | 6 | You should carefully evaluate any FindBugs plugins to determine whether 7 | the issues they report are suitable and appropriate for your project. 8 | 9 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/plugin/noUpdateChecks.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findbugs-2.0.3/plugin/noUpdateChecks.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findsecbug-plugin/findsecbugs-plugin-1.2.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/findsecbug-plugin/findsecbugs-plugin-1.2.0.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/MyXMLTest.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/MyXMLTest.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/Piccolo.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/Piccolo.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/dom4j-1.6.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/dom4j-1.6.1.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/jaxen-1.1-beta-6.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/jaxen-1.1-beta-6.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/jaxen-1.1.6.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/jaxen-1.1.6.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/jdom-2.0.5.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/jdom-2.0.5.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/kxml2-2.3.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/kxml2-2.3.0.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/pull-parser-2.1.10.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/pull-parser-2.1.10.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/resolver.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/resolver.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/serializer.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/serializer.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/stax2-api-3.1.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/stax2-api-3.1.1.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/woodstox-core-asl-4.2.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/woodstox-core-asl-4.2.0.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/woodstox-core-lgpl-4.2.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/woodstox-core-lgpl-4.2.0.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/xercesImpl.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/xercesImpl.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/xml-apis.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/lib/xml-apis.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/play_2.0.7.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/play_2.0.7.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/play_2.0.8.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/play_2.0.8.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/play_2.14.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/play_2.14.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/play_2.15.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/FindBugs Test Results/findbugs-noUpdateChecks-2.0.3/test data/play_2.15.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/MyXMLTest.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/MyXMLTest.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/Read Me.txt: -------------------------------------------------------------------------------- 1 | The .txt files are the results of running XXEBugFind on the appropriate jar files. 2 | Use --h option to see how to use XXEBugFind 3 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/igpp.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/igpp.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/Piccolo.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/Piccolo.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/dom4j-1.6.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/dom4j-1.6.1.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/jaxen-1.1-beta-6.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/jaxen-1.1-beta-6.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/jaxen-1.1.6.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/jaxen-1.1.6.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/jdom-2.0.5.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/jdom-2.0.5.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/kxml2-2.3.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/kxml2-2.3.0.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/pull-parser-2.1.10.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/pull-parser-2.1.10.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/resolver.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/resolver.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/serializer.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/serializer.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/stax2-api-3.1.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/stax2-api-3.1.1.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/woodstox-core-asl-4.2.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/woodstox-core-asl-4.2.0.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/woodstox-core-lgpl-4.2.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/woodstox-core-lgpl-4.2.0.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/xercesImpl.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/xercesImpl.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/xml-apis.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/lib/xml-apis.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/play_2.0.7.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/play_2.0.7.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/play_2.0.7.txt: -------------------------------------------------------------------------------- 1 | 2 | 1 variant(s) of xxe vulnerabilities found 3 | XXE Variant-1 due to using DocumentBuilder API. See detail: 4 | javax.xml.parsers.DocumentBuilder.parse(org.xml.sax.InputSource);. 5 | 1 occurrence(s) at: 6 | * class: play.libs.XML method: public static org.w3c.dom.Document fromInputStream(java.io.InputStream, java.lang.String) at line 53 7 | Reason: A call to DocumentBuilderFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); or DocumentBuilderFactory.setFeature("http://xml.org/sax/features/external-general-entities", false); should be made before using parsers created from them i.e., before using DocumentBuilder.parse(...) methods 8 | Exploitation route(s) 9 | * [play.libs.WS$Response: org.w3c.dom.Document asXml()] --> [play.libs.XML: org.w3c.dom.Document fromInputStream(java.io.InputStream,java.lang.String)] --> [javax.xml.parsers.DocumentBuilder: org.w3c.dom.Document parse(org.xml.sax.InputSource)] 10 | * [play.core.j.JavaParsers$DefaultRequestBody$$anonfun$asXml$1: java.lang.Object apply(java.lang.Object)] --> [play.core.j.JavaParsers$DefaultRequestBody$$anonfun$asXml$1: org.w3c.dom.Document apply(scala.xml.NodeSeq)] --> [play.libs.XML: org.w3c.dom.Document fromString(java.lang.String)] --> [play.libs.XML: org.w3c.dom.Document fromInputStream(java.io.InputStream,java.lang.String)] --> [javax.xml.parsers.DocumentBuilder: org.w3c.dom.Document parse(org.xml.sax.InputSource)] 11 | 12 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/play_2.0.8.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/play_2.0.8.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/play_2.0.8.txt: -------------------------------------------------------------------------------- 1 | 2 | 1 variant(s) of xxe vulnerabilities found 3 | XXE Variant-1 due to using DocumentBuilder API. See detail: 4 | javax.xml.parsers.DocumentBuilder.parse(org.xml.sax.InputSource);. 5 | 1 occurrence(s) at: 6 | * class: play.libs.XML method: public static org.w3c.dom.Document fromInputStream(java.io.InputStream, java.lang.String) at line 53 7 | Reason: A call to DocumentBuilderFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); or DocumentBuilderFactory.setFeature("http://xml.org/sax/features/external-general-entities", false); should be made before using parsers created from them i.e., before using DocumentBuilder.parse(...) methods 8 | Exploitation route(s) 9 | * [play.libs.WS$Response: org.w3c.dom.Document asXml()] --> [play.libs.XML: org.w3c.dom.Document fromInputStream(java.io.InputStream,java.lang.String)] --> [javax.xml.parsers.DocumentBuilder: org.w3c.dom.Document parse(org.xml.sax.InputSource)] 10 | * [play.core.j.JavaParsers$DefaultRequestBody$$anonfun$asXml$1: java.lang.Object apply(java.lang.Object)] --> [play.core.j.JavaParsers$DefaultRequestBody$$anonfun$asXml$1: org.w3c.dom.Document apply(scala.xml.NodeSeq)] --> [play.libs.XML: org.w3c.dom.Document fromString(java.lang.String)] --> [play.libs.XML: org.w3c.dom.Document fromInputStream(java.io.InputStream,java.lang.String)] --> [javax.xml.parsers.DocumentBuilder: org.w3c.dom.Document parse(org.xml.sax.InputSource)] 11 | 12 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/play_2.14.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/play_2.14.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/play_2.14.txt: -------------------------------------------------------------------------------- 1 | 2 | 1 variant(s) of xxe vulnerabilities found 3 | XXE Variant-1 due to using DocumentBuilder API. See detail: 4 | javax.xml.parsers.DocumentBuilder.parse(org.xml.sax.InputSource);. 5 | 1 occurrence(s) at: 6 | * class: play.libs.XML method: public static org.w3c.dom.Document fromInputStream(java.io.InputStream, java.lang.String) at line 48 7 | Reason: A call to DocumentBuilderFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); or DocumentBuilderFactory.setFeature("http://xml.org/sax/features/external-general-entities", false); should be made before using parsers created from them i.e., before using DocumentBuilder.parse(...) methods 8 | Exploitation route(s) 9 | * [play.core.j.JavaParsers$DefaultRequestBody$$anonfun$asXml$1: java.lang.Object apply(java.lang.Object)] --> [play.core.j.JavaParsers$DefaultRequestBody$$anonfun$asXml$1: org.w3c.dom.Document apply(scala.xml.NodeSeq)] --> [play.libs.XML: org.w3c.dom.Document fromString(java.lang.String)] --> [play.libs.XML: org.w3c.dom.Document fromInputStream(java.io.InputStream,java.lang.String)] --> [javax.xml.parsers.DocumentBuilder: org.w3c.dom.Document parse(org.xml.sax.InputSource)] 10 | 11 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/play_2.15.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/play_2.15.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Evaluation Results/Evaluation Results/XXEBugFind Test Results/play_2.15.txt: -------------------------------------------------------------------------------- 1 | 2 | 1 variant(s) of xxe vulnerabilities found 3 | XXE Variant-1 due to using DocumentBuilder API. See detail: 4 | javax.xml.parsers.DocumentBuilder.parse(org.xml.sax.InputSource);. 5 | 1 occurrence(s) at: 6 | * class: play.libs.XML method: public static org.w3c.dom.Document fromInputStream(java.io.InputStream, java.lang.String) at line 48 7 | Reason: A call to DocumentBuilderFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); or DocumentBuilderFactory.setFeature("http://xml.org/sax/features/external-general-entities", false); should be made before using parsers created from them i.e., before using DocumentBuilder.parse(...) methods 8 | Exploitation route(s) 9 | * [play.core.j.JavaParsers$DefaultRequestBody$$anonfun$asXml$1: java.lang.Object apply(java.lang.Object)] --> [play.core.j.JavaParsers$DefaultRequestBody$$anonfun$asXml$1: org.w3c.dom.Document apply(scala.xml.NodeSeq)] --> [play.libs.XML: org.w3c.dom.Document fromString(java.lang.String)] --> [play.libs.XML: org.w3c.dom.Document fromInputStream(java.io.InputStream,java.lang.String)] --> [javax.xml.parsers.DocumentBuilder: org.w3c.dom.Document parse(org.xml.sax.InputSource)] 10 | 11 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Standalone/README.TXT: -------------------------------------------------------------------------------- 1 | ======================== 2 | BUILD OUTPUT DESCRIPTION 3 | ======================== 4 | 5 | When you build an Java application project that has a main class, the IDE 6 | automatically copies all of the JAR 7 | files on the projects classpath to your projects dist/lib folder. The IDE 8 | also adds each of the JAR files to the Class-Path element in the application 9 | JAR files manifest file (MANIFEST.MF). 10 | 11 | To run the project from the command line, go to the dist folder and 12 | type the following: 13 | 14 | java -jar "XXEBugFind.jar" 15 | 16 | To distribute this project, zip up the dist folder (including the lib folder) 17 | and distribute the ZIP file. 18 | 19 | Notes: 20 | 21 | * If two JAR files on the project classpath have the same name, only the first 22 | JAR file is copied to the lib folder. 23 | * Only JAR files are copied to the lib folder. 24 | If the classpath contains other types of files or folders, these files (folders) 25 | are not copied. 26 | * If a library on the projects classpath also has a Class-Path element 27 | specified in the manifest,the content of the Class-Path element has to be on 28 | the projects runtime path. 29 | * To set a main class in a standard Java project, right-click the project node 30 | in the Projects window and choose Properties. Then click Run and enter the 31 | class name in the Main Class field. Alternatively, you can manually type the 32 | class name in the manifest Main-Class element. 33 | -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Standalone/XXEBugFind.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Standalone/XXEBugFind.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Standalone/lib/junit-4.10.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Standalone/lib/junit-4.10.jar -------------------------------------------------------------------------------- /XXEBugFind/XXEBugFind Standalone/lib/soot-2.5.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/XXEBugFind Standalone/lib/soot-2.5.0.jar -------------------------------------------------------------------------------- /XXEBugFind/build.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Builds, tests, and runs the project XXEBugFind. 12 | 13 | 73 | 74 | -------------------------------------------------------------------------------- /XXEBugFind/junit-4.10-lib/junit-4.10.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/junit-4.10-lib/junit-4.10.jar -------------------------------------------------------------------------------- /XXEBugFind/manifest.mf: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | X-COMMENT: Main-Class will be added automatically by build 3 | 4 | -------------------------------------------------------------------------------- /XXEBugFind/nbproject/genfiles.properties: -------------------------------------------------------------------------------- 1 | build.xml.data.CRC32=3e59cd1b 2 | build.xml.script.CRC32=a6530a29 3 | build.xml.stylesheet.CRC32=8064a381@1.68.1.46 4 | # This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml. 5 | # Do not edit this file. You may delete it but then the IDE will never regenerate such files for you. 6 | nbproject/build-impl.xml.data.CRC32=3e59cd1b 7 | nbproject/build-impl.xml.script.CRC32=4f31d35a 8 | nbproject/build-impl.xml.stylesheet.CRC32=5a01deb7@1.68.1.46 9 | -------------------------------------------------------------------------------- /XXEBugFind/nbproject/project.properties: -------------------------------------------------------------------------------- 1 | annotation.processing.enabled=true 2 | annotation.processing.enabled.in.editor=false 3 | annotation.processing.processors.list= 4 | annotation.processing.run.all.processors=true 5 | annotation.processing.source.output=${build.generated.sources.dir}/ap-source-output 6 | application.title=XXEBugFind 7 | application.vendor=xiin 8 | build.classes.dir=${build.dir}/classes 9 | build.classes.excludes=**/*.java,**/*.form 10 | # This directory is removed when the project is cleaned: 11 | build.dir=build 12 | build.generated.dir=${build.dir}/generated 13 | build.generated.sources.dir=${build.dir}/generated-sources 14 | # Only compile against the classpath explicitly listed here: 15 | build.sysclasspath=ignore 16 | build.test.classes.dir=${build.dir}/test/classes 17 | build.test.results.dir=${build.dir}/test/results 18 | # Uncomment to specify the preferred debugger connection transport: 19 | #debug.transport=dt_socket 20 | debug.classpath=\ 21 | ${run.classpath} 22 | debug.test.classpath=\ 23 | ${run.test.classpath} 24 | # Files in build.classes.dir which should be excluded from distribution jar 25 | dist.archive.excludes= 26 | # This directory is removed when the project is cleaned: 27 | dist.dir=dist 28 | dist.jar=${dist.dir}/XXEBugFind.jar 29 | dist.javadoc.dir=${dist.dir}/javadoc 30 | endorsed.classpath= 31 | excludes= 32 | file.reference.junit-4.10.jar=junit-4.10-lib/junit-4.10.jar 33 | file.reference.soot-2.5.0.jar=soot-2.5.0-lib\\soot-2.5.0.jar 34 | includes=** 35 | jar.compress=false 36 | javac.classpath=\ 37 | ${file.reference.junit-4.10.jar}:\ 38 | ${file.reference.soot-2.5.0.jar} 39 | # Space-separated list of extra javac options 40 | javac.compilerargs= 41 | javac.deprecation=false 42 | javac.processorpath=\ 43 | ${javac.classpath} 44 | javac.source=1.7 45 | javac.target=1.7 46 | javac.test.classpath=\ 47 | ${javac.classpath}:\ 48 | ${build.classes.dir}:\ 49 | ${file.reference.junit-4.10.jar} 50 | javac.test.processorpath=\ 51 | ${javac.test.classpath} 52 | javadoc.additionalparam= 53 | javadoc.author=false 54 | javadoc.encoding=${source.encoding} 55 | javadoc.noindex=false 56 | javadoc.nonavbar=false 57 | javadoc.notree=false 58 | javadoc.private=false 59 | javadoc.splitindex=true 60 | javadoc.use=true 61 | javadoc.version=false 62 | javadoc.windowtitle= 63 | main.class=bugfind.main.BugFindMain 64 | manifest.file=manifest.mf 65 | meta.inf.dir=${src.dir}/META-INF 66 | mkdist.disabled=false 67 | platform.active=default_platform 68 | run.classpath=\ 69 | ${javac.classpath}:\ 70 | ${build.classes.dir} 71 | # Space-separated list of JVM arguments used when running the project. 72 | # You may also define separate properties like run-sys-prop.name=value instead of -Dname=value. 73 | # To set system properties for unit tests define test-sys-prop.name=value: 74 | run.jvmargs= 75 | run.test.classpath=\ 76 | ${javac.test.classpath}:\ 77 | ${build.test.classes.dir} 78 | source.encoding=UTF-8 79 | src.dir=src 80 | test.src.dir=test 81 | -------------------------------------------------------------------------------- /XXEBugFind/nbproject/project.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | org.netbeans.modules.java.j2seproject 4 | 5 | 6 | XXEBugFind 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /XXEBugFind/soot-2.5.0-lib/soot-2.5.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/soot-2.5.0-lib/soot-2.5.0.jar -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/a/PrettyPrinter.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/a/PrettyPrinter.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/b/PrettyPrinter2.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/b/PrettyPrinter2.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/dom4j/Dom4JExample.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/dom4j/Dom4JExample.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/jaxb/JAXBExample.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/jaxb/JAXBExample.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/kxml2/KXMLExample.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/kxml2/KXMLExample.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/mydom/DomParserExample.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/mydom/DomParserExample.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/myjdom/PrettyPrinter.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/myjdom/PrettyPrinter.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/mysax/SAXParserExample.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/mysax/SAXParserExample.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/mysax2/XMLReaderExample.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/mysax2/XMLReaderExample.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/myxmltest/Employee.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/myxmltest/Employee.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/myxmltest/GUIFrame$1.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/myxmltest/GUIFrame$1.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/myxmltest/GUIFrame$2.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/myxmltest/GUIFrame$2.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/myxmltest/GUIFrame$3.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/myxmltest/GUIFrame$3.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/myxmltest/GUIFrame$4.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/myxmltest/GUIFrame$4.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/myxmltest/GUIFrame.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/myxmltest/GUIFrame.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/myxmltest/MyDefaultHandler.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/myxmltest/MyDefaultHandler.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/myxmltest/MyXMLTest.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/myxmltest/MyXMLTest.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/myxmltest/basic/Utils.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/myxmltest/basic/Utils.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/piccolotest/MyPiccoloExample.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/piccolotest/MyPiccoloExample.class -------------------------------------------------------------------------------- /XXEBugFind/sootOutput/stax/StAXExample.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/sootOutput/stax/StAXExample.class -------------------------------------------------------------------------------- /XXEBugFind/src/bugfind/sootadapters/SootMethodWrapper.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.sootadapters; 8 | 9 | import soot.SootMethod; 10 | 11 | /** 12 | * A soot method wrapper 13 | * @author Mikosh 14 | */ 15 | public class SootMethodWrapper { 16 | private SootMethod sootMethod; 17 | 18 | /** 19 | * Creates a new soot method wrapper 20 | * @param sootMethod 21 | */ 22 | public SootMethodWrapper(SootMethod sootMethod) { 23 | this.sootMethod = sootMethod; 24 | } 25 | 26 | /** 27 | * @return the sootMethod 28 | */ 29 | public SootMethod getSootMethod() { 30 | return sootMethod; 31 | } 32 | 33 | /** 34 | * @param sootMethod the sootMethod to set 35 | */ 36 | public void setSootMethod(SootMethod sootMethod) { 37 | this.sootMethod = sootMethod; 38 | } 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | } 48 | -------------------------------------------------------------------------------- /XXEBugFind/src/bugfind/sootadapters/ValueString.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.sootadapters; 8 | 9 | /** 10 | * Encapsulates the value of a variable in string form. It stores the type, name and value as a string. For simple 11 | * types like int, float, char, the value can retrieved by appropriate conversion mechanisms. 12 | * It has only getter methods to make these objects immutable. 13 | * @author Mikosh 14 | */ 15 | public class ValueString { 16 | private String type; 17 | private String name; 18 | private String value; 19 | 20 | /** 21 | * Creates a new ValueString object 22 | * @param type the type pf the variable 23 | * @param name the name of the variable 24 | * @param value the string form corresponding to the value of the variable 25 | */ 26 | public ValueString(String type, String name, String value) { 27 | this.type = type; 28 | this.name = name; 29 | this.value = value; 30 | } 31 | 32 | 33 | @Override 34 | public String toString() { 35 | StringBuilder sb = new StringBuilder(); 36 | sb.append("Type: ").append(getType()).append(" Name: ") 37 | .append(getName()).append(" Value: ").append(getValue()); 38 | return sb.toString(); 39 | } 40 | 41 | /** 42 | * @return the type 43 | */ 44 | public String getType() { 45 | return type; 46 | } 47 | 48 | /** 49 | * @return the name 50 | */ 51 | public String getName() { 52 | return name; 53 | } 54 | 55 | /** 56 | * @return the value 57 | */ 58 | public String getValue() { 59 | return value; 60 | } 61 | 62 | 63 | 64 | 65 | } 66 | -------------------------------------------------------------------------------- /XXEBugFind/src/bugfind/sootadapters/Variable.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.sootadapters; 8 | 9 | /** 10 | * This is Variable object and denotes a variable. It provides a uniform interface for soot's JimpleLocal, JInstanceFieldRef, etc 11 | * It hold enough information about the variable like the name, type and level (either static, field or local). 12 | * @author Mikosh 13 | */ 14 | public class Variable { 15 | /** 16 | * The three allowable levels of a variable 17 | */ 18 | public static final int STATIC_VARIABLE = - 5, FIELD_VARIABLE = -10, LOCAL_VARIABLE = -2; 19 | /** 20 | * The name of the variable 21 | */ 22 | private String name; 23 | 24 | /** 25 | * The type of the variable 26 | */ 27 | private String type; 28 | 29 | /** 30 | * The level of the variable 31 | */ 32 | private int level; 33 | 34 | /** 35 | * Constructs a Variable object when given the name, type and level 36 | * @param name the name of the variable 37 | * @param type the type of the variable 38 | * @param level the level of the variable. Values are either (Variable.STATIC_VARIABLE, FIELD_VARIABLE, LOCAL_VARIABLE) 39 | */ 40 | public Variable(String name, String type, int level) { 41 | this.name = name; 42 | this.type = type; 43 | this.level = level; 44 | } 45 | 46 | 47 | /** 48 | * Returns true if this variable is static, or false otherwise 49 | * @return true if this variable is static, or false otherwise 50 | */ 51 | public boolean isStatic() { 52 | return (getLevel() == STATIC_VARIABLE); 53 | } 54 | 55 | /** 56 | * Returns true if this variable is static, or false otherwise 57 | * @return true if this variable is static, or false otherwise 58 | */ 59 | public boolean isLocal() { 60 | return (getLevel() == LOCAL_VARIABLE); 61 | } 62 | 63 | /** 64 | * true if this variable is a field, or false otherwise 65 | * @return true if this variable is a field, or false otherwise 66 | */ 67 | public boolean isField() { 68 | return (getLevel() == FIELD_VARIABLE); 69 | } 70 | 71 | @Override 72 | public String toString() { 73 | StringBuilder sb = new StringBuilder("var-name: "); 74 | sb.append(getName()).append(" var-type: ").append(getType()).append(" var-level: "); 75 | switch (getLevel()) { 76 | case LOCAL_VARIABLE: 77 | sb.append("LOCAL_VAR"); 78 | break; 79 | case FIELD_VARIABLE: 80 | sb.append("FIELD_VAR"); 81 | break; 82 | case STATIC_VARIABLE: 83 | sb.append("STATIC_VAR"); 84 | break; 85 | default: 86 | sb.append("UNKNOWN_VAR_LEVEL"); 87 | 88 | } 89 | return sb.toString(); 90 | } 91 | 92 | /** 93 | * @return the name 94 | */ 95 | public String getName() { 96 | return name; 97 | } 98 | 99 | /** 100 | * @return the type 101 | */ 102 | public String getType() { 103 | return type; 104 | } 105 | 106 | /** 107 | * @return the level 108 | */ 109 | public int getLevel() { 110 | return level; 111 | } 112 | 113 | 114 | 115 | 116 | } 117 | -------------------------------------------------------------------------------- /XXEBugFind/src/bugfind/utils/misc/BugFindConstants.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.utils.misc; 8 | 9 | /** 10 | * 11 | * @author Mikosh 12 | */ 13 | public class BugFindConstants { 14 | /** 15 | * Indicates that the output format should be in XML format when the option -f is specified via command line 16 | * e.g. -f xml 17 | */ 18 | public static final String XML_FORMAT = "xml"; 19 | 20 | /** 21 | * Indicates that the output format should be in text format when the option -f is specified via command line 22 | * e.g. -f text 23 | */ 24 | public static final String TEXT_FORMAT = "text"; 25 | 26 | /** 27 | * Indicates that the output format should be in HTML format when the option -f is specified via command line 28 | * e.g. -f html 29 | * Note: currently not yet supported 30 | */ 31 | public static final String HTML_FORMAT = "html"; 32 | 33 | /** 34 | * XXE BugFind app version 35 | */ 36 | public static final String APP_VERSION = "1.0"; 37 | 38 | 39 | // public static final String DEFAULT_RT_STRING = "C:\\Users\\Mikosh\\Documents\\Netbeans Libs\\Code Analysers\\soot\\sootall-2.5.0\\soot-2.5.0\\lib\\soot-2.5.0.jar;" 40 | // + "C:\\Program Files\\Java\\jre7\\lib\\resources.jar;C:\\Program Files\\Java\\jre7\\lib\\rt.jar;C:\\Program Files\\Java\\jre7\\lib\\jsse.jar;C:\\Program Files\\Java\\jre7\\lib\\jce.jar;C:\\Program Files\\Java\\jre7\\lib\\charsets.jar;C:\\Program Files\\Java\\jre7\\lib\\jfr.jar;C:\\Program Files\\Java\\jre7\\lib\\ext\\access-bridge-64.jar;C:\\Program Files\\Java\\jre7\\lib\\ext\\dnsns.jar;C:\\Program Files\\Java\\jre7\\lib\\ext\\jaccess.jar;C:\\Program Files\\Java\\jre7\\lib\\ext\\localedata.jar;C:\\Program Files\\Java\\jre7\\lib\\ext\\sunec.jar;C:\\Program Files\\Java\\jre7\\lib\\ext\\sunjce_provider.jar;C:\\Program Files\\Java\\jre7\\lib\\ext\\sunmscapi.jar;C:\\Program Files\\Java\\jre7\\lib\\ext\\zipfs.jar;" 41 | // + "C:\\Program Files\\Java\\jre7\\lib\\jfxrt.jar"; 42 | // public static final String DEFAULT_RT_DIR = ""; 43 | 44 | 45 | 46 | } 47 | -------------------------------------------------------------------------------- /XXEBugFind/src/bugfind/utils/misc/FileExtensionFilter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.utils.misc; 8 | 9 | import java.io.File; 10 | import java.io.FilenameFilter; 11 | 12 | /** 13 | * A custom file extension filter for use by the application. It filters the application by the file extension 14 | * given 15 | * @author Mikosh 16 | */ 17 | public class FileExtensionFilter implements FilenameFilter { 18 | private String extension; 19 | 20 | /** 21 | * Creates a FileExtension filter from the given extension 22 | * @param extension the given extension to server as the filter (e.g. of valid file extension .tiff) 23 | */ 24 | public FileExtensionFilter(String extension) { 25 | setExtension(extension); 26 | } 27 | 28 | /** 29 | * Gets the extension 30 | * @return 31 | */ 32 | public String getExtension() { 33 | return extension; 34 | } 35 | 36 | /** 37 | * Sets the file extension used by this file filter 38 | * @param extension the extension to be set (e.g. .gif) 39 | */ 40 | public void setExtension(String extension) { 41 | if (extension == null || extension.trim().equals("")) { 42 | this.extension = ""; 43 | } 44 | else { 45 | this.extension = (extension.startsWith(".")) ? extension : "." + extension; 46 | } 47 | } 48 | 49 | @Override 50 | public boolean accept(File dir, String name) { 51 | return (name.endsWith(extension)); 52 | } 53 | 54 | } 55 | -------------------------------------------------------------------------------- /XXEBugFind/src/bugfind/utils/misc/Utils.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.utils.misc; 8 | 9 | /** 10 | * Provides some common utils 11 | * @author Mikosh 12 | */ 13 | public class Utils { 14 | /** 15 | * Joins the string array into a string using the specified joinTerm 16 | * @param strArray the string array to use 17 | * @param joinTerm the join term to use 18 | * @return a string comprising of all the elements of the array joined 19 | */ 20 | public static String join(String[] strArray, String joinTerm) { 21 | StringBuilder sb = new StringBuilder(); 22 | 23 | for (String str : strArray) { 24 | sb.append(str).append(joinTerm); 25 | } 26 | 27 | // test for bug 28 | if (sb.length() > 0 || joinTerm.length() > 0) { 29 | sb.delete(sb.lastIndexOf(joinTerm), sb.length()); 30 | } 31 | 32 | return sb.toString(); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /XXEBugFind/src/bugfind/utils/misc/XMLUtils.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.utils.misc; 8 | 9 | import bugfind.xxe.xmlobjects.ActualVulnerabilityItems; 10 | import java.io.File; 11 | import java.io.FileNotFoundException; 12 | import java.io.FileReader; 13 | import java.io.OutputStream; 14 | import javax.xml.bind.JAXBContext; 15 | import javax.xml.bind.JAXBException; 16 | import javax.xml.bind.Marshaller; 17 | import javax.xml.bind.Unmarshaller; 18 | import javax.xml.stream.XMLInputFactory; 19 | import javax.xml.stream.XMLStreamException; 20 | import javax.xml.stream.XMLStreamReader; 21 | 22 | /** 23 | * Provides some XML utilities used by the app 24 | * @author Mikosh 25 | */ 26 | public class XMLUtils { 27 | 28 | /** 29 | * Converts the XML file specified into the specified POJO type 30 | * @param the object type of the POJO 31 | * @param xmlfile the XML file to convert 32 | * @param classOfT the class of the POJO 33 | * @return the POJO object if conversion was successful 34 | * @throws JAXBException 35 | * @throws XMLStreamException 36 | * @throws FileNotFoundException 37 | */ 38 | public static T convertToPojo(File xmlfile, Class classOfT) throws JAXBException, XMLStreamException, FileNotFoundException { 39 | JAXBContext jaxbContext = JAXBContext.newInstance(classOfT); 40 | Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller(); 41 | 42 | XMLInputFactory xif = XMLInputFactory.newFactory(); 43 | // settings to prevent xxe // would be funny if this tool is itsef is vulnerable to xxe :D 44 | xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); 45 | xif.setProperty(XMLInputFactory.SUPPORT_DTD, false); 46 | 47 | XMLStreamReader xsr = xif.createXMLStreamReader(new FileReader(xmlfile)); 48 | T t = (T) jaxbUnmarshaller.unmarshal(xsr);//(xmlfile); 49 | 50 | return t; 51 | } 52 | 53 | /** 54 | * Writes the specified AVI to the specified output stream 55 | * @param avis the avis 56 | * @param os the output stream to use 57 | * @throws JAXBException 58 | */ 59 | public static void writeXMLToStream(ActualVulnerabilityItems avis, OutputStream os) throws JAXBException { 60 | JAXBContext jaxbContext = JAXBContext.newInstance(ActualVulnerabilityItems.class); 61 | Marshaller jaxbMarshaller = jaxbContext.createMarshaller(); 62 | 63 | jaxbMarshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); 64 | 65 | jaxbMarshaller.marshal(avis, System.out); 66 | jaxbMarshaller.marshal(avis, os); 67 | } 68 | 69 | 70 | 71 | } 72 | -------------------------------------------------------------------------------- /XXEBugFind/src/bugfind/utils/misc/logging.properties: -------------------------------------------------------------------------------- 1 | ############################################################ 2 | # Default Logging Configuration File 3 | # 4 | # You can use a different file by specifying a filename 5 | # with the java.util.logging.config.file system property. 6 | # For example java -Djava.util.logging.config.file=myfile 7 | ############################################################ 8 | 9 | ############################################################ 10 | # Global properties 11 | ############################################################ 12 | 13 | # "handlers" specifies a comma separated list of log Handler 14 | # classes. These handlers will be installed during VM startup. 15 | # Note that these classes must be on the system classpath. 16 | # By default we only configure a ConsoleHandler, which will only 17 | # show messages at the INFO and above levels. 18 | handlers= java.util.logging.ConsoleHandler 19 | 20 | # To also add the FileHandler, use the following line instead. 21 | #handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler 22 | 23 | # Default global logging level. 24 | # This specifies which kinds of events are logged across 25 | # all loggers. For any given facility this global level 26 | # can be overriden by a facility specific level 27 | # Note that the ConsoleHandler also has a separate level 28 | # setting to limit messages printed to the console. 29 | .level= INFO 30 | 31 | ############################################################ 32 | # Handler specific properties. 33 | # Describes specific configuration info for Handlers. 34 | ############################################################ 35 | 36 | # default file output is in user's home directory. 37 | java.util.logging.FileHandler.pattern = %h/java%u.log 38 | java.util.logging.FileHandler.limit = 50000 39 | java.util.logging.FileHandler.count = 1 40 | java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter 41 | 42 | # Limit the message that are printed on the console to INFO and above. 43 | java.util.logging.ConsoleHandler.level = INFO 44 | java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter 45 | 46 | # Example to customize the SimpleFormatter output format 47 | # to print one-line log message like this: 48 | # : [] 49 | # 50 | # java.util.logging.SimpleFormatter.format=%4$s: %5$s [%1$tc]%n 51 | java.util.logging.SimpleFormatter.format=%4$s: %5$s%6$s%n 52 | 53 | ############################################################ 54 | # Facility specific properties. 55 | # Provides extra control for each logger. 56 | ############################################################ 57 | 58 | # For example, set the com.xyz.foo logger to only log SEVERE 59 | # messages: 60 | com.xyz.foo.level = SEVERE 61 | -------------------------------------------------------------------------------- /XXEBugFind/src/bugfind/xxe/MitigationSpoiler.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.xxe; 8 | 9 | import java.util.Arrays; 10 | import java.util.List; 11 | import javax.xml.bind.annotation.XmlAccessType; 12 | import javax.xml.bind.annotation.XmlAccessorType; 13 | import javax.xml.bind.annotation.XmlElement; 14 | import javax.xml.bind.annotation.XmlRootElement; 15 | 16 | /** 17 | * This class represents a mitigation spoiler. In general a mitigation spoiler is a method call which if made can nullify 18 | * the effect of a previous mitigation. Most times this usually represents a mistake on the part of the programmer. 19 | * For instance the call to SAXParser.setFeature("http://xml.org/sax/features/external-general-entities", true) 20 | * is a mitigation spoiler to SAXParser.setFeature("http://xml.org/sax/features/external-general-entities", false) 21 | * cause the former if called after the latter will undo the prevention of XXE attacks. 22 | * In general mitigation spoilers are a collection of incorrect arguments/parameter values that can reverse a mitigation attempt 23 | * @author Mikosh 24 | */ 25 | @XmlRootElement 26 | @XmlAccessorType (XmlAccessType.FIELD) 27 | public class MitigationSpoiler { 28 | @XmlElement (name = "ParameterValue") 29 | private final List parameterValues; 30 | 31 | /** 32 | * Creates a new MitigationSpoiler object 33 | */ 34 | public MitigationSpoiler() { 35 | this.parameterValues = null; 36 | } 37 | 38 | /** 39 | * Creates a mitigation spoiter from the list of parameter values 40 | * @param parameterValues the parameter values to be set 41 | */ 42 | public MitigationSpoiler(List parameterValues) { 43 | this.parameterValues = parameterValues; 44 | } 45 | 46 | /** 47 | * Creates a mitigation spoiler from the given parameter values. This variable argument is just form 48 | * convenience 49 | * @param parameterValues one or more parameter values to be set 50 | */ 51 | public MitigationSpoiler(MethodParameterValue... parameterValues) { 52 | this.parameterValues = Arrays.asList(parameterValues); 53 | } 54 | 55 | /** 56 | * Gets the parameter values for this object 57 | * @return the parameter values for this object 58 | */ 59 | public List getParameterValues() { 60 | return parameterValues; 61 | } 62 | 63 | 64 | } 65 | -------------------------------------------------------------------------------- /XXEBugFind/src/bugfind/xxe/VulnerabilityDefinitionItems.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.xxe; 8 | 9 | import java.util.List; 10 | import javax.xml.bind.annotation.XmlAccessType; 11 | import javax.xml.bind.annotation.XmlAccessorType; 12 | import javax.xml.bind.annotation.XmlElement; 13 | import javax.xml.bind.annotation.XmlRootElement; 14 | 15 | /** 16 | * Holds a lists of VulnerabilityDefinition items. This class is merely for serialization of VDIs to XML 17 | * @author Mikosh 18 | */ 19 | @XmlRootElement(name = "VulnerabilityDefinitionItems") 20 | @XmlAccessorType (XmlAccessType.FIELD) 21 | public class VulnerabilityDefinitionItems { 22 | @XmlElement(name = "VulnerabilityDefinitionItem") 23 | private List vulnerabilityDefinitionItems = null; 24 | 25 | /** 26 | * Gets the list of VulnerabilityDefinitionItem-s 27 | * @return the list of VulnerabilityDefinitionItem-s 28 | */ 29 | public List getVulnerabilityDefinitionItems() { 30 | return vulnerabilityDefinitionItems; 31 | } 32 | 33 | /** 34 | * Sets the list of VulnerabilityDefinitionItem-s 35 | * @param vulnerabilityDefinitionItems the new list to be set 36 | */ 37 | public void setVulnerabilityDefinitionItems(List vulnerabilityDefinitionItems) { 38 | this.vulnerabilityDefinitionItems = vulnerabilityDefinitionItems; 39 | } 40 | 41 | 42 | 43 | } 44 | -------------------------------------------------------------------------------- /XXEBugFind/src/bugfind/xxe/xmlobjects/ActualVulnerabilityItems.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.xxe.xmlobjects; 8 | 9 | import java.util.List; 10 | import javax.xml.bind.annotation.XmlAccessType; 11 | import javax.xml.bind.annotation.XmlAccessorType; 12 | import javax.xml.bind.annotation.XmlElement; 13 | import javax.xml.bind.annotation.XmlRootElement; 14 | 15 | /** 16 | * Holds a lists of Actual Vulnerable items. This class is merely for serialization of AVIs to XML 17 | * @author Mikosh 18 | */ 19 | @XmlRootElement(name = "ActualVulnerabilityItems") 20 | @XmlAccessorType (XmlAccessType.FIELD) 21 | public class ActualVulnerabilityItems { 22 | @XmlElement (name = "Description") 23 | private String description; 24 | 25 | @XmlElement (name = "Vulnerability") 26 | private List actualVulnerabilityItems; 27 | 28 | 29 | /** 30 | * Creates an ActualVulnerabilityItems object 31 | */ 32 | public ActualVulnerabilityItems() {} 33 | 34 | /** 35 | * Sets the actualvulnerabilityitems 36 | * @param actualVulnerabilityItems the list containing the actualvulnerabilityitems to set 37 | */ 38 | public void setActualVulnerabilityItems(List actualVulnerabilityItems) { 39 | this.actualVulnerabilityItems = actualVulnerabilityItems; 40 | setDescription(this.actualVulnerabilityItems.size() + " variant(s) of xxe vulnerabilities found"); 41 | 42 | } 43 | 44 | /** 45 | * Gets the actual vulnerability items as list 46 | * @return the actual vulnerability items as list 47 | */ 48 | public List getActualVulnerabilityItems() { 49 | return actualVulnerabilityItems; 50 | } 51 | 52 | /** 53 | * Gets the description 54 | * @return the description 55 | */ 56 | public String getDescription() { 57 | return description; 58 | } 59 | 60 | /** 61 | * Sets the description 62 | * @param description the description to set 63 | */ 64 | public void setDescription(String description) { 65 | this.description = description; 66 | } 67 | 68 | 69 | 70 | 71 | 72 | } 73 | -------------------------------------------------------------------------------- /XXEBugFind/test/bugfind/main/OptionsParserTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.main; 8 | 9 | import java.util.Map; 10 | import org.junit.After; 11 | import org.junit.AfterClass; 12 | import org.junit.Before; 13 | import org.junit.BeforeClass; 14 | import org.junit.Test; 15 | import static org.junit.Assert.*; 16 | 17 | /** 18 | * 19 | * @author Mikosh 20 | */ 21 | public class OptionsParserTest { 22 | 23 | public OptionsParserTest() { 24 | } 25 | 26 | @BeforeClass 27 | public static void setUpClass() { 28 | } 29 | 30 | @AfterClass 31 | public static void tearDownClass() { 32 | } 33 | 34 | @Before 35 | public void setUp() { 36 | } 37 | 38 | @After 39 | public void tearDown() { 40 | } 41 | 42 | /** 43 | * Test of parse method, of class OptionsParser. 44 | */ 45 | @Test 46 | public void testParse() { 47 | System.out.println("parse"); 48 | String[] args = new String[]{ 49 | "-d", "C:/app/javaApp1", 50 | "-l", "C:/app/lib/javaLib1", 51 | "-f", "xml", 52 | "-o", "C:/app/output.xml", 53 | "-rs", "C:/myruleset.xml", 54 | }; 55 | 56 | Map result = OptionsParser.parse(args); 57 | assertEquals(result.get(OptionsParser.DIR_OPT), "C:/app/javaApp1"); 58 | assertEquals(result.get(OptionsParser.LIB_OPT), "C:/app/lib/javaLib1"); 59 | assertEquals(result.get(OptionsParser.OUTPUT_FORMAT_OPT), "xml"); 60 | assertEquals(result.get(OptionsParser.OUTPUT_FILE_OPT), "C:/app/output.xml"); 61 | assertEquals(result.get(OptionsParser.RULESET_OPT), "C:/myruleset.xml"); 62 | assertEquals(result.get(OptionsParser.RT_LIB_LOC_OPT), null); 63 | } 64 | 65 | } 66 | -------------------------------------------------------------------------------- /XXEBugFind/test/bugfind/sootadapters/SootMethodWrapperTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.sootadapters; 8 | 9 | import java.util.ArrayList; 10 | import java.util.List; 11 | import org.junit.After; 12 | import org.junit.AfterClass; 13 | import org.junit.Before; 14 | import org.junit.BeforeClass; 15 | import org.junit.Test; 16 | import static org.junit.Assert.*; 17 | import soot.IntType; 18 | import soot.SootMethod; 19 | import soot.VoidType; 20 | 21 | /** 22 | * 23 | * @author Mikosh 24 | */ 25 | public class SootMethodWrapperTest { 26 | private SootMethodWrapper sootmethodwrapper; 27 | private SootMethod sootMethod; 28 | 29 | public SootMethodWrapperTest() { 30 | List list = new ArrayList(); 31 | list.add(IntType.v()); 32 | sootMethod = new SootMethod("meth", list, VoidType.v()); 33 | sootmethodwrapper = new SootMethodWrapper(sootMethod); 34 | } 35 | 36 | @BeforeClass 37 | public static void setUpClass() { 38 | } 39 | 40 | @AfterClass 41 | public static void tearDownClass() { 42 | } 43 | 44 | @Before 45 | public void setUp() { 46 | } 47 | 48 | @After 49 | public void tearDown() { 50 | } 51 | 52 | /** 53 | * Test of getSootMethod method, of class SootMethodWrapper. 54 | */ 55 | @Test 56 | public void testGetSootMethod() { 57 | System.out.println("getSootMethod"); 58 | SootMethodWrapper instance = sootmethodwrapper; 59 | SootMethod expResult = sootMethod; 60 | SootMethod result = instance.getSootMethod(); 61 | boolean b = expResult == result; 62 | System.out.print(b); 63 | assertTrue(b); 64 | } 65 | 66 | /** 67 | * Test of setSootMethod method, of class SootMethodWrapper. 68 | */ 69 | @Test 70 | public void testSetSootMethod() { 71 | System.out.println("setSootMethod"); 72 | 73 | SootMethodWrapper instance = sootmethodwrapper; 74 | instance.setSootMethod(this.sootMethod); 75 | assertSame(sootMethod, instance.getSootMethod()); 76 | } 77 | 78 | } 79 | -------------------------------------------------------------------------------- /XXEBugFind/test/bugfind/sootadapters/SootRunnerTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.sootadapters; 8 | 9 | import org.junit.After; 10 | import org.junit.AfterClass; 11 | import org.junit.Before; 12 | import org.junit.BeforeClass; 13 | import org.junit.Test; 14 | import static org.junit.Assert.*; 15 | 16 | /** 17 | * 18 | * @author Mikosh 19 | */ 20 | public class SootRunnerTest { 21 | 22 | public SootRunnerTest() { 23 | } 24 | 25 | @BeforeClass 26 | public static void setUpClass() { 27 | } 28 | 29 | @AfterClass 30 | public static void tearDownClass() { 31 | } 32 | 33 | @Before 34 | public void setUp() { 35 | } 36 | 37 | @After 38 | public void tearDown() { 39 | } 40 | 41 | /** 42 | * Test of getInstance method, of class SootRunner. 43 | */ 44 | @Test 45 | public void testGetInstance() { 46 | System.out.println("getInstance"); 47 | SootRunner result = SootRunner.getInstance(); 48 | assertNotNull(result); 49 | } 50 | 51 | /** 52 | * Test of main method, of class SootRunner. 53 | */ 54 | // @Test 55 | // public void testMain() { 56 | // System.out.println("main"); 57 | // String[] args = null; 58 | // String libPaths = ""; 59 | // SootRunner.main(args, libPaths); 60 | // // TODO review the generated test code and remove the default call to fail. 61 | // fail("The test case is a prototype."); 62 | // } 63 | 64 | // /** 65 | // * Test of run method, of class SootRunner. 66 | // */ 67 | // @Test 68 | // public void testRun() { 69 | // System.out.println("run"); 70 | // String[] args = null; 71 | // String libPaths = ""; 72 | // SootRunner instance = null; 73 | // instance.run(args, libPaths); 74 | // // TODO review the generated test code and remove the default call to fail. 75 | // fail("The test case is a prototype."); 76 | // } 77 | 78 | 79 | 80 | } 81 | -------------------------------------------------------------------------------- /XXEBugFind/test/bugfind/sootadapters/ValueStringTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.sootadapters; 8 | 9 | import org.junit.After; 10 | import org.junit.AfterClass; 11 | import org.junit.Before; 12 | import org.junit.BeforeClass; 13 | import org.junit.Test; 14 | import static org.junit.Assert.*; 15 | 16 | /** 17 | * 18 | * @author Mikosh 19 | */ 20 | public class ValueStringTest { 21 | private ValueString valueString; 22 | 23 | public ValueStringTest() { 24 | valueString = new ValueString("java.lang.String", "s4", "\"a string value\""); 25 | } 26 | 27 | @BeforeClass 28 | public static void setUpClass() { 29 | } 30 | 31 | @AfterClass 32 | public static void tearDownClass() { 33 | } 34 | 35 | @Before 36 | public void setUp() { 37 | } 38 | 39 | @After 40 | public void tearDown() { 41 | } 42 | 43 | /** 44 | * Test of getType method, of class ValueString. 45 | */ 46 | @Test 47 | public void testGetType() { 48 | System.out.println("getType"); 49 | ValueString instance = valueString; 50 | String expResult = "java.lang.String"; 51 | String result = instance.getType(); 52 | assertEquals(expResult, result); 53 | } 54 | 55 | /** 56 | * Test of getName method, of class ValueString. 57 | */ 58 | @Test 59 | public void testGetName() { 60 | System.out.println("getName"); 61 | ValueString instance = valueString; 62 | String expResult = "s4"; 63 | String result = instance.getName(); 64 | assertEquals(expResult, result); 65 | } 66 | 67 | /** 68 | * Test of getValue method, of class ValueString. 69 | */ 70 | @Test 71 | public void testGetValue() { 72 | System.out.println("getValue"); 73 | ValueString instance = valueString; 74 | String expResult = "\"a string value\""; 75 | String result = instance.getValue(); 76 | assertEquals(expResult, result); 77 | } 78 | 79 | } 80 | -------------------------------------------------------------------------------- /XXEBugFind/test/bugfind/sootadapters/VariableTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.sootadapters; 8 | 9 | import org.junit.After; 10 | import org.junit.AfterClass; 11 | import org.junit.Before; 12 | import org.junit.BeforeClass; 13 | import org.junit.Test; 14 | import static org.junit.Assert.*; 15 | 16 | /** 17 | * 18 | * @author Mikosh 19 | */ 20 | public class VariableTest { 21 | Variable variable; 22 | 23 | public VariableTest() { 24 | variable = new Variable("var1", "java.lang.String", Variable.STATIC_VARIABLE); 25 | } 26 | 27 | @BeforeClass 28 | public static void setUpClass() { 29 | } 30 | 31 | @AfterClass 32 | public static void tearDownClass() { 33 | } 34 | 35 | @Before 36 | public void setUp() { 37 | } 38 | 39 | @After 40 | public void tearDown() { 41 | } 42 | 43 | /** 44 | * Test of getName method, of class Variable. 45 | */ 46 | @Test 47 | public void testGetName() { 48 | System.out.println("getName"); 49 | Variable instance = variable; 50 | String expResult = "var1"; 51 | String result = instance.getName(); 52 | assertEquals(expResult, result); 53 | } 54 | 55 | /** 56 | * Test of getType method, of class Variable. 57 | */ 58 | @Test 59 | public void testGetType() { 60 | System.out.println("getType"); 61 | Variable instance = variable; 62 | String expResult = "java.lang.String"; 63 | String result = instance.getType(); 64 | assertEquals(expResult, result); 65 | } 66 | 67 | /** 68 | * Test of getLevel method, of class Variable. 69 | */ 70 | @Test 71 | public void testGetLevel() { 72 | System.out.println("getLevel"); 73 | Variable instance = variable; 74 | int expResult = Variable.STATIC_VARIABLE; 75 | int result = instance.getLevel(); 76 | assertEquals(expResult, result); 77 | } 78 | 79 | /** 80 | * Test of isStatic method, of class Variable. 81 | */ 82 | @Test 83 | public void testIsStatic() { 84 | System.out.println("isStatic"); 85 | Variable instance = variable; 86 | boolean expResult = true; 87 | boolean result = instance.isStatic(); 88 | assertEquals(expResult, result); 89 | } 90 | 91 | /** 92 | * Test of isLocal method, of class Variable. 93 | */ 94 | @Test 95 | public void testIsLocal() { 96 | System.out.println("isLocal"); 97 | Variable instance = variable; 98 | boolean expResult = false; 99 | boolean result = instance.isLocal(); 100 | assertEquals(expResult, result); 101 | } 102 | 103 | /** 104 | * Test of isField method, of class Variable. 105 | */ 106 | @Test 107 | public void testIsField() { 108 | System.out.println("isField"); 109 | Variable instance = variable; 110 | boolean expResult = false; 111 | boolean result = instance.isField(); 112 | assertEquals(expResult, result); 113 | } 114 | 115 | /** 116 | * Test of toString method, of class Variable. 117 | */ 118 | @Test 119 | public void testToString() { 120 | System.out.println("toString"); 121 | Variable instance = variable; 122 | String expResult = "var-name: var1 var-type: java.lang.String var-level: STATIC_VAR"; 123 | String result = instance.toString();System.out.println(result); 124 | assertEquals(expResult, result); 125 | } 126 | 127 | } 128 | -------------------------------------------------------------------------------- /XXEBugFind/test/bugfind/utils/misc/FileExtensionFilterTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.utils.misc; 8 | 9 | import java.io.File; 10 | import org.junit.After; 11 | import org.junit.AfterClass; 12 | import org.junit.Before; 13 | import org.junit.BeforeClass; 14 | import org.junit.Test; 15 | import static org.junit.Assert.*; 16 | 17 | /** 18 | * 19 | * @author Mikosh 20 | */ 21 | public class FileExtensionFilterTest { 22 | 23 | public FileExtensionFilterTest() { 24 | } 25 | 26 | @BeforeClass 27 | public static void setUpClass() { 28 | } 29 | 30 | @AfterClass 31 | public static void tearDownClass() { 32 | } 33 | 34 | @Before 35 | public void setUp() { 36 | } 37 | 38 | @After 39 | public void tearDown() { 40 | } 41 | 42 | /** 43 | * Test of getExtension method, of class FileExtensionFilter. 44 | */ 45 | @Test 46 | public void testGetExtension() { 47 | System.out.println("getExtension"); 48 | FileExtensionFilter instance = new FileExtensionFilter(".png"); 49 | String expResult = ".png"; 50 | String result = instance.getExtension(); 51 | assertEquals(expResult, result); 52 | } 53 | 54 | /** 55 | * Test of setExtension method, of class FileExtensionFilter. 56 | */ 57 | @Test 58 | public void testSetExtension() { 59 | System.out.println("setExtension"); 60 | String extension = ".bmp"; 61 | FileExtensionFilter instance = new FileExtensionFilter(".jpg"); 62 | instance.setExtension(extension); 63 | assertEquals(extension, instance.getExtension()); 64 | } 65 | 66 | /** 67 | * Test of accept method, of class FileExtensionFilter. 68 | */ 69 | @Test 70 | public void testAccept() { 71 | System.out.println("accept"); 72 | File dir = new File("dir"); 73 | String name = "mypic.png"; 74 | FileExtensionFilter instance = new FileExtensionFilter(".png"); 75 | 76 | boolean expResult = true; 77 | boolean result = instance.accept(dir, name); 78 | assertEquals(expResult, result); 79 | } 80 | 81 | } 82 | -------------------------------------------------------------------------------- /XXEBugFind/test/bugfind/utils/misc/UtilsTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.utils.misc; 8 | 9 | import org.junit.After; 10 | import org.junit.AfterClass; 11 | import org.junit.Before; 12 | import org.junit.BeforeClass; 13 | import org.junit.Test; 14 | import static org.junit.Assert.*; 15 | 16 | /** 17 | * 18 | * @author Mikosh 19 | */ 20 | public class UtilsTest { 21 | 22 | public UtilsTest() { 23 | } 24 | 25 | @BeforeClass 26 | public static void setUpClass() { 27 | } 28 | 29 | @AfterClass 30 | public static void tearDownClass() { 31 | } 32 | 33 | @Before 34 | public void setUp() { 35 | } 36 | 37 | @After 38 | public void tearDown() { 39 | } 40 | 41 | /** 42 | * Test of join method, of class Utils. 43 | */ 44 | @Test 45 | public void testJoin() { 46 | System.out.println("join"); 47 | String[] strArray = new String[]{"str1", "str2", "str3"}; 48 | String joinTerm = ";"; 49 | String expResult = "str1;str2;str3"; 50 | String result = Utils.join(strArray, joinTerm); 51 | assertEquals(expResult, result); 52 | assertEquals("str1;;;str3", Utils.join(new String[]{"str1", ";", "str3"}, joinTerm)); 53 | } 54 | 55 | } 56 | -------------------------------------------------------------------------------- /XXEBugFind/test/bugfind/xxe/VulnerabilityDefinitionItemTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package bugfind.xxe; 8 | 9 | import bugfind.sootadapters.MethodDefinition; 10 | import java.util.ArrayList; 11 | import java.util.List; 12 | import org.junit.After; 13 | import org.junit.AfterClass; 14 | import org.junit.Before; 15 | import org.junit.BeforeClass; 16 | import org.junit.Test; 17 | import static org.junit.Assert.*; 18 | 19 | /** 20 | * 21 | * @author Mikosh 22 | */ 23 | public class VulnerabilityDefinitionItemTest { 24 | private final MethodDefinition methodDefinition; 25 | private final List listParam; 26 | 27 | 28 | public VulnerabilityDefinitionItemTest() { 29 | listParam = new ArrayList<>(); 30 | listParam.add(new MethodDefinition.MethodParameter("java.lang.String", "param1")); 31 | methodDefinition = new MethodDefinition("com.sun.Class", "method1", listParam, "void"); 32 | } 33 | 34 | @BeforeClass 35 | public static void setUpClass() { 36 | } 37 | 38 | @AfterClass 39 | public static void tearDownClass() { 40 | } 41 | 42 | @Before 43 | public void setUp() { 44 | } 45 | 46 | @After 47 | public void tearDown() { 48 | } 49 | 50 | /** 51 | * Test of getMethodDefinition method, of class VulnerabilityDefinitionItem. 52 | */ 53 | @Test 54 | public void testGetMethodDefinition() { 55 | System.out.println("getMethodDefinition"); 56 | VulnerabilityDefinitionItem instance = new VulnerabilityDefinitionItem(methodDefinition); 57 | MethodDefinition expResult = methodDefinition; 58 | MethodDefinition result = instance.getMethodDefinition(); 59 | assertEquals(expResult, result); 60 | } 61 | 62 | /** 63 | * Test of getMitigationList method, of class VulnerabilityDefinitionItem. 64 | */ 65 | @Test 66 | public void testGetMitigationList() { 67 | System.out.println("getMitigationList"); 68 | VulnerabilityDefinitionItem instance = new VulnerabilityDefinitionItem(); 69 | List expResult = null; 70 | List result = instance.getMitigationList(); 71 | assertEquals(expResult, result); 72 | } 73 | 74 | /** 75 | * Test of setMitigationList method, of class VulnerabilityDefinitionItem. 76 | */ 77 | @Test 78 | public void testSetMitigationList() { 79 | System.out.println("setMitigationList"); 80 | List mitigationList = new ArrayList<>(); 81 | VulnerabilityDefinitionItem instance = new VulnerabilityDefinitionItem(); 82 | instance.setMitigationList(mitigationList); 83 | assertEquals(mitigationList, instance.getMitigationList()); 84 | } 85 | 86 | 87 | } 88 | -------------------------------------------------------------------------------- /XXEBugFind/test/sootsetup/Setup.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package sootsetup; 8 | 9 | /** 10 | * 11 | * @author Mikosh 12 | */ 13 | public class Setup { 14 | 15 | 16 | } 17 | -------------------------------------------------------------------------------- /XXEBugFind/test/sootsetup/TestTransformer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package sootsetup; 8 | 9 | /** 10 | * 11 | * @author Mikosh 12 | */ 13 | public class TestTransformer { 14 | 15 | } 16 | -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/build.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Builds, tests, and runs the project MyXXETestApp. 12 | 13 | 73 | 74 | -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/manifest.mf: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | X-COMMENT: Main-Class will be added automatically by build 3 | 4 | -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/nbproject/genfiles.properties: -------------------------------------------------------------------------------- 1 | build.xml.data.CRC32=6c89446b 2 | build.xml.script.CRC32=60bfdd43 3 | build.xml.stylesheet.CRC32=8064a381@1.68.1.46 4 | # This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml. 5 | # Do not edit this file. You may delete it but then the IDE will never regenerate such files for you. 6 | nbproject/build-impl.xml.data.CRC32=6c89446b 7 | nbproject/build-impl.xml.script.CRC32=e97d2abe 8 | nbproject/build-impl.xml.stylesheet.CRC32=5a01deb7@1.68.1.46 9 | -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/nbproject/project.properties: -------------------------------------------------------------------------------- 1 | annotation.processing.enabled=true 2 | annotation.processing.enabled.in.editor=false 3 | annotation.processing.processor.options= 4 | annotation.processing.processors.list= 5 | annotation.processing.run.all.processors=true 6 | annotation.processing.source.output=${build.generated.sources.dir}/ap-source-output 7 | build.classes.dir=${build.dir}/classes 8 | build.classes.excludes=**/*.java,**/*.form 9 | # This directory is removed when the project is cleaned: 10 | build.dir=build 11 | build.generated.dir=${build.dir}/generated 12 | build.generated.sources.dir=${build.dir}/generated-sources 13 | # Only compile against the classpath explicitly listed here: 14 | build.sysclasspath=ignore 15 | build.test.classes.dir=${build.dir}/test/classes 16 | build.test.results.dir=${build.dir}/test/results 17 | # Uncomment to specify the preferred debugger connection transport: 18 | #debug.transport=dt_socket 19 | debug.classpath=\ 20 | ${run.classpath} 21 | debug.test.classpath=\ 22 | ${run.test.classpath} 23 | # Files in build.classes.dir which should be excluded from distribution jar 24 | dist.archive.excludes= 25 | # This directory is removed when the project is cleaned: 26 | dist.dir=dist 27 | dist.jar=${dist.dir}/MyXXETestApp.jar 28 | dist.javadoc.dir=${dist.dir}/javadoc 29 | excludes= 30 | file.reference.dom4j-1.6.1.jar=xml-libs\\dom4j-1.6.1.jar 31 | file.reference.jdom-2.0.5.jar=xml-libs\\jdom-2.0.5.jar 32 | file.reference.Piccolo.jar=xml-libs\\Piccolo.jar 33 | file.reference.stax2-api-3.1.1.jar=xml-libs\\stax2-api-3.1.1.jar 34 | file.reference.woodstox-core-asl-4.2.0.jar=xml-libs\\woodstox-core-asl-4.2.0.jar 35 | file.reference.woodstox-core-lgpl-4.2.0.jar=xml-libs\\woodstox-core-lgpl-4.2.0.jar 36 | includes=** 37 | jar.compress=false 38 | javac.classpath=\ 39 | ${file.reference.dom4j-1.6.1.jar}:\ 40 | ${file.reference.jdom-2.0.5.jar}:\ 41 | ${file.reference.stax2-api-3.1.1.jar}:\ 42 | ${file.reference.woodstox-core-asl-4.2.0.jar}:\ 43 | ${file.reference.woodstox-core-lgpl-4.2.0.jar}:\ 44 | ${file.reference.Piccolo.jar} 45 | # Space-separated list of extra javac options 46 | javac.compilerargs= 47 | javac.deprecation=false 48 | javac.processorpath=\ 49 | ${javac.classpath} 50 | javac.source=1.7 51 | javac.target=1.7 52 | javac.test.classpath=\ 53 | ${javac.classpath}:\ 54 | ${build.classes.dir} 55 | javac.test.processorpath=\ 56 | ${javac.test.classpath} 57 | javadoc.additionalparam= 58 | javadoc.author=false 59 | javadoc.encoding=${source.encoding} 60 | javadoc.noindex=false 61 | javadoc.nonavbar=false 62 | javadoc.notree=false 63 | javadoc.private=false 64 | javadoc.splitindex=true 65 | javadoc.use=true 66 | javadoc.version=false 67 | javadoc.windowtitle= 68 | main.class=myxxetestapp.MyXXETestApp 69 | manifest.file=manifest.mf 70 | meta.inf.dir=${src.dir}/META-INF 71 | mkdist.disabled=false 72 | platform.active=default_platform 73 | run.classpath=\ 74 | ${javac.classpath}:\ 75 | ${build.classes.dir} 76 | # Space-separated list of JVM arguments used when running the project. 77 | # You may also define separate properties like run-sys-prop.name=value instead of -Dname=value. 78 | # To set system properties for unit tests define test-sys-prop.name=value: 79 | run.jvmargs= 80 | run.test.classpath=\ 81 | ${javac.test.classpath}:\ 82 | ${build.test.classes.dir} 83 | source.encoding=UTF-8 84 | src.dir=src 85 | test.src.dir=test 86 | -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/nbproject/project.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | org.netbeans.modules.java.j2seproject 4 | 5 | 6 | MyXXETestApp 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/src/dom4j/Dom4JExample.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package dom4j; 8 | 9 | import java.io.IOException; 10 | import myxetestapp.utils.Utils; 11 | import org.dom4j.Document; 12 | import org.dom4j.DocumentException; 13 | import org.dom4j.io.OutputFormat; 14 | import org.dom4j.io.SAXReader; 15 | import org.dom4j.io.XMLWriter; 16 | import org.xml.sax.SAXException; 17 | 18 | /** 19 | * 20 | * @author Mikosh 21 | */ 22 | public class Dom4JExample { 23 | 24 | public Document parse() throws DocumentException, SAXException { 25 | SAXReader reader = new SAXReader(); 26 | 27 | reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", false); 28 | 29 | //reader.setFeature("http://xml.org/sax/features/external-general-entities", true);//WORKS but throws exception if DTD tag is encountered 30 | //reader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); // NOT WORKING FOR entity attack but should work for DOS attack 31 | Document document = reader.read(this.getClass().getResourceAsStream(Utils.INTERNAL_XML_LOCATION)); 32 | return document; 33 | } 34 | 35 | public void write(Document document) throws IOException { 36 | 37 | // lets write to a file 38 | XMLWriter writer; 39 | // = new XMLWriter( 40 | // new BufferedOutputStream(outputStream)); 41 | // writer.write( document ); 42 | // writer.close(); 43 | 44 | 45 | // Pretty print the document to System.out 46 | System.out.println("\n\nPretty format"); 47 | OutputFormat format = OutputFormat.createPrettyPrint(); 48 | writer = new XMLWriter( System.out, format ); 49 | writer.write( document ); 50 | 51 | // Compact format to System.out 52 | System.out.println("\n\nCompact format"); 53 | format = OutputFormat.createCompactFormat(); 54 | writer = new XMLWriter( System.out, format ); 55 | writer.write( document ); 56 | } 57 | 58 | public static void main(String[] args) throws DocumentException, IOException, SAXException { 59 | Dom4JExample d4je = new Dom4JExample(); 60 | Document doc = d4je.parse(); 61 | d4je.write(doc); 62 | } 63 | } -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/src/myjdom/PrettyPrinter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | package myjdom; 7 | 8 | import javax.xml.XMLConstants; 9 | import myxetestapp.utils.Utils; 10 | import org.jdom2.*; 11 | import org.jdom2.input.*; 12 | import org.jdom2.output.*; 13 | 14 | public class PrettyPrinter { 15 | 16 | public static void main(String[] args) { 17 | try { 18 | // Build the document with SAXBuilder of JDOM, 19 | SAXBuilder builder = new SAXBuilder(); 20 | //builder.setFeature("http://xml.org/sax/features/external-general-entities", false);//NOT WORKING 21 | //builder.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);//NOT WORKING 22 | //builder.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);// WORKING 23 | // Create the document 24 | Document doc = builder.build(PrettyPrinter.class.getResourceAsStream(Utils.INTERNAL_XML_LOCATION));//(new File(filename)); 25 | // Output the document, use standard formatter 26 | XMLOutputter fmt = new XMLOutputter(); 27 | fmt.output(doc, System.out); 28 | } catch (Exception e) { 29 | e.printStackTrace(); 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/src/mysax/SAXParserExample.java: -------------------------------------------------------------------------------- 1 | package mysax; 2 | 3 | import java.io.IOException; 4 | import java.util.ArrayList; 5 | import java.util.Iterator; 6 | import java.util.List; 7 | 8 | import javax.xml.parsers.ParserConfigurationException; 9 | import javax.xml.parsers.SAXParser; 10 | import javax.xml.parsers.SAXParserFactory; 11 | import myxetestapp.utils.Employee; 12 | 13 | import org.xml.sax.Attributes; 14 | import org.xml.sax.SAXException; 15 | 16 | import org.xml.sax.helpers.DefaultHandler; 17 | 18 | public class SAXParserExample extends DefaultHandler { 19 | 20 | List myEmpls; 21 | 22 | private String tempVal; 23 | 24 | //to maintain context 25 | private Employee tempEmp; 26 | 27 | public SAXParserExample() { 28 | myEmpls = new ArrayList(); 29 | } 30 | 31 | public void runExample() { 32 | parseDocument(); 33 | printData(); 34 | } 35 | 36 | private void parseDocument() { 37 | 38 | //get a factory 39 | SAXParserFactory spf = SAXParserFactory.newInstance(); 40 | //SAXParserFactory spf2 = SAXParserFactory.newInstance(); 41 | try { 42 | spf.setFeature("http://xml.org/sax/features/external-general-entities", false); 43 | //get a new instance of parser 44 | SAXParser sp = spf.newSAXParser(); 45 | //parse the file and also register this class for call backs 46 | sp.parse(this.getClass().getResourceAsStream("/myxmltest/employees.xml"), this); 47 | // display the xml file in gui 48 | 49 | } catch (SAXException se) { 50 | se.printStackTrace(); 51 | } catch (ParserConfigurationException pce) { 52 | pce.printStackTrace(); 53 | } catch (IOException ie) { 54 | ie.printStackTrace(); 55 | } 56 | } 57 | 58 | /** 59 | * Iterate through the list and print the contents 60 | */ 61 | private void printData() { 62 | 63 | System.out.println("No of Employees '" + myEmpls.size() + "'."); 64 | 65 | Iterator it = myEmpls.iterator(); 66 | while (it.hasNext()) { 67 | String str = it.next().toString(); 68 | System.out.println(str); 69 | } 70 | } 71 | 72 | //Event Handlers 73 | public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException { 74 | //reset 75 | tempVal = ""; 76 | if (qName.equalsIgnoreCase("Employee")) { 77 | //create a new instance of employee 78 | tempEmp = new Employee(); 79 | tempEmp.setType(attributes.getValue("type")); 80 | } 81 | } 82 | 83 | public void characters(char[] ch, int start, int length) throws SAXException { 84 | tempVal = new String(ch, start, length); 85 | } 86 | 87 | public void endElement(String uri, String localName, String qName) throws SAXException { 88 | 89 | if (qName.equalsIgnoreCase("Employee")) { 90 | //add it to the list 91 | myEmpls.add(tempEmp); 92 | 93 | } else if (qName.equalsIgnoreCase("Name")) { 94 | tempEmp.setName(tempVal); 95 | } else if (qName.equalsIgnoreCase("Id")) { 96 | tempEmp.setId(Integer.parseInt(tempVal)); 97 | } else if (qName.equalsIgnoreCase("Age")) { 98 | tempEmp.setAge(Integer.parseInt(tempVal)); 99 | } 100 | 101 | } 102 | 103 | public static void main(String[] args) { 104 | SAXParserExample spe = new SAXParserExample(); 105 | spe.runExample(); 106 | } 107 | 108 | } 109 | -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/src/myxetestapp/utils/Employee.java: -------------------------------------------------------------------------------- 1 | package myxetestapp.utils; 2 | 3 | public class Employee { 4 | 5 | private String name; 6 | 7 | private int age; 8 | 9 | private int id; 10 | 11 | private String type; 12 | 13 | public Employee() { 14 | 15 | } 16 | 17 | public Employee(String name, int id, int age, String type) { 18 | this.name = name; 19 | this.age = age; 20 | this.id = id; 21 | this.type = type; 22 | 23 | } 24 | 25 | public int getAge() { 26 | return age; 27 | } 28 | 29 | public void setAge(int age) { 30 | this.age = age; 31 | } 32 | 33 | public int getId() { 34 | return id; 35 | } 36 | 37 | public void setId(int id) { 38 | this.id = id; 39 | } 40 | 41 | public String getName() { 42 | return name; 43 | } 44 | 45 | public void setName(String name) { 46 | this.name = name; 47 | } 48 | 49 | public String getType() { 50 | return type; 51 | } 52 | 53 | public void setType(String type) { 54 | this.type = type; 55 | } 56 | 57 | public String toString() { 58 | StringBuffer sb = new StringBuffer(); 59 | sb.append("Employee Details - "); 60 | sb.append("Name:" + getName()); 61 | sb.append(", "); 62 | sb.append("Type:" + getType()); 63 | sb.append(", "); 64 | sb.append("Id:" + getId()); 65 | sb.append(", "); 66 | sb.append("Age:" + getAge()); 67 | sb.append("."); 68 | 69 | return sb.toString(); 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/src/myxetestapp/utils/Utils.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package myxetestapp.utils; 8 | 9 | /** 10 | * 11 | * @author Mikosh 12 | */ 13 | public class Utils { 14 | public static String INTERNAL_XML_LOCATION = "/myxmltest/employees.xml"; 15 | public static String EXTERNAL_XML_LOCATION = "/myxmltest/employees2.xml"; 16 | 17 | } 18 | -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/src/myxxetestapp/MyXXETestApp.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package myxxetestapp; 8 | 9 | import java.io.IOException; 10 | import org.xml.sax.SAXException; 11 | import piccolotest.MyPiccoloExample; 12 | 13 | /** 14 | * 15 | * @author Mikosh 16 | */ 17 | public class MyXXETestApp { 18 | 19 | /** 20 | * @param args the command line arguments 21 | */ 22 | public static void main(String[] args) throws SAXException, IOException { 23 | // Non Secure parsing 24 | MyPiccoloExample.nonSecurePicoloXMLParse(args[0]); 25 | // Secure parsing 26 | MyPiccoloExample.securePicoloXMLParse(args[0]); 27 | } 28 | 29 | } 30 | -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/src/piccolotest/MyPiccoloExample.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | 7 | package piccolotest; 8 | 9 | import com.bluecast.xml.Piccolo; 10 | import java.io.IOException; 11 | import javax.xml.parsers.ParserConfigurationException; 12 | import javax.xml.parsers.SAXParser; 13 | import javax.xml.parsers.SAXParserFactory; 14 | import org.xml.sax.SAXException; 15 | import org.xml.sax.XMLReader; 16 | import org.xml.sax.helpers.XMLReaderFactory; 17 | 18 | /** 19 | * 20 | * @author Mikosh 21 | */ 22 | public class MyPiccoloExample { 23 | 24 | public static void nonSecurePicoloXMLParse(String arg) throws SAXException, IOException { 25 | Piccolo piccoloReader = new Piccolo(); 26 | piccoloReader.parse(arg); 27 | } 28 | 29 | public static void securePicoloXMLParse(String arg) throws SAXException, IOException { 30 | Piccolo piccoloReader = new Piccolo(); 31 | piccoloReader.setFeature("http://xml.org/sax/features/external-general-entities", false); 32 | 33 | piccoloReader.parse(arg); 34 | } 35 | 36 | 37 | 38 | } 39 | -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/src/stax/StAXExample.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | package stax; 7 | 8 | import java.util.ArrayList; 9 | import java.util.List; 10 | import javax.xml.stream.XMLInputFactory; 11 | import javax.xml.stream.XMLStreamConstants; 12 | import javax.xml.stream.XMLStreamException; 13 | import javax.xml.stream.XMLStreamReader; 14 | import myxetestapp.utils.Employee; 15 | 16 | import myxetestapp.utils.Utils; 17 | 18 | /** 19 | * 20 | * @author Mikosh 21 | */ 22 | public class StAXExample { 23 | 24 | public static void main(String[] args) throws XMLStreamException { 25 | List empList = null; 26 | Employee currEmp = null; 27 | String tagContent = null; 28 | XMLInputFactory factory = XMLInputFactory.newInstance(); 29 | //factory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.FALSE);// WORKS FOR INTERNAL ENTITIES 30 | factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.TRUE);// WORKS FOR EXTERNAL ENTITIES 31 | //factory.setProperty(XMLInputFactory.SUPPORT_DTD, Boolean.FALSE);//WORKS but leads to exception 32 | 33 | XMLStreamReader reader 34 | = factory.createXMLStreamReader(StAXExample.class.getResourceAsStream(Utils.INTERNAL_XML_LOCATION)); 35 | 36 | while (reader.hasNext()) { 37 | int event = reader.next(); 38 | 39 | switch (event) { 40 | case XMLStreamConstants.START_ELEMENT: 41 | if ("Employee".equals(reader.getLocalName())) { 42 | currEmp = new Employee(); 43 | currEmp.setType(reader.getAttributeValue(0)); 44 | } 45 | if ("Personnel".equals(reader.getLocalName())) { 46 | empList = new ArrayList<>(); 47 | } 48 | break; 49 | 50 | case XMLStreamConstants.CHARACTERS: 51 | tagContent = reader.getText().trim(); 52 | break; 53 | 54 | case XMLStreamConstants.END_ELEMENT: 55 | switch (reader.getLocalName()) { 56 | case "Employee": 57 | empList.add(currEmp); 58 | break; 59 | case "Name": 60 | currEmp.setName(tagContent); 61 | break; 62 | case "Id": 63 | currEmp.setId(Integer.parseInt(tagContent)); 64 | break; 65 | case "Age": 66 | currEmp.setAge(Integer.parseInt(tagContent)); 67 | break; 68 | } 69 | break; 70 | 71 | case XMLStreamConstants.START_DOCUMENT: 72 | empList = new ArrayList<>(); 73 | break; 74 | } 75 | 76 | } 77 | 78 | //Print the employee list populated from XML 79 | for (Employee emp : empList) { 80 | System.out.println(emp); 81 | } 82 | 83 | 84 | 85 | } 86 | 87 | 88 | } 89 | -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/xml-libs/Piccolo.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/tutorial/MyXXETestApp/xml-libs/Piccolo.jar -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/xml-libs/dom4j-1.6.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/tutorial/MyXXETestApp/xml-libs/dom4j-1.6.1.jar -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/xml-libs/jdom-2.0.5.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/tutorial/MyXXETestApp/xml-libs/jdom-2.0.5.jar -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/xml-libs/stax2-api-3.1.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/tutorial/MyXXETestApp/xml-libs/stax2-api-3.1.1.jar -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/xml-libs/woodstox-core-asl-4.2.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/tutorial/MyXXETestApp/xml-libs/woodstox-core-asl-4.2.0.jar -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/xml-libs/woodstox-core-lgpl-4.2.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/tutorial/MyXXETestApp/xml-libs/woodstox-core-lgpl-4.2.0.jar -------------------------------------------------------------------------------- /XXEBugFind/tutorial/MyXXETestApp/xml-libs/xercesImpl.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/tutorial/MyXXETestApp/xml-libs/xercesImpl.jar -------------------------------------------------------------------------------- /XXEBugFind/tutorial/XXEBugFind User Guide.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ssexxe/XXEBugFind/53bbb817df8a4acdf3b3766c65e20654a171d07d/XXEBugFind/tutorial/XXEBugFind User Guide.pdf --------------------------------------------------------------------------------