MCPcopy Index your code
hub / github.com/Afant1/JavaSearchTools / SearchEvilPackage

Method SearchEvilPackage

JarFileReader.java:52–63  ·  view source on GitHub ↗
(String line)

Source from the content-addressed store, hash-verified

50 return false;
51 }
52 private static boolean SearchEvilPackage(String line)
53 {
54 //表达式
55 String XXE_Regex = ".*javax.xml.parsers.DocumentBuilderFactory.*|.*javax.xml.parsers.SAXParser.*|.*javax.xml.transform.TransformerFactory.*|.*javax.xml.validation.Validator.*|.*javax.xml.validation.SchemaFactory.*|.*javax.xml.transform.sax.SAXValidator.*|.*javax.xml.transform.sax.SAXSource.*|.*org.xml.sax.XMLReader.*|.*org.xml.sax.helpers.XMLReaderFactory.*|.*org.dom4j.io.SAXReader.*|.*org.jdom.input.SAXBuilder.*|.*org.jdom2.input.SAXBuilder.*|.*javax.xml.bind.Unmarshaller.*|.*javax.xml.xpath.XpathExpression.*|.*javax.xml.stream.XMLStreamReader.*|.*org.apache.commons.digester3.Digester.*|.*javax.xml.transform.stream.StreamSource.*|.*javax.xml.parsers.SAXParserFactory.*|.*javax.xml.ws.EndpointReference.*";
56 boolean b = Pattern.matches(XXE_Regex, line);
57 if(b){
58 return true;
59 }else
60 {
61 return false;
62 }
63 }
64 private static boolean SearchReadObject(String line)
65 {
66 //表达式

Callers 1

processEvilPackageMethod · 0.95

Calls

no outgoing calls

Tested by

no test coverage detected