# This preset enables all Java warning classes that are # characterized as 'deep'. # # Enable the advanced injection engine for deeper taint propagation. # JAVA_ANALYSIS_ADVANCED_INJECTION = Yes # # These warning classes are disabled by default. # WARNING_FILTER += allow class="Actual Parameter Element may be null (Java)" WARNING_FILTER += allow class="Android Message Injection (Java)" WARNING_FILTER += allow class="Android URL Injection (Java)" WARNING_FILTER += allow class="Field Element may be null (deep) (Java)" WARNING_FILTER += allow class="Field may be null (deep) (Java)" WARNING_FILTER += allow class="Missing synchronized Statement (Java)" WARNING_FILTER += allow class="Null Pointer Dereference (deep) (Java)" WARNING_FILTER += allow class="Return Value may Contain null Element (Java)" WARNING_FILTER += allow class="Return Value may be null (Java)" WARNING_FILTER += allow class="Sensitive Data Cached (Java)" WARNING_FILTER += allow class="Sensitive Data Written to External Storage (Java)" WARNING_FILTER += allow class="Sensitive Data Written to Local File (Java)" WARNING_FILTER += allow class="Unchecked Parameter Dereference (deep) (Java)" WARNING_FILTER += allow class="Unchecked Parameter Element Dereference (deep) (Java)" WARNING_FILTER += allow class="Unguarded Field (Java)" WARNING_FILTER += allow class="Unguarded Method (Java)" WARNING_FILTER += allow class="Unguarded Parameter (Java)" WARNING_FILTER += allow class="Useless null Test (Java)" WARNING_FILTER += allow class="Useless null Test of Field (Java)" WARNING_FILTER += allow class="Useless null Test of Parameter (Java)" WARNING_FILTER += allow class="Useless null Test of Return Value (Java)" WARNING_FILTER += allow class="null Passed to Method (deep) (Java)" # Classes below are enabled by default: they are included for # completeness, in case they have been disabled by a previous rule. # Note that this default enabling means that a class may remain # enabled even if its WARNING_FILTER rule is commented out below. WARNING_FILTER += allow class="Code Injection (Java)" WARNING_FILTER += allow class="Command Injection (Java)" WARNING_FILTER += allow class="Cross Site Scripting (Java)" WARNING_FILTER += allow class="Cross Site Scripting In Error Message Web Page (Java)" WARNING_FILTER += allow class="DLL Injection (Java)" WARNING_FILTER += allow class="DOS Injection (Java)" WARNING_FILTER += allow class="Fragment Injection (Java)" WARNING_FILTER += allow class="Open Redirect (Java)" WARNING_FILTER += allow class="Reflection Injection (Java)" WARNING_FILTER += allow class="SQL Injection (Java)" WARNING_FILTER += allow class="Tainted @Trusted Value (Java)" WARNING_FILTER += allow class="Tainted Bundle (Java)" WARNING_FILTER += allow class="Tainted Control (Java)" WARNING_FILTER += allow class="Tainted Expression Evaluation (Java)" WARNING_FILTER += allow class="Tainted HTTP Response (Java)" WARNING_FILTER += allow class="Tainted Hardware Device Property (Java)" WARNING_FILTER += allow class="Tainted LDAP Attribute (Java)" WARNING_FILTER += allow class="Tainted LDAP Filter (Java)" WARNING_FILTER += allow class="Tainted Log (Java)" WARNING_FILTER += allow class="Tainted Message (Java)" WARNING_FILTER += allow class="Tainted Network Address (Java)" WARNING_FILTER += allow class="Tainted Path (Java)" WARNING_FILTER += allow class="Tainted Regular Expression (Java)" WARNING_FILTER += allow class="Tainted Resource (Java)" WARNING_FILTER += allow class="Tainted Session (Java)" WARNING_FILTER += allow class="Tainted URL (Java)" WARNING_FILTER += allow class="Tainted XAML (Java)" WARNING_FILTER += allow class="Tainted XML (Java)" WARNING_FILTER += allow class="Tainted Xpath (Java)"