java.db

java.util.Random
new[[:space:]]*(Secure)?Random[[:space:]]*\(
MessageDigest\.getInstance[[:space:]]*\([\"\']([Mm][Dd]5|[Ss][Hh][Aa]-?(1|256)|[Rr][Ss][Aa]\/[Nn][Oo][Nn][Ee]|DES.*|AES\/(CBC|ECB)\/.*)[\"\']\)
\.digest[[:space:]]*\(
extends[[:space:]]*MessageDigest
# Java Specific Security Related Exceptions
AccessControlException
BindException
ConcurrentModificationException
DigestException
FileNotFoundException
GeneralSecurityException
InsufficientResourcesException
InvalidAlgorithmParameterException
InvalidKeyException
InvalidParameterException
JarException
KeyException
KeyManagementException
KeyStoreException
NoSuchAlgorithmException
NoSuchProviderException
NotOwnerException
NullPointerException
OutOfMemoryError
PriviledgedActionException
ProviderException
SignatureException
SQLException
StackOverflowError
UnrecoverableEntryException
UnrecoverableKeyException
response.sendRedirect[[:space:]]*\(.*([Rr]eq(uest)?|\.[Gg]et[Pp]aram).*\)
out\.print(ln)?.*([Rr]eq(uest)?|\.[Gg]et[Pp]aram)
<%=([Rr]equest|\.[Gg]et[Pp]aram)
\.exec[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+.*
(execute|create|new)Query[[:space:]]*\(.*[\"\'][[:space:]]*\+[[:space:]]*[^\"\']+
queryforObject[[:space:]]*\(.*[\"\'][[:space:]]*\+[[:space:]]*[^\"\']+
eval[[:space:]]*\([^\)\;]*([Rr]eq(uest)?|\.[Gg]et[Pp]aram).*\)
\.getDocument[[:space:]]*\([^\)\;]+([Rr]eq(uest)?|\.g[Gg]et[Pp]aram).*\)
(WHERE|where)[[:space:]]+.*=[[:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']+
[\'\" ]+AND[[:space:]]+.*=[[:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
(LIKE|like)[[:space:]]+[\'\"A-Za-z0-9%]+[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
(LIMIT|limit)[[:space:]]+([0-9,]+)?[;:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
AccessController
addHeader
CallableStatement
Cipher
controller
createRequest
doPrivileged
exec[[:space:]]*\(
executeQuery[[:space:]]*\(
executeUpdate
\.getHeader[[:space:]]*\(
\.getParameter[[:space:]]*\(
\.getProperty[[:space:]]*\(
\.getQueryString[[:space:]]*\(
\.getSession[[:space:]]\(
\.getRequestedSessionId[[:space:]]*\(
\.getServerName[[:space:]]*\(
HTTPCookie
HttpServletRequest
HttpServletResponse
HttpsURLConnection
invalidate
IS_SUPPORTING_EXTERNAL_ENTITIES
KeyManagerFactory
PreparedStatement
\.PathParam[[:space:]]*\(
SecurityException
SecurityManager
sendRedirect
setAllowFileAccess
setHeader
setJavaScriptEnabled
setPluginState
setStatus
SSLContext
SSLSocketFactory
Statement
SUPPORT_DTD
suppressAccessChecks
TrustManager
XMLReader
ObjectInputStream
readObject[[:space:]]*\(
resolveClass[[:space:]]*\(
\.createValueExpression[[:space:]]*\(
printStackTrace[[:space:]]\(
SecretKeySpec
\.csrf\(\)\.disable\(\)
new[[:space:]]+URL[[:space:]]*\(.*\)\.(open(Stream|Connection)|getContent)
request.getQueryString
exec[[:space:]]*\(.*\)
Runtime\.
getRuntime[[:space:]]*\(.*\)(\.|\s*;)
getRequest
[Rr]equest.getParameter
getProperty[[:space:]]*\(
java.security.acl.acl
response.sendRedirect[[:space:]]*\(.*(Request|request).*\)
print[Ss]tack[Tt]race
out\.print(ln)?.*[Rr]equest\.
# Database rules
jdbc:.*;
createStatement[[:space:]]*\(.*\)
executeQuery[[:space:]]*\(.*\)
# Network
Socket[[:space:]]*\(
<jsp:include page=\".*\$\{.*\}
<spring:eval expression=\".*\$\{.*\}
A[Ll][Ll][Oo][Ww]_?A[Ll][Ll]_?H[Oo][Ss][Tt][Nn][Aa][Mm][Ee]_?V[Ee][Rr][Ii][Ff][Ii][Ee][Rr]
SSLSocketFactory
is[Tt]rusted
trustmanager
checkClientTrusted[[:space:]]*\(
checkServerTrusted[[:space:]]*\(
getAcceptedIssuers[[:space:]]*\(
public[[:space:]]+boolean[[:space:]]+verify
# Expression Language detection
<spr(ing)?:(message|theme|transform|eval|hasBindErrors|bind|nestedpath)[^\>]+\$\{param
# Java xss signatures
<%=.*[Rr]equest\.
response.sendRedirect[[:space:]]*\(.*[Rr]equest.*\)
<c:out.*\$\{param
SAXParserFactory
DOM4J
DocumentBuilderFactory
XMLInputFactory
TransformerFactory
javax.xml.validation.Validator
SchemaFactory
SAXTransformerFactory
XMLReader
SAXBuilder
SAXReader
javax.xml.bind.Unmarshaller
XPathExpression
DOMSource
StAXSource
\.getDocument[[:space:]]*\(