Common actions performed by the handler

Create a web service entry point

Many frameworks provide their own entry points into an application. A common example is to expose web services that are either identified in a configuration file or in annotations in the code. After searching in the application's configuration files or directly in the bytecode for designated entry points, the method F4FAction.addTaintedCallback can be used to create a tainted data entry point at the appropriate method.

Observe in the example: In EJB 2, web service entry points are declared by defining endpoints in the application's configuration file (ejb-jar.xml). Then handleApp loops through the beans declared in ejb-jar.xml and whenever an endpoint class is defined, it obtains the list of method names. It then declares their implementations as web service entry points using the addTaintedCallback method.

Replace a method

Modern frameworks frequently make use of virtual functions and abstraction to more loosely couple business components. While this can be an improvement to the development process, it creates difficulties for static analysis when the connection between virtual function and its implementation is handled in a configuration file or via annotations in the code. F4FAction.replaceCalls allows a handler to designate these connections.

Observe in the example: In EJB 2, each bean has a set of interfaces (local and remote) that declare how other beans may interact with it. This means that, wherever a bean's interface class.method is called, it is replaced by the framework with the actual ImplementationClass.method.

Starting at line 62, our example handler loops through each bean and takes its remote and local interfaces and replaces them with their actual implementations.


A handler can use the class to log informative messages during execution - and to cause error messages to appear in the AppScan® Source user interface. The TaintLogger class employs the log4j library. To log a message, first obtain a Logger object by calling TaintLogger.i().getLogger(). Then, invoke logging methods on the Logger (for example, Logger.warn) to log the messages that you want. Log messages will appear in <data_dir>\logs\StaticAnalyzer_Errors.log (where <data_dir> is the location of your AppScan® Source program data, as described in Installation and user data file locations). If Logger.error or Logger.fatal is used to log a message, the error the message will also appear in the Console view in the AppScan® Source user interface.