主权项 |
1. A computer implemented method of detecting a privacy leak in a .Net software application, said method comprising:
receiving a binary computer file suitable for execution within the .Net framework; disassembling said binary computer file into a human-readable language, said language including a plurality of methods wherein each method includes at least one instruction; using said language, constructing a representation of a relationship between said methods, said representation indicating which of said methods call others of said methods; determining a source method call chain within said representation that includes a source API (application programming interface) function in a first one of said methods that retrieves information from the computing device, said source API function being in a source leaf node of said source method call chain; determining a sink method call chain within said representation that includes a sink API function in a second one of said methods that sends information from said computing device, said sink API function being in a sink leaf node of said sink method call chain; and generating an alert only when it is determined that a method exists in common between said source method call chain having said source API function in said source leaf node and said sink method call chain having said sink API function in said sink leaf node. |