Method and apparatus for static taint analysis of computer program code

摘要

A method is provided to infer taintedness in code expressions encoded in a computer readable device comprising: configuring a computer system to, store a representation of a computer program that is to be evaluated in non-transitory storage media; identify within the representation a pointer cast operation; determine whether an identified cast operation involves a cast from a pointer to a raw memory data type to a pointer to a structured data type; determine whether a structured data type casted to is associated with indicia of externalness; designating data addressed by that pointer as tainted; and determine whether data designated as tainted is consumed by an operation in the computer program that acts as a taintedness sink.

主权项

1. A method to infer taintedness in code expressions encoded in a computer readable device comprising:
configuring a computer system to, store a representation of a computer program that is to be evaluated in non-transitory storage media; identify within the representation a pointer cast operation; in response to identifying a cast operation, determine whether the identified cast operation involves a cast from a pointer to a raw memory data type to a pointer to a structured data type; in response to a determination that a raw memory pointer is cast to a pointer to a structured data type, determine whether the structured data type casted to is associated with indicia of externalness; in response to a determination that the structured data type casted to is associated with indicia of externalness, designate a value addressed by that pointer as tainted; and determine whether a value designated as tainted is indicated in the representation as consumed by an operation in the computer program that acts as a taintedness sink.