Automated detection and validation of sanitizers

摘要

Methods, systems, and computer-readable storage media for analyzing security of dataflows in programs. In some implementations, actions include processing source code using static analysis to: identify one or more dataflows and one or more candidate sanitizers, each candidate sanitizer being associated with a respective dataflow, and provide an executable sub-program for each candidate sanitizer to provide one or more executable sub-programs, processing the one or more executable sub-programs using dynamic analysis to: execute the one or more executable sub-programs, and provide dynamic analysis results, providing combined results based on the static analysis and the dynamic analysis, the combined results including the dynamic analysis results, and assigning a priority to each result in the combined results.

主权项

1. A computer-implemented method for analyzing security of dataflows in programs, the method being executed using one or more processors and comprising:
processing, by the one or more processors, source code using static analysis to:
identify one or more dataflows and one or more candidate sanitizers, each candidate sanitizer being associated with a respective dataflow, andprovide an executable sub-program for each candidate sanitizer to provide one or more executable sub-programs, processing, by the one or more processors, the one or more executable sub-programs using dynamic analysis to:
execute the one or more executable sub-programs, andprovide dynamic analysis results, providing combined results based on the static analysis and the dynamic analysis, the combined results comprising the dynamic analysis results; and assigning a priority to each result in the combined results.