| 发明名称 |
METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR AUTOMATICALLY MITIGATING VULNERABILITIES IN SOURCE CODE |
| 摘要 |
A method for automatically mitigating vulnerabilities in a source code of an application is provided in the present invention. The method includes the following steps. First, the source code is complied, and a path graph is built according to the compiled source code. The path graph includes a plurality of paths traversing from sources to sinks, and each of the paths includes a plurality of nodes. Then, at least one tainted path is identified by enabling a plurality of vulnerability rules. Each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method. Then, the at least one vulnerability is determined if it is mitigable. If the at least one vulnerability is mitigable, the at least one vulnerability is mitigated automatically. Furthermore, the method may be implemented as a system and a computer program product. |
| 申请公布号 |
US2014359776(A1) |
申请公布日期 |
2014.12.04 |
| 申请号 |
US201313905096 |
申请日期 |
2013.05.29 |
| 申请人 |
Lucent Sky Corporation |
发明人 |
Liu Jim |
| 分类号 |
G06F21/57;G06F9/45 |
主分类号 |
G06F21/57 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for automatically mitigating vulnerabilities in a source code of an application comprising:
compiling the source code; building a path graph according to the compiled source code, wherein the path graph comprises a plurality of paths traversing from sources to sinks, and wherein each of the paths comprises a plurality of nodes; and identifying at least one tainted path by enabling a plurality of vulnerability rules, wherein each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method; determining if the at least one vulnerability is mitigable; and mitigating the determined at least one vulnerability automatically. |
| 地址 |
Pasadena CA US |
