发明名称 |
Static application security testing |
摘要 |
Methods, systems, and computer-readable storage media for analyzing source code of an application. In some implementations, actions include determining a control flow graph of the application using the source code of the application; determining a plurality of source-sink pairs of exploitable data sources and exploitable data sinks; and determining, for each source-sink pair, whether the source-sink pair is potentially exploitable by: determining one or more conditions under which the invoking procedure passes the exploitable data source to the exploitable data sink of the invoked procedure; and determining, using the control flow graph, whether the conditions are met in at least one possible context of the application, and if so, determining that the source-sink pair is potentially exploitable. |
申请公布号 |
US8881293(B1) |
申请公布日期 |
2014.11.04 |
申请号 |
US201313932388 |
申请日期 |
2013.07.01 |
申请人 |
SAP SE |
发明人 |
Brucker Achim D.;Deuster Thomas |
分类号 |
G06F15/00;G06F21/57 |
主分类号 |
G06F15/00 |
代理机构 |
Fish & Richardson P.C. |
代理人 |
Fish & Richardson P.C. |
主权项 |
1. A computer-implemented method for analyzing source code of an application, the method being executed using one or more processors and comprising:
determining a control flow graph of the application using the source code of the application, wherein the control flow graph includes a plurality of procedure nodes each representing a respective procedure of the application and a plurality of edges connecting procedures nodes, each edge representing an invocation of one connected node's respective procedure by the other connected node's respective procedure; determining a plurality of source-sink pairs of exploitable data sources and exploitable data sinks, each source-sink pair comprising a respective exploitable data source passed from a respective invoking procedure to a respective exploitable data sink of a respective invoked procedure; and determining, for each source-sink pair, whether the source-sink pair is potentially exploitable by:
determining one or more conditions under which the invoking procedure passes the exploitable data source to the exploitable data sink of the invoked procedure; anddetermining, using the control flow graph, whether the conditions are met in at least one possible context of the application, and if so, determining that the source-sink pair is potentially exploitable. |
地址 |
Walldorf DE |