Rule Matching In The Presence Of Languages With No Types Or As An Adjunct To Current Analyses For Security Vulnerability Analysis

摘要

A method includes reading by a computing system a rule file including one or more rules having specified paths to methods, each method corresponding to one of a sink, source, or sanitizer. The method includes matching by the computing system the methods to corresponding ones of sinks, sources, or sanitizers determined through a static analysis of an application. The static analysis determines at least flows from sources of information to sinks that use the information. The method includes performing by the computing system, using the sinks, sources, and sanitizers found by the matching, a taint analysis to determine at least tainted flows from sources to sinks, wherein the tainted flows are flows passing information to sinks without the information being endorsed by a sanitizer. Apparatus and program products are also disclosed.

主权项

1. A method, comprising:
reading by a computing system a rule file comprising one or more rules having specified paths to methods, each method corresponding to one of a sink, source, or sanitizer; matching by the computing system the methods to corresponding ones of sinks, sources, or sanitizers determined through a static analysis of an application, wherein the static analysis determines at least flows from sources of information to sinks that use the information; and performing by the computing system, using the sinks, sources, and sanitizers found by the matching, a taint analysis to determine at least tainted flows from sources to sinks, wherein the tainted flows are flows passing information to sinks without the information being endorsed by a sanitizer.