| 摘要 |
PROBLEM TO BE SOLVED: To appropriately dispose a sanitizer while reducing operation man-hours.SOLUTION: The verification device includes: a data flow analysis unit that extracts an input point node, an output point node, and a sanitization node to analyze a data flow of a source code, and generates a digraph representing a data flow including nodes from the input point node to the output point node; a first extraction unit that extracts, in the nodes included in the digraph, a taint node that is on a route not passing through the sanitization node, a downstream node that is disposed at a downstream side of the sanitization node, and an upstream node that is disposed in the upstream side of the sanitization node, on the basis of the digraph and the sanitization node; and a second extraction unit that extracts a candidate node representing a candidate of a node to which sanitization processing is allocated on the basis of the taint node, the downstream node, and the upstream node, and outputs information representing a position on the source code corresponding to the extracted candidate node, to an output unit. |
