摘要 |
PROBLEM TO BE SOLVED: To detect only a location at which a vulnerable library is not appropriately used. SOLUTION: A storage part stores a previously defined determination rule for vulnerability, in which a function name and the position of an argument of the function are associated with each other, the argument having possibility to be set by a wrong value. A vulnerability audit method reads in the determination rule from the storage part; parses a program to be checked; extracts a variable whose value is externally input in the parsed program to be checked and traces the variable according to a processing flow; determines, when the traced variable is used in a location of the function and the argument of the function, which are defined in the determination rule (Y in S32), whether the variable is used in a conditional expression including a comparison operator; and when determined to be not, generates an alert message and outputs the message on a screen or a file (S44). COPYRIGHT: (C)2011,JPO&INPIT |