Hierarchical runtime analysis framework for defining vulnerabilities

US 10,380,347 B2
Filed: 06/08/2016
Issued: 08/13/2019
Est. Priority Date: 06/08/2016
Status: Active Grant

First Claim

Patent Images

1. A computer program product comprising a non-transitory computer-readable medium containing an executable set of instructions for detecting potential vulnerabilities in a software application in a database system, the set of instructions operable to:

receive a hierarchical list of input tags defining a hierarchy of requests received by the software application, wherein at least some of the input tags have hierarchical relationships, wherein the hierarchical list of input tags includes a parent hypertext transfer protocol (HTTP) input tag and child sibling page, header, and universal resource locator (URL) input tags;

receive a hierarchical list of output tags defining a hierarchy of outputs generated by the software application, wherein at least some of the output tags have hierarchical relationships, wherein the hierarchical list of output tags includes a parent hypertext transfer protocol (HTTP) output tag and child sibling page, header, and universal resource locator (URL) output tags;

receive defined vulnerabilities wherein the defined vulnerabilities include at least one associated input tag and at least one associated output tag;

receive a request in the database system from a user system;

assign an input tag from the hierarchical list of input tags to an object associated with the request, the input tag identifying the request as carrying a security risk and identifying a type of data within object and a particular type of user input, including a URL input;

assign an output tag from the hierarchical list of output tags to an output method generating a response to the request; and

identify one of the defined vulnerabilities as a candidate vulnerability when the assigned output tag and output tag associated the defined vulnerability are within a same subtree in the hierarchical list of output tags; and

identify the candidate vulnerability as a potential vulnerability when the assigned input tag and the input tag associated with the candidate vulnerability are within a same subtree in the hierarchical list of input tags.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A runtime analysis framework (RTA) stores a hierarchical list of input tags and a hierarchical list of output tags. The RTA stores defined vulnerabilities that include associated input tags and output tags. During runtime the software application may receive a request from a user system. The RTA assigns an input tag from the hierarchical list of input tags to an object associated with the request and assigns an output tag from the hierarchical list of output tags to a method generating a response to the request. The RTA identifies one of the defined vulnerabilities as a potential vulnerability if the assigned output tag and output tag associated the potential vulnerability are in a same subtree of the hierarchical list of output tags and the assigned input tag and the input tag associated with the potential vulnerability are in a same subtree of the hierarchical list of input tags.

Citations

16 Claims

1. A computer program product comprising a non-transitory computer-readable medium containing an executable set of instructions for detecting potential vulnerabilities in a software application in a database system, the set of instructions operable to:
- receive a hierarchical list of input tags defining a hierarchy of requests received by the software application, wherein at least some of the input tags have hierarchical relationships, wherein the hierarchical list of input tags includes a parent hypertext transfer protocol (HTTP) input tag and child sibling page, header, and universal resource locator (URL) input tags;
  
  receive a hierarchical list of output tags defining a hierarchy of outputs generated by the software application, wherein at least some of the output tags have hierarchical relationships, wherein the hierarchical list of output tags includes a parent hypertext transfer protocol (HTTP) output tag and child sibling page, header, and universal resource locator (URL) output tags;
  
  receive defined vulnerabilities wherein the defined vulnerabilities include at least one associated input tag and at least one associated output tag;
  
  receive a request in the database system from a user system;
  
  assign an input tag from the hierarchical list of input tags to an object associated with the request, the input tag identifying the request as carrying a security risk and identifying a type of data within object and a particular type of user input, including a URL input;
  
  assign an output tag from the hierarchical list of output tags to an output method generating a response to the request; and
  
  identify one of the defined vulnerabilities as a candidate vulnerability when the assigned output tag and output tag associated the defined vulnerability are within a same subtree in the hierarchical list of output tags; and
  
  identify the candidate vulnerability as a potential vulnerability when the assigned input tag and the input tag associated with the candidate vulnerability are within a same subtree in the hierarchical list of input tags.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer program of claim 1, further comprising instructions operable to:
    - identify an output subtree in the hierarchical list of output tags from a root output tag down to the assigned output tag; and
      
      identify the assigned output tag as a type of the output tag associated with the potential vulnerability when the output tag associated with the potential vulnerability is located in the output subtree.
  - 3. The computer program of claim 2, further comprising instructions operable to:
    - identify an input subtree in the hierarchical list of input tags from the assigned input tag up to a root input tag; and
      
      identify the assigned input tag as a type of input tag associated with the potential vulnerability when the input tag associated with the potential vulnerability is located in the input subtree.
  - 4. The computer program of claim 1, wherein the child sibling page output tags include child sibling hypertext markup language (HTML) and JavaScript output tags.
  - 5. The computer program of claim 1, further comprising instructions operable to identify the potential vulnerability as an actual vulnerability in the software application when a sanitization tag associated with the potential vulnerability are not a same sanitization tag assigned to the object.
  - 6. The computer program of claim 1, further comprising instructions operable to assign the input tag to the object based on a type of input method receiving the request and assign the output tag based on a type of method generating the response to the request.
  - 7. The computer program of claim 1, further comprising instructions operable to generate rules in bytecode of the software application to assign the input tag, assign the output tag, and identify the potential vulnerability.

8. A system for detecting vulnerabilities in a software application operating in a database system, comprising:
- a processor; and
  
  memory storing one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  receiving a hierarchical list of input tags defining a hierarchy of requests received, wherein the hierarchical list of input tags includes a parent hypertext transfer protocol (HTTP) input tag and child sibling page, header, and universal resource locator (URL) input tags;
  
  receiving a hierarchical list of output tags defining a hierarchy of outputs, wherein the hierarchical list of output tags includes a parent hypertext transfer protocol (HTTP) output tag and child sibling page, header, and universal resource locator (URL) output tags;
  
  receiving defined vulnerabilities each including an associated input tag and an associated output tag;
  
  receiving a request by the software application in the database system from a user system;
  
  assigning an input tag from the hierarchical list of input tags to an object returned by the software application based on the request, the input tag identifying the request as potentially malicious and carrying a security risk and identifying a type of data within object and a particular type of user input, including a URL input;
  
  assigning an output tag from the hierarchical list of output tags to an output method in the software application generating a response to the request;
  
  identifying one of the defined vulnerabilities as a candidate vulnerability when the assigned output tag and output tag associated the defined vulnerability are within a same subtree in the hierarchical list of output tags; and
  
  identifying the candidate vulnerability as a potential vulnerability when the assigned input tag and the input tag associated with the candidate vulnerability are within a same subtree in the hierarchical list of input tags.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the instructions further cause the processor to carry out the steps of assigning the input tag, assigning the output tag, and identifying the potential vulnerability during runtime of the software application.
  - 10. The system of claim 8, wherein the instructions further cause the processor to carry out the steps of identifying the potential vulnerability as an actual vulnerability in the software application when a sanitization tag associated with the potential vulnerability are not a sanitization tag assigned to the object.
  - 11. The system of claim 8, wherein the instructions further cause the processor to carry out the steps of identifying the assigned output tag and the output tag associated with the potential vulnerability as part of the same subtree when the assigned output tag is identified as a same type or child of the output tag associated with the potential vulnerability.
  - 12. The system of claim 8, wherein the instructions further cause the processor to carry out the steps of identifying the assigned input tag and the input tag associated with the potential vulnerability as part of the same subtree when the assigned input tag is identified as a same type or child of the input tag associated with the potential vulnerability.
  - 13. The system of claim 8, wherein:
    - the child sibling page output tag includes child sibling hypertext markup language (HTML) and JavaScript output tags.
  - 14. The system of claim 8, wherein at least some of the stored sequences of instructions include Java bytecode for assigning the input tag, assigning the output tag, and identifying the potential vulnerability.

15. A method for detecting a vulnerability in a software application in a database system, comprising:
- storing a hierarchical input tree that identifies hierarchical relationships for different input events;
  
  storing a hierarchical output tree that identifies hierarchical relationships for different output events;
  
  receive a defined vulnerability that includes an output event, an input event, and a sanitization event;
  
  receiving by the software application in the database system a request from a user system;
  
  executing an input rule in the software application that identifies an input event for an object associated with the request;
  
  executing a sanitization rule in the software application that identifies a sanitization event for a security operation performed on the object;
  
  executing an output rule in the software application that identifies an output event for a method generating a response to the request; and
  
  executing a vulnerability rule in the software application that identifies a vulnerability in a part of the software application based on a hierarchical relationship between the identified output event and the defined vulnerability output event, a hierarchical relationship between the identified input event and the defined vulnerability input event, and a relationship between the identified sanitization event and the defined vulnerability sanitization event.
- View Dependent Claims (16)
- - 16. The method of claim 15, further comprising identifying the vulnerability in the software application when a sanitization event identified for the object is not the defined vulnerability sanitization event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Gorbaty, Sergey, Safford, Travis, Wang, Xiaoran
Primary Examiner(s)
Lagor, Alexander
Assistant Examiner(s)
Ahsan, Syed M

Application Number

US15/177,017
Publication Number

US 20170357811A1
Time in Patent Office

1,161 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/282 Hierarchical databases, e.g...

G06F 21/577 Assessing vulnerabilities a...

Hierarchical runtime analysis framework for defining vulnerabilities

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Hierarchical runtime analysis framework for defining vulnerabilities

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links