Automatic Inference Of Whitelist-Based Validation As Part Of Static Analysis For Security
First Claim
1. A method, comprising:
- performing taint analysis of a computer program and determining an original set of paths from sources to sinks, wherein each path corresponds to a vulnerability because taint flows from a source in the path to a sink in the path;
determining for each variable whose type is a collection and is accessed in one of the paths in the original set of paths whether the variable points to a concrete value whose internal state is not tainted according to the taint analysis;
for each of the variables whose type is a collection found not to be tainted according to the taint analysis, determining all points in the computer program where a membership check against the collection is performed; and
for each of the points, determining corresponding paths and removing those paths from the original set of paths to create a reduced set of paths.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes performing taint analysis of a computer program and determining an original set of paths from sources to sinks. Each path corresponds to a vulnerability. The method includes determining for each variable whose type is a collection and is accessed in one of the paths in the original set of paths whether the variable points to a concrete value whose internal state is not tainted according to the taint analysis. The method further includes, for each of the variables whose type is a collection found not to be tainted according to the taint analysis, determining all points in the computer program where a membership check against the collection is performed. The method also includes, for each of the points, determining corresponding paths and removing those paths from the original set of paths to create a reduced set of paths. Apparatus and computer readable program products are also disclosed.
-
Citations
24 Claims
-
1. A method, comprising:
-
performing taint analysis of a computer program and determining an original set of paths from sources to sinks, wherein each path corresponds to a vulnerability because taint flows from a source in the path to a sink in the path; determining for each variable whose type is a collection and is accessed in one of the paths in the original set of paths whether the variable points to a concrete value whose internal state is not tainted according to the taint analysis; for each of the variables whose type is a collection found not to be tainted according to the taint analysis, determining all points in the computer program where a membership check against the collection is performed; and for each of the points, determining corresponding paths and removing those paths from the original set of paths to create a reduced set of paths. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus, comprising:
-
one or more memories comprising computer readable program code; one or more processors configured, in response to execution of the computer readable program code, to cause the apparatus to perform at least the following; performing taint analysis of a computer program and determining an original set of paths from sources to sinks, wherein each path corresponds to a vulnerability because taint flows from a source in the path to a sink in the path; determining for each variable whose type is a collection and is accessed in one of the paths in the original set of paths whether the variable points to a concrete value whose internal state is not tainted according to the taint analysis; for each of the variables whose type is a collection found not to be tainted according to the taint analysis, determining all points in the computer program where a membership check against the collection is performed; and for each of the points, determining corresponding paths and removing those paths from the original set of paths to create a reduced set of paths. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product, comprising:
-
a computer readable storage medium having computer readable program code embodied thereon, the computer readable program code comprising; code for performing taint analysis of a computer program and determining an original set of paths from sources to sinks, wherein each path corresponds to a vulnerability because taint flows from a source in the path to a sink in the path; code for determining for each variable whose type is a collection and is accessed in one of the paths in the original set of paths whether the variable points to a concrete value whose internal state is not tainted according to the taint analysis; code for, for each of the variables whose type is a collection found not to be tainted according to the taint analysis, determining all points in the computer program where a membership check against the collection is performed; and code for, for each of the points, determining corresponding paths and removing those paths from the original set of paths to create a reduced set of paths. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification