METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR AUTOMATICALLY MITIGATING VULNERABILITIES IN SOURCE CODE
First Claim
1. A method for automatically mitigating vulnerabilities in a source code of an application comprising:
- compiling the source code;
building a path graph according to the compiled source code, wherein the path graph comprises a plurality of paths traversing from sources to sinks, and wherein each of the paths comprises a plurality of nodes; and
identifying at least one tainted path by enabling a plurality of vulnerability rules, wherein each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method;
determining if the at least one vulnerability is mitigable; and
mitigating the determined at least one vulnerability automatically.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for automatically mitigating vulnerabilities in a source code of an application is provided in the present invention. The method includes the following steps. First, the source code is complied, and a path graph is built according to the compiled source code. The path graph includes a plurality of paths traversing from sources to sinks, and each of the paths includes a plurality of nodes. Then, at least one tainted path is identified by enabling a plurality of vulnerability rules. Each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method. Then, the at least one vulnerability is determined if it is mitigable. If the at least one vulnerability is mitigable, the at least one vulnerability is mitigated automatically. Furthermore, the method may be implemented as a system and a computer program product.
-
Citations
23 Claims
-
1. A method for automatically mitigating vulnerabilities in a source code of an application comprising:
-
compiling the source code; building a path graph according to the compiled source code, wherein the path graph comprises a plurality of paths traversing from sources to sinks, and wherein each of the paths comprises a plurality of nodes; and identifying at least one tainted path by enabling a plurality of vulnerability rules, wherein each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method; determining if the at least one vulnerability is mitigable; and mitigating the determined at least one vulnerability automatically. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 23)
-
-
12. A system for automatically mitigating vulnerabilities in a source code of an application comprising:
-
a memory; a database; a processor coupled to the memory and the database, wherein the processor performs an operation for automatically mitigating vulnerabilities in the source code of the application, the operation comprising; compiling the source code; building a path graph according to the compiled source code, wherein the path graph comprises a plurality of paths traversing from sources to sinks, and wherein each of the paths comprises a plurality of nodes; and identifying at least one tainted path by enabling a plurality of vulnerability rules, wherein each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method; determining if the at least one vulnerability is mitigable; and mitigating the determined at least one vulnerability automatically. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification