METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR AUTOMATICALLY MITIGATING VULNERABILITIES IN SOURCE CODE

US 20140359776A1
Filed: 05/29/2013
Published: 12/04/2014
Est. Priority Date: 05/29/2013
Status: Active Grant

First Claim

Patent Images

1. A method for automatically mitigating vulnerabilities in a source code of an application comprising:

compiling the source code;

building a path graph according to the compiled source code, wherein the path graph comprises a plurality of paths traversing from sources to sinks, and wherein each of the paths comprises a plurality of nodes; and

identifying at least one tainted path by enabling a plurality of vulnerability rules, wherein each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method;

determining if the at least one vulnerability is mitigable; and

mitigating the determined at least one vulnerability automatically.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for automatically mitigating vulnerabilities in a source code of an application is provided in the present invention. The method includes the following steps. First, the source code is complied, and a path graph is built according to the compiled source code. The path graph includes a plurality of paths traversing from sources to sinks, and each of the paths includes a plurality of nodes. Then, at least one tainted path is identified by enabling a plurality of vulnerability rules. Each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method. Then, the at least one vulnerability is determined if it is mitigable. If the at least one vulnerability is mitigable, the at least one vulnerability is mitigated automatically. Furthermore, the method may be implemented as a system and a computer program product.

Citations

23 Claims

1. A method for automatically mitigating vulnerabilities in a source code of an application comprising:
- compiling the source code;
  
  building a path graph according to the compiled source code, wherein the path graph comprises a plurality of paths traversing from sources to sinks, and wherein each of the paths comprises a plurality of nodes; and
  
  identifying at least one tainted path by enabling a plurality of vulnerability rules, wherein each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method;
  
  determining if the at least one vulnerability is mitigable; and
  
  mitigating the determined at least one vulnerability automatically.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 23)
- - 2. The method in claim 1, wherein said step of determining if the at least one vulnerability is mitigable comprises:
    - locating a first forward node containing a tainted object as a target node along each of the at least one tainted path from the source to the sink.
  - 3. The method in claim 2, wherein said step of determining if the at least one vulnerability is mitigable comprises:
    - locating a first backward node containing the tainted object as the target node along each of the at least one tainted path from the sink to the source.
  - 4. The method in claim 3, wherein said step of determining if the at least one vulnerability is mitigable further comprises:
    - determining the type of the at least one vulnerability,wherein if the at least one vulnerability is one of a structured query language (SQL) injection, an operating system (OS) command injection, a lightweight directory access protocol (LDAP) injection, an extensible markup language (XML) injection, or an XML path language (XPath) injection, locating the node containing the tainted object as the target node along each of the at least one tainted path from the source to the sink,wherein if the at least one vulnerability is not any of the SQL injection, the OS command injection, the LDAP injection, the XML injection, or the XPath injection, locating the node containing the tainted object as the target node along each of the at least one tainted path from the sink to the source; and
      
      determining if an actual object/variable exists in the target node;
      
      wherein if the actual object/variable exits in the target node, determining the at least one vulnerability is mitigable;
      
      wherein if the actual object/variable does not exist in the target node, setting a next node as the target node.
  - 5. The method in claim 4, wherein said step of mitigating the determined at least one vulnerability automatically comprises:
    - applying an instant-fix call at the tainted object on the target node.
  - 6. The method in claim 5, wherein after said step of applying the instant-fix call at the tainted object on the target node, the method further comprising:
    - creating a copy of amended source code according to the instant-fix call; and
      
      checking if the copy of amended source code is legal;
      
      wherein if the copy of amended source code is legal, writing the target node into a database;
      
      wherein if the copy of amended source code is not legal, setting the next node as the target node.
  - 7. The method in claim 4, wherein said step of determining if the at least one vulnerability is mitigable comprises:
    - identifying at least one other tainted path with the same target node; and
      
      determining if the same target node corresponds to different vulnerabilities;
      
      wherein if the same target node does not correspond to different vulnerabilities, removing the at least one other tainted path;
      
      wherein if the same target node corresponds to different vulnerabilities, evaluating a priority order of the vulnerabilities.
  - 8. The method in claim 7, wherein said step of mitigating the determined at least one vulnerability automatically comprises:
    - applying a plurality of instant-fix calls at the tainted object on the target node according to the priority order;
      
      checking a confidence score corresponding to each of the instant-fix calls; and
      
      writing the target node into a database.
  - 9. The method in claim 8 further comprising:
    - lowering the confidence score if the tainted object comprises certain known functions.
  - 10. The method in claim 9 further comprising:
    - determining if the at least one vulnerability is one of the SQL injection, the OS command injection, the LDAP injection, the XML injection, or the XPath injection;
      
      wherein if the at least one vulnerability is one of the SQL injection, the OS command injection, the LDAP injection, the XML injection, or the XPath injection, lowering the confidence score if the tainted object comprises certain string constants.
  - 11. The method in claim 7, wherein after said step of mitigating the determined at least one vulnerability automatically, the method further comprising:
    - creating a copy of amended source code according to the instant-fix calls;
      
      compiling the copy of amended source code and determining if there exists any compiler error; and
      
      locating the actual tainted object on the mitigable node corresponding to each of the compiler errors and setting the corresponding confidence score to zero.
  - 23. A non-transitory computer program product comprising a plurality of program instructions, which when executed by a computer system, cause the computer system to execute the method according to claim 1.

12. A system for automatically mitigating vulnerabilities in a source code of an application comprising:
- a memory;
  
  a database;
  
  a processor coupled to the memory and the database, wherein the processor performs an operation for automatically mitigating vulnerabilities in the source code of the application, the operation comprising;
  
  compiling the source code;
  
  building a path graph according to the compiled source code, wherein the path graph comprises a plurality of paths traversing from sources to sinks, and wherein each of the paths comprises a plurality of nodes; and
  
  identifying at least one tainted path by enabling a plurality of vulnerability rules, wherein each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method;
  
  determining if the at least one vulnerability is mitigable; and
  
  mitigating the determined at least one vulnerability automatically.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The system in claim 12, wherein the processor locates a first forward node containing a tainted object as a target node along each of the at least one tainted path from the source to the sink.
  - 14. The system in claim 13, wherein the processor locates a first backward node containing the tainted object as the target node along each of the at least one tainted path from the sink to the source.
  - 15. The system in claim 14, wherein the processor determines the type of the at least one vulnerability, wherein the processor locates the node containing the tainted object as the target node along each of the at least one tainted path from the source to the sink if the at least one vulnerability is one of the SQL injection, the OS command injection, the LDAP injection, the XML injection, or the XPath injection, wherein the processor locates the node containing the tainted object as the target node along each of the at least one tainted path from the sink to the source if the at least one vulnerability is not any of the SQL injection, the OS command injection, the LDAP injection, the XML injection, or the XPath injection, wherein the processor further determines if an actual object/variable exists in the target node, wherein the processor determines the at least one vulnerability is mitigable if the actual object/variable exists in the target node, wherein the processor sets a next node as the target node if the object/actual variable does not exist in the target node.
  - 16. The system in claim 15, wherein the processor applies an instant-fix call at the tainted object on the target node.
  - 17. The system in claim 16, wherein the processor creates a copy of amended source code according to the instant-fix call, checks if the copy of amended source code is legal, wherein the processor writes the target node into the database if the copy of amended source code is legal, and wherein the processor sets the next node as the target node if the copy of amended source code is not legal.
  - 18. The system in claim 15, wherein the processor identifies at least one other tainted path with the same target node and determines if the same target node corresponds to different vulnerabilities, wherein the processor removes the at least one other tainted path if the same target node does not correspond to different vulnerabilities, and wherein the processor evaluates a priority order of the vulnerabilities if the same target node corresponds to different tainted objects.
  - 19. The system in claim 18, wherein the processor applies a plurality of instant-fix calls at the tainted object on the target node according to the priority order, checks a confidence score corresponding to each of the instant-fix calls, and writes the target node into the database.
  - 20. The system in claim 19, wherein the processor further lowers the confidence score if the tainted object comprises certain known functions.
  - 21. The system in claim 20, wherein the processor further determines if the at least one vulnerability is one of the SQL injection, the command injection, the LDAP injection, the XML injection, or the XPath injection, and lowers the confidence score if the at least one vulnerability is one of the SQL injection, the command injection, or the LDAP injection, the XML injection, or the XPath injection, and if the tainted object comprises certain string constants.
  - 22. The system in claim 18, wherein the processor further creates a copy of amended source code according to the instant-fix calls, compiles the copy of amended source code and determines if there exists any compiler error, locates the actual tainted object on the mitigable node corresponding to each of the compiler errors, and sets the corresponding confidence score to zero.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lucent Sky Corporation
Original Assignee
Lucent Sky Corporation
Inventors
Liu, Jim

Granted Patent

US 9,158,922 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

G06F 8/41   Compilation

G06F 8/42   Syntactic analysis

G06F 8/43   Checking; Contextual analysis

H04L 63/14   for detecting or protecting...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1466   Active attacks involving in...

METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR AUTOMATICALLY MITIGATING VULNERABILITIES IN SOURCE CODE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR AUTOMATICALLY MITIGATING VULNERABILITIES IN SOURCE CODE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links