Automatic context-sensitive sanitization
First Claim
1. A computer-implemented method for sanitizing data in a web application, the method comprising:
- providing at least one execution trace of the web application, the execution trace including a path through the web application taken by an untrusted input that leads to rendering the untrusted input in an output stream, the execution trace associated with a correct sanitizer sequence that sanitizes the untrusted input;
tracking a runtime execution of the web application during execution of the web application;
discovering, during the runtime execution of the web application, a mismatch of a first sanitizer sequence with a browser parsing context of the untrusted input, the browser parsing context corresponding to a portion of the output stream that contains the untrusted input;
determining that the correct sanitizer sequence is to be applied to the untrusted input during the runtime execution of the web application, the correct sanitizer sequence based on the browser parsing context; and
applying the correct sanitizer sequence to the untrusted input when the runtime execution follows the execution trace.
2 Assignments
0 Petitions
Accused Products
Abstract
An automatic context-sensitive sanitization technique detects errors due to the mismatch of a sanitizer sequence with a browser parsing context. A pre-deployment analyzer automatically detects violating paths that contain a sanitizer sequence that is inconsistent with a browsing context associated with outputting an untrusted input. The pre-deployment analyzer determines a correct sanitizer sequence which is stored in a sanitization cache. During the runtime execution of the web application, a path detector tracks execution of the web application in relation to the violating paths. The correct sanitizer sequence can be applied when the runtime execution follows a violating path.
17 Citations
19 Claims
-
1. A computer-implemented method for sanitizing data in a web application, the method comprising:
-
providing at least one execution trace of the web application, the execution trace including a path through the web application taken by an untrusted input that leads to rendering the untrusted input in an output stream, the execution trace associated with a correct sanitizer sequence that sanitizes the untrusted input; tracking a runtime execution of the web application during execution of the web application; discovering, during the runtime execution of the web application, a mismatch of a first sanitizer sequence with a browser parsing context of the untrusted input, the browser parsing context corresponding to a portion of the output stream that contains the untrusted input; determining that the correct sanitizer sequence is to be applied to the untrusted input during the runtime execution of the web application, the correct sanitizer sequence based on the browser parsing context; and applying the correct sanitizer sequence to the untrusted input when the runtime execution follows the execution trace. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method for sanitizing data in a web application, the method comprising:
-
identifying at least one violating path representing an execution trace of the web application, the execution trace including a path through the web application taken by an untrusted input that leads to rendering the untrusted input in an output stream, the execution trace having a first sequence of sanitizers being configured to sanitize, the first sequence of sanitizers embedded in the web application; monitoring execution of the web application; and applying a second sequence of sanitizers when runtime execution of the web application follows the violating path, wherein the first sequence of sanitizers differ from the second sequence of sanitizers, wherein the second sequence of sanitizers is based on a browser parsing context of the untrusted input. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A computer-implemented system for sanitizing data, the system comprising:
a server having a processor and a memory, the memory including; a web application; and an analyzer, including instructions that when executed on a processor, are configured to determine a violating path in the web application, the web application uses a sanitizer sequence to sanitize an untrusted input in an output stream, wherein the sanitizer sequence does not match the browser parsing context, the browser parsing context represents a state of a web browser when the web browser parses the web application at runtime, the violating path representing a path through the web application taken by the untrusted input during runtime that leads to rendering the untrusted input in an output stream, wherein the violating path is used during runtime execution of the web application to track when the runtime execution follows the violating path so that a correct sanitizer sequence is applied to the untrusted input. - View Dependent Claims (14, 15, 16, 17, 18, 19)
Specification