Automatic context-sensitive sanitization

US 8,898,776 B2
Filed: 12/28/2010
Issued: 11/25/2014
Est. Priority Date: 12/28/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for sanitizing data in a web application, the method comprising:

providing at least one execution trace of the web application, the execution trace including a path through the web application taken by an untrusted input that leads to rendering the untrusted input in an output stream, the execution trace associated with a correct sanitizer sequence that sanitizes the untrusted input;

tracking a runtime execution of the web application during execution of the web application;

discovering, during the runtime execution of the web application, a mismatch of a first sanitizer sequence with a browser parsing context of the untrusted input, the browser parsing context corresponding to a portion of the output stream that contains the untrusted input;

determining that the correct sanitizer sequence is to be applied to the untrusted input during the runtime execution of the web application, the correct sanitizer sequence based on the browser parsing context; and

applying the correct sanitizer sequence to the untrusted input when the runtime execution follows the execution trace.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An automatic context-sensitive sanitization technique detects errors due to the mismatch of a sanitizer sequence with a browser parsing context. A pre-deployment analyzer automatically detects violating paths that contain a sanitizer sequence that is inconsistent with a browsing context associated with outputting an untrusted input. The pre-deployment analyzer determines a correct sanitizer sequence which is stored in a sanitization cache. During the runtime execution of the web application, a path detector tracks execution of the web application in relation to the violating paths. The correct sanitizer sequence can be applied when the runtime execution follows a violating path.

17 Citations

View as Search Results

19 Claims

1. A computer-implemented method for sanitizing data in a web application, the method comprising:
- providing at least one execution trace of the web application, the execution trace including a path through the web application taken by an untrusted input that leads to rendering the untrusted input in an output stream, the execution trace associated with a correct sanitizer sequence that sanitizes the untrusted input;
  
  tracking a runtime execution of the web application during execution of the web application;
  
  discovering, during the runtime execution of the web application, a mismatch of a first sanitizer sequence with a browser parsing context of the untrusted input, the browser parsing context corresponding to a portion of the output stream that contains the untrusted input;
  
  determining that the correct sanitizer sequence is to be applied to the untrusted input during the runtime execution of the web application, the correct sanitizer sequence based on the browser parsing context; and
  
  applying the correct sanitizer sequence to the untrusted input when the runtime execution follows the execution trace.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the providing step further comprising:
    - executing the web application;
      
      positively tainting trusted inputs and propagated trusted inputs while executing the web application; and
      
      determining the untrusted input from the tainted trusted inputs.
  - 3. The method of claim 1, wherein the discovering step further comprises:
    - parsing the output stream to determine the mismatch of the sanitizer sequence with the browser parsing context.
  - 4. The method of claim 3, wherein the parsing step is executed prior to deploying the web application.
  - 5. The method of claim 4, further comprising:
    - matching the browser parsing context with the correct sanitizer sequence based on a context-sanitizer map; and
      
      saving the correct sanitizer sequence for use when execution of the application follows the execution trace.

6. A computer-implemented method for sanitizing data in a web application, the method comprising:
- identifying at least one violating path representing an execution trace of the web application, the execution trace including a path through the web application taken by an untrusted input that leads to rendering the untrusted input in an output stream, the execution trace having a first sequence of sanitizers being configured to sanitize, the first sequence of sanitizers embedded in the web application;
  
  monitoring execution of the web application; and
  
  applying a second sequence of sanitizers when runtime execution of the web application follows the violating path, wherein the first sequence of sanitizers differ from the second sequence of sanitizers, wherein the second sequence of sanitizers is based on a browser parsing context of the untrusted input.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The method of claim 6, wherein the monitoring step further comprises:
    - generating a control flow graph associated with the web application; and
      
      tracing the control flow graph to determine if execution of the web application is following the violating path.
  - 8. The method of claim 7, further comprising:
    - determining that the first sequence of sanitizers does not match a browser parsing context corresponding to an output stream associated with the untrusted input.
  - 9. The method of claim 8, further comprising:
    - identifying the second sequence of sanitizers that matches the browser parsing context.
  - 10. The method of claim 8, further comprising:
    - parsing the output stream to determine the browser parsing context.
  - 11. The method of claim 10, further comprising:
    - using a context-sanitizer map to determine the correct sequence of sanitizers that matches the browser parsing context.
  - 12. The method of claim 7, wherein the identifying step is performed automatically without modifying the web application.

13. A computer-implemented system for sanitizing data, the system comprising:
- a server having a processor and a memory, the memory including;
  
  a web application; and
  
  an analyzer, including instructions that when executed on a processor, are configured todetermine a violating path in the web application, the web application uses a sanitizer sequence to sanitize an untrusted input in an output stream, wherein the sanitizer sequence does not match the browser parsing context, the browser parsing context represents a state of a web browser when the web browser parses the web application at runtime, the violating path representing a path through the web application taken by the untrusted input during runtime that leads to rendering the untrusted input in an output stream, wherein the violating path is used during runtime execution of the web application to track when the runtime execution follows the violating path so that a correct sanitizer sequence is applied to the untrusted input.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The system of claim 13, wherein the analyzer further comprising instructions to determine a correct sanitizer sequence to sanitize the untrusted input, the correct sanitizer sequence based on a browser parsing context of the output stream.
  - 15. The system of claim 14, wherein the violating path is not generated by the analyzer.
  - 16. The system of claim 14, wherein the correct sanitizer sequence is not inserted into the web application.
  - 17. The system of claim 13, further comprising a web server that tracks runtime execution of the web application and applies the correct sanitizer sequence during runtime execution.
  - 18. The system of claim 13, wherein the memory includes a pre-deployment analyzer having instructions that when executed on a processor determines untrusted inputs from positively tainting and propagating trusted inputs.
  - 19. The system of claim 13, further comprising a parser that determines that the sanitizer sequence does not match the browser parsing context of the output stream.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Molnar, David, Livshits, Benjamin, Godefroid, Patrice, Saxena, Prateek
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Alata, Ayoub

Application Number

US12/979,407
Publication Number

US 20120167209A1
Time in Patent Office

1,428 Days
Field of Search

726/22, 726/23, 726/24, 726/25
US Class Current

726/22
CPC Class Codes

G06F 21/54   by adding security routines...

G06F 21/56   Computer malware detection ...

G06F 21/566   Dynamic detection, i.e. det...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

Automatic context-sensitive sanitization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic context-sensitive sanitization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links