Automatic context-sensitive sanitization

US 9,882,923 B2
Filed: 11/24/2014
Issued: 01/30/2018
Est. Priority Date: 12/28/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving an instrumented web application including at least one special code marker, the at least one special code marker identifying a sanitizer with an untrusted input;

identifying a browser parsing context for the untrusted input, the browser parsing context associated with a state of a web browser when the web browser is parsing at a point where the untrusted input is rendered in an output stream;

checking if the sanitizer matches the browser parsing context for the untrusted input;

when the sanitizer does not match the browsing parsing context of the untrusted input, tagging an execution trace of the untrusted input to an output stream as a violating path, the violating path representing a path through the uninstrumented web application taken by the untrusted input that leads to outputting the untrusted input in an output stream; and

generating a correct sanitizer sequence for application to the untrusted input when the uninstrumented web application executes along the violating path.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An automatic context-sensitive sanitization technique detects errors due to the mismatch of a sanitizer sequence with a browser parsing context. A pre-deployment analyzer automatically detects violating paths that contain a sanitizer sequence that is inconsistent with a browsing context associated with outputting an untrusted input. The pre-deployment analyzer determines a correct sanitizer sequence which is stored in a sanitization cache. During the runtime execution of the web application, a path detector tracks execution of the web application in relation to the violating paths. The correct sanitizer sequence can be applied when the runtime execution follows a violating path.

11 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- receiving an instrumented web application including at least one special code marker, the at least one special code marker identifying a sanitizer with an untrusted input;
  
  identifying a browser parsing context for the untrusted input, the browser parsing context associated with a state of a web browser when the web browser is parsing at a point where the untrusted input is rendered in an output stream;
  
  checking if the sanitizer matches the browser parsing context for the untrusted input;
  
  when the sanitizer does not match the browsing parsing context of the untrusted input, tagging an execution trace of the untrusted input to an output stream as a violating path, the violating path representing a path through the uninstrumented web application taken by the untrusted input that leads to outputting the untrusted input in an output stream; and
  
  generating a correct sanitizer sequence for application to the untrusted input when the uninstrumented web application executes along the violating path.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - prior to receiving the instrumented web application;
      
      executing an uninstrumented web application with test data;
      
      tagging data in the uninstrumented web application as being trusted inputs; and
      
      identifying the untrusted input based on absence of the untrusted input being a trusted input.
  - 3. The method of claim 2, wherein the trusted inputs are positively tainted and propagated during the execution of the uninstrumented web application.
  - 4. The method of claim 1, further comprising:
    - tracking execution of the instrumented web application;
      
      comparing the tracked execution with the violating path; and
      
      when the tracked execution of the instrumented web application matches the violating path, applying a correct sanitizer to the untrusted input.
  - 5. The method of claim 1, further comprising:
    - receiving a map including at least one browser parsing context and at least one sanitizer corresponding to a browser parsing context.
  - 6. The method of claim 1, further comprising:
    - providing the violating path and the correct sanitizer sequence to a runtime engine that applies the correct sanitizer sequence prior to outputting the untrusted input.
  - 7. The method of claim 1, wherein checking if the sanitizer matches the browser parsing context for the untrusted input further comprises:
    - matching the browser parsing context with a correct sanitizer; and
      
      when the sanitizer does not match the correct sanitizer, matching the correct sanitizer with the untrusted input.

8. A system, comprising:
- at least one processor; and
  
  at least one memory comprising the following processor-executable modules;
  
  a code instrumentor that tags input data of a web application as an untrusted input and inserts a special code marker that marks a first sanitizer associated with the untrusted input; and
  
  a context engine that generates a correct sanitizer for the untrusted input when the first sanitizer does not match a browser parsing context of the untrusted input,wherein the correct sanitizer is applied during execution of the web application, andwherein the browser parsing context is associated with a state of a web browser when the web browser is parsing at a point where the untrusted input is rendered in an output stream.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, the at least one memory further comprising a plurality of test data, andwherein the code instrumentor analyzes a data flow of the web application with the plurality of test data to identify trusted inputs in the web application and identifies the untrusted input when the untrusted input is not identified as a trusted input.
  - 10. The system of claim 8, the code instrumentor further comprising a positive taint tracker and propagator that positively taints and propagates data as trusted data and wherein the code instrumentor uses the trusted data to determine the untrusted input.
  - 11. The system of claim 8, the code instrumentor further comprises a binary rewriter that inserts the special code marker into the web application to identify the first sanitizer.
  - 12. The system of claim 8, wherein the code instrumentor further comprises an execution trace generator that records an execution trace of the untrusted input, and wherein the context engine identifies the execution trace as a violating path.
  - 13. The system of claim 8, further comprising a context-sanitizer map comprising at least one browser parsing context and a sanitizer corresponding to the at least one browser parsing context, and wherein the context engine utilizes the context-sanitizer map to determine when the first sanitizer does not match the browser parsing context associated with the untrusted input.

14. A device, comprising:
- at least one processor and a memory;
  
  the at least one processor configured to;
  
  execute a web application having a marker associated with a first sanitizer applied to an untrusted input;
  
  track execution of the web application;
  
  compare the tracked execution of the web application with at least one violating path, the at least one violating path representing an execution trace of the web application that applies an incorrect sanitizer to the untrusted input; and
  
  when the tracked execution of the web application matches the at least one violating path, apply a correct sanitizer to the untrusted input, the correct sanitizer based on a browser parsing context of the untrusted input in the web application, the browser parsing context associated with a state of a web browser when the web browser is parsing at a point where the untrusted input is rendered in an output stream.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The device of claim 14, wherein the marker is associated with an identifier that is associated with the correct sanitizer.
  - 16. The device of claim 14, wherein the untrusted input is tagged as untrusted based on an execution of the web application with test data that positively taints data as trusted.
  - 17. The device of claim 14, wherein the correct sanitizer is determined from parsing the web application to determine the browser parsing context and matching the browser parsing context with a sanitizer configured for the browser parsing context.
  - 18. The device of claim 14, storing the at least one violating path and the correct sanitizer are stored separate from the instrumented web application.
  - 19. The device of claim 14, wherein a binary representation of the web application is instrumented with the marker prior to the execution of the web application.
  - 20. The device of claim 14, wherein the at least one violating path is determined from a prior execution of the web application with test data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Molnar, David, Livshits, Benjamin, Godefroid, Patrice, Saxena, Prateek
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Alata, Ayoub

Application Number

US14/551,629
Publication Number

US 20150082439A1
Time in Patent Office

1,163 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/54   by adding security routines...

G06F 21/56   Computer malware detection ...

G06F 21/566   Dynamic detection, i.e. det...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

Automatic context-sensitive sanitization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic context-sensitive sanitization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links