Automatic context-sensitive sanitization
First Claim
Patent Images
1. A computer-implemented method comprising:
- receiving an instrumented web application including at least one special code marker, the at least one special code marker identifying a sanitizer with an untrusted input;
identifying a browser parsing context for the untrusted input, the browser parsing context associated with a state of a web browser when the web browser is parsing at a point where the untrusted input is rendered in an output stream;
checking if the sanitizer matches the browser parsing context for the untrusted input;
when the sanitizer does not match the browsing parsing context of the untrusted input, tagging an execution trace of the untrusted input to an output stream as a violating path, the violating path representing a path through the uninstrumented web application taken by the untrusted input that leads to outputting the untrusted input in an output stream; and
generating a correct sanitizer sequence for application to the untrusted input when the uninstrumented web application executes along the violating path.
2 Assignments
0 Petitions
Accused Products
Abstract
An automatic context-sensitive sanitization technique detects errors due to the mismatch of a sanitizer sequence with a browser parsing context. A pre-deployment analyzer automatically detects violating paths that contain a sanitizer sequence that is inconsistent with a browsing context associated with outputting an untrusted input. The pre-deployment analyzer determines a correct sanitizer sequence which is stored in a sanitization cache. During the runtime execution of the web application, a path detector tracks execution of the web application in relation to the violating paths. The correct sanitizer sequence can be applied when the runtime execution follows a violating path.
11 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving an instrumented web application including at least one special code marker, the at least one special code marker identifying a sanitizer with an untrusted input; identifying a browser parsing context for the untrusted input, the browser parsing context associated with a state of a web browser when the web browser is parsing at a point where the untrusted input is rendered in an output stream; checking if the sanitizer matches the browser parsing context for the untrusted input; when the sanitizer does not match the browsing parsing context of the untrusted input, tagging an execution trace of the untrusted input to an output stream as a violating path, the violating path representing a path through the uninstrumented web application taken by the untrusted input that leads to outputting the untrusted input in an output stream; and generating a correct sanitizer sequence for application to the untrusted input when the uninstrumented web application executes along the violating path. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
at least one processor; and at least one memory comprising the following processor-executable modules; a code instrumentor that tags input data of a web application as an untrusted input and inserts a special code marker that marks a first sanitizer associated with the untrusted input; and a context engine that generates a correct sanitizer for the untrusted input when the first sanitizer does not match a browser parsing context of the untrusted input, wherein the correct sanitizer is applied during execution of the web application, and wherein the browser parsing context is associated with a state of a web browser when the web browser is parsing at a point where the untrusted input is rendered in an output stream. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A device, comprising:
-
at least one processor and a memory; the at least one processor configured to; execute a web application having a marker associated with a first sanitizer applied to an untrusted input; track execution of the web application; compare the tracked execution of the web application with at least one violating path, the at least one violating path representing an execution trace of the web application that applies an incorrect sanitizer to the untrusted input; and when the tracked execution of the web application matches the at least one violating path, apply a correct sanitizer to the untrusted input, the correct sanitizer based on a browser parsing context of the untrusted input in the web application, the browser parsing context associated with a state of a web browser when the web browser is parsing at a point where the untrusted input is rendered in an output stream. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification