首页>
外国专利>
Rule matching in the presence of languages with no types or as an adjunct to current analyses for security vulnerability analysis
Rule matching in the presence of languages with no types or as an adjunct to current analyses for security vulnerability analysis
展开▼
机译:在不存在任何类型的语言的情况下进行规则匹配,或者作为当前分析的补充(用于安全漏洞分析)
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method includes reading by a computing system a rule file including one or more rules having specified paths to methods, each method corresponding to one of a sink, source, or sanitizer. The method includes matching by the computing system the methods to corresponding ones of sinks, sources, or sanitizers determined through a static analysis of an application. The static analysis determines at least flows from sources of information to sinks that use the information. The method includes performing by the computing system, using the sinks, sources, and sanitizers found by the matching, a taint analysis to determine at least tainted flows from sources to sinks, wherein the tainted flows are flows passing information to sinks without the information being endorsed by a sanitizer. Apparatus and program products are also disclosed.
展开▼