Rule matching in the presence of languages with no types or as an adjunct to current analyses for security vulnerability analysis
US10055590B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 13, 2013 |
| Grant date | Aug 21, 2018 |
| Priority date | — |
| Expiry date | Sep 11, 2035 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method includes reading by a computing system a rule file including one or more rules having specified paths to methods, each method corresponding to one of a sink, source, or sanitizer. The method includes matching by the computing system the methods to corresponding ones of sinks, sources, or sanitizers determined through a static analysis of an application. The static analysis determines at least flows from sources of information to sinks that use the information. The method includes performing by the computing system, using the sinks, sources, and sanitizers found by the matching, a taint analysis to determine at least tainted flows from sources to sinks, wherein the tainted flows are flows passing information to sinks without the information being endorsed by a sanitizer. Apparatus and program products are also disclosed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.