公开(公告)号：US20120304161A1

公开(公告)日：2012-11-29

申请号：US13113097

申请日：2011-05-23

申请人： Aharon Ahadi ,  Jonathan Bnayahu ,  Ran Ettinger ,  Yishai Abraham Feldman ,  Yinnon Avraham Haviv ,  Adi Sharabani

发明人： Aharon Ahadi ,  Jonathan Bnayahu ,  Ran Ettinger ,  Yishai Abraham Feldman ,  Yinnon Avraham Haviv ,  Adi Sharabani

IPC分类号： G06F9/45

CPC分类号： G06F8/433 ,  G06F21/12 ,  G06F2221/031 ,  G06F2221/033

摘要： A method of determining suitable insertion points for inserting string sanitizers in a computer code is provided herein. The method includes the following stages: obtaining: (i) a computer code associated with a data flow of externally supplied data, from one or more sources to one or more sinks, (ii) locations of the sources, and (iii) locations of the sinks; building a graph representing control paths, data paths and semantic relationships between the control paths and the data paths of the computer code; associating all tainted data paths on the graph, being data paths that go from sources to sinks and do not include a sanitizer; and determining, on the tainted data paths, potential control paths suitable for sanitizer insertion.

摘要翻译： 本文提供了一种在计算机代码中确定用于插入消毒器的合适插入点的方法。 该方法包括以下阶段：获得：（i）与外部提供的数据的数据流相关联的计算机代码，从一个或多个源到一个或多个汇点，（ii）源的位置，以及（iii） 水槽 构建表示控制路径和计算机代码的数据路径之间的控制路径，数据路径和语义关系的图; 将图中的所有污点数据路径相关联，即从源到汇的数据路径，不包括消毒剂; 并且在污染的数据路径上确定适于消毒剂插入的潜在控制路径。