公开(公告)号：US20240394375A1

公开(公告)日：2024-11-28

申请号：US18321627

申请日：2023-05-22

Applicant: SAP SE

Inventor： Feras Al-Kassar ,  Luca Compagna ,  Davide Balzarotti

IPC: G06F21/57 ,  G06F21/54

Abstract: Techniques for collaborative detection of software application static vulnerabilities are disclosed. Print statements are injected into the source code for a software application for each of its inputs and outputs. Vulnerability findings are obtained from two or more static analysis tools run against the modified source code. A determination is made that a first static analysis tool reports that tainted data can flow from an input of a function to a return value of the function and it is determined that the second static analysis tool reports that tainted data can flow into the input of the function and that tainted data cannot flow to the return value based on the vulnerability findings. The injection-modified source code is modified to include an assignment of the input to the output to obtain stitch-modified source code. Then vulnerability findings are obtained for the stitch-modified source code and they include new findings.