| With the emergence of Web 2.0, increased information sharing through social networking and increasing business adoption of the Web as a means of doing business, More and more apllication is set up on the Web platform in the process of enterprise informationization, The rapid development of Web services also caused intense attention of hackers,and the most common web vulnerability is Cross-Site Script, SQL Injection Attack etc.These vulnerabilities of WEB application is mainly caused by an external input which is not verified while taint analysis can effectively locate these vulnerabilities.This paper presents a dynamic analysis by tracking all potentially tainted Java objects, different from existing approaches that track only characters or string objects. The approach uses the hash code to represent the tainted object, defines the method node and method coordinate to record the location of the taint propagation, supports taint propagation path tracing and proposes stream-family taint propagation analysis according to the decorative pattern of Java stream objects. A language specification is presented to model Java libraries and user-defined methods related to taint propagation, to design and formalize the taint propagation semantics of the methods after the classification by taint introduction, taint propagation, taint sanitization and taint usage.According to the strategy and language specification of the stain propagation,our prototype system implemented on SOOT uses static analysis to collect reachable methods and instruments Java byte-code of the real WEB sites, and experimental results demonstrate the effect on detecting injection vulnerabilities. |
PDF Full Text Request