Testing web applications for security vulnerabilities with metarequests
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-021/00
H04L-029/06
G06F-021/57
H04L-029/08
출원번호
US-0477257
(2017-04-03)
등록번호
US-9900340
(2018-02-20)
발명자
/ 주소
Pistoia, Marco
Tripp, Omer
출원인 / 주소
International Business Machines Corporation
대리인 / 주소
Harrington & Smith
인용정보
피인용 횟수 :
0인용 특허 :
2
초록▼
A method includes instantiating, in response to a request by an executing application, an input data object with one or more uninitialized fields and traversing a path toward a sink in the executing application to a branching point of the executing application. In response to reaching the branching
A method includes instantiating, in response to a request by an executing application, an input data object with one or more uninitialized fields and traversing a path toward a sink in the executing application to a branching point of the executing application. In response to reaching the branching point, one or more parameters are provided for some or all of the one or more uninitialized fields of the input data object, wherein the one or more parameters were determined prior to beginning of execution of the executing application to cause a branch to be taken by the executing application toward the sink. The path is traversed toward the sink at least by following the branch in the executing application. Apparatus and computer program products are also disclosed.
대표청구항▼
1. A method, comprising: instantiating, in response to a request by an executing application, an input data object with one or more uninitialized fields;traversing a path toward a sink in the executing application to a branching point of the executing application;providing, in response to reaching t
1. A method, comprising: instantiating, in response to a request by an executing application, an input data object with one or more uninitialized fields;traversing a path toward a sink in the executing application to a branching point of the executing application;providing, in response to reaching the branching point, one or more parameters for some or all of the one or more uninitialized fields of the input data object, wherein the one or more parameters were determined prior to beginning of execution of the executing application to cause a branch to be taken by the executing application toward the sink;continuing to traverse the path toward the sink at least by following the branch in the executing application;consulting, upon reaching a specific statement of one or more statements in the executing application that references at least one uninitialized field of the one or more uninitialized fields, a set of rules determined prior to beginning execution of the application, selecting a rule that corresponds to the specific statement and instantiating the at least one uninitialized field based on the selected rule to create at least one initialized field;applying the at least one initialized field to the specific statement;continuing to traverse the path toward the sink; andprior to beginning execution of the application, performing a static analysis on the application, the static analysis comprising: deciding locally for different configurations of instantiation possibilities for branching possibilities in the application which branch to take for branches in the application and determining how to instantiate relevant parameter values in order to reach sinks for paths passing through branches, and creating the set of rules based at least on the deciding and determining how to instantiate. 2. The method of claim 1, further comprising determining, upon reaching the sink, whether a vulnerability exists in response to the sink performing a security-sensitive operation with a payload provided by the executing application to the sink and outputting an indication the sink is vulnerable in response to a vulnerability being determined to exist for the sink. 3. The method of claim 1, wherein instantiating the input data object with one or more uninitialized fields is performed by a web container that has been previously instrumented to deserialize incoming traffic in response to the request into a request template comprising input data object and the one or more uninitialized fields. 4. The method of claim 1, wherein consulting the set of rules accounts for previous executions with previous inputs, wherein for a current execution one or more branches are selected that were not selected in a previous execution. 5. The method of claim 1, wherein consulting the set of rules further comprises accounting for integrity constraints at least by determining whether certain combinations of values used in instantiated fields may be infeasible and not instantiating those certain combinations. 6. An apparatus, comprising: one or more memories comprising computer-readable code; andone or more processors,the one or more processors configured, in response to execution of the computer-readable code, to cause the apparatus to perform the following:instantiating, in response to a request by an executing application, an input data object with one or more uninitialized fields;traversing a path toward a sink in the executing application to a branching point of the executing application;providing, in response to reaching the branching point, one or more parameters for some or all of the one or more uninitialized fields of the input data object, wherein the one or more parameters were determined prior to beginning of execution of the executing application to cause a branch to be taken by the executing application toward the sink;continuing to traverse the path toward the sink at least by following the branch in the executing application;consulting, upon reaching a specific statement of one or more statements in the executing application that references at least one uninitialized field of the one or more uninitialized fields, a set of rules determined prior to beginning execution of the application, selecting a rule that corresponds to the specific statement and instantiating the at least one uninitialized field based on the selected rule to create at least one initialized field;applying the at least one initialized field to the specific statement;continuing to traverse the path toward the sink;in response to execution of the computer-readable code, to cause the apparatus to perform the following: prior to beginning execution of the application, performing a static analysis on the application, the static analysis comprising: deciding locally for different configurations of instantiation possibilities for branching possibilities in the application which branch to take for branches in the application and determining how to instantiate relevant parameter values in order to reach sinks for paths passing through branches, and creating the set of rules based at least on the deciding and determining how to instantiate. 7. The apparatus of claim 6, wherein the one or more processors are further configured, in response to execution of the computer-readable code, to cause the apparatus to perform the following: determining, upon reaching the sink, whether a vulnerability exists in response to the sink performing a security-sensitive operation with a payload provided by the executing application to the sink and outputting an indication the sink is vulnerable in response to a vulnerability being determined to exist for the sink. 8. The apparatus of claim 6, wherein instantiating the input data object with one or more uninitialized fields is performed by a web container that has been previously instrumented to deserialize incoming traffic in response to the request into a request template comprising input data object and the one or more uninitialized fields. 9. The apparatus of claim 6, wherein consulting the set of rules accounts for previous executions with previous inputs, wherein for a current execution one or more branches are selected that were not selected in a previous execution. 10. The apparatus of claim 6, wherein consulting the set of rules further comprises accounting for integrity constraints at least by determining whether certain combinations of values used in instantiated fields may be infeasible and not instantiating those certain combinations. 11. A computer program product comprising a non-transitory computer readable storage medium having program code embodied therewith, the program code executable by a computing system to cause the computing system to perform: instantiating, in response to a request by an executing application, an input data object with one or more uninitialized fields;traversing a path toward a sink in the executing application to a branching point of the executing application;providing, in response to reaching the branching point, one or more parameters for some or all of the one or more uninitialized fields of the input data object, wherein the one or more parameters were determined prior to beginning of execution of the executing application to cause a branch to be taken by the executing application toward the sink;continuing to traverse the path toward the sink at least by following the branch in the executing application;consulting, upon reaching a specific statement of one or more statements in the executing application that references at least one uninitialized field of the one or more uninitialized fields, a set of rules determined prior to beginning execution of the application, selecting a rule that corresponds to the specific statement and instantiating the at least one uninitialized field based on the selected rule to create at least one initialized field;applying the at least one initialized field to the specific statement;continuing to traverse the path toward the sink;prior to beginning execution of the application, performing a static analysis on the application, the static analysis comprising: deciding locally for different configurations of instantiation possibilities for branching possibilities in the application which branch to take for branches in the application and determining how to instantiate relevant parameter values in order to reach sinks for paths passing through branches, and creating the set of rules based at least on the deciding and determining how to instantiate. 12. The computer program product of claim 11, wherein the program code is further executable by a computing system to cause the computing system to perform: determining, upon reaching the sink, whether a vulnerability exists in response to the sink performing a security-sensitive operation with a payload provided by the executing application to the sink and outputting an indication the sink is vulnerable in response to a vulnerability being determined to exist for the sink. 13. The computer program product of claim 11, wherein instantiating the input data object with one or more uninitialized fields is performed by a web container that has been previously instrumented to deserialize incoming traffic in response to the request into a request template comprising input data object and the one or more uninitialized fields. 14. The computer program product of claim 11, wherein consulting the set of rules accounts for previous executions with previous inputs, wherein for a current execution one or more branches are selected that were not selected in a previous execution. 15. The computer program product of claim 11, wherein consulting the set of rules further comprises accounting for integrity constraints at least by determining whether certain combinations of values used in instantiated fields may be infeasible and not instantiating those certain combinations.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (2)
Wassermann, Gary; Yu, Dachuan; Chander, Ajay; Dhurjati, Dinakar; Inamura, Hiroshi, Automated test input generation for web applications.
Duyanovich, Linda M.; Gomez, Juan C.; Pollack, Kristal T.; Uttamchandani, Sandeep M., Technique for mapping goal violations to anamolies within a system.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.