Analysis that identifies candidates for dynamic dataflow analysis

[johannesduesing]

Describe the Problem
LS XIV would like to identify Maven libraries that are potential candidates for dynamic taint analysis. There is a number of characteristics to identify such libraries:

• Must be a WebApp, i.e. must result in / contribute to HttpServlets / Spring Boot
• Must use a relevant API, i.e. one that migth be a sink. Currently, the File API (Path Traversal), Process Builder (Command Injection) and SQL API (SQL Injection) are of interest.

Describe the solution you'd like
Implement a static analysis that detects whether the above-mentioned conditions hold for a given library (and it's set of transitive dependencies). In a next step, it would be good to know a set of entrypoints that could lead to the potential sinks, and the types of sinks present in the library.

This further requires some heuristics on what to index / analyze first.

[bhermann]

The webapp condition could be as easy as indexing the packing from the pom file... webapps should be war packaged, shouldn't they?