You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the Problem
LS XIV would like to identify Maven libraries that are potential candidates for dynamic taint analysis. There is a number of characteristics to identify such libraries:
Must be a WebApp, i.e. must result in / contribute to HttpServlets / Spring Boot
Must use a relevant API, i.e. one that migth be a sink. Currently, the File API (Path Traversal), Process Builder (Command Injection) and SQL API (SQL Injection) are of interest.
Describe the solution you'd like
Implement a static analysis that detects whether the above-mentioned conditions hold for a given library (and it's set of transitive dependencies). In a next step, it would be good to know a set of entrypoints that could lead to the potential sinks, and the types of sinks present in the library.
This further requires some heuristics on what to index / analyze first.
The text was updated successfully, but these errors were encountered:
Describe the Problem
LS XIV would like to identify Maven libraries that are potential candidates for dynamic taint analysis. There is a number of characteristics to identify such libraries:
Describe the solution you'd like
Implement a static analysis that detects whether the above-mentioned conditions hold for a given library (and it's set of transitive dependencies). In a next step, it would be good to know a set of entrypoints that could lead to the potential sinks, and the types of sinks present in the library.
This further requires some heuristics on what to index / analyze first.
The text was updated successfully, but these errors were encountered: