基于源代码的静态分析技术是检测软件脆弱性的重要手段之一.针对Linux平台下由不安全方式创建临时文件问题引起的符号链接脆弱性,提出一种基于污点传播分析的脆弱性检测方法.通过查找打开或创建文件等导致脆弱性的特征函数从源代码中识别漏洞触发变量,采用后向污点传播分析方法分析变量传递路径,判断其是否来源于污点源,从而检测出可能存在符号链接脆弱性.利用该方法对XEN 3.03版本的源代码进行检测,成功发现了2个漏洞,其中包括1个未知漏洞.实验表明,该方法是一种有效的脆弱性检测方法.%Source code-based static analysis technology is one of an important means to detect software vulnerabilities. To cope with the problem of unsafe creation of temporary file on Linux platform leading to vulnerabilities in symbol link, a vulnerability detection method based on tainting analysis is proposed. The method recognises the trigger variable of bugs from source code by checking characteristic function of the file open or creation which lead to vulnerabilities, and uses backward tainting analysis method to analyse the variable transition path, and judge whether it comes from the taint data source, so as to find the symbol link vulnerability possibly existing. With this method 2 vulnerabilities have been found in the source code of XEN 3. 03 , including an unknown vulnerability. The results of experiment show that the method is an effective vulnerability analysis method.
展开▼
