Static detection of logic vulnerabilities in Java web applications

摘要

This paper concerns about logic vulnerabilities that result from faulty logic of a web application. Logic vulnerabilities typically accompany with the exposure of unexpected functionalities and lead to the bypass of the intended constraints. From a semantic perspective, logic vulnerabilities occur when mistakes arise in the control flows guarding the processes of invoking critical functionalities. In this paper, we propose the first lightweight static analysis approach to automatically detect logic vulnerabilities in Java web applications. Logic errors in our approach are characterized as erroneous invocations of functionalities. Program-slicing technique has been leveraged to capture the processes of invoking critical functionalities. A back-tracing algorithm is originally designed to extract control flows guarding functionality-invocation processes. Finally, logic vulnerability detection is transformed into mining abnormal functionality-invocation processes in a cluster of similar ones by comparing these processes' control flows. We implemented our approach in a prototype tool named logic vulnerability detector and evaluated it on seven real-world applications scaled from thousands to million lines of code. The evaluation results show that our approach achieves bigger coverage with acceptable cost and better scalability than previous approaches. Copyright © 2013 John Wiley & Sons, Ltd.