Static detection of context-sensitive cross-site scripting vulnerabilities

摘要

A method for statically analyzing a web application program may include obtaining a control flow graph for the web application program. Each control flow graph node may correspond to a statement in the web application program. The method may further include obtaining a sanitizer sequence including one or more sanitizers followed by an output statement, obtaining a placeholder corresponding to the sanitizer sequence, and generating control flow paths including an output node that corresponds to the output statement. The method may further include generating documents for each control flow path. Each document may include a sanitized value corresponding to the output statement. The method may further include inserting the placeholder into each document at a location of the sanitized value, and reporting a potential cross-site scripting flaw when the sanitizer sequence is insufficient for the output context sequence of the sanitized value.