Solve hybrid constraints to verify security software modules for detecting injection attacks

摘要

In one embodiment, a method includes analyzing one or more first numeric constraints and one or more first string constraints associated with a software module including one or more numeric variables and string variables; inferring one or more second numeric constraints applying to specific ones of the string variables; inferring one or more second string constraints applying to specific ones of the numeric variables; representing each one of the first and second numeric constraints with an equation; representing each one of the first and second string constraints with a finite state machine; and verifying whether the software module is able to detect one or more forms of injection attacks by attempting to solve for a solution including one or more values for specific ones of the numeric and string variables that satisfies all the first and second numeric constraints and all the first and second string constraints.