首页>
外国专利>
Detecting exploitable paths in application software that uses third-party libraries
Detecting exploitable paths in application software that uses third-party libraries
展开▼
机译:检测使用第三方库的应用软件中的可利用路径
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method for software code analysis includes receiving source code of an application program, which includes one or more calls from respective entry points in the source code to a library program. The source code is automatically analyzed in order to generate a first data flow graph (DFG), representing a flow of data to be engendered upon running the application program. One or more vulnerabilities are identified in the library program. The library program is automatically analyzed to generate a second DFG linking at least one of the entry points in the source code to at least one of the vulnerabilities. The first DFG is combined with the second DFG in order to track the flow of data from the application program to the at least one of the vulnerabilities and to report at least one of the vulnerabilities as being exploitable.
展开▼