Looking for static code analysis tools for finding vulnerabilities
Wanted static code analysis tools in various programming languages designed to search for vulnerabilities by analyzing data streams, especially for web applications.
For clarity, I will give an example of one such tool known to me - Pixy .
In short, the essence of the work of such tools is that the tool scans the source code and tries to build data flow graphs. And then, along this graph, the path of data that comes from outside the program — from the user, from the database, from some external plug-in, etc. — is traced. If such data without checks and transformations reaches the SQL query, we have a SQL injection vulnerability. If they get to the output in the HTML-code, if you please get XSS.
')
Of course, you can also do such checks manually, analyze data streams using conventional call charting tools, but tools can save a lot of time by telling you where to start digging.
The Pixy tool works with the PHP language, and works well, but for the sake of completeness, I want to find similar tools for other languages - Perl, Python, Ruby, Java, .Net, or at least understand whether there are any, has anyone already done or a niche while open.
Tools for “ordinary” static analysis, which analyze only the flow of control, do not offer, I looked through most of them, they do a good job of finding low-level problems such as uninitialized variables or deadlocks. And I want to find tools that work at a higher level of abstraction. That is why I am interested in precisely those who know how to work with data streams.
Crosspost from a personal blog
For clarity, I will give an example of one such tool known to me - Pixy .
In short, the essence of the work of such tools is that the tool scans the source code and tries to build data flow graphs. And then, along this graph, the path of data that comes from outside the program — from the user, from the database, from some external plug-in, etc. — is traced. If such data without checks and transformations reaches the SQL query, we have a SQL injection vulnerability. If they get to the output in the HTML-code, if you please get XSS.
')
Of course, you can also do such checks manually, analyze data streams using conventional call charting tools, but tools can save a lot of time by telling you where to start digging.
The Pixy tool works with the PHP language, and works well, but for the sake of completeness, I want to find similar tools for other languages - Perl, Python, Ruby, Java, .Net, or at least understand whether there are any, has anyone already done or a niche while open.
Tools for “ordinary” static analysis, which analyze only the flow of control, do not offer, I looked through most of them, they do a good job of finding low-level problems such as uninitialized variables or deadlocks. And I want to find tools that work at a higher level of abstraction. That is why I am interested in precisely those who know how to work with data streams.
Crosspost from a personal blog
Source: https://habr.com/ru/post/66817/
All Articles