1. Technical Field
The present invention relates to amending security vulnerabilities in a computer code and more particularly, to doing so using string sanitizers.
2. Discussion of the Related Art
Security vulnerabilities of computer codes pose well known challenges for security experts. Data entered to a computerized system by a human user or any other external source may deliberately or accidentally cause harmful consequences. Security experts may, in a time consuming and not always efficient process, analyze a given code in search of these security vulnerabilities in order to amend them usually on an ad hoc basis, where each one of the security vulnerabilities needs to be addressed and amended differently.
Several analysis tools are known in the art, as well as academic attempts addressing the security vulnerabilities issues of computer codes. However, these attempts are drawn to static computer code analysis for security in which a computer code is scanned by a static analyzer, based on a set of security rules, and candidate vulnerabilities detected by the tool are reported to the user.
In some of the industry known tools, such as IBM's AppScan DE and Fortify's Source Code Analyzer, each report is accompanied by generic remediation information, which proposes ways in which the developer may amend the code so as to remove the reported vulnerability. However, these suggestions are of a very general nature, and the developer needs to further adapt them to the specific situation manually on a case by case basis. Specifically, in cases where the solution requires inserting a call to a string sanitizer, one of the main challenges is to find the most appropriate location in the computer code to insert that call. The use of string sanitizers and the need to determine an optimal location for them is typical in security vulnerabilities such as Log Forging, Cross-Site Scripting (XSS), Path Traversals, and the like.