Computerized devices and computer programs control almost every aspect of our life, from writing documents to controlling traffic lights. Many of these devices and programs receive input from the environment, including for example input received from humans, other programs, physical measurements, or any other sources.
Not all of these sources may always be trusted. An execution path may exist within a computer program, from where input is received, also referred to as a source, to where the received information is used, also referred to as a sink. For example, a person may be expected to input a string into an application, wherein the string is then used as a query to another application. A user may enter malicious content, which may cause damage when received by the other application, for example altering a database structure in a forbidden manner, changing system files, directing a browser to an undesired site, or any other,
In some embodiments, received information can be processed prior to being received by the sink, by a sanitizer or a validator. A sanitizer is one or more computer instructions which examine the data for security vulnerability, and changes it if required, for example by placing a string between quotes or double quotes. A validator is one or more computer instructions which examine the data to determine whether it may trigger a security vulnerability when reaching a downstream security-sensitive operation, and if so, makes a control-flow judgment that prevents this from happening.