This invention relates generally to analysis of code such as source code, object code, byte code, executable code, and libraries, and, more specifically, relates to static analysis of code for global variable security analysis that can provide selective, scope-sensitive, lifetime-sensitive, and map-key-sensitive global-side-effect analysis.
Static analysis of a program constructs a mathematical model of the execution of the program. The program is not actually executed, but is instead analyzed via the mathematical model. That is, the execution of the program is simulated.
Static analysis has particular benefits for certain types of programs. For instance, Web programs commonly accept untrusted input from users and use the untrusted input in secure transactions, access to SQL (structured query language) databases, or other security-sensitive operations. Prior to use in these security-sensitive operations, the untrusted input (typically a string) should be analyzed and revised if necessary to prevent possible security violations. As an example, a Web application might use a user name and password to access an SQL database using a query based on the user name and password. If the user name and password contain certain characters, the query might contain an undesirable, valid SQL instruction that could allow an attacker access to a portion of or the entire database. Removal of the characters prevents this from happening.
A runtime analysis of a large Web program may not find every or very many security violations, as during any runtime scenario, all possible untrusted input might not be used. A runtime analysis is therefore unsound. A static analysis will likely find more security violations, as every possible untrusted input can be considered (meaning a static analysis is sound).
Nonetheless, static analysis of programs such as Web programs could be improved.