Automatic Detection and Repair Recommendation for Missing Checks

作     者：Ling-Yun Situ Lin-Zhang Wang Yang Liu Bing Mao Xuan-Dong Li 

作者机构：State Key Laboratory for Novel Software TechnologyNanjing UniversityNanjing 210023China Department of Computer Science and TechnologyNanjing UniversityNanjing 210023China School of Computer Science and EngineeringNanyang Technological UniversitySingapore 639798Singapore 

出 版 物：《Journal of Computer Science & Technology》 (计算机科学技术学报（英文版）)

年 卷 期：2019年第34卷第5期

页      面：972-992页

核心收录：

学科分类：12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 08[工学] 

基　　金：supported by the National Key Research and Development Program of China under Grant No. 2017YFA0700604 the National Natural Science Foundation of China under Grant Nos. 61632015 and 61690204 partially supported by the Collaborative Innovation Center of Novel Software Technology and Industrialization, and Nanjing University Innovation and Creative Program for Ph.D. Candidate under Grant No. 2016014 

主　　题：static analysis missing check vulnerability detection repair recommendation 

摘      要：Missing checks for untrusted inputs used in security-sensitive operations is one of the major causes of various vulnerabilities. Efficiently detecting and repairing missing checks are essential for prognosticating potential vulnerabilities and improving code reliability. We propose a systematic static analysis approach to detect missing checks for manipulable data used in security-sensitive operations of C/C++ programs and recommend repair references. First, customized securitysensitive operations are located by lightweight static analysis. Then, the assailability of sensitive data used in securitysensitive operations is determined via taint analysis. And, the existence and the risk degree of missing checks are assessed. Finally, the repair references for high-risk missing checks are recommended. We implemented the approach into an automated and cross-platform tool named Vanguard based on Clang/LLVM 3.6.0. Large-scale experimental evaluation on open-source projects has shown its effectiveness and efficiency. Furthermore, Vanguard has helped us uncover five known vulnerabilities and 12 new bugs.