PyT - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
Authors
Micheelsen, Stefan Marstrand Getreuer ; Thalmann, Bruno
Term
4. term
Education
Publication year
2016
Submitted on
2016-05-31
Pages
113
Abstract
Sikkerhedssårbarheder i software bliver stadig mere almindelige. Denne afhandling undersøger svagheder i webapplikationer bygget med Flask, et udbredt Python-rammeværk. Vi fokuserer på fire kendte angrebstyper: cross-site scripting (XSS), command injection, SQL-injektion og path traversal. Vores metode er statisk analyse (at gennemgå kildekoden uden at køre den) for at forstå, hvordan utroværdige data kan flyde gennem et program og nå farlige operationer. Vi konstruerer en kontrolflowgraf for Python-programmer med polyvariant interprocedural analyse, som analyserer funktioner i flere kaldkontekster for større præcision. Derefter beregner vi et fikspunkt for at få et stabilt analyseresultat. For at spore informationsflow udvider vi reaching-definitions-analysen, så den registrerer, hvor værdier defineres, og hvordan de forplanter sig mellem programsætninger. På baggrund af analysen har vi implementeret et værktøj, der kan scanne hele Flask-projekter og rapportere mulige sårbarheder. I evalueringen fandt værktøjet alle eksempelsårbarhederne og kunne behandle projekter fra virkeligheden.
Software vulnerabilities are increasingly common. This thesis studies security weaknesses in web applications built with Flask, a popular Python framework. We focus on four well-known attack types: cross-site scripting (XSS), command injection, SQL injection, and path traversal. Our approach is static analysis (examining source code without running it) to understand how untrusted data can flow through a program and reach dangerous operations. We construct a control-flow graph of Python programs using polyvariant interprocedural analysis, which analyzes functions under multiple calling contexts for greater precision. We then compute a fixed point to obtain a stable analysis result. To track information flow, we extend reaching-definitions analysis so it records where values are defined and how they propagate between statements. Based on this analysis, we implemented a tool that can scan entire Flask projects and report potential vulnerabilities. In our evaluation, the tool detected all of the example vulnerabilities and successfully processed real-world projects.
[This abstract was generated with the help of AI]
Keywords
Python ; Static analysis ; static ; flask ; web ; security ; web application ; cfg ; control flow graph ; reaching definitions ; liveness ; polyvariant interprocedural ; command line tool ; fixed point algorithm ; worklist ; fixed point ; vulnerabilities ; vulnerability ; command injection ; cross site scripting ; xss ; path traversal ; django ; sql injection ; injection ; lattice ; dataflow analysis ; dataflow ; abstract syntax tree ; python programs ; ast ; python program analysis ; program anlysis ; test ; unittest ; integration test ; framework ; fixed point theorem ; flow ; analyse project
Documents