bhermann
commented
2 months ago The webapp condition could be as easy as indexing the packing from the pom file... webapps should be war packaged, shouldn't they?
Open johannesduesing opened 2 months ago
bhermann
commented
2 months ago The webapp condition could be as easy as indexing the packing from the pom file... webapps should be war packaged, shouldn't they?
Describe the Problem LS XIV would like to identify Maven libraries that are potential candidates for dynamic taint analysis. There is a number of characteristics to identify such libraries:
Describe the solution you'd like Implement a static analysis that detects whether the above-mentioned conditions hold for a given library (and it's set of transitive dependencies). In a next step, it would be good to know a set of entrypoints that could lead to the potential sinks, and the types of sinks present in the library.
This further requires some heuristics on what to index / analyze first.