To detect specific security vulnerabilities, data-flow analyses must be configured with specific methods. For example, executeQuery() can be a sink for CWE-89 (SQL injection), but not for CWE-601 (open redirect). Determining which Security-Relevant Methods (SRM) match which vulnerabilities can be difficult. Most data-flow analysis tools are configured with manually generated SRM lists, which can be incomplete, especially when analyzing new or custom code.
With Swan, we automatically determine which methods of a given codebase or library can be used for specific vulnerabilities, using a machine-learning approach that can detect sources, sinks, sanitizers, and authentication methods, and further classify those SRMs in different CWE categories.
Furthermore, we present SwanAssist, an IntelliJ plugin that allows the developer to manually train the classifier through active learning, thus improving the precision of the approach.
- Source code: https://github.com/secure-software-engineering/swan
- Video demonstration: https://www.youtube.com/watch?v=fSyD3V6EQOY
- ASE 2019 Demonstration: SwanAssist: Semi-Automated Detection of Code-Specific, Security-Relevant Methods (Goran Piskachev, Lisa Nguyen Quang Do, Oshando Johnson, and Eric Bodden).
- ISSTA 2019: Codebase-Adaptive Detection of Security-Relevant Methods (Goran Piskachev, Lisa Nguyen Quang Do, and Eric Bodden).
- Technical Report: Codebase-Adaptive Detection of Security-Relevant Methods (Goran Piskachev, Lisa Nguyen Quang Do, and Eric Bodden).