一個ASP.NET網頁應用程式的靜態分析工具

Abstract

近年來由於伺服器端程式設計的技術日趨成熟，使得網頁應用程式非常常見，而且可說是已經變成了提供線上服務的標準。伺服器端程式提供程式設計師可以根據客戶的輸入以及需求來動態的產生網頁。然而這樣的方便性卻也使得我們很難檢查這些動態地產生出的網頁，其中是否含有惡意的內容或是有可被攻擊的弱點。 為了檢查網頁應用程式中的弱點，有許多的靜態分析方法已經被提出，例如：過濾使用者輸入、限制語法結構以及程式輸出確認等等。然而這些分析方法在實作上並沒有一個統一的標準，以致於沒有一個統一的平台可以使用；此外，這些方法通常都只針對某一特定語言的應用程式或只針對特定的安全弱點，這使得我們必須使用許多不同的工具來驗證不同語言所撰寫的應用程式。 我們開發了一個工具來驗證用C#語言開發的應用程式，此工具採用了一個稱作C 中介語言的中介表達。在分析時，我們先將C#原始碼的語法轉譯成我們所選用的中介表達，再使用一個簡單的汙染資訊流分析 (taint analysis) 來檢查其中是否含有安全弱點。這個利用中介表達的架構最大的好處在於，若我們使用不同語言的語法分析器將其他語言轉譯成同樣的中介表達，我們的工具就可以適用於分析其他語言；同樣地，只要實作的分析方法是分析同樣的中介表達，此方法即可適用於所有不同語言所撰寫的應用程式。

Web applications are ubiquitous and have become the de-facto standard for providing online services because of server-side programming technologies. The technology provides programmers with the flexibility to generate Web pages dynamically based on user's inputs and requirements. However, this flexibility also makes it harder to detect dynamically generated pages that contain malicious content or have vulnerabilities that allow attackers to compromise the application. To detect security vulnerabilities in Web applications, a number of static approaches have been developed, for example, input filtering techniques, syntactic structure enforcement, and static output checking. However, the disadvantage of most approaches is that they are usually implemented in independent formats and target security vulnerabilities in Web applications that are written in one object language. Thus, to check whether several server-side programs written in different languages contain vulnerabilities, one could have to implement different solutions for different languages respectively. To improve this detection process, we have developed a novel tool. Initially, we focus on C# as our target language and adopt an architecture that uses intermediate representation. In this thesis, we propose a parsing procedure and parse C# source code for a chosen intermediate representation, namely, the C intermediate language, and then apply a simple taint analysis on it. Based on the adopted architecture, we will be able to extend our tool in the future by adding other parsers that can parse another target language to the same intermediate representation. Similarly, we will able to integrate other analysis algorithms into our tool in the future by implementing them to analyze the abstract syntax of the chosen intermediate representation.