Created
April 24, 2020 05:11
-
-
Save conikeec/4c5905a0b5f02223f3c8516bbea04a40 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //enumerate all routes from attack surface script | |
| val attackerControlledSource = cpg.method.filter(_.annotations.name("@RequestParameter").contains("userName")).parameter | |
| // determine all security sensitive functions | |
| val vulnerableSink = cpg.method.name("find*byUserName*").parameter | |
| //conduct reachibility analysis from attacker controlled vectors to all security sensitive functions | |
| if (vulnerableSink.reachableBy.attackerControlledSource.flows.exist) { | |
| println("Authentication Bypass Found!") | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment