Java turvaaukude leidmine staatilise analüüsiga: millest probleem?
Laen...
Failid
Kuupäev
Autorid
Ajakirja pealkiri
Ajakirja ISSN
Köite pealkiri
Kirjastaja
Abstrakt
Käesoleva bakalaureusetöö käigus uuritakse raamistikust Apache Struts 2 aastal 2017 avastatud turvaauku CVE-2017-5638 ning seda, kas viga oleks olnud võimalik tuvastada varem, kasutades staatilisi koodi analüsaatoreid.Uurimise käigus kasutatakse avatud lähtekoodiga Apache Struts 2 koodi, milles on uuritav turvaauk, ning seda analüüsitakse kahe tasuta staatilise koodianalüsaatoriga - FindBugs ja PMD. Lisaks uuritakse, milline oli turvaaugu mõju tavakasutajatele, vaadates lähemalt teadaolevat suurimat ohvrit, milleks on krediidiajaloofirma Equifax.
In process of this Bachelor’s Thesis, vulnerability of Apache Struts 2 framework called CVE-2017-5638 is closely examined and static code analysis is conducted in order to determine if the vulnerability could have been detected earlier.During the process an Apache Struts 2 source code with a vulnerability is examined and analysed with two free static code analysers – FindBugs and PMD. In addition, it is researched what influence the vulnerability had to average user, while examining the biggest known victim, which is consumer credit reporting agency Equifax.
In process of this Bachelor’s Thesis, vulnerability of Apache Struts 2 framework called CVE-2017-5638 is closely examined and static code analysis is conducted in order to determine if the vulnerability could have been detected earlier.During the process an Apache Struts 2 source code with a vulnerability is examined and analysed with two free static code analysers – FindBugs and PMD. In addition, it is researched what influence the vulnerability had to average user, while examining the biggest known victim, which is consumer credit reporting agency Equifax.