Tracking tainted strings in Java programs

Mentor

Tagir Valeev

Related Product or JB Team

IntelliJ IDEA

Mentor's location

Novosibirsk

Project description

Research how strings from non-trusted sources are handled in the applications and write an IntelliJ IDEA plugin which is useful to detect security problems with untrusted strings. Check existing solutions (Checker framework, Findbugs, anything else).

Technologies

Java (Kotlin is possible). Java knowledge is necessary is we are going to analyze the Java source code.

Desired result

An IntelliJ IDEA plugin with the following abilities:

  • Ability to say for given method String parameter whether it's tainted (comes from untrusted source) or untainted (must be trusted): can be curated manually or some known database could be used.
  • Ability to check the flow of tainted/untainted Strings through the Java program and add some @Tainted/@Untainted annotation automatically to method parameters/return values/fields.
  • Ability to produce warnings when Tainted String is passed to the Untainted source.

Optional:

  • Ability to annotate also collection/array components.
  • Deal with verification methods which may filter out malicious strings (e.g. by throwing an exception or returning special status) and deannotate tainted string which successfully passed the verification.

The plugin should be tested on some opensource projects. Ideal result is to find an actual bug in some project, demonstrate a proof-of-concept exploit, suggest a pull-request to fix it, have it accepted.

Requirements

Programming languages necessary for the project: Java

Video Presentation

Result presentation