Tracking tainted strings in Java programs
Related Product or JB Team
Research how strings from non-trusted sources are handled in the applications and write an IntelliJ IDEA plugin which is useful to detect security problems with untrusted strings. Check existing solutions (Checker framework, Findbugs, anything else).
Java (Kotlin is possible). Java knowledge is necessary is we are going to analyze the Java source code.
An IntelliJ IDEA plugin with the following abilities:
- Ability to say for given method String parameter whether it's tainted (comes from untrusted source) or untainted (must be trusted): can be curated manually or some known database could be used.
- Ability to check the flow of tainted/untainted Strings through the Java program and add some @Tainted/@Untainted annotation automatically to method parameters/return values/fields.
- Ability to produce warnings when Tainted String is passed to the Untainted source.
- Ability to annotate also collection/array components.
- Deal with verification methods which may filter out malicious strings (e.g. by throwing an exception or returning special status) and deannotate tainted string which successfully passed the verification.
The plugin should be tested on some opensource projects. Ideal result is to find an actual bug in some project, demonstrate a proof-of-concept exploit, suggest a pull-request to fix it, have it accepted.
Programming languages necessary for the project: Java