Abstract: In order to improve the security of Java software, this paper suggests a dataflow based taint analysis method to solve the problem of vulnerability analysis related to Java programs. The idea of the dataflow based taint analysis method is introduced and the process of taint analysis method is presented. Analysis system built according to the method can effectively find the vulnerabilities in Java ByteCode programs, such as XPath injection, SQL injection, etc. Results verify the correctness and validity of the method.

Key words: vulnerability, control flow, dataflow

摘要： 为提高Java软件的安全性，针对Java程序的脆弱性分析问题，提出一种基于数据流的感染分析法，阐述了具体思路和实现步骤。依据该方法实现的分析系统能有效分析出Java字节码程序中存在的XPath注入、SQL注入等脆弱性，结果证明了基于数据流的感染分析法的正确性和可行性。

关键词: 脆弱性, 控制流, 数据流

CLC Number: 

• TP311