信息安全研究 ›› 2015, Vol. 1 ›› Issue (2): 112-125.

• 学术论文 • 上一篇    下一篇

一种基于抽象语法树的C#源代码SQL注入漏洞检测算法

孙伟1,陈林2   

  1. 1. 中山大学信息科学技术学院
    2. 中山大学数据科学与计算机学院
  • 收稿日期:2015-11-15 修回日期:2015-11-15 出版日期:2015-11-17 发布日期:2016-01-18
  • 通讯作者: 孙伟

A C# Source Code SQL Injection Attack Detection Algorithm Based on Abstract Syntax Tree

Sun Wei1,Chen Lin2   

  1. 1. School of Information Science and Technology, Sun Yatsen University
    2. School of Data and Computer Science, Sun Yatsen University
  • Received:2015-11-15 Revised:2015-11-15 Online:2015-11-17 Published:2016-01-18
  • Contact: Sun Wei

摘要: SQL注入攻击是数据库安全的主要威胁.SQL注入攻击被列为OWASP(open Web application security project)2010年和2013年十大Web应用系统安全威胁之首.SQL注入攻击检测及防御是目前常见的研究热点,结合抽象语法树的数据传播分析及C#语言特性,提出基于规则及特征匹配的漏洞检测架构,实现了C#源代码的静态检测算法.测试结果表明该算法效果良好,简单实用,通过生成源代码的抽象语法树及追踪数据的传播途径,根据规则匹配进行检测,实现C#源代码的SQL注入漏洞检测,在开发阶段提高了代码的安全性;同时提出的漏洞检测框架可以进行拓展,实现对其他编程语言的SQL注入漏洞检测.

关键词: SQL注入, 抽象语法树, 数据流分析, 规则匹配, 静态分析

Abstract: SQL injection attacks is ranked first in OWASP (open Web application security project) Top10 Web application security threats in both 2010 and 2013. This paper proposes a static abstract syntax tree analysis framework for detecting SQL injections based on the matching rules, and implements the C# sourcecode SQL injection attack detection algorithm. This paper focuses on data flow analysis based on the abstract syntax tree, tracing the route of transmission of data and detecting SQL vulnerability in accordance with the predefined rules. Then this paper achieves injection detection algorithm based on C# language source code and MSSQL. The detection algorithm results show that the algorithm works well for C# language source code. But the results also show that it is possible to make false negative due to lack of supportof detecting the vulnerability existing in the crossfile and crossfunction. However, the proposed architecture and algorithms can be extended to other programming platforms. Finally, this paper makes a summary on both SQL injection and the defense, points out the shortcomings itself and makes a prospect of the SQL injection research.

Key words: SQL injection, abstract syntax tree, data flow analysis, feature matching, static analysis