3. Introduction
• Security issue: File accessibility of a program
• We all want to know what files an application would access
• We want know the fact before running it
• Simple static analysis tool
• analysis files a JAVA program might access
4. Main idea
• Assumption: a JAVA program would always using
”java.io.File” to operate on a file object
• analysis possible String values reach File constructors
5. Forward V.S. Backward analysis
• Forward:
• track all strings
• evaluate their values
• record if they reach a File constructor
• Backward:
• start at File constructors
• only record their arguments
• evaluate arguments’ values backward
Backward is less expensive!
<entry>
str = …str = …
<exit>
else then
File file = new File(str);
D
6. Binary Tree Representation & Lattice
• solve Variables (VAR) to Values (VAL)
• semi-lattice
TOP
MERGE
VAR VAL
S
+
L
VAR VAL
str + “literal”
7. Dynamic Substitution by Last Definition
parDir = new File(“dir”);
String suffix = “.txt”;
String child = “impossible”;
child = “aFile” + suffix;
new File (parDir, child);
parDir
/
child
parDir
/
+
aFile suffix
parDir
/
+
aFile .txt
dir
/
+
aFile .txt
11. Limitation
• Local dataflow analysis
• cannot infer possible values of a field
• cannot infer possible values return by a method invocation
• cannot estimate value in while loop when value is related to the times
of iteration
• e.g. while (c) { path += ”a” };
• Didn’t consider “File.rename()” method and “new File(URI uri)”
constructor in current implementation