METHOD TO DETECT SOFTWARE VULNERABILITIES USING RULE SETS

Abstract

Static analysis is a well-known technique to detect software vulnerabilities. To ensure that static analysis can detect vulnerabilities, we need to have updated issues modeling, or the rule sets that models the involved patterns or methods that relate to the vulnerabilities. However, as the number of software vulnerabilities are on the rise in the current years, static analysis tools do not have up-to-date rule sets to detect the new arrival problems. Therefore, our team decided to enrich the rulesets of a static analysis tool. The static analysis tool we decided to work on is CodeQL - an open source static analysis tool developed by github. From the project, we model 7 frameworks and develop 13 security rules that are uncovered by the current rule sets of CodeQL. The new CodeQL content successfully detects multiple critical securities, including published CVE of Apache Ofbiz, Apache Dubbo in 2021