Vulnerability Scanner for MATLAB code?

조회 수: 5 (최근 30일)

Wes 2020년 4월 6일

0
링크

이 질문에 대한 바로 가기 링크

https://kr.mathworks.com/matlabcentral/answers/515879-vulnerability-scanner-for-matlab-code

댓글: Walter Roberson 2020년 4월 8일

Products like SonarQube and Veracode exist for source code analysis of vulnerabilities. However, I haven't seemed to find one that supports MATLAB. What options are there for a code scanner that can scan MATLAB?

댓글 수: 2
없음 표시없음 숨기기

Walter Roberson 2020년 4월 6일

I do not know of any myself.

The areas that I can think of at the moment that should be checked:

system() and dos()
! operator
input() without 's' option
eval() or evalc() of insufficiently sanitized user input
evalin('base') or evalin('caller') as those could potentially be used to execute statements that are vulnerable
evalin(symengine) or feval(symengine) that could potentially use mupad system facilities

I have probably missed some, not even counting the file i/o possibilities

Walter Roberson 2020년 4월 8일

Oh yes, I forgot that regexp() or regexprep() can execute arbitrary commands, so you have to sanitize any input that might make it into part of a pattern.

댓글을 달려면 로그인하십시오.

이 질문에 답변하려면 로그인하십시오.