Vulnerability Scanner for MATLAB code?
이전 댓글 표시
Products like SonarQube and Veracode exist for source code analysis of vulnerabilities. However, I haven't seemed to find one that supports MATLAB. What options are there for a code scanner that can scan MATLAB?
댓글 수: 2
Walter Roberson
2020년 4월 6일
I do not know of any myself.
The areas that I can think of at the moment that should be checked:
- system() and dos()
- ! operator
- input() without 's' option
- eval() or evalc() of insufficiently sanitized user input
- evalin('base') or evalin('caller') as those could potentially be used to execute statements that are vulnerable
- evalin(symengine) or feval(symengine) that could potentially use mupad system facilities
I have probably missed some, not even counting the file i/o possibilities
Walter Roberson
2020년 4월 8일
Oh yes, I forgot that regexp() or regexprep() can execute arbitrary commands, so you have to sanitize any input that might make it into part of a pattern.
답변 (0개)
카테고리
도움말 센터 및 File Exchange에서 Embedded Coder에 대해 자세히 알아보기
제품
2020년 4월 8일
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!
Translated by 
