Pythia: Identifying Dangerous Data-flows in Django-based Applications

Abstract

Web frameworks that allow developers to create applications based on design patterns such as the Model View Controller (MVC), provide by default a number of security checks. Nevertheless, by using specific constructs, developers may disable these checks thus re-introducing classic application vulnerabilities such as Cross-site Scripting (XSS) and Cross-Site Request Forgery (CSRF). Framework-specific elements including (1) the complex nature of these applications, (2) the different features that they involve (e.g. templates), and (3) the inheritance mechanisms that governs them, make the identification of such issues very difficult. To tackle this problem, we have developed Pythia, a scheme that analyzes applications based on the Django framework. To identify potentially dangerous data flows that can lead to XSS and CSRF defects, Pythia takes into account all the aforementioned elements and employs ideas coming from standard data-flow analysis and taint tracking schemes. To the best of our knowledge, Pythia is the first mechanism to consider framework-specific elements in its analysis. We have evaluated our scheme with positive results. Specifically, we used Pythia to examine five open-source applications that are currently in production and have thousands of users including an e-voting service, and a web-based translation management system. In four cases we have identified dangerous paths that in turn led to vulnerabilities. Notably, in many cases the paths involved the particular features of Django-based applications e.g. templates.