Adapting Static Taint Analyzers to Software Marketplaces: A Leverage Point for Mass Vulnerability Detection?

Abstract

Improper input validation is still one of the most severe problem classes in web application security, although there are concepts with a good problem-solution fit, such as static taint analysis. In practice, however, existing static taint analyzers suffer from both high false positive and false negative rates, making them impractical for effective detection of new vulnerabilities. In this work, we present an approach that aims to systematically specialize existing taint analyzers toward software marketplaces to improve both recall and precision of their analyses. To validate whether our approach is suitable for finding new vulnerabilities in web applications, we applied a specialized taint-analyzer to a random sample of 1,000 plugins from the WordPress plugin store. As a result, we were able to disclose ten CVE entries, including two vulnerabilities with a high or even critical CVSS score. Our preliminary results indicate the principle feasibility of our approach and show that it may be suitable for mass vulnerability detection in software marketplaces, providing a promising foundation for future works in this domain.