Vulnerability Scanner for MATLAB code?
Ältere Kommentare anzeigen
Products like SonarQube and Veracode exist for source code analysis of vulnerabilities. However, I haven't seemed to find one that supports MATLAB. What options are there for a code scanner that can scan MATLAB?
2 Kommentare
Walter Roberson
am 6 Apr. 2020
I do not know of any myself.
The areas that I can think of at the moment that should be checked:
- system() and dos()
- ! operator
- input() without 's' option
- eval() or evalc() of insufficiently sanitized user input
- evalin('base') or evalin('caller') as those could potentially be used to execute statements that are vulnerable
- evalin(symengine) or feval(symengine) that could potentially use mupad system facilities
I have probably missed some, not even counting the file i/o possibilities
Walter Roberson
am 8 Apr. 2020
Oh yes, I forgot that regexp() or regexprep() can execute arbitrary commands, so you have to sanitize any input that might make it into part of a pattern.
Antworten (0)
Kategorien
Mehr zu Embedded Coder finden Sie in Hilfe-Center und File Exchange
Produkte
am 8 Apr. 2020
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!
Translated by 
