Vulnerability Scanner for MATLAB code?

5 Ansichten (letzte 30 Tage)
Wes
Wes am 6 Apr. 2020
Kommentiert: Walter Roberson am 8 Apr. 2020
Products like SonarQube and Veracode exist for source code analysis of vulnerabilities. However, I haven't seemed to find one that supports MATLAB. What options are there for a code scanner that can scan MATLAB?
  2 Kommentare
Walter Roberson
Walter Roberson am 6 Apr. 2020
I do not know of any myself.
The areas that I can think of at the moment that should be checked:
  • system() and dos()
  • ! operator
  • input() without 's' option
  • eval() or evalc() of insufficiently sanitized user input
  • evalin('base') or evalin('caller') as those could potentially be used to execute statements that are vulnerable
  • evalin(symengine) or feval(symengine) that could potentially use mupad system facilities
I have probably missed some, not even counting the file i/o possibilities
Walter Roberson
Walter Roberson am 8 Apr. 2020
Oh yes, I forgot that regexp() or regexprep() can execute arbitrary commands, so you have to sanitize any input that might make it into part of a pattern.

Melden Sie sich an, um zu kommentieren.

Melden Sie sich an, um diese Frage zu beantworten.

Antworten (0)

Kategorien

Mehr zu Embedded Coder finden Sie in Help Center und File Exchange

Tags

Produkte

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by