Vulnerability Scanner for MATLAB code?
Afficher commentaires plus anciens
Products like SonarQube and Veracode exist for source code analysis of vulnerabilities. However, I haven't seemed to find one that supports MATLAB. What options are there for a code scanner that can scan MATLAB?
2 commentaires
Walter Roberson
le 6 Avr 2020
I do not know of any myself.
The areas that I can think of at the moment that should be checked:
- system() and dos()
- ! operator
- input() without 's' option
- eval() or evalc() of insufficiently sanitized user input
- evalin('base') or evalin('caller') as those could potentially be used to execute statements that are vulnerable
- evalin(symengine) or feval(symengine) that could potentially use mupad system facilities
I have probably missed some, not even counting the file i/o possibilities
Walter Roberson
le 8 Avr 2020
Oh yes, I forgot that regexp() or regexprep() can execute arbitrary commands, so you have to sanitize any input that might make it into part of a pattern.
Réponses (0)
Catégories
En savoir plus sur Embedded Coder dans Centre d'aide et File Exchange
Produits
le 6 Avr 2020
le 8 Avr 2020
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!
Translated by 
