Vulnerability Scanner for MATLAB code?

10 visualizzazioni (ultimi 30 giorni)
Wes
Wes il 6 Apr 2020
Commentato: Walter Roberson il 8 Apr 2020
Products like SonarQube and Veracode exist for source code analysis of vulnerabilities. However, I haven't seemed to find one that supports MATLAB. What options are there for a code scanner that can scan MATLAB?
  2 Commenti
Walter Roberson
Walter Roberson il 6 Apr 2020
I do not know of any myself.
The areas that I can think of at the moment that should be checked:
  • system() and dos()
  • ! operator
  • input() without 's' option
  • eval() or evalc() of insufficiently sanitized user input
  • evalin('base') or evalin('caller') as those could potentially be used to execute statements that are vulnerable
  • evalin(symengine) or feval(symengine) that could potentially use mupad system facilities
I have probably missed some, not even counting the file i/o possibilities
Walter Roberson
Walter Roberson il 8 Apr 2020
Oh yes, I forgot that regexp() or regexprep() can execute arbitrary commands, so you have to sanitize any input that might make it into part of a pattern.

Accedi per commentare.

Accedi per rispondere a questa domanda.

Risposte (0)

Categorie

Scopri di più su Embedded Coder in Help Center e File Exchange

Tag

Prodotti

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by