A Static Detection Method for SQL Injection Vulnerability Based on Program Transformation

Abstract

Static analysis is popular for detecting SQL injection vulnerabilities. However, due to the lack of accurate modeling of object-oriented database extensions, current methods fail to accurately detect SQL injection vulnerabilities in applications that use object-oriented database extensions. We propose a program transformation-based SQL injection vulnerability detection method to address this issue. This method consists of two stages: program transformation and vulnerability detection. In the first stage, object-oriented database extensions are automatically transformed into semantically equivalent procedural database extensions through the identification of key statements, call relation verification, and program transformation. In the second stage, application programs are automatically scanned using a combination of control flow graph construction and taint analysis techniques to detect SQL injection vulnerabilities. Based on the proposed method, we have implemented the OODBE-SCAN prototype system and performed experimental analysis on eight modern PHP applications. We compare OODBE-SCAN with two related static analysis tools, RIPS and Seay. The results show that OODBE-SCAN can detect more real-world vulnerabilities and has higher accuracy than existing methods.