Abstract: A method, a system, and a computer program product for training a model for automatically evaluating a generated vulnerability remediation in a source code of an application are provided. The method includes the following steps. Training input data is obtained, where the training input data includes input features, and each of the input features includes a training vulnerability and a training remediation of the training vulnerability. Training output data is obtained, where the training output data includes output predictions, and each of the output predictions includes a training validation associated with the training vulnerability and the training remediation of the corresponding input feature. The model is trained based on the training input data and the training output data.

Abstract: A method, a system, and a computer program product for automatically mitigating vulnerabilities in a source code of an application are provided. The method includes the following steps. First, a path graph is built according to the source code, where the path graph includes multiple paths, and each of the paths includes multiple nodes. Multiple tainted paths are identified, where each of the tainted paths corresponds to a vulnerability. A same target node in multiple intersecting tainted paths among the tainted paths is located based on an existence of a tainted object, and multiple vulnerabilities in the target node are mitigated automatically.

Abstract: A method, a system, and a computer program product for automatically mitigating vulnerabilities in a source code of an application are provided. The method includes the following steps. First, a path graph is built according to the source code, where the path graph includes multiple paths, and each of the paths includes multiple nodes. Multiple tainted paths are identified, where each of the tainted paths corresponds to a vulnerability. A same target node in multiple intersecting tainted paths among the tainted paths is located based on an existence of a tainted object, and multiple vulnerabilities in the target node are mitigated automatically.

Abstract: A method for automatically mitigating vulnerabilities in a source code of an application is provided in the present invention. The method includes the following steps. First, the source code is complied, and a path graph is built according to the compiled source code. The path graph includes a plurality of paths traversing from sources to sinks, and each of the paths includes a plurality of nodes. Then, at least one tainted path is identified by enabling a plurality of vulnerability rules. Each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method. Then, the at least one vulnerability is determined if it is mitigable. If the at least one vulnerability is mitigable, the at least one vulnerability is mitigated automatically. Furthermore, the method may be implemented as a system and a computer program product.

Abstract: A method for automatically mitigating vulnerabilities in a source code of an application is provided in the present invention. The method includes the following steps. First, the source code is complied, and a path graph is built according to the compiled source code. The path graph includes a plurality of paths traversing from sources to sinks, and each of the paths includes a plurality of nodes. Then, at least one tainted path is identified by enabling a plurality of vulnerability rules. Each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method. Then, the at least one vulnerability is determined if it is mitigable. If the at least one vulnerability is mitigable, the at least one vulnerability is mitigated automatically. Furthermore, the method may be implemented as a system and a computer program product.

Abstract: A method for automatically mitigating vulnerabilities in a source code of an application is provided in the present invention. The method includes the following steps. First, the source code is complied, and a path graph is built according to the compiled source code. The path graph includes a plurality of paths traversing from sources to sinks, and each of the paths includes a plurality of nodes. Then, at least one tainted path is identified by enabling a plurality of vulnerability rules. Each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method. Then, the at least one vulnerability is determined if it is mitigable. If the at least one vulnerability is mitigable, the at least one vulnerability is mitigated automatically. Furthermore, the method may be implemented as a system and a computer program product.

Abstract: A method for automatically mitigating vulnerabilities in a source code of an application is provided in the present invention. The method includes the following steps. First, the source code is complied, and a path graph is built according to the compiled source code. The path graph includes a plurality of paths traversing from sources to sinks, and each of the paths includes a plurality of nodes. Then, at least one tainted path is identified by enabling a plurality of vulnerability rules. Each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method. Then, the at least one vulnerability is determined if it is mitigable. If the at least one vulnerability is mitigable, the at least one vulnerability is mitigated automatically. Furthermore, the method may be implemented as a system and a computer program product.

Abstract: A method for automatically mitigating vulnerabilities in a source code of an application is provided in the present invention. The method includes the following steps. First, the source code is complied, and a path graph is built according to the compiled source code. The path graph includes a plurality of paths traversing from sources to sinks, and each of the paths includes a plurality of nodes. Then, at least one tainted path is identified by enabling a plurality of vulnerability rules. Each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method. Then, the at least one vulnerability is determined if it is mitigable. If the at least one vulnerability is mitigable, the at least one vulnerability is mitigated automatically. Furthermore, the method may be implemented as a system and a computer program product.

Abstract: A method for automatically mitigating vulnerabilities in a source code of an application is provided in the present invention. The method includes the following steps. First, the source code is complied, and a path graph is built according to the compiled source code. The path graph includes a plurality of paths traversing from sources to sinks, and each of the paths includes a plurality of nodes. Then, at least one tainted path is identified by enabling a plurality of vulnerability rules. Each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method. Then, the at least one vulnerability is determined if it is mitigable. If the at least one vulnerability is mitigable, the at least one vulnerability is mitigated automatically. Furthermore, the method may be implemented as a system and a computer program product.

Abstract: A method for automatically mitigating vulnerabilities in a source code of an application is provided in the present invention. The method includes the following steps. First, the source code is complied, and a path graph is built according to the compiled source code. The path graph includes a plurality of paths traversing from sources to sinks, and each of the paths includes a plurality of nodes. Then, at least one tainted path is identified by enabling a plurality of vulnerability rules. Each of the at least one tainted path corresponds to a vulnerability, and each of the at least one vulnerability corresponds to a sanitization method. Then, the at least one vulnerability is determined if it is mitigable. If the at least one vulnerability is mitigable, the at least one vulnerability is mitigated automatically. Furthermore, the method may be implemented as a system and a computer program product.