[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[List Home]
|
[aspectj-users] Plans for dflow pointcut
|
- From: "Rohit Lists" <rklists@xxxxxxxxx>
- Date: Mon, 11 Aug 2008 09:39:39 -0400
- Delivered-to: aspectj-users@eclipse.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=BHWysOoOlLM5jhuKu/adGHvoQCf8fbL4/zwbdkufces=; b=lZggKO0e7J0gXxzQcpEQlPSEHEisSQGQpjBwBPFkKTAbc53pzpKJPT8V6H/cqeoSf5 9jVcTbY3Ph+BCWjBFnoKNLOLhOUoZwL8zDS3edTVBUFdeBIVxlD73y8f2SXZMzEDt04s 0kan2aX/XiKE60h19ZHEZj8RiqlTCfZDxXrRo=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=JBr4SYn6XrsqNXUgzeYZyifrz6pWzQ+RQP4d0lo7WR/6Hc2lrVUvNS6MMRLWFF0h16 gPfXbzJzJogPv3gTfuJF4Dtwr+r84fBTcEfBnIimVOS4CmOVM6j3pi/uDoaB4umH5KVN ftJ48i6Nyz7xBscl4k5CwiWepSNOQmCGpfGtc=
Hello, are there are any plans to implement the data flow pointcut as
defined here www.graco.c.u-tokyo.ac.jp/~masuhara/papers/aplas2003.pdf
in AspectJ? This would be an invaluable resource to application
security since large classes of security problems deal with tracing
data from source to sink (e.g. cross site scripting,
SQL/XML/Xpath/Ldap injection, OS interaction vulnerabilities, etc.).
If there are no such plans, is it because there are not enough
resources to work on this? Has there already been a discussion on
implementing dflow pointcut and a decision was made not to implement
it?
Thanks,
--
Rohit Sethi
Security Compass
http://www.securitycompass.com