Lua static analysis paper

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Lua static analysis paper

Etiene Dalcol
Hello,

I saw this paper shared on Hacker News today and I thought it could be interesting to 
some here at the mailing list:

Lua code: security overview and practical approaches to static analysis (2017)

Cheers
--
Etiene Dalcol

Software Engineer @ Red Badger 
Lua Space http://lua.space
LuaConf http://luaconf.com

Reply | Threaded
Open this post in threaded view
|

Re: Lua static analysis paper

Javier Guerra Giraldez
On 31 August 2017 at 10:01, Etiene Dalcol <[hidden email]> wrote:

> Hello,
>
> I saw this paper shared on Hacker News today and I thought it could be
> interesting to
> some here at the mailing list:
>
> Lua code: security overview and practical approaches to static analysis
> (2017)
> http://spw17.langsec.org/papers/costin-lua-static-analysis.pdf
>

it's an interesting topic, definitely worth a read but i think the
research falls very short for usefulness.  AFAICT, all the security
issues addressed are variations of unsanitized string interpolations.
the detecting method is roughly taint variable propagation, which
isn't too different in dynamic languages (vs static ones).


--
Javier