We are going to detect SQL vulnaribility by Machine learning and refactoring them by replacing prepared statement.
Our motivation for thesis is this paper : sql vulnerability refactoring
Abstract of the paper :
presents an algorithm of prepared statement replacement for removing SQLIVs by replacing SQL statements
with prepared statements. Prepared statements have a static structure, which prevents SQL injection
attacks from changing the logical structure of a prepared statement. We created a prepared
statement replacement algorithm and a corresponding tool for automated fix generation. We conducted
four case studies of open source projects to evaluate the capability of the algorithm and its automation.
The empirical results show that prepared statement code correctly replaced 94% of the SQLIVs in these
projects.
Our work for this project till now :
- Read the paper and present the slide
- Collect source code from the orginal paper writer : Code base for PSR ALGO
- Prepared miner for mining java code : Miner
- Collected data : Mined data
- Work on java parser : Java parser
- Collected paper and notes on TreeLSTM : Paper
- Data validation for input : Data validation
- Model created and solution finder: Getafix for SQLIFIX
Find our paper here: https://lsiddiqsunny.github.io/public/SANER_2021.pdf and thesis paper here