lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On 31 August 2017 at 10:01, Etiene Dalcol <dalcol@etiene.net> wrote:
> Hello,
>
> I saw this paper shared on Hacker News today and I thought it could be
> interesting to
> some here at the mailing list:
>
> Lua code: security overview and practical approaches to static analysis
> (2017)
> http://spw17.langsec.org/papers/costin-lua-static-analysis.pdf
>

it's an interesting topic, definitely worth a read but i think the
research falls very short for usefulness.  AFAICT, all the security
issues addressed are variations of unsanitized string interpolations.
the detecting method is roughly taint variable propagation, which
isn't too different in dynamic languages (vs static ones).


-- 
Javier