[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Lua static analysis paper
- From: Javier Guerra Giraldez <javier@...>
- Date: Thu, 31 Aug 2017 10:07:11 +0100
On 31 August 2017 at 10:01, Etiene Dalcol <firstname.lastname@example.org> wrote:
> I saw this paper shared on Hacker News today and I thought it could be
> interesting to
> some here at the mailing list:
> Lua code: security overview and practical approaches to static analysis
it's an interesting topic, definitely worth a read but i think the
research falls very short for usefulness. AFAICT, all the security
issues addressed are variations of unsanitized string interpolations.
the detecting method is roughly taint variable propagation, which
isn't too different in dynamic languages (vs static ones).