Sinks

The sink is the second operation along with the source, which is part of a valid security vulnerability. Should user input flow unsenatized to a sink, then a potential attacker based on the sensitive sink operation can change the process of application for his purposes.

Typical examples of such sinks are PHP built-in functions that parse markup languages, e.g. HTML in echo() or SQL in mysql_query(). Just like functions and methods of frameworks, as they also occur in Java.

When user input is used within these markups, an attacker can modify its syntax (e.g. the HTML code or the SQL query). RIPS automatically detects sensitive built-in functions ans method and covers a couple of framework built-ins. In case a sink was missed during analysis or in case the sink is not defined within the analyzed code, additional sensitive built-in or user-defined functions and methods can be configured in this section. For each function or method, please specify the number of the security sensitive parameter, starting with '1', and the affected vulnerability type. Please refer to the code examples for further details.

If all parameters of a function or method are recognized as possible user input, you have to enter '0' as parameter.


Adding a PHP function as sink with all paremeters as sensitive

Adding a Java method as sink