-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpolicy.smt2
More file actions
26 lines (21 loc) · 790 Bytes
/
policy.smt2
File metadata and controls
26 lines (21 loc) · 790 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
;; ------------------------------------------------------------
;; POLICY: RCE Vulnerability Signature
;; ------------------------------------------------------------
;; Rule: A vulnerability exists if:
;; 1. The action is INSERT_OR_UPDATE (we care about new/modified headers)
;; 2. The table is sys_ws_operation (Scripted REST Resource)
;; 3. The script contains a flow from User Input to Dangerous Sink
(declare-const vulnerability_detected Bool)
(assert (= vulnerability_detected
(and
(= Action STR_INSERT_OR_UPDATE)
(= Table STR_SYS_WS_OPERATION)
script_source_is_user_input
script_sink_is_dangerous
script_flow_exists
)
))
;; Verification Goal: Is the vulnerability detected?
(assert vulnerability_detected)
(check-sat)
(get-model)