Mansi Phute

Context-aware Reachability Analysis for Vulnerable Open-Source Libraries



We propose a method for rapid real time risk assessment in which we find relevant vulnerable versions and generate their functional call graphs. Functional call graphs are very large in size. These leads to scalability issues during analysis of large libraries. In languages like Python, where dynamic functions and paths are common, dynamic analysis is necessary to identify reachable paths. These paths cannot be detected during static analysis. This necessitates test case generation with appropriate inputs to identify these paths. It is also important to find exactly which functions generate these branches, as exhaustively targeting functions wastes resources and raises scalability problems.

Function level pruning helps contain the complexity of the call graph. Clustering based on risk metrics is used to simplify future online analysis. This helps us generate rapid results and rank the libraries used in application based on the risk levels.