Java frameworks such as Spring simplify the development process and enhance productivity, but they also introduce new security risks, particularly in handling flexible development paradigms like entity parameter passing and configuration, which increase the potential for injection attacks. However, existing vulnerability detection tools often focus on code slicing or taint propagation analysis, and struggle with framework complexity, such as their inability to parse data flows in configuration files or correctly handle entity parameter passing paths, leading to many potential vulnerabilities going undetected, while also struggling to address developer-defined sanitizers, resulting in a higher false positive rate. To address these challenges, we developed iDetector , a static analysis tool specifically designed to detect injection vulnerabilities in Java frameworks. First, iDetector constructs a comprehensive code graph using a Code Property Graph (CPG), enabling it to flexibly handle scenarios that require dynamic structural modifications, such as XML configuration injection and dynamic method call resolution. Next, iDetector employs LLM-assisted sanitizer analysis techniques to reduce false positives caused by developer-defined sanitizers substantially. In a comprehensive evaluation of real-world Java projects and existing state-of-the-art tools, iDetector demonstrates superior precision and recall. It has uncovered 172 previously unknown vulnerabilities, of which 51 have been assigned CVE identifiers.
Chen et al. (Sat,) studied this question.