Pattern Writing Guidelines

In DerScanner, data flow analysis is implemented. Java bytecode is an intermediate representation for Java, Scala and Kotlin applications. For other languages, AST (Abstract Syntax Tree) is used as an intermediate representation. Patterns are defined in terms of Xpath queries to this representation. To store patterns in DerScanner, a proprietary universal XML format has been developed.

Data flow analysis allows for flags to be assigned to entities (variables) and the tracking of changes while data is passing through a program, with patterns being classified in three categories: (sources), (passthroughs) and (sinks).

Source patterns show what method calls are related to flag setting.

Passthrough patterns define how flags must be changed (for example, a method that cleans a data structure must remove all flags).

Sink patterns show what program constructs are insecure and what conditions provoke such insecurities.