OWASP Orizon Project XML

Revision as of 09:59, 31 July 2008 by Thesp0nge (Talk | contribs)

Jump to: navigation, search

The Orizon check XML schema

A check contained in a safe coding recipe, follows this schema:


  id=check identifier code 
  severity=[info | warning | error] 
  impact=[low | medium | high | critical | panic ]
  description=a short description for this check
  positive_fail=[yes | no]


  [method_check | class_check | attribute_check | compare_check | variable_check | source_check]


... some ideas ...

Security checks can be divided in:

  • design_check
  • keyword_check
  • execution_check

Design check

Design checks are about source file design (how many class are contained in a source? how many methods? what is the scope of the method A?).

source code statistics


   name=[loc | loC]
   verb=[lt | gt | le | ge | ne | eq | ratio]
   [ direct_object= [loc | loC] ]
   value=numeric value



  • name is the statistics name and can be one of the following:
    • loc: line of code
    • loC: line of Comment
  • verb is the boolean comparison operator between the subject and the value:
    • lt: lesser than
    • gt: grater than
    • le: lesser or equal than
    • ge: greater or equal than
    • ne: not equal than
    • eq: equal than
    • ratio: indicates the ratio subj versus direct_object


   name=the subject name when appliable
   value=the value being checked



   value=the value being checked


  • keyword_check, about keyword specific checks


   name=keyword name


  • execution_check: extra care must be taken for parameter in this desing...


   caller_class=a class name
   caller_method=a method name


The Orizon Input file XML schema

Orizon 1.0 will bring 3 new subsystems in Jericho engine:

  • local analisys (control flow graph)
  • global analisys (call graph)
  • taint propagation analisys (data graph)

Each of this subsystems will use a different input file provided by the translator, so each source file will be translated in 3 different XML files with different schema of course.

Local analisys

Global analisys

Taint propagation analisys