YASA Framework Boosts Multi-Language Static Taint Analysis for Enterprise Security

Global: YASA Framework Boosts Multi-Language Static Taint Analysis for Enterprise Security

New framework addresses enterprise code diversity

A new static analysis framework was unveiled by researchers at Ant Group to tackle the growing complexity of enterprise software stacks that span multiple programming languages. The system, named YASA (Yet Another Static Analyzer), provides a unified approach to static taint analysis, aiming to improve detection of security-relevant data flows across heterogeneous codebases.

Limitations of existing tools

Current taint analysis solutions such as CodeQL, Joern, and WALA were designed primarily for single-language environments, requiring extensive engineering effort to support additional languages. Multi-language extensions often suffer from constraints in intermediate representation, reduced precision, and limited extensibility, which hampers their scalability in large industrial settings.

Unified Abstract Syntax Tree (UAST) architecture

YASA introduces a Unified Abstract Syntax Tree (UAST) that abstracts language-specific constructs into a common representation. Building on the UAST, the framework performs point‑to analysis and taint propagation using a language‑agnostic semantic model, while still incorporating language‑specific extensions to handle unique features of Java, JavaScript, Python, and Go.

Benchmark performance

In comparative testing against six single‑language and two multi‑language static analyzers on an industry‑standard benchmark, YASA consistently outperformed all baselines across the four evaluated languages. The results indicate higher detection rates and reduced false positives, demonstrating the effectiveness of the unified approach.

Real‑world deployment at Ant Group

During internal rollout, YASA scanned more than 100 million lines of code across 7.3 K applications. The analysis uncovered 314 previously unknown taint paths, of which 92 were confirmed as zero‑day vulnerabilities. All findings were responsibly disclosed, and 76 of the vulnerabilities have already been patched by development teams.

Implications for large‑scale software security

The successful deployment suggests that unified multi‑language static analysis can enhance vulnerability discovery in complex, polyglot environments. Researchers anticipate that the extensible design of YASA may facilitate broader adoption across other enterprises seeking to strengthen their software supply chain security.This report is based on information from arXiv, licensed under Academic Preprint / Open Access. Based on the abstract of the research paper. Full text available via ArXiv.