Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure have been shown in the accompanying drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but are provided to provide a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the present disclosure are for illustration purposes only and are not intended to limit the scope of the present disclosure.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
The term "including" and variations thereof as used herein are intended to be open-ended, i.e., including, but not limited to. The term "based on" is based at least in part on. The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments. Related definitions of other terms will be given in the description below.
It should be noted that the terms "first," "second," and the like in this disclosure are used merely to distinguish one device, module, or unit from another device, module, or unit, and are not intended to limit the order or interdependence of the functions performed by the devices, modules, or units.
It should be noted that references to "one", "a plurality" and "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those of ordinary skill in the art will appreciate that "one or more" is intended to be understood as "one or more" unless the context clearly indicates otherwise.
The names of messages or information interacted between the various devices in the embodiments of the present disclosure are for illustrative purposes only and are not intended to limit the scope of such messages or information.
An embodiment of the present disclosure provides a vulnerability detection method, as shown in fig. 1, including:
in step S101, the code to be detected is parsed by using a syntax tree, key information of the code to be detected is extracted, and a key information structure is constructed.
For the disclosed embodiments, the abstract syntax tree (abstract syntax code, AST) is a tree representation of the abstract syntax structure of the source code, each node on the tree representing a structure in the source code, which is abstract because the abstract syntax tree does not represent every detail of the actual syntax appearance, for example, nested brackets are implicit in the tree structure and not presented in the form of nodes. The abstract syntax tree does not depend on the grammar of the source language, that is, the context used in the grammar analysis stage is free of grammar, because when grammar is written, equivalent conversion (elimination of left recursion, backtracking, ambiguity, etc.) is often performed on the grammar, so that some redundant components are introduced into grammar analysis, which adversely affects the subsequent stage and even causes confusion of the stage. Therefore, many compilers often independently construct parse trees to create a clear interface for the front-end and the back-end.
In the embodiment of the disclosure, when a syntax tree is adopted to analyze a code to be detected, key information of the code to be detected is extracted, and a key information structure body is constructed, wherein for an item to be detected, all Python files of the item are subjected to analysis based on the AST syntax of the Python, the key information in the code to be Python is extracted, wherein the key information comprises almost all information of Python code fragments, such as what is on the left side of an expression, what is on the right side of the expression, what function calls are contained on the right side of the expression, what parameters of the function are included, including position index information of the parameters in the function, and what information is specifically needed, which can be determined by a person skilled in the art according to a specific embodiment, and the disclosure is not limited. Based on the extracted key information, a structure body is constructed, and a data set formed by a series of data with the same type or different types, called a structure body, can be declared as a variable, a pointer, an array or the like, so as to realize a more complex data structure.
In step S102, a development framework type of the code to be detected is identified.
In the embodiment of the disclosure, the development framework refers to a middleware basic platform developed for improving the development efficiency of the WEB program, a developer does not need to write codes from 0, the framework does something like templates, the developer develops the program by calling the framework to save time and cost, and the front-end WEB framework is more famous, such as Bootstrap, extjs, easyui, flex, miniUI, jQuery UI and the like.
For the embodiment of the disclosure, frame identification is performed on a structural body constructed in a project through development frame features in a remotely loaded server rule, frames used by Python are identified, specifically, frame type features preset in the server are loaded, the features in the structural body are obtained, the features of the structural body are compared with the preset frame type features, and the frame type corresponding to the structural body is determined.
In step S103, a routing function in the key information structure is determined based on a preset routing rule corresponding to the development framework type.
In the embodiment of the disclosure, the routing rules refer to some routing methods in a development framework, and different routing rules are identified according to some specific methods.
In an embodiment of the present disclosure, routing functions in the key information structures are identified based on routing rules in the development framework identified in the previous step. The method comprises the steps of acquiring a code command before identifying a routing function, identifying a code of a routing writing part of the code command, matching the code command with the routing function in a preset routing function library, and determining the routing function of the code when the same code segment is matched. Specifically, the authbp. Route in this pseudo code is a classical route writing method as follows:
in step S104, the location of the stain in the code to be detected is determined based on the preset stain rule and the routing function corresponding to the development framework type, and a stain data flow graph is generated.
In the disclosed embodiment, the taint rule refers to how the routing function accepts user input, e.g., aaa = request. Get [ 'aaa' ], corresponding to a web site link is http:// hahhahahahha/? aaa=xxxxrequest. Get is used to receive user input, and all the rules that can receive user input are sorted, i.e. the taint rules.
For the embodiment of the disclosure, the stain rule is set in advance by a person skilled in the art, possible stain rules are collected manually, then all stain positions are identified by combining a routing function, specifically, a code segment of the routing function is obtained, a code field in the code segment is identified, the code field is matched with a preset stain rule, when the same field as the code segment is matched in the preset stain rule, the routing function is judged according to the stain rule, whether the stain exists in the code segment is judged, if the stain exists in the code segment, the position of the stain is recorded, and a stain data flow chart is formed.
In step S105, based on the preset vulnerability rule corresponding to the development framework type, traversing the taint data flow graph, and determining whether vulnerability information exists in the code to be detected.
In the embodiment of the present disclosure, the preset vulnerability rule refers to a vulnerability rule preset by a person skilled in the art, and the vulnerability rule refers to a rule capable of judging whether a vulnerability exists in a data flow graph, which is generally a combination of a plurality of rules.
For the embodiment of the disclosure, after a stain data flow graph is constructed, traversing the data flow graph through a preset vulnerability rule, judging whether a vulnerability exists in the data flow graph according to the rule, and specifically, determining that a certain path in the data flow graph meets the following conditions to confirm that the vulnerability exists, wherein the judging conditions comprise: index position is correct, there is high risk function, keyword matching is successful, and there is no filter function. And when a certain path in a certain taint data flow graph simultaneously meets the conditions, judging that the loophole exists in the data flow graph.
According to the embodiment of the disclosure, the code to be detected is analyzed by adopting the grammar tree, the key information structure body of the code to be detected is extracted, the development framework of the code to be detected is identified, the development framework can be remotely adapted to any development framework under the condition that the code is not modified, the routing searching rule, the stain positioning rule and the loophole judging rule in the development framework are adopted, the loophole rule is dynamically configured, timely misinformation and optimization are facilitated, a complete data flow diagram of the stain is generated according to the routing searching and the stain positioning, all reachable paths of the stain are found, paths which possibly generate the loophole are comprehensively analyzed, the existence of the loophole is comprehensively judged according to the index position of the parameter and the loophole rule, the judgment on the loophole is more accurate, the misinformation is reduced, the full-automatic loophole detection is realized, and the manpower is saved.
In an embodiment of the present disclosure, a possible implementation manner is provided, where identifying a development framework type of a code to be detected includes:
acquiring development framework characteristics of codes to be detected; and identifying the development frame type corresponding to the development frame characteristics of the code to be detected according to the preset development frame identification characteristics.
In the embodiment of the disclosure, a development frame feature is acquired, a frame feature part field is identified by acquiring a code field and is matched with a preset frame feature, the matched frame feature is used as the frame feature of the code to be detected, the frame type corresponding to the frame feature is determined as the frame type of the code to be detected, specifically, the frame type is marked for the code to be detected, and a routing rule, a vulnerability rule and the like corresponding to the frame type are acquired.
According to the embodiment of the disclosure, the frame characteristics of the code to be detected are acquired, the corresponding frame types are matched, and the code is analyzed and processed with the follow-up acquisition rules, so that the vulnerability determination accuracy is improved.
One possible implementation manner is provided in the embodiments of the present disclosure, as shown in fig. 2, where determining a routing function in a key information structure based on a routing rule of a development framework includes:
In step S201, the syntax of the key information structure route is identified.
In the disclosed embodiment, the syntax of the route refers to the writing of the code segment routing function, such as authbp. Route in this pseudo code below, which is a classical route writing method:
for the embodiment of the disclosure, the grammar of obtaining the route of the key information structure body is mainly by obtaining a code segment, identifying the code in the code segment, determining the writing method of the route function, and when the authbp.
In step S202, the grammar of the route is matched with the routing rule of the development framework to determine the routing function, and the routing rule includes the correspondence between the grammar of the route and the corresponding routing rule.
For the embodiment of the disclosure, after determining the routing grammar of the code to be detected, the routing grammar is matched with a preset routing rule, wherein the preset routing rule is determined according to the frame type identified in the previous step, specifically, after determining the frame type, the routing rule corresponding to the frame type is loaded, and the routing grammar determined in the previous step is matched with the routing rule to determine the routing function of the code to be detected. Specifically, when the routing syntax is determined to be authbp.
According to the embodiment of the disclosure, the routing grammar of the code to be detected is identified, and the routing grammar is matched with the preset routing rule, so that the routing rule of the code to be detected is determined, and the routing rule judging accuracy is high.
One possible implementation manner is provided in the embodiment of the present disclosure, as shown in fig. 3, where generating a stain data flow graph includes:
in step S301, when the artifact is transferred in a function, an artifact marking node is generated according to the location of the artifact, and the artifact marking node is used as a node in the artifact data flow graph.
In the embodiment of the disclosure, the stain may be continuously transferred in the current function, or may be transferred in a different file, and different data flow diagram determining flows exist for different transfer modes.
For the embodiment of the present disclosure, as shown in fig. 4, when a blob is transferred in a function, a blob mark node is generated according to the position of the blob, and the blob is used as a node of a blob flow graph, specifically, as shown in fig. 4, the blob flows to a node B at a node a and then to a node C, and the data flow graph of the blob is a-B-C, where a node A, B, C is a node in a function. Of course, the particular number of nodes needs to be determined in particular embodiments.
In step S302, when the artifact is transferred in a plurality of functions, a plurality of artifact marking nodes of the artifact in the plurality of functions are generated according to index positions of transfer functions of the artifact, and the plurality of artifact marking nodes are used as nodes in the artifact data flow graph.
In the embodiment of the disclosure, as shown in fig. 5, when a data flow graph of a dirty is generated, an index position of a current function where the dirty is located needs to be obtained, then a dirty mark node of the dirty data flow graph is generated according to the index position, specifically, when the dirty is transferred from a1 node of a function a to a b1 node of a function b, the index position of the dirty of the function at the node a1 is firstly obtained, a first dirty mark node a.a1 is generated, when the dirty is transferred to the b1 node of the function b, a second dirty mark node b.b1 is generated, and then the data flow graph of the dirty is a.a1-b.b1, wherein the nodes a1 and b1 are data nodes in the function a and the function b respectively.
According to the embodiment of the disclosure, the data flow diagrams of the stains are determined by different stain transmission modes, so that the integrity of the data flow diagram determination is ensured, and the accuracy of the subsequent vulnerability determination is improved.
The embodiment of the disclosure provides a possible implementation manner, based on a preset vulnerability rule corresponding to a development framework type, traversing a stain data flow graph, determining vulnerability information in a code to be detected, including:
traversing the taint data flow graph based on a preset vulnerability rule corresponding to the development framework type, and determining vulnerability information in the code to be detected when at least one path in the taint data flow graph meets the preset vulnerability rule.
In the embodiment of the disclosure, after a stained data flow graph is determined, traversing the data flow graph based on a preset vulnerability rule, and determining vulnerability information in a code to be detected when at least one path in the stained data flow graph meets the preset vulnerability rule, wherein the preset vulnerability rule comprises an index position of a transfer parameter of a stain as a preset position; the path has a preset high-risk function; and the keywords in the stain are matched with preset keywords; and no preset filtering function exists in the path. Specifically, each node in the data flow graph is judged through the vulnerability rule, whether the node meets the vulnerability rule is judged, and when the vulnerability rule is met, the existence of a vulnerability in the data flow graph of the node is judged.
In the embodiment of the disclosure, the data flow graph of the stain is judged through the preset loophole rule, whether the loophole exists or not is determined, and the loophole judgment is accurate.
The embodiment of the disclosure provides a possible implementation manner, and after determining the vulnerability information in the code to be detected, the method further comprises:
and determining a key row of the vulnerability information in the code to be detected according to the vulnerability information, generating vulnerability reporting information based on the codes of the upper preset row and the lower preset row of the key row and the key row codes, and reporting the vulnerability reporting information.
In the embodiment of the disclosure, when the existence of the vulnerability information of the code to be detected is determined, vulnerability reporting information is generated based on a key row in the code where the vulnerability information is located, and specifically, the vulnerability reporting information is generated based on an upper preset row and a lower preset row of the key row.
For the embodiment of the disclosure, after the vulnerability information is determined, the upper two lines of codes and the lower two lines of codes of the code line where the vulnerability information is located are determined to be reported as vulnerability reporting information, and of course, how many lines of codes are specifically needed can be determined by a person skilled in the art at his own discretion, which is not limited by the disclosure.
According to the embodiment of the disclosure, the code to be detected is analyzed by adopting the grammar tree, the key information structure body of the code to be detected is extracted, the development framework of the code to be detected is identified, the development framework can be remotely adapted to any development framework under the condition that the code is not modified, the routing searching rule, the stain positioning rule and the loophole judging rule in the development framework are adopted, the loophole rule is dynamically configured, timely misinformation and optimization are facilitated, a complete data flow diagram of the stain is generated according to the routing searching and the stain positioning, all reachable paths of the stain are found, paths which possibly generate the loophole are comprehensively analyzed, the existence of the loophole is comprehensively judged according to the index position of the parameter and the loophole rule, the judgment on the loophole is more accurate, the misinformation is reduced, the full-automatic loophole detection is realized, and the manpower is saved.
An embodiment of the present disclosure provides a vulnerability detection apparatus, as shown in fig. 6, the vulnerability detection apparatus 60 may include:
the parsing module 601 is configured to parse the code to be detected using a syntax tree, extract key information of the code to be detected, and construct a key information structure;
the frame identification module 602 is configured to identify a development frame of the code to be detected using a preset development frame identification feature;
a routing function identification module 603, configured to determine a routing function in the key information structure based on a routing rule of the development framework;
a stain data flow graph generating module 604, configured to determine a location of a stain in the code based on a stain rule and a routing function of the development framework, and generate a stain data flow graph;
the vulnerability information determining module 605 is configured to determine whether vulnerability information exists in the code to be detected based on the vulnerability rule of the development framework and traversing the taint data flow graph.
The vulnerability detection device of the present embodiment may execute the vulnerability detection method shown in the foregoing embodiment of the present disclosure, and its implementation principle is similar, and will not be described here again.
According to the embodiment of the disclosure, the logic of frame adaptation, route searching, stain positioning and loophole judgment is generalized, so that a random development frame can be remotely adapted under the condition that codes are not modified, the loophole rule can be dynamically configured, timely misinformation and optimization are facilitated, upward backtracking is conducted when functions in objects with the class of executing functions are aimed, discrimination analysis is conducted, the judgment of the loopholes is more refined, misinformation is reduced, data among multiple modules are subjected to association analysis, a complete data flow diagram is generated, all reachable paths of the stain are found, paths of the loopholes possibly generated are comprehensively analyzed, the existence of the loopholes is comprehensively judged according to index positions of the parameters in combination with the loophole rule, the misinformation is reduced, and the full-automatic loophole detection is realized, so that manpower is saved.
Referring now to fig. 7, a schematic diagram of an electronic device 700 suitable for use in implementing embodiments of the present disclosure is shown. The terminal devices in the embodiments of the present disclosure may include, but are not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., in-vehicle navigation terminals), and the like, and stationary terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 6 is merely an example and should not be construed to limit the functionality and scope of use of the disclosed embodiments.
An electronic device includes: a memory and a processor, where the processor may be referred to as a processing device 701 hereinafter, the memory may include at least one of a Read Only Memory (ROM) 702, a Random Access Memory (RAM) 703, and a storage device 708 hereinafter, as specifically shown below:
as shown in fig. 7, the electronic device 700 may include a processing means (e.g., a central processor, a graphics processor, etc.) 701, which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage means 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data required for the operation of the electronic device 700 are also stored. The processing device 701, the ROM 702, and the RAM 703 are connected to each other through a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
In general, the following devices may be connected to the I/O interface 705: input devices 706 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, and the like; an output device 707 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 708 including, for example, magnetic tape, hard disk, etc.; and a communication device 709. The communication means 709 may allow the electronic device 700 to communicate wirelessly or by wire with other devices to exchange data. While fig. 7 shows an electronic device 700 having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a non-transitory computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via communication device 709, or installed from storage 708, or installed from ROM 702. The above-described functions defined in the methods of the embodiments of the present disclosure are performed when the computer program is executed by the processing device 701.
It should be noted that the computer readable medium described in the present disclosure may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present disclosure, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, fiber optic cables, RF (radio frequency), and the like, or any suitable combination of the foregoing.
In some implementations, the clients, servers may communicate using any currently known or future developed network protocol, such as HTTP (HyperText Transfer Protocol ), and may be interconnected with any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the internet (e.g., the internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed networks.
The computer readable medium may be contained in the electronic device; or may exist alone without being incorporated into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: analyzing the code to be detected by adopting a grammar tree, extracting key information of the code to be detected, and constructing a key information structure body; identifying the development framework type of the code to be detected; determining a routing function in the key information structure body based on a preset routing rule corresponding to the development framework type; determining the positions of the stains in the code to be detected based on a preset stain rule and a routing function corresponding to the development framework type, and generating a stain data flow diagram; and traversing the taint data flow graph based on a preset vulnerability rule corresponding to the development framework type, and determining whether vulnerability information exists in the code to be detected.
Computer program code for carrying out operations of the present disclosure may be written in one or more programming languages, including, but not limited to, an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer can be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or can be connected to the flowchart and block diagrams in the external computer drawings, illustrating the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules or units involved in the embodiments of the present disclosure may be implemented by means of software, or may be implemented by means of hardware. Where the name of a module or unit does not in some cases constitute a limitation of the unit itself.
The functions described above herein may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), an Application Specific Standard Product (ASSP), a system on a chip (SOC), a Complex Programmable Logic Device (CPLD), and the like.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
According to one or more embodiments of the present disclosure, there is provided a vulnerability detection method including:
analyzing the code to be detected by adopting a grammar tree, extracting key information of the code to be detected, and constructing a key information structure body;
identifying the development framework type of the code to be detected;
determining a routing function in the key information structure body based on a preset routing rule corresponding to the development framework type;
determining the positions of the stains in the code to be detected based on a preset stain rule and a routing function corresponding to the development framework type, and generating a stain data flow diagram;
and traversing the taint data flow graph based on a preset vulnerability rule corresponding to the development framework type, and determining whether vulnerability information exists in the code to be detected.
Further, identifying a development framework type of the code to be detected includes:
acquiring development framework characteristics of codes to be detected;
and identifying the development frame type corresponding to the development frame characteristics of the code to be detected according to the preset development frame identification characteristics.
Further, determining routing functions in the critical information structure based on the routing rules of the development framework includes:
identifying a syntax of the key information structure routing;
And matching the grammar of the route with the route rule of the development framework to determine a route function, wherein the route rule comprises the corresponding relation between the grammar of the route and the corresponding route rule.
Further, generating the dirty data flow graph includes:
when the stain is transferred in a function, generating a stain mark node according to the position of the stain, and taking the stain mark node as a node in the stain data flow graph;
when the stain is transferred in a plurality of functions, generating a plurality of stain mark nodes of the stain in the functions according to index positions of transfer functions of the stain, and taking the stain mark nodes as nodes in the stain data flow graph.
Further, based on a preset vulnerability rule corresponding to a development framework type, traversing a stain data flow graph, determining vulnerability information in a code to be detected, including:
traversing the taint data flow graph based on a preset vulnerability rule corresponding to the development framework type, and determining vulnerability information in the code to be detected when at least one path in the taint data flow graph meets the preset vulnerability rule.
Further, the preset vulnerability rule includes:
the index position of the transfer parameter of the stain is a preset position; and is also provided with
The path has a preset high-risk function; and is also provided with
The keywords in the stain are matched with preset keywords; and is also provided with
There is no preset filter function in the path.
Further, after determining the vulnerability information in the code to be detected, the method further comprises:
and determining a key row of the vulnerability information in the code to be detected according to the vulnerability information, generating vulnerability reporting information based on the codes of the upper preset row and the lower preset row of the key row and the key row codes, and reporting the vulnerability reporting information.
According to one or more embodiments of the present disclosure, there is provided a vulnerability detection apparatus including:
the analysis module is used for analyzing the code to be detected by adopting a grammar tree, extracting key information of the code to be detected and constructing a key information structure body;
the frame identification module is used for identifying the development frame of the code to be detected by adopting preset development frame identification characteristics;
the routing function identification module is used for determining a routing function in the key information structure body based on the routing rule of the development framework;
the stain data flow diagram generating module is used for determining the positions of stains in the codes based on the stain rules and the routing functions of the development framework and generating stain data flow diagrams;
And the vulnerability information determining module is used for traversing the taint data flow graph based on a preset vulnerability rule corresponding to the development framework type and determining whether vulnerability information exists in the code to be detected.
According to one or more embodiments of the present disclosure, there is provided an electronic device including:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to: the vulnerability detection method according to the foregoing is performed.
According to one or more embodiments of the present disclosure, there is provided a computer storage medium, wherein the storage medium stores at least one instruction, at least one program, a set of codes, or a set of instructions, the at least one instruction, the at least one program, the set of codes, or the set of instructions being loaded and executed by a processor to implement the aforementioned vulnerability detection method.
The foregoing description is only of the preferred embodiments of the present disclosure and description of the principles of the technology being employed. It will be appreciated by persons skilled in the art that the scope of the disclosure referred to in this disclosure is not limited to the specific combinations of features described above, but also covers other embodiments which may be formed by any combination of features described above or equivalents thereof without departing from the spirit of the disclosure. Such as those described above, are mutually substituted with the technical features having similar functions disclosed in the present disclosure (but not limited thereto).
Moreover, although operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. In certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limiting the scope of the present disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are example forms of implementing the claims.