CN111597552B - Code scanning method and terminal equipment - Google Patents
Code scanning method and terminal equipment Download PDFInfo
- Publication number
- CN111597552B CN111597552B CN202010295091.1A CN202010295091A CN111597552B CN 111597552 B CN111597552 B CN 111597552B CN 202010295091 A CN202010295091 A CN 202010295091A CN 111597552 B CN111597552 B CN 111597552B
- Authority
- CN
- China
- Prior art keywords
- file
- decompressed
- files
- detection rule
- scanning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000001514 detection method Methods 0.000 claims abstract description 92
- 230000006837 decompression Effects 0.000 claims abstract description 9
- 238000004590 computer program Methods 0.000 claims description 22
- 238000003860 storage Methods 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 8
- 238000010586 diagram Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The application is applicable to the technical field of information security, and provides a code scanning method and terminal equipment, wherein the method comprises the following steps: acquiring a software package to be scanned, decompressing all compressed files in the software package to be scanned to obtain decompressed files, and marking the compressed files which cannot be decompressed as risk files; and scanning the decompressed files in sequence according to a preset file type detection rule and a preset file content detection rule to obtain a scanning result, so that automatic decompression of the software package to be scanned and automatic scanning of the decompressed files can be realized, code scanning efficiency and code coverage rate detection are improved, and information leakage risk is reduced.
Description
Technical Field
The application belongs to the technical field of information security, and particularly relates to a code scanning method and terminal equipment.
Background
When the software is sent out, whether other entrained files are contained in the software to be sent out or not and whether information leakage risks exist or not are required to be checked, so that information security checking is required to be performed, and actions such as entrainment, code leakage and the like are prevented. At present, when auditing the software to be issued, each text and each node of the software are usually required to be audited sequentially by hand, however, when the software is audited by adopting the prior art, auditing is time-consuming and labor-consuming, so that auditing efficiency is low, detection coverage rate is low, and information leakage risk is high.
Disclosure of Invention
In view of the above, the embodiment of the application provides a code scanning method and terminal equipment, which are used for solving the problems of low manual auditing efficiency, low detection coverage rate and high information leakage risk in the prior art.
A first aspect of an embodiment of the present application provides a code scanning method, including:
acquiring a software package to be scanned, decompressing all compressed files in the software package to be scanned to obtain decompressed files, and marking the compressed files which cannot be decompressed as risk files;
and scanning the decompressed files in sequence according to a preset file type detection rule and a preset file content detection rule to obtain a scanning result, wherein the scanning result comprises the risk file.
In an embodiment, the scanning the decompressed file according to a preset file type detection rule and a preset file content detection rule sequentially to obtain a scanning result includes:
scanning the decompressed files in sequence according to a preset file type detection rule to obtain scanned text files;
and scanning the text files in sequence according to a preset file content detection rule to obtain a scanning result.
In an embodiment, the scanning the decompressed files sequentially according to a preset file type detection rule to obtain text files passing through the scanning includes:
scanning file prefixes and file suffixes of all decompressed files in the decompressed files in sequence according to a preset file type detection rule;
when the file prefix or the file suffix of the decompressed file does not accord with the file type detection rule, marking the corresponding decompressed file as a sensitive type file;
and when the file prefix or the file suffix of the decompressed file accords with the file type detection rule, obtaining the scanned text file.
In an embodiment, the scan result further comprises the sensitive type file.
In an embodiment, the scanning the text file according to a preset file content detection rule to obtain a scanning result includes:
scanning the number of the content of the search file and keywords in the source codes of all the files in the text file according to a preset file content detection rule;
when the number of the content of the search file in the source code of the text file or the keyword does not accord with the file content detection rule, marking the corresponding text file as a sensitive content file;
and when the number of the content of the retrieval file in the source code of the text file and the keywords accord with the file content detection rule, obtaining the security file.
In an embodiment, the scan result further comprises the sensitive content file and the security file.
In an embodiment, before the acquiring the software package to be scanned, the method further includes:
setting a white list, and setting at least one compressed file or at least one software package included in the white list not to carry out scanning processing.
A second aspect of an embodiment of the present application provides a code scanning apparatus, including:
the acquisition module is used for acquiring the software package to be scanned;
the decompression module is used for decompressing all the compressed files in the software package to be scanned to obtain decompressed files;
the marking module is used for marking the compressed file which cannot be decompressed as a risk file;
and the scanning module is used for scanning the decompressed files in sequence according to a preset file type detection rule and a preset file content detection rule to obtain a scanning result, wherein the scanning result comprises the risk file.
A third aspect of an embodiment of the present application provides a terminal device, including: a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the code scanning method according to any of the embodiments described above when the computer program is executed.
A fourth aspect of embodiments of the present application provides a computer-readable storage medium comprising: the computer readable storage medium stores a computer program which, when executed by a processor, implements the steps of the code scanning method according to any of the embodiments described above.
Compared with the prior art, the embodiment of the application has the beneficial effects that: acquiring a software package to be scanned, decompressing all compressed files in the software package to be scanned to obtain decompressed files, and marking the compressed files which cannot be decompressed as risk files; and scanning the decompressed files in sequence according to a preset file type detection rule and a preset file content detection rule to obtain a scanning result, so that automatic decompression of the software package to be scanned and automatic scanning of the decompressed files can be realized, code scanning efficiency and code coverage rate detection are improved, and information leakage risk is reduced.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of an implementation flow of a code scanning method according to an embodiment of the present application;
FIG. 2 is a schematic diagram of an implementation flow for obtaining a scan result according to an embodiment of the present application;
FIG. 3 is an exemplary diagram of a code scanning apparatus provided by an embodiment of the present application;
FIG. 4 is a schematic diagram of a code scanning apparatus according to yet another embodiment of the present application;
fig. 5 is a schematic diagram of a terminal device according to an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth such as the particular system architecture, techniques, etc., in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
In order to illustrate the technical scheme of the application, the following description is made by specific examples.
Fig. 1 is a schematic diagram of an implementation flow of a code scanning method according to an embodiment of the present application, which is described in detail below.
Step 101, obtaining a software package to be scanned, decompressing all compressed files in the software package to be scanned to obtain decompressed files, and marking the compressed files which cannot be decompressed as risk files.
Optionally, the software outgoing applicant submits the software package to be scanned to the outgoing software intermediate storage library through an outgoing flow, when detecting that a new software package to be scanned exists in the outgoing software intermediate storage library, the software package to be scanned is obtained, all the compressed files contained in the software package to be scanned are decompressed into the temporary file storage catalog, the compressed files need to be described as nested files, the compressed files which can be decompressed normally are security files, the decompressed files are obtained and then waiting for the next scanning, and the compressed files which cannot be decompressed are suspicious files, and the suspicious files are marked as risk files.
Alternatively, the decompressed file may be can_extract_postfix= [ '.zip','.rar','.jar','.war','.tar','.gz','. Tgz','.biz' ].
Optionally, before this step, the method may further include: setting a white list, and setting at least one compressed file or at least one software package included in the white list not to carry out scanning processing. Alternatively, the whitelist may be an MD5 whitelist. The at least one compressed file or at least one software package included in the whitelist may be a file or software package present in a standard library or a file or software package considered secure may not comply with the code scanning rules and thus does not need to be scanned. Since the compressed files or software packages in the white list are not scanned, the code scanning efficiency can be improved by setting the white list.
Step 102, scanning the decompressed files in sequence according to a preset file type detection rule and a preset file content detection rule to obtain a scanning result, wherein the scanning result comprises the risk file.
Alternatively, as shown in fig. 2, the present step may include the following steps.
Step 201, scanning the decompressed files in turn according to a preset file type detection rule to obtain scanned text files.
Optionally, after decompressing the compressed file, scanning and detecting the decompressed files one by one according to a preset file type detection rule so as to detect the file which does not accord with the file type detection rule, and continuing to perform subsequent scanning detection on the file which accords with the file type detection rule.
Optionally, the step may include: scanning file prefixes and file suffixes of all decompressed files in the decompressed files in sequence according to a preset file type detection rule; when the file prefix or the file suffix of the decompressed file does not accord with the file type detection rule, marking the corresponding decompressed file as a sensitive type file; and when the file prefix or the file suffix of the decompressed file accords with the file type detection rule, obtaining the scanned text file. Optionally, the scanning result further comprises a sensitive type file.
The file type detection rule comprises a file prefix detection rule and a file suffix detection rule, wherein the file prefix detection rule comprises a file prefix which meets the requirements, and the file suffix detection rule comprises a file suffix which meets the requirements. Sequentially matching file prefixes of all decompressed files in the decompressed files with file prefixes meeting requirements included in the file type detection rules one by one, and marking the decompressed files as sensitive type files when the file prefixes of certain decompressed files cannot be matched with the file prefixes meeting requirements included in the file type detection rules, so that the decompressed files contain suspicious files; when the file prefix of a certain decompressed file can be matched with the file prefix meeting the requirements included in the file type detection rule, the decompressed file is a security file, and subsequent further scanning can be performed.
Similarly, sequentially matching file suffixes of each decompressed file with file suffixes meeting requirements included in the file type detection rule one by one, and when the file suffixes of a certain decompressed file cannot be matched with the file suffixes meeting requirements included in the file type detection rule, indicating that the decompressed file contains a suspicious file, and marking the decompressed file as a sensitive type file; when the file suffix of a certain decompressed file can be matched with the file suffix meeting the requirements included in the file type detection rule, the decompressed file is a security file, and subsequent further scanning can be performed.
It should be noted that, the file prefix may be scanned first and then the file suffix may be scanned first, or the file suffix may be scanned first and then the file prefix may be scanned, which in this embodiment does not limit the scanning sequence.
Optionally, when detecting the file prefix, the file prefix meeting the requirement may be:
crux= [ 'nonstandard', 'secondary', 'interface', 'SDK', 'source code', 'txt', 'docx' ].
When detecting the file suffix, the file suffix meeting the requirements can be:
Postfix=[‘frm’,‘frx’,‘c’,‘asm’,‘cs’,‘chm’,‘pcb’,‘sch’,‘cpp’,‘h’,‘bin’,‘hex’,‘s’,‘doc’,‘java’,‘docx’,‘xls’,‘xlsx’]。
it should be noted that, the file prefix and the file suffix in the file type detection rule may be set according to different scanning requirements, and are not fixed.
Step 202, scanning the text file in turn according to a preset file content detection rule to obtain a scanning result.
Optionally, for all the files (including source codes) of the text type, scanning and detecting one by one according to a preset file content detection rule so as to detect the files which do not accord with the file content detection rule, namely the sensitive files, and determining the files which accord with the file content detection rule.
Optionally, the step may include: scanning the number of the content of the search file and keywords in the source codes of all the files in the text file according to a preset file content detection rule; when the number of the content of the search file in the source code of the text file or the keyword does not accord with the file content detection rule, marking the corresponding text file as a sensitive content file; and when the number of the content of the retrieval file in the source code of the text file and the keywords accord with the file content detection rule, obtaining the security file. Optionally, the scan result further includes the sensitive content file and the security file, that is, the scan result includes a risk file that is not successfully decompressed, a sensitive type file that is not in accordance with the file type detection rule, a sensitive content file that is not in accordance with the file content detection rule, and a security file.
The file type detection rule includes detection of the number of searched file contents and detection of keywords.
When the number of the content of the retrieval file in the source code of the text file does not accord with the file content detection rule, the corresponding text file is considered as a suspicious file, and the suspicious file is marked as a sensitive content file. For example, keyword_file_nu=30 is set, that is, the number of search file contents is 30 at maximum, and when the number exceeds 30, the corresponding text file is considered as a suspicious file. The number of search file contents may be set according to the need, and the above 30 are merely illustrative, and the setting of the number of search file contents is not limited in this embodiment.
Optionally, the text files are sequentially matched with keywords in the file content detection rule one by one, and when the keywords in the source codes of the text files do not exist in the file content detection rule, the corresponding text files are marked as sensitive content files. For example, the keyword in the file content detection rule may be set to keyword= [ 'import', 'exact', ]. The above is merely illustrative, and the specific keyword is not limited in this embodiment.
Optionally, when the number of the content of the search file in the source code of the text file and the keywords meet the file content detection rule, a security file is obtained. The method comprises the steps that a file obtained after the decompressed files are scanned sequentially through a preset file type detection rule and a preset file content detection rule is a security file, and suspicious files are marked out so that subsequent developers can check or repair the suspicious files conveniently.
According to the code scanning method, suspicious content can be automatically found through automatic decompression, file type detection and file content detection of the software package to be scanned, and a scanning result is obtained, so that auditing efficiency can be improved, the coverage rate of the detection code can be improved, and the risk of information leakage can be reduced.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present application.
Corresponding to the code scanning method described in the above embodiments, fig. 3 shows an exemplary diagram of the code scanning apparatus provided in the embodiment of the present application. As shown in fig. 3, the apparatus may include: an acquisition module 301, a decompression module 302, a marking module 303 and a scanning module 304.
An acquiring module 301, configured to acquire a software package to be scanned;
the decompression module 302 is configured to decompress all the compressed files in the software package to be scanned to obtain decompressed files;
a marking module 303, configured to mark a compressed file that cannot be decompressed as a risk file;
and the scanning module 304 is configured to sequentially scan the decompressed files according to a preset file type detection rule and a preset file content detection rule, so as to obtain a scanning result, where the scanning result includes the risk file.
Optionally, the scanning module 304 scans the decompressed files sequentially according to a preset file type detection rule and a preset file content detection rule, and when obtaining a scanning result, may be used to:
scanning the decompressed files in sequence according to a preset file type detection rule to obtain scanned text files; and scanning the text files in sequence according to a preset file content detection rule to obtain a scanning result.
Optionally, the scanning module 304 scans the decompressed files sequentially according to a preset file type detection rule, and when obtaining a text file passing through the scanning module, the scanning module may be configured to:
scanning file prefixes and file suffixes of all decompressed files in the decompressed files in sequence according to a preset file type detection rule; when the file prefix or the file suffix of the decompressed file does not conform to the file type detection rule, the marking module 303 marks the corresponding decompressed file as a sensitive type file; and when the file prefix or the file suffix of the decompressed file accords with the file type detection rule, obtaining the scanned text file.
Optionally, the scan result further includes the sensitive type file.
Optionally, the scanning module 304 sequentially scans the text file according to a preset file content detection rule, and when obtaining a scanning result, may be used to:
scanning the number of the content of the search file and keywords in the source codes of all the files in the text file according to a preset file content detection rule; when the number of the content of the search file in the source code of the text file or the keyword does not accord with the file content detection rule, the marking module 303 marks the corresponding text file as a sensitive content file; and when the number of the content of the retrieval file in the source code of the text file and the keywords accord with the file content detection rule, obtaining the security file.
Optionally, the scan result further includes the sensitive content file and the security file.
Optionally, as shown in fig. 4, before the acquiring module 301 acquires the software package to be scanned, the method further includes: a setting module 305.
A setting module 305, configured to set a whitelist, and set at least one compressed file or at least one software package included in the whitelist not to perform scanning processing.
According to the code scanning device, the software package to be scanned is automatically decompressed through the decompression module, the scanning module detects the file type and the file content, suspicious content can be automatically found, and a scanning result is obtained, so that the auditing efficiency can be improved, the coverage rate of the detection code can be improved, and the risk of information leakage can be reduced.
Fig. 5 is a schematic diagram of a terminal device according to an embodiment of the present application. As shown in fig. 5, the terminal device 500 of this embodiment includes: a processor 501, a memory 502 and a computer program 503, such as a code scanning program, stored in the memory 502 and executable on the processor 501. The steps of the code scanning method embodiment described above, such as steps 101 to 102 shown in fig. 1, or steps 201 to 202 shown in fig. 2, are implemented when the processor 501 executes the computer program 503, and the functions of the modules in the device embodiments described above, such as the functions shown in fig. 3 or 4, are implemented when the processor 501 executes the computer program 503.
By way of example, the computer program 503 may be split into one or more program modules that are stored in the memory 502 and executed by the processor 501 to perform the present application. The one or more program modules may be a series of computer program instruction segments capable of performing the specified functions for describing the execution of the computer program 503 in the code scanning means or terminal device 500. For example, the computer program 503 may be divided into an acquisition module 301, a decompression module 302, a marking module 303, and a scanning module 304, where specific functions of each module are shown in fig. 3, and are not described herein.
The terminal device 500 may be a computing device such as a desktop computer, a notebook computer, a palm computer, a cloud server, etc. The terminal device may include, but is not limited to, a processor 501, a memory 502. It will be appreciated by those skilled in the art that fig. 5 is merely an example of a terminal device 500 and does not constitute a limitation of the terminal device 500, and may include more or less components than illustrated, or may combine certain components, or different components, e.g., the terminal device may also include input-output devices, network access devices, buses, etc.
The processor 501 may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 502 may be an internal storage unit of the terminal device 500, for example, a hard disk or a memory of the terminal device 500. The memory 502 may also be an external storage device of the terminal device 500, for example, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the terminal device 500. Further, the memory 502 may also include both an internal storage unit and an external storage device of the terminal device 500. The memory 502 is used for storing the computer program and other programs and data required by the terminal device 500. The memory 502 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, the specific names of the functional units and modules are only for distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other manners. For example, the apparatus/terminal device embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical function division, and there may be additional divisions in actual implementation, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection via interfaces, devices or units, which may be in electrical, mechanical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated modules/units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present application may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. . Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the computer readable medium contains content that can be appropriately scaled according to the requirements of jurisdictions in which such content is subject to legislation and patent practice, such as in certain jurisdictions in which such content is subject to legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunication signals.
The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.
Claims (5)
1. A code scanning method, comprising:
acquiring a software package to be scanned, decompressing all compressed files in the software package to be scanned to obtain decompressed files, and marking the compressed files which cannot be decompressed as risk files;
sequentially matching the file prefix of each decompressed file with the file prefix meeting the requirements, which is included in the preset file type detection rule, sequentially matching the file suffix of each decompressed file with the file suffix meeting the requirements, which is included in the file type detection rule, and marking the corresponding decompressed file as a sensitive type file when the file prefix of the decompressed file cannot be matched with the file prefix meeting the requirements or when the file suffix of the decompressed file cannot be matched with the file suffix meeting the requirements, otherwise, obtaining a text file which is scanned, wherein the text file contains a source code; comparing the number of the search contents in the source code with the set number of the search contents included in a preset file content detection rule, sequentially matching keywords in the source code with keywords included in the file content detection rule, and marking the corresponding text file as a sensitive content file when the number of the search contents in the source code is larger than the set number of the search contents or when the keywords in the source code do not exist in the file content detection rule, otherwise, obtaining a security file; wherein the risk file, the sensitive type file, the sensitive content file, and the security file constitute a scan result.
2. The code scanning method of claim 1, further comprising, prior to said retrieving the software package to be scanned:
setting a white list, and setting at least one compressed file or at least one software package included in the white list not to carry out scanning processing.
3. A code scanning device, comprising:
the acquisition module is used for acquiring the software package to be scanned;
the decompression module is used for decompressing all the compressed files in the software package to be scanned to obtain decompressed files;
the marking module is used for marking the compressed file which cannot be decompressed as a risk file;
the scanning module is used for sequentially matching the file prefix of each decompressed file with the file prefix meeting the requirements, which is included in the preset file type detection rule, sequentially matching the file suffix of each decompressed file with the file suffix meeting the requirements, marking the corresponding decompressed file as a sensitive type file when the file prefix of the decompressed file cannot be matched with the file prefix meeting the requirements or the file suffix of the decompressed file cannot be matched with the file suffix meeting the requirements, otherwise, comparing the number of search contents in a source code with the set search contents, which is included in the preset file content detection rule, sequentially matching the keywords in the source code with the keywords, which are included in the file content detection rule, and marking the corresponding decompressed file as a safe content file when the number of search contents in the source code is larger than the number of the set search contents or when the keywords in the source code do not exist in the file content detection rule, or marking the corresponding decompressed file as a sensitive type file; wherein the risk file, the sensitive type file, the sensitive content file, and the security file constitute a scan result.
4. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 2 when the computer program is executed.
5. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the steps of the method according to any one of claims 1 to 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010295091.1A CN111597552B (en) | 2020-04-15 | 2020-04-15 | Code scanning method and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010295091.1A CN111597552B (en) | 2020-04-15 | 2020-04-15 | Code scanning method and terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111597552A CN111597552A (en) | 2020-08-28 |
| CN111597552B true CN111597552B (en) | 2023-11-10 |
Family
ID=72190379
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010295091.1A Active CN111597552B (en) | 2020-04-15 | 2020-04-15 | Code scanning method and terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111597552B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113794676A (en) * | 2021-07-26 | 2021-12-14 | 奇安信科技集团股份有限公司 | File filtering method and device, electronic equipment, program product and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102231117A (en) * | 2011-07-08 | 2011-11-02 | 盛乐信息技术(上海)有限公司 | Software installment method and system for embedded platform |
| CN102945347A (en) * | 2012-09-29 | 2013-02-27 | 中兴通讯股份有限公司 | Method, system and device for detecting Android malicious software |
| CN103400076A (en) * | 2013-07-30 | 2013-11-20 | 腾讯科技(深圳)有限公司 | Method, device and system for detecting malicious software on mobile terminal |
| CN104598819A (en) * | 2015-01-09 | 2015-05-06 | 百度在线网络技术(北京)有限公司 | Method, device and system for scanning packages |
| WO2016107343A1 (en) * | 2014-12-29 | 2016-07-07 | 北京奇虎科技有限公司 | Detection method and device for application privacy security information |
| CN109194739A (en) * | 2018-09-03 | 2019-01-11 | 中国平安人寿保险股份有限公司 | A kind of file uploading method, storage medium and server |
| US10192052B1 (en) * | 2013-09-30 | 2019-01-29 | Fireeye, Inc. | System, apparatus and method for classifying a file as malicious using static scanning |
| CN110826068A (en) * | 2019-11-01 | 2020-02-21 | 海南车智易通信息技术有限公司 | Safety detection method and safety detection system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11126720B2 (en) * | 2012-09-26 | 2021-09-21 | Bluvector, Inc. | System and method for automated machine-learning, zero-day malware detection |
-
2020
- 2020-04-15 CN CN202010295091.1A patent/CN111597552B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102231117A (en) * | 2011-07-08 | 2011-11-02 | 盛乐信息技术(上海)有限公司 | Software installment method and system for embedded platform |
| CN102945347A (en) * | 2012-09-29 | 2013-02-27 | 中兴通讯股份有限公司 | Method, system and device for detecting Android malicious software |
| CN103400076A (en) * | 2013-07-30 | 2013-11-20 | 腾讯科技(深圳)有限公司 | Method, device and system for detecting malicious software on mobile terminal |
| WO2015014185A1 (en) * | 2013-07-30 | 2015-02-05 | Tencent Technology (Shenzhen) Company Limited | Method, device and system for detecting malware in mobile terminal |
| US10192052B1 (en) * | 2013-09-30 | 2019-01-29 | Fireeye, Inc. | System, apparatus and method for classifying a file as malicious using static scanning |
| WO2016107343A1 (en) * | 2014-12-29 | 2016-07-07 | 北京奇虎科技有限公司 | Detection method and device for application privacy security information |
| CN104598819A (en) * | 2015-01-09 | 2015-05-06 | 百度在线网络技术(北京)有限公司 | Method, device and system for scanning packages |
| CN109194739A (en) * | 2018-09-03 | 2019-01-11 | 中国平安人寿保险股份有限公司 | A kind of file uploading method, storage medium and server |
| CN110826068A (en) * | 2019-11-01 | 2020-02-21 | 海南车智易通信息技术有限公司 | Safety detection method and safety detection system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111597552A (en) | 2020-08-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2420791C1 (en) | Method of associating previously unknown file with collection of files depending on degree of similarity | |
| US11048798B2 (en) | Method for detecting libraries in program binaries | |
| US10409987B2 (en) | System and method for adaptive modification of antivirus databases | |
| US20160352763A1 (en) | Method And System For Detecting Malicious Code | |
| CN102663281A (en) | Method and device for detecting malicious software | |
| CN109194739B (en) | File uploading method, storage medium and server | |
| US11288368B1 (en) | Signature generation | |
| KR20090075861A (en) | On demand virus scan | |
| CN109492399A (en) | Risk file test method, device and computer equipment | |
| CN111159115A (en) | Similar file detection method, device, equipment and storage medium | |
| CN111597552B (en) | Code scanning method and terminal equipment | |
| CN115470491A (en) | File detection method and device | |
| CN107085684B (en) | Program feature detection method and device | |
| CN114139161A (en) | Method, device, electronic equipment and medium for batch vulnerability detection | |
| US11563717B2 (en) | Generation method, generation device, and recording medium | |
| CN116450581B (en) | Local quick matching method and system for white list and electronic equipment | |
| WO2021231030A1 (en) | Cluster-based near-duplicate document detection | |
| CN113486359B (en) | Method and device for detecting software loopholes, electronic device and storage medium | |
| CN115294586A (en) | Invoice identification method and device, storage medium and electronic equipment | |
| CN108021951A (en) | A kind of method of document detection, server and computer-readable recording medium | |
| CN114510717A (en) | ELF file detection method and device and storage medium | |
| CN106372508A (en) | Method and device for processing malicious documents | |
| US11356853B1 (en) | Detection of malicious mobile apps | |
| CN111967240B (en) | Text parsing method, text parsing device, terminal equipment and computer readable storage medium | |
| CN109446166B (en) | Method for detecting file directory, computer readable storage medium and terminal device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |