CN105303112A - Component calling bug detection method and apparatus - Google Patents

Abstract

The invention discloses a component calling bug detection method and apparatus. The method comprises: obtaining a source code file and a component calling bug rule file of an application; extracting a calling program with the hijacking risk from the source code file of the application according to the component calling bug rule file to form a calling risk list, wherein the component calling bug rule file is used for storing feature data determining that the calling program has the hijacking risk; automatically constructing a calling detection module based on the calling risk list; and detecting the calling program in the calling risk list based on the calling detection module to obtain a security detection result of the calling program. According to the component calling bug detection method and apparatus, the technical problem of incapability of determining that a component calling program of a system has the hijacking risk in the prior art is solved.

Description

The detection method of component call leak and device

Technical field

The present invention relates to computer internet field, in particular to a kind of detection method and device of component call leak.

Background technology

Along with the development of mobile Internet, mobile platform emerges thousands of application program app miscellaneous, make the life of people more and more rely on intelligent movable equipment, the assembly between the assembly in the application program in mobile terminal and between application program can complete to call or alternately each other based on component call program Intent.

Such as, in android system, Intent is the tie of mutual communication between different assembly, achieves the data interaction of communication between different assembly.The description that Intent can comprise the action of the single job in application function invoked procedure, action relates to data, additional data, the application program of android system can call corresponding assembly according to the description of this Intent.It can thus be appreciated that Intent plays a part media mediation between the assembly of android system, provide the relevant information mutually called between assembly specially, realize the decoupling zero between caller and callee.

In addition, in android system, in order to realize calling or alternately, much external broadcast interface can being opened to realize this function of each side third-party product.Such as in android system, assembly is the basis of Androidapp, and for building types of functionality and the service of app, wherein BroadcastReceiver assembly (radio receiver) is for receiving and responding broadcast.Herein can it is clear that, android system provides the one mechanism of a set of exclusive propagation data between the components based on broadcast, and these assemblies can be arranged in different processes, play the effect of interprocess communication.Data interaction or the data interaction of application teaching display stand of different Mobile solution can be realized like this by broadcast mechanism.After broadcast abduction refers to broadcast transmission, kidnapped by other app malice owing to not having explicitly to specify receiving unit to cause broadcast may escape from current app

And about the message on Android, inter-module realizes its loose feature of communication mechanism by Intent and causes component communication easily to there is risk.Rogue program, by the assembly corresponding to Intent message of registration valid application, receives the Intent message that valid application sends, and causes leakage of information, malice fishing etc. to kidnap risk.

The component call program of certainty annuity cannot exist and kidnap the problem of risk for above-mentioned prior art, not yet propose effective solution at present.

Summary of the invention

Embodiments provide a kind of detection method and device of component call leak, the component call program of certainty annuity cannot exist and kidnap the technical matters of risk at least to solve prior art.

According to an aspect of the embodiment of the present invention, provide a kind of detection method of component call leak, the method comprises: the source code file and the component call leak rule file that obtain application program; From the source code file of application program, the calling program having and kidnap risk is extracted according to component call leak rule file, form and call Risk list, wherein, for preserving, component call leak rule file determines that calling program has the characteristic of kidnapping risk; Automatically construct call detection module based on calling Risk list; Detecting based on calling detection module the calling program called in Risk list, obtaining the safety detection result of calling program.

According to the another aspect of the embodiment of the present invention, additionally provide a kind of pick-up unit of component call leak, this device comprises: acquisition module, for obtaining source code file and the component call leak rule file of application program; Build module, for extracting the calling program having and kidnap risk from the source code file of application program according to component call leak rule file, form and call Risk list, wherein, for preserving, component call leak rule file determines that calling program has the characteristic of kidnapping risk; Detection module, for automatically constructing call detection module based on calling Risk list, and detecting based on calling detection module the calling program called in Risk list, obtaining the safety detection result of calling program.

In embodiments of the present invention, the source code file obtaining application program and component call leak rule file is adopted, from the source code file of application program, the calling program having and kidnap risk is extracted according to component call leak rule file, form and call Risk list, wherein, for preserving, component call leak rule file determines that calling program has the characteristic of kidnapping risk, automatically construct call detection module based on calling Risk list, the calling program called in Risk list is detected based on calling detection module, obtain the mode of the safety detection result of calling program, after the source program code of application programs carries out characteristic matching, the file set with the calling program that excessive risk is held as a hostage can be obtained, for these calling programs, by constructing corresponding proving installation, realize the automated testing method of calling program, test call program can be constructed and send to corresponding application program, the result fed back by the assembly of application program determine in application program for calling program whether safety, solve prior art thus the component call program of certainty annuity to exist and kidnap the technical matters of risk, thus can determine that invocation component in current application program or calling program have excessive risk and be held as a hostage.

Accompanying drawing explanation

Accompanying drawing described herein is used to provide a further understanding of the present invention, and form a application's part, schematic description and description of the present invention, for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:

Fig. 1 is the hardware block diagram of the mobile terminal of a kind of method for running the component call leak detecting application program of the embodiment of the present invention;

Fig. 2 is the process flow diagram of the method for the component call leak of detection application program according to the embodiment of the present invention one;

Fig. 3 is the detail flowchart of the broadcast safe detection method according to the embodiment of the present invention one;

Fig. 4 carries out according to the compression installation kit of the application programs of the embodiment of the present invention one the method flow schematic diagram that reverse-engineering is converted to java source code;

Fig. 5 is the schematic diagram of the pick-up unit of component call leak according to the embodiment of the present invention two;

Fig. 6 is the schematic diagram of the pick-up unit of a kind of optional component call leak according to the embodiment of the present invention two;

Fig. 7 is the schematic diagram of the pick-up unit of a kind of optional component call leak according to the embodiment of the present invention two;

Fig. 8 is the schematic diagram of the pick-up unit of a kind of optional component call leak according to the embodiment of the present invention two;

Fig. 9 is the schematic diagram of the pick-up unit of a kind of optional component call leak according to the embodiment of the present invention two; And

Figure 10 is the structured flowchart of a kind of mobile terminal according to the embodiment of the present invention.

Embodiment

The present invention program is understood better in order to make those skilled in the art person, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the embodiment of a part of the present invention, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, should belong to the scope of protection of the invention.

It should be noted that, term " first ", " second " etc. in instructions of the present invention and claims and above-mentioned accompanying drawing are for distinguishing similar object, and need not be used for describing specific order or precedence.Should be appreciated that the data used like this can be exchanged in the appropriate case, so as embodiments of the invention described herein can with except here diagram or describe those except order implement.In addition, term " comprises " and " having " and their any distortion, intention is to cover not exclusive comprising, such as, contain those steps or unit that the process of series of steps or unit, method, system, product or equipment is not necessarily limited to clearly list, but can comprise clearly do not list or for intrinsic other step of these processes, method, product or equipment or unit.

Just the name word concept that the application relates to is described below:

Android: be a kind of based on the freedom of Linux and the operating system of open source code, be mainly used in mobile device, as smart mobile phone and panel computer, reach 80% in current smart mobile phone market share.

Reverse-engineering: also known as reversal technique or reverse engineering, refers to be disassembled by methods such as deciphering, dis-assembling, decompilings executable program or application and the structure of analysis software or application program, algorithm and code etc.

App: refer to the application program that Android platform is run herein.

APK: the abbreviation being ApplicationPackageFile, refers to the file layout of the application program installation kit of android system.

Intent assembly: the tie of communication mutually between the different assembly of android system, encapsulates the condition of communication between different assembly.

Implicit expression (implicit) is called: the title not having clear and definite objective definition assembly, makes caller not know whom to call, only knows the action of execution, by this request of Systematic selection assembly process.

Explicit (explicit) calls: the title defining target element, caller is known and will whom call, specify concrete callee by assembly name.

In explicit Intent information, determine that the unique elements of target element is component Name, therefore, if exactly defined the title of target element in Intent, thus do not need to define other Intent contents again.

And for implicit expression Intent information, owing to there is no specific aim component Name, therefore, need android system to help application matches to obtain the assembly asking with Intent to be intended to mate most.

Embodiment 1

The embodiment of the present invention, a kind of embodiment of the method detecting the component call leak of application program can be provided, it should be noted that, can perform in the computer system of such as one group of computer executable instructions in the step shown in the process flow diagram of accompanying drawing, and, although show logical order in flow charts, in some cases, can be different from the step shown or described by order execution herein.

The embodiment of the method that the embodiment of the present application one provides can perform in mobile terminal or similar communicator.To run on mobile terminals, Fig. 1 is the hardware block diagram of the mobile terminal of a kind of method for running the component call leak detecting application program of the embodiment of the present invention.As shown in Figure 1, mobile terminal 10 can comprise one or more (only illustrating one in figure) processor 102 (processor 102 can include but not limited to the treating apparatus of Micro-processor MCV or programmable logic device (PLD) FPGA etc.), for storing the storer 104 of data and the transmitting device 106 for communication function.

One of ordinary skill in the art will appreciate that, the structure shown in Fig. 1 is only signal, and it does not cause restriction to the structure of above-mentioned electronic installation.Such as, mobile terminal 10 also can comprise than assembly more or less shown in Fig. 1, or has the configuration different from shown in Fig. 1.

Storer 104 can be used for the software program and the module that store application software, programmed instruction/module corresponding to the method for the component call leak of the detection application program in the embodiment of the present invention and the database data of correspondence, processor 102 is by running the software program and module that are stored in storer 104, thus perform the application of various function and data processing, namely realize the process of the detection method of above-mentioned component call leak.Wherein, storer 104 can comprise high speed random access memory, also can comprise nonvolatile memory, as one or more magnetic storage device, flash memory or other non-volatile solid state memories.In some instances, storer 104 can comprise the storer relative to the long-range setting of processor 102 further, and these remote memories can be connected to mobile terminal 10 by network.The example of above-mentioned network includes but not limited to internet, intranet, LAN (Local Area Network), mobile radio communication and combination thereof.

Transmitting device 106 for via a network reception or send data.The wireless network that the communication providers that above-mentioned network instantiation can comprise mobile terminal 10 provides.In an example, transmitting device 106 can comprise a network adapter (NetworkInterfaceController, NIC), and it to be connected with other network equipments by base station thus can to carry out communication with internet.In an example, transmitting device 106 is radio frequency (RadioFrequency, RF) module, and it is for wirelessly carrying out communication with internet.

Under above-mentioned running environment, this application provides the method for the component call leak of detection application program as shown in Figure 2.Fig. 2 is the process flow diagram of the method for the component call leak of detection application program according to the embodiment of the present invention one.

As shown in Figure 2, the method for the component call leak of above-mentioned detection application program can comprise following implementation step:

Step S20, can obtain source code file and the component call leak rule file of application program by the processor 102 in Fig. 1.

Composition graphs 3 is known, for Android android system, the source code file of the application program in the application above-mentioned steps S20 can be java source code file collection, and the source code file of application program can be carried out reverse-engineering process by the installation kit of application programs and obtain.

Component call leak rule file in above-mentioned steps S20 can preserve the calling program comprising and have the characteristic of kidnapping risk.Calling program can be the Intent assembly of implicit invocation type, also can be the broadcast component of the Intent data containing implicit invocation type.

It should be noted that herein, in android system, after a calling function for application system constructs the Intent program of a corresponding implicit invocation type, the intention coupling that application program system can be asked according to this Intent obtains corresponding assembly, and the function of the assembly that can arrive according to the description execution in Intent or Operating match.

Wherein, system looks and Intent ask the assembly being intended to mate most to realize in the following way: the request content of Intent compares with the filtrator of invocation component by Android, obtain all possible target element.If the content that the Intent calling a certain assembly and implicit invocation in file asks matches, then determine the target element of this assembly as this implicit invocation Intent.

Step S22, can be realized by the processor 102 in Fig. 1 from the source code file of application program, extracting according to component call leak rule file the calling program having and kidnap risk, form and call Risk list, wherein, for preserving, component call leak rule file determines that calling program has the characteristic of kidnapping risk.

Still for Android Android operation system, above-mentioned calling program can for being registered to the Intent assembly in application program in advance, also can be the broadcast component be registered in application program, when broadcast component sends broadcast request, can, by adding receiver label in system list file, realize registering radio receiver (BroadcastReceiver) in an operating system.

Composition graphs 3 is known, known to build Intent assembly, and the calling program Intent called in above-described embodiment in Risk list can carry out characteristic matching according to component call leak rule file to the source code file after reverse-engineering process and obtain.

Step S24, can realize by the processor 102 in Fig. 1 automatically constructing call detection module based on calling Risk list.

Composition graphs 3 is known, and the process that the structure in above-mentioned steps S24 calls detection module by the characteristic attribute by calling program, can be carried out corresponding simulation process and realize.

Step S26, can realize by the processor 102 in Fig. 1 detecting based on calling detection module the calling program called in Risk list, obtains the safety detection result of calling program.

Composition graphs 3, still for Android Android operation system, above-mentioned test process can for simulate the new calling program of structure one for calling program existing in application program, detect and the calling program of simulation is injected the implementation status after arriving Android device, thus obtain the safety detection result of calling program in android system.

The above embodiments of the present application provide calling program (Intent) in a kind of Aulomatizeted Detect Android operation system and kidnap the universal method of Hole Detection.Such scheme determines to have the calling program kidnapping risk according to the characteristic in component call leak rule base, form and call Risk list, then by calling detection module, safety monitoring is carried out to the calling program called in Risk list, final acquisition safety monitoring result.

It can thus be appreciated that, in the above embodiments of the present application, after the source program code of application programs carries out characteristic matching, the file set with the calling program that excessive risk is held as a hostage can be obtained, for these calling programs, by constructing corresponding proving installation, realize the automated testing method of calling program, test call program can be constructed and send to corresponding application program, the result fed back by the assembly of application program determine in application program for calling program whether safety, solve prior art thus the component call program of certainty annuity to exist and kidnap the technical matters of risk, thus can determine that invocation component in current application program or calling program have excessive risk and be held as a hostage.

It should be noted that herein, the step S20 that the above embodiments of the present application provide to step S26 can run on the mobile terminal installing Android operation system, in implementation process, mobile terminal in the above-described embodiments can be Android operation system has been installed after client, with in the application for Android Android operation system, embodiment shown in above-mentioned Fig. 1 and Fig. 2 achieves the process of the safety detection result detecting the calling program injected in application program, wherein, testing process can mainly comprise: after the installation kit of Android application program is converted to java source code collection by reverse Engineering Technology, can according to preset and the component call leak rule file be kept in rule base is screened to have and kidnapped the calling program of risk, determine to have high risk of kidnapping, that does not carry out verifying calls Risk list.

In the scheme that the above embodiments of the present application one provide, the scheme of the source code file of the acquisition application program that step S20 realizes can be realized as follows:

Step S201, reads the installation file of application program.Installation file in this step S201 can be a compressed package document APK.

Step S203, the installation file of decompression applications program, obtains class file collection and binary system inventory.7z.exe can be adopted to the above-mentioned APK document that decompresses, containing file and binary system inventories (i.e. AndroidManifest.xml binary documents) such as class file collection (i.e. classes.dex) in the file after decompress(ion).

Step S205, uses reversal technique to carry out decompiling to class file collection, generates the source code file of application program, and binary system inventory is converted to system list file.

Reversal technique can comprise the multiple implementation method such as dis-assembling, decompiling, and the application can adopt the mode of decompiling to obtain the source code file of application program.

It should be noted that herein, in Android operation system, due to the core configuration document that AndroidManifest.xml is application software app, for defining the details of most of assembly of application software app, AndroidManifest.xml binary documents can be converted to visual XML document by java program AXMLPrinter2.jar by the application; In addition, classes.dex is the binary file after the conversion of app compilation of source code, decompiling can generate java source code by dex2jar, jad.exe etc.

Be described in detail with regard to the process of composition graphs 4 to the source code file of above-mentioned acquisition application program below.

The reverse module of APK is the primary of Android application static analysis and the step of key, and input Android application installation kit, exports java source code.APK reverse process is divided into APK to unpack, dex2jar, jar unpack and step such as batch decompiling etc., and as shown in Figure 4, concrete steps are:

First, after the APK installation kit of input Androidapp, decompression APK wraps, and obtains classes.dex file.Decompression procedure can be completed herein by 7z.exe.

Then, dex2jar program, jad.exe supervisor decompiling classes.dex file can be used, generate java code.This step can comprise: first classes.dex is converted to jar file, then the jar file that decompresses, and obtains the set of class class file.

Finally, batch decompiling class class file is to the set of java source file.

In addition, also need by AXMLPrinter2.jar Program transformation AndroidManifest.xml document, generate XML document.

It can thus be appreciated that, this application provides a kind of scheme realizing Intent interface risk detection module in Android operation system, after the java source code set of the program that is applied by APK reversal technique, data extraction can be carried out to above-mentioned source code set according to the characteristic recorded in component call leak rule file, Risk list is called in acquisition, this list at least saves the source code program having and kidnap risk, and automatically generates the intent list name of list.

Preferably, in the above embodiments of the present application, characteristic can comprise any one or more feature: the implicit invocation feature of calling program, broadcast type, transmission broadcast flag and the explicit of calling program call feature.Thus, the step S22 realized in such scheme extracts to have according to component call leak rule file and kidnaps the calling program of risk from the source code file of application program, forms the step calling Risk list and can comprise following any one or multiple implementation:

Mode one: extract the source code including implicit invocation feature from the source code file of application program, obtains having the calling program kidnapping risk.

Think that example describes aforesaid way one in detail:

In Android operation system, when calling program is Intent assembly, what realize due to Intent assembly calls and can comprise: the mode that the mode of implicit invocation and display are called, implicit invocation and display call has obvious feature difference, below just the feature interpretation of two kinds of method of calling is illustrated:

Calling program under display method of calling can at least comprise following feature:

intent.setClass(getApplicationContext(),Activtity.class)；

intent.setClassName(“com.example.app”,”com.example.app.activity”)；

intent.setComponent(newComponent(“com.example.app”,”.activity”))；

Calling program under implicit invocation mode can at least comprise following feature:

intent.setAction(Intent.ACTION)；

startActivity(intent)；

Due to, the feature of implicit invocation does not comprise the information such as the title of target element, therefore be a kind of intent method of calling that there is security risk, thus, the detected rule that can define the formulation of implicit invocation feature is: if include implicit invocation feature in the source code file of application program, such as: intent.setAction (), then extraction includes the source code of implicit invocation feature as having the calling program kidnapping risk.Namely detect in the source program code as the application A PP of intended application and whether comprise such as calling of " intent.setAction " this method, if comprised, then can think that above-mentioned application program includes the application program app kidnapping risk.

It should be noted that, the scheme that the application provides herein, after extraction includes the source code of implicit invocation feature from the source code file of application program, the file extracted can directly can be regarded as the calling program having and kidnap leak.

Mode two: extract the source code including broadcast type, send the implicit invocation feature of broadcast flag and calling program from the source code file of application program, obtains having the calling program kidnapping risk.

Aforesaid way two is described in detail for Android operation system:

In Android operation system, when calling program is broadcast, the radio receiver (BroadcastReceiver) of registration can be built.By adding receiver label in system list file, static registration radio receiver (BroadcastReceiver) in an operating system can be realized, and application program need not be started in advance; Also in the application by exploitation radio receiver (BroadcastReceiver), then dynamic registration radio receiver can be realized on this class of radio receiver or object registration to Android operation system.

Because broadcast files herein includes broadcast type, sends the features sources code of the implicit invocation Intent of broadcast flag and calling program, make only to need in the process of follow-up simulation calling program to obtain the broadcast title recorded in broadcast type.

It should be noted that, above-mentioned broadcast type is characterized by following any one or more parameter herein:

LocalBroadcastManager、

android.support.v4.content.LocalBroadcastManager、

LocalBroadcastManager.getInstance。

Send broadcast flag to be characterized by parameter s endBroadcast, the features sources code of the implicit invocation Intent of calling program can comprise following any one or more parameter: setAction (), putExtra.

If namely detect above-mentioned broadcast files to comprise the broadcast type parameter (LocalBroadcastManager, LocalBroadcastManager.getInstance and android.support.v4.content.LocalBroadcastManager) using above any one or more parameter, and comprise and can characterize the parameter s etAction () and/or putExtra that current calling program is implicit invocation, and comprise the parameter s endBroadcast sending broadcast flag, then can think that this broadcast files exists the risk of being held as a hostage.

Mode three: extract from the source code file of application program and do not include the explicit source code calling feature, obtains having the calling program kidnapping risk.

Such scheme detects current calling program, and whether calling of right and wrong explicit invocation pattern method (does not namely comprise following explicit call method, if namely calling program comprises following any one or more parameter: setClass, setClassName, setComponent), then this calling program is explicit calling, and now can confirm that this calling program does not exist the risk of being held as a hostage.

The scheme that analysis aforesaid way one and mode two provide is known, be defined as having the condition containing mode three in the rule of kidnapping risk, it can thus be appreciated that, aforesaid way three can as the necessary condition of mode one and mode two, also can being the supplementary condition of mode one and mode two, for determining, there is in application program the calling program kidnapping risk.

What need to further illustrate is herein, above-mentioned three kinds of regular fashions that the application provides can select wherein a kind of, two or three be applied to extract to have and kidnap the calling program of risk, in the application process that three kinds of modes all adopt, the process that three kinds of mode orders carry out extracting can be adopted successively, the sequence of extraction of these three kinds of modes can carry out combination in any, and the application does not limit at this.

The mode with the calling program kidnapping risk is determined based on above-mentioned three kinds, in a kind of optional embodiment that the application can provide, what above-mentioned steps S24 and S26 realized automatically constructs call detection module based on calling Risk list, and detect based on calling detection module the calling program called in Risk list, the step obtaining the safety detection result of calling program can be achieved by the following scheme:

Step S241, simulates by calling detection module the calling program called in Risk list, obtain calling program corresponding call test procedure.

This step S241 achieves and carries out simulation process for having the calling program kidnapping risk, simulates the test procedure that this calling program is corresponding.

The simulation process that above-mentioned steps S241 provides is as follows: first, and what cycle detection got calls Risk list; Then, the information such as this function name calling the calling program in Risk list, type, function content are read; Then, the calling program new according to the above-mentioned information architecture read, namely simulate one similar to this calling program but there is the new calling program kidnapping character, obtain one and corresponding with calling program call test procedure; Now, by after calling test sequence being injected into the precalculated position of source files of program, just can simulate a complete abduction process, thus application program is after running to and calling test procedure, performs should the abduction of destination application app.

Step S243, will call test procedure and import application program into.

Above-mentioned steps S243 can adopt the mode of call instruction to import application program into by calling test procedure, and the form of call instruction is: adbinstall test procedure title.

Analyze known, the calling program in the application program of above-mentioned steps S241 and step S243 simulation is held as a hostage realized core code can be as follows:

IntenthijackIntent＝newIntent(getBaseContext(),

mHashMap.get(processName))；

hijackIntent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)；

getApplication().startActivity(hijackIntent)；

It is possible to note that, the principle that realizes of this part code key is: arranging zone bit is: Intent.FLAG_ACTIVITY_NEW_TASK, namely achieve the activity that startup is set and be positioned at stack top, that is method that zone bit is set can be utilized simulation to be obtained call the calling program that test procedure puts in the application before, or directly replace calling program.For the interface function in application program, such scheme can realize the interface of normal application app (as login interface etc.) replace to for by calling interface that test procedure is forged, and then achieves the abduction operation of normal application.

Step S245, call request is sent to application program according to calling test procedure, wherein, if application program successfully return call result or return call result for empty, then perform step S247, if application program do not return call result or return call result for empty, then perform step S249.

Step S247, determines that safety detection result is that calling program exists abduction leak.

Step S249, determines that safety detection result is that calling program does not exist abduction leak.

The mode with the calling program kidnapping risk is determined based on above-mentioned three kinds, in another optional embodiment that the application can provide, what above-mentioned steps S24 and step S26 realized automatically constructs call detection module based on calling Risk list, and detect based on calling detection module the calling program called in Risk list, the step obtaining the safety detection result of calling program can be achieved by the following scheme:

Step S261, extracts the broadcast title of the calling program called in Risk list by calling detection module.

Step S262, registers corresponding radio receiver in the application according to broadcast title.

Step S263, simulates the calling program called in Risk list, obtains the test broadcast that calling program is corresponding.

Step S264, sends and contains the radio receiver that the test of calling test procedure is broadcast to correspondence in application program.

Step S265, that extracts calling of comprising in test broadcast test procedure returns calls result, wherein, if radio receiver successfully return call result or return call result for empty, then perform step S266, if radio receiver do not return call result or return call result for empty, then perform step S267.

Step S266, determines that safety detection result is that calling program exists abduction leak.

Step S267, determines that safety detection result is that calling program does not exist abduction leak.

Preferably, in another embodiment, by following scheme, above-mentioned steps S263 and step S267 is also to determine whether calling program exists abduction leak: namely simulating the calling program called in Risk list, after obtaining test broadcast corresponding to calling program, detect in this test broadcast whether to comprise and call test procedure (this calls test procedure and refers to the calling program determining to have abduction risk by detection method provided by the invention), wherein, if do not comprise this in test broadcast to call test procedure, then can determine that safety detection result is that calling program does not exist abduction leak, if comprise in test broadcast and call test procedure, if but call the parameter of test procedure for sky, then also can determine that safety detection result is that calling program does not exist abduction leak, in the application test broadcast packet containing call test procedure and the parameter calling test procedure for empty, then can determine that safety detection result is that calling program exists abduction leak.

Preferably, the calling program in Risk list is called in the simulation that the application above-mentioned steps S263 realizes, and the scheme obtaining test broadcast corresponding to calling program can realize as follows:

Step S2631, obtains and the component Name called in Risk list in each calling program and module diagnostic.

Step S2633, uses component Name and module diagnostic to construct broadcast corresponding to calling program, generates test broadcast.

It should be noted that herein, such scheme achieves and simulates each calling program with abduction risk, build corresponding call test procedure after, debugging test result is sent to application program, whether be used for simulating the invoked procedure of calling program, testing current by tested application program app to the result that it responds is the assembly with risk leak by the calling program of simulating.

In summary, in Android Android operation system in the embodiment one that the application provides, take calling program as Intent be example, whether detection intent assembly has the testing process of kidnapping leak can be divided into Part III: Part I, reverse-engineering process can be carried out, the source code (i.e. the set of java source code) of the program that is applied and system list file (namely registering the AndroidManifest.xml file of broadcast) by the installation compressed package APK of application programs; Part II, by mating according to the source code file of component call leak rule file application programs, obtain above-mentioned intent assembly corresponding call Risk list (intent list), wherein, this component call leak rule file saves the characteristic having and kidnap the calling program of risk and comprise; Part III, according to the intent list obtained, simulation sends intent and asks application program, detect application program return data, if return data failure or return data success but this return data be sky, then determine that the intent assembly of current detection does not possess abduction leak, if return data success and return data be sky, then determine that the intent assembly of current detection possesses abduction leak.

Detection system idiographic flow is as follows:

First, the APK installation kit of input Android application, and securing component calls the broadcast component leak rule of leak rule file, can carry out sign said modules call leak rule by characteristic.As previously mentioned, obtain calling Risk list by this component call leak rule match and can comprise three kinds of modes.

Then, receive APK installation kit by the reverse module of APK, be converted to java source code file collection by reverse decompiling:

(1), decompression APK installation kit, obtain classes.dex file.

(2), use dex2jar program, change classes.dex into jar file.

(3), decompression jar file, obtain class class file and bibliographic structure thereof.

(4), batch decompiling class class file, obtain java source file and bibliographic structure thereof.

Then, for the unchecked java source code file of in java source code file bibliographic structure, open file, and perform following operation:

A1, read the content of source code file by row, read next line (or first trip) content of text, and perform b1.

B1, may be used for of recording in component call leak rule file determined intent calling program have kidnap risk characteristic as rule, carry out with the content of source code file mating (if rule needs multirow to mate, automatic reading subsequent rows text), if correctly mate, then record the source code lines text of characteristic in source program code text of registration, and skip to d1; Otherwise skip to c1.

C1, judge that current style of writing part is not that the end-of-file of source program code is capable, then return and perform step a1, otherwise skip to steps d 1.

D1, obtain intent call method for coupling and carry out check processing.This test processes process comprises following implementation step: first, have what record in above-mentioned b1 to c1 the intent detection module that the source code text message kidnapping risk submits to structure automatically, this intent detection module structure intent request is sent in the system of application program; Then, by detecting whether successful return data, or volume detects whether return data is that sky is to determine whether intent program has abduction leak, if there are data successfully to return, or not only successful return data and return data are not empty, then illustrate and kidnap successfully, otherwise this intent program does not have abduction leak; Finally, mobile terminal can acquire to exist and kidnap the final detection result of successful intent collection of programs as native system.

E1, cleaning temporary file.Namely the temporary file generated in reverse-engineering processing procedure is cleared up, to reduce system resource waste.

It can thus be appreciated that, above-mentioned example achieves a kind of at robotization reverse Android application installation kit, be converted to java source code program, and obtain in Android platform for detect calling program (such as intent) whether safety rule set after, ask Android to apply method to detect whether safety by automatically sending intent.

In another embodiment that the application provides, in Android Android operation system, with calling program for broadcasting as example, whether detection broadcast has the testing process of kidnapping leak can be divided into Part III equally: Part I, reverse-engineering process can be carried out, the source code (i.e. the set of java source code) of the program that is applied and system list file (namely registering the AndroidManifest.xml file of broadcast) by the installation compressed package APK of application programs; Part II, by mating according to the source code file of component call leak rule file application programs, obtain and kidnap the broadcast that the broadcast of risk forms call Risk list by having, said modules is called leak rule file and is saved the characteristic having the calling program of kidnapping risk and comprise; Part III, Risk list is called in broadcast according to obtaining, the test broadcast that simulation calling program is corresponding, detect application program return data, when radio receiver successfully return call result or return call result for empty, then determine that the broadcast of current detection possesses abduction leak, if radio receiver do not return call result or return call result for empty, then determine that the broadcast of current detection does not possess abduction leak.

Detection system idiographic flow is as follows:

First, the APK installation kit of input Android application, and securing component calls the broadcast component leak rule of leak rule file, can carry out sign said modules call leak rule by characteristic.As previously mentioned, obtain calling Risk list by this component call leak rule match and can comprise three kinds of modes.

Then, receive APK installation kit by the reverse module of APK, be converted to java source code file collection by reverse decompiling:

(1), decompression APK installation kit, obtain classes.dex file.

(2), use dex2jar program, change classes.dex into jar file.

(3), decompression jar file, obtain class class file and bibliographic structure thereof.

(4), batch decompiling class class file, obtain java source file and bibliographic structure thereof.

Then, for the unchecked java source code file of in java source code file bibliographic structure, open file, and perform following operation:

A2, read the content of source code file by row, read next line (or first trip) content of text, and perform b2.

B2, may be used for of recording in component call leak rule file determined intent calling program have kidnap risk characteristic as rule, carry out with the content of source code file mating (if rule needs multirow to mate, automatic reading subsequent rows text), if correctly mate, then record the source code lines text of characteristic in source program code text of registration, and skip to d2; Otherwise skip to c2.

C2, judge that current style of writing part is not that the end-of-file of source program code is capable, then return and perform step a2, otherwise skip to steps d 2.

D2, for coupling obtain broadcast call method carry out check processing.This test processes process comprises following implementation step: first, by what record in above-mentioned b2 to c2, there is the source code text message kidnapping risk, be about to call the intent detection module that Risk list (such as intent Risk list) submits to structure automatically, then, above-mentionedly Risk list (such as intent Risk list) is called according to what detect, extract broadcast (broadcast) title called in Risk list in corresponding target program, and according to this broadcast title, register radio receiver in the application, then, be broadcast to application program according to the test that the target program simulation got sends, and detect the data (can be the intent data as calling test procedure) whether comprising calling program in this broadcast, finally, test procedure is called by detecting in broadcast whether to include, and detect the supplemental characteristic of resolving and calling test procedure and comprising, determine to broadcast the risk whether having and be held as a hostage, wherein, if include in broadcast and call test procedure, and be not sky as the supplemental characteristic that the intent data calling test procedure comprise, then illustrate and contain the risk that the broadcast of calling test procedure exists leaking data, if do not comprise in broadcast and call test procedure, although or comprise and call test procedure but be empty as the supplemental characteristic that the intent data calling test procedure comprise, then can confirm that above-mentioned broadcast does not exist the risk of leaking data.

E2, cleaning temporary file.

In above-described embodiment, by the temporary file generated in cleaning reverse-engineering processing procedure, system resource waste can be reduced.

It can thus be appreciated that, the application achieves a kind of at robotization reverse Android application installation kit, be converted to java source code program, and obtain in Android platform for detect calling program (such as including the broadcast of intent data) whether safety rule set after, by automatically sending broadcast request to Android application to detect whether safe method.

It should be noted that, for aforesaid each embodiment of the method, in order to simple description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the present invention is not by the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in instructions all belongs to preferred embodiment, and involved action and module might not be that the present invention is necessary.

Through the above description of the embodiments, those skilled in the art can be well understood to the mode that can add required general hardware platform by software according to the method for above-described embodiment and realize, hardware can certainly be passed through, but in a lot of situation, the former is better embodiment.Based on such understanding, technical scheme of the present invention can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product is stored in a storage medium (as ROM/RAM, magnetic disc, CD), comprising some instructions in order to make a station terminal equipment (can be mobile phone, computing machine, server, or the network equipment etc.) perform method described in each embodiment of the present invention.

Embodiment 2

According to the embodiment of the present invention, additionally provide a kind of device embodiment for implementing said method embodiment.Fig. 5 is the schematic diagram of the pick-up unit of component call leak according to the embodiment of the present invention two.

As shown in Figure 5, the pick-up unit of this component call leak can comprise: acquisition module 50, structure module 52 and detection module 54.

Wherein, acquisition module 50, for obtaining source code file and the component call leak rule file of application program; Build module 52, for extracting the calling program having and kidnap risk from the source code file of application program according to component call leak rule file, form and call Risk list, wherein, for preserving, component call leak rule file determines that calling program has the characteristic of kidnapping risk; Detection module 54, for automatically constructing call detection module based on calling Risk list, and detecting based on calling detection module the calling program called in Risk list, obtaining the safety detection result of calling program.

The above embodiments of the present application provide calling program (Intent) in a kind of Aulomatizeted Detect Android operation system and kidnap the fexible unit of Hole Detection.Such scheme determines to have the calling program kidnapping risk according to the characteristic in component call leak rule base, form and call Risk list, then by calling detection module, safety monitoring is carried out to the calling program called in Risk list, final acquisition safety monitoring result.

It can thus be appreciated that, in the above embodiments of the present application, after the source program code of application programs carries out characteristic matching, the file set with the calling program that excessive risk is held as a hostage can be obtained, for these calling programs, by constructing corresponding proving installation, realize the automated testing method of calling program, test call program can be constructed and send to corresponding application program, the result fed back by the assembly of application program determine in application program for calling program whether safety, solve prior art thus the component call program of certainty annuity to exist and kidnap the technical matters of risk, thus can determine that invocation component in current application program or calling program have excessive risk and be held as a hostage.

It should be noted that herein, the acquisition module 50 that the above embodiments of the present application provide, structure module 52 and detection module 54 can run on the mobile terminal installing Android operation system, in implementation process, mobile terminal in the above-described embodiments can be Android operation system has been installed after client, with in the application for Android Android operation system, embodiment shown in said apparatus achieves the process of the safety detection result detecting the calling program injected in application program, wherein, testing process can mainly comprise: after the installation kit of Android application program is converted to java source code collection by reverse Engineering Technology, can according to preset and the component call leak rule file be kept in rule base is screened to have and kidnapped the calling program of risk, determine to have high risk of kidnapping, that does not carry out verifying calls Risk list.

It should be noted that, the acquisition module 50 that the above embodiments of the present application provide, structure module 52 and detection module 54 have identical application scenarios with the method step S20 to step S26 provided in embodiment one herein, but the example that the method for being not limited to provides.And above-mentioned modules can operate in the mobile terminal shown in Fig. 1 as a part for hardware.

In the device embodiment that the application provides, characteristic can comprise any one or more feature: the implicit invocation feature of calling program, broadcast type, transmission broadcast flag and the explicit of calling program call feature, wherein, as shown in Figure 6, this structure module 52 can comprise following any one or multiple extraction module: the first extraction module 521, second extraction module 523, the 3rd extraction module 525.

First extraction module 521, for extracting the source code including implicit invocation feature from the source code file of application program, obtains having the calling program kidnapping risk.

Second extraction module 523, for extracting the source code including broadcast type, send the implicit invocation feature of broadcast flag and calling program from the source code file of application program, obtain that there is the calling program kidnapping risk.

3rd extraction module 525, does not include the explicit source code calling feature for extracting from the source code file of application program, obtains having the calling program kidnapping risk.

It should be noted that, the mode that each extraction module that the above embodiments of the present application provide calls Risk list with the three kinds of acquisitions provided in embodiment one has identical application scenarios herein, but the example that the method for being not limited to provides.And above-mentioned modules can operate in the mobile terminal shown in Fig. 1 as a part for hardware.

Preferably, as shown in Figure 7, in a kind of embodiment that the application provides, above-mentioned detection module 54 can comprise: the first analog module 541a, the first injection module 543a, the first sending module 545a, the first determination module 547a and the second determination module 549a.

Wherein, the first analog module 541a, for simulating by calling detection module the calling program called in Risk list, obtain calling program corresponding call test procedure; First injection module 543a, imports application program into for calling test procedure; First sending module 545a, for sending call request to application program according to calling test procedure; First determination module 547a, if for application program successfully return call result or return call result for empty, then safety detection result is that calling program exists and kidnaps leak; Second determination module 549a, if for application program do not return call result or return call result for empty, then safety detection result is that calling program does not exist abduction leak.

It should be noted that herein, the first analog module 541a that the above embodiments of the present application provide, the first injection module 543a, the first sending module 545a, the first determination module 547a and the second determination module 549a have identical application scenarios with the method step S241 to step S249 provided in embodiment one, but the example that the method for being not limited to provides.And above-mentioned modules can operate in the mobile terminal shown in Fig. 1 as a part for hardware.

Preferably, as shown in Figure 8, in another embodiment that the application provides, above-mentioned detection module 54 comprises: sub-extraction module 541b, the second Registering modules 543b, the second analog module 545b, the second sending module 547b, the first sub-acquisition module 549b, the 3rd determination module 551b, the 4th determination module 553b.

Wherein, sub-extraction module 541b, for extracting the broadcast title of the calling program called in Risk list by calling detection module; Second Registering modules 543b, for registering corresponding radio receiver in the application according to broadcast title; Second analog module 545b, for simulating the calling program called in Risk list, obtains the test broadcast that calling program is corresponding; Second sending module 547b, contains for sending the radio receiver that the test of calling test procedure is broadcast to correspondence in application program; First sub-acquisition module 549b, calls result for what obtain calling of comprising in test broadcast test procedure returns; 3rd determination module 551b, if for radio receiver successfully return call result or return call result for empty, then safety detection result is that calling program exists and kidnaps leak; 4th determination module 553b, if for radio receiver do not return call result or return call result for empty, then safety detection result is that calling program does not exist abduction leak.

It should be noted that herein, the sub-extraction module 541b that the above embodiments of the present application provide, the second Registering modules 543b, the second analog module 545b, the second sending module 547b, the first sub-acquisition module 549b, the 3rd determination module 551b, the 4th determination module 553b have identical application scenarios with the method step S261 to step S267 provided in embodiment one, but the example that the method for being not limited to provides.And above-mentioned modules can operate in the mobile terminal shown in Fig. 1 as a part for hardware.

Preferably, above-mentioned second analog module 545b can comprise: the second sub-acquisition module 5451, generation module 5453.

Wherein, the second sub-acquisition module 5451, for obtaining and the component Name called in Risk list in each calling program and module diagnostic; Generation module 5453, for using component Name and module diagnostic to construct broadcast corresponding to calling program, generates test broadcast.

It should be noted that, the second sub-acquisition module 5451 that the above embodiments of the present application provide, generation module 5453 have identical application scenarios with the method step S2631 to step S2633 provided in embodiment one herein, but the example that the method for being not limited to provides.And above-mentioned modules can operate in the mobile terminal shown in Fig. 1 as a part for hardware.

Preferably, the application provides in above-described embodiment as described in Figure 9, and above-mentioned acquisition module 50 comprises: read module 501, decompression module 503, decompiling module 505.

Wherein, read module 501, for reading the installation file of application program; Decompression module 503, for the installation file of decompression applications program, obtains class file collection; Decompiling module 505, for using reversal technique to carry out decompiling to class file collection, generates the source code file of application program.

It should be noted that herein, the read module 501 that the above embodiments of the present application provide, decompression module 503, decompiling module 505 have identical application scenarios with the method step S201 to step S205 provided in embodiment one, but the example that the method for being not limited to provides.And above-mentioned modules can operate in the mobile terminal shown in Fig. 1 as a part for hardware.

Embodiment 3

Embodiments of the invention can provide a kind of mobile terminal, and this mobile terminal can be any one mobile terminal device in mobile terminal group.Alternatively, in the present embodiment, above-mentioned mobile terminal also can replace with the terminal devices such as terminal.

Alternatively, in the present embodiment, above-mentioned mobile terminal can be arranged at least one network equipment of multiple network equipments of computer network.

In the present embodiment, above-mentioned mobile terminal can call the program code of following steps in the detection method of leak by executive module: the source code file and the component call leak rule file that obtain application program; From the source code file of application program, the calling program having and kidnap risk is extracted according to component call leak rule file, form and call Risk list, wherein, for preserving, component call leak rule file determines that calling program has the characteristic of kidnapping risk; Automatically construct call detection module based on calling Risk list; Detecting based on calling detection module the calling program called in Risk list, obtaining the safety detection result of calling program.。

Alternatively, Figure 10 is the structured flowchart of a kind of mobile terminal according to the embodiment of the present invention.As shown in Figure 10, this mobile terminal 10 can comprise: one or more (only illustrating one in figure) processor 51, storer 53 and transmitting device 55.

Wherein, storer 53 can be used for storing software program and module, as the detection method of the component call leak in the embodiment of the present invention and programmed instruction/module corresponding to device, processor 51 is by running the software program and module that are stored in storer 53, thus perform the application of various function and data processing, the detection method that the leak namely realizing calling program in above-mentioned system is attacked.Storer 53 can comprise high speed random access memory, can also comprise nonvolatile memory, as one or more magnetic storage device, flash memory or other non-volatile solid state memories.In some instances, storer 53 can comprise the storer relative to the long-range setting of processor 51 further, and these remote memories can be connected to terminal A by network.The example of above-mentioned network includes but not limited to internet, intranet, LAN (Local Area Network), mobile radio communication and combination thereof.

Above-mentioned transmitting device 55 for via a network reception or send data.Above-mentioned network instantiation can include spider lines and wireless network.In an example, transmitting device 55 comprises a network adapter (NetworkInterfaceController, NIC), and it to be connected with router by netting twine and other network equipments thus can to carry out communication with internet or LAN (Local Area Network).In an example, transmitting device 55 is radio frequency (RadioFrequency, RF) module, and it is for wirelessly carrying out communication with internet.

Wherein, particularly, storer 53 is for storing information and the application program of deliberate action condition and default access user.

Processor 51 can call information and the application program of storer 53 storage by transmitting device, to perform following step: the source code file and the component call leak rule file that obtain application program; From the source code file of application program, the calling program having and kidnap risk is extracted according to component call leak rule file, form and call Risk list, wherein, for preserving, component call leak rule file determines that calling program has the characteristic of kidnapping risk; Automatically construct call detection module based on calling Risk list; Detecting based on calling detection module the calling program called in Risk list, obtaining the safety detection result of calling program.

Optionally, above-mentioned processor 51 can also perform the program code of following steps: simulate by calling detection module the calling program called in Risk list, obtain calling program corresponding call test procedure; Test procedure will be called and import application program into; Send call request to application program according to calling test procedure, wherein, if application program successfully return call result or return call result for empty, then safety detection result is that calling program exists and kidnaps leak; If application program do not return call result or return call result for empty, then safety detection result is that calling program does not exist abduction leak.

Optionally, above-mentioned processor 51 can also perform the program code of following steps: the broadcast title extracting the calling program called in Risk list by calling detection module; Corresponding radio receiver is registered in the application according to broadcast title; Simulate the calling program called in Risk list, obtain the test broadcast that calling program is corresponding; Send and contain the radio receiver that the test of calling test procedure is broadcast to correspondence in application program; That extracts calling of comprising in test broadcast test procedure returns calls result; Wherein, if radio receiver successfully return call result or return call result for empty, then safety detection result is that calling program exists and kidnaps leak; If radio receiver do not return call result or return call result for empty, then safety detection result is that calling program does not exist abduction leak.

Optionally, above-mentioned processor 51 can also perform the program code of following steps: obtain and the component Name called in Risk list in each calling program and module diagnostic; Use component Name and module diagnostic to construct broadcast corresponding to calling program, generate test broadcast.

Optionally, above-mentioned processor 51 can also perform the program code of following steps: the installation file reading application program; The installation file of decompression applications program, obtains class file collection; Use reversal technique to carry out decompiling to class file collection, generate the source code file of application program.

One of ordinary skill in the art will appreciate that, structure shown in Figure 10 is only signal, terminal also can be the terminal devices such as smart mobile phone (as Android phone, iOS mobile phone etc.), panel computer, applause computer and mobile internet device (MobileInternetDevices, MID), PAD.Figure 10 its restriction is not caused to the structure of above-mentioned electronic installation.Such as, terminal 10 also can comprise than assembly (as network interface, display device etc.) more or less shown in Figure 10, or has the configuration different from shown in Figure 10.

One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment can carry out the device-dependent hardware of command terminal by program to have come, this program can be stored in a computer-readable recording medium, storage medium can comprise: flash disk, ROM (read-only memory) (Read-OnlyMemory, ROM), random access device (RandomAccessMemory, RAM), disk or CD etc.

embodiment 4

Embodiments of the invention additionally provide a kind of storage medium.Alternatively, in the present embodiment, above-mentioned storage medium may be used for the program code performed by leak detection method preserving the application program that above-described embodiment one provides.

Alternatively, in the present embodiment, above-mentioned storage medium can be arranged in any one mobile terminal of mobile internet mobile terminal group.

Alternatively, in the present embodiment, storage medium is set to store the program code for performing following steps: the source code file and the component call leak rule file that obtain application program; From the source code file of application program, the calling program having and kidnap risk is extracted according to component call leak rule file, form and call Risk list, wherein, for preserving, component call leak rule file determines that calling program has the characteristic of kidnapping risk; Automatically construct call detection module based on calling Risk list; Detecting based on calling detection module the calling program called in Risk list, obtaining the safety detection result of calling program.

Alternatively, storage medium is also set to store program code for performing following steps: simulate by calling detection module the calling program called in Risk list, obtain calling program corresponding call test procedure; Test procedure will be called and import application program into; Send call request to application program according to calling test procedure, wherein, if application program successfully return call result or return call result for empty, then safety detection result is that calling program exists and kidnaps leak; If application program do not return call result or return call result for empty, then safety detection result is that calling program does not exist abduction leak.

Optionally, storage medium is also set to store the program code for performing following steps: the broadcast title extracting the calling program called in Risk list by calling detection module; Corresponding radio receiver is registered in the application according to broadcast title; Simulate the calling program called in Risk list, obtain the test broadcast that calling program is corresponding; Send and contain the radio receiver that the test of calling test procedure is broadcast to correspondence in application program; That extracts calling of comprising in test broadcast test procedure returns calls result; Wherein, if radio receiver successfully return call result or return call result for empty, then safety detection result is that calling program exists and kidnaps leak; If radio receiver do not return call result or return call result for empty, then safety detection result is that calling program does not exist abduction leak.

Optionally, storage medium is also set to store the program code for performing following steps: obtain and the component Name called in Risk list in each calling program and module diagnostic; Use component Name and module diagnostic to construct broadcast corresponding to calling program, generate test broadcast.

Optionally, storage medium is also set to store the program code for performing following steps: the installation file reading application program; The installation file of decompression applications program, obtains class file collection; Use reversal technique to carry out decompiling to class file collection, generate the source code file of application program.

Alternatively, in the present embodiment, above-mentioned storage medium can include but not limited to: USB flash disk, ROM (read-only memory) (ROM, Read-OnlyMemory), random access memory (RAM, RandomAccessMemory), portable hard drive, magnetic disc or CD etc. various can be program code stored medium.

Alternatively, the concrete example in the present embodiment can with reference to the example described in above-described embodiment 1 and embodiment 2, and the present embodiment does not repeat them here.

The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.

If the integrated unit in above-described embodiment using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in the storage medium that above computer can read.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or all or part of of this technical scheme can embody with the form of software product, this computer software product is stored in storage medium, comprises all or part of step of some instructions in order to make one or more computer equipment (can be personal computer, server or the network equipment etc.) perform method described in each embodiment of the present invention.

In the above embodiment of the present invention, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part described in detail, can see the associated description of other embodiments.

In several embodiments that the application provides, should be understood that, disclosed client, the mode by other realizes.Wherein, device embodiment described above is only schematic, the such as division of described unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of unit or module or communication connection can be electrical or other form.

The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.

In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form of SFU software functional unit also can be adopted to realize.

The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.

Claims (12)

1. a detection method for component call leak, is characterized in that, comprising:

Obtain source code file and the component call leak rule file of application program;

From the source code file of described application program, the calling program having and kidnap risk is extracted according to described component call leak rule file, form and call Risk list, wherein, for preserving, described component call leak rule file determines that described calling program has the characteristic of kidnapping risk;

Automatically construct call detection module based on the described Risk list that calls;

Based on described call detection module detect described in call calling program in Risk list, obtain the safety detection result of described calling program.

2. method according to claim 1, it is characterized in that, described characteristic comprises any one or more feature: the implicit invocation feature of described calling program, broadcast type, transmission broadcast flag and the explicit of described calling program call feature, wherein, extract to have from the source code file of described application program according to described component call leak rule file and kidnap the calling program of risk, form the step calling Risk list and comprise following any one or multiple implementation:

Mode one: extract the source code including described implicit invocation feature from the source code file of described application program, has the calling program kidnapping risk described in obtaining;

Mode two: extract the source code including broadcast type, send the implicit invocation feature of broadcast flag and described calling program from the source code file of described application program, there is described in obtaining the calling program kidnapping risk;

Mode three: extract from the source code file of described application program and do not include the described explicit source code calling feature, has the calling program kidnapping risk described in obtaining.

3. method according to claim 1 and 2, it is characterized in that, automatically construct call detection module based on the described Risk list that calls, and based on described call detection module detect described in call calling program in Risk list, the step obtaining the safety detection result of described calling program comprises:

Call calling program in Risk list by described calling described in detection module simulation, obtain described calling program corresponding call test procedure;

Import the described test procedure that calls into described application program;

Call request is sent to described application program according to the described test procedure that calls,

Wherein, call result if described application program successfully returns or call result described in returning for empty, then described safety detection result is that described calling program exists and kidnaps leak; If call result described in described application program does not return or call result described in returning for empty, then described safety detection result is that described calling program does not exist abduction leak.

4. method according to claim 1 and 2, it is characterized in that, automatically construct call detection module based on the described Risk list that calls, and based on described call detection module detect described in call calling program in Risk list, the step obtaining the safety detection result of described calling program comprises:

The broadcast title calling the calling program in Risk list described in detection module extraction is called by described;

In described application program, corresponding radio receiver is registered according to described broadcast title;

Call the calling program in Risk list described in simulation, obtain the test broadcast that described calling program is corresponding;

Send and contain the described radio receiver that the described test of calling test procedure is broadcast to correspondence in described application program;

Extract in described test broadcast to call described in comprising that test procedure returns call result;

Wherein, if described radio receiver successfully return described in call result or call result described in returning for empty, then described safety detection result is that described calling program exists and kidnaps leak; If call result described in described radio receiver does not return or call result described in returning for empty, then described safety detection result is that described calling program does not exist abduction leak.

5. method according to claim 4, is characterized in that, calls the calling program in Risk list described in simulation, and the step obtaining test broadcast corresponding to described calling program comprises:

Obtain and call component Name in Risk list in each calling program and module diagnostic with described;

Use described component Name and described module diagnostic to construct broadcast corresponding to described calling program, generate described test broadcast.

6. method according to claim 1, is characterized in that, the step obtaining the source code file of described application program comprises:

Read the installation file of described application program;

The installation file of the described application program that decompresses, obtains class file collection;

Use reversal technique to carry out decompiling to described class file collection, generate the source code file of described application program.

7. a pick-up unit for component call leak, is characterized in that, comprising:

Acquisition module, for obtaining source code file and the component call leak rule file of application program;

Build module, for extracting the calling program having and kidnap risk from the source code file of described application program according to described component call leak rule file, form and call Risk list, wherein, for preserving, described component call leak rule file determines that described calling program has the characteristic of kidnapping risk;

Detection module, for automatically constructing call detection module based on the described Risk list that calls, and based on described call detection module detect described in call calling program in Risk list, obtain the safety detection result of described calling program.

8. device according to claim 7, it is characterized in that, described characteristic comprises any one or more feature: the implicit invocation feature of described calling program, broadcast type, transmission broadcast flag and the explicit of described calling program call feature, wherein, described structure module comprises following any one or multiple extraction module:

First extraction module, for extracting the source code including described implicit invocation feature in the source code file from described application program, has the calling program kidnapping risk described in obtaining;

Second extraction module, for extracting the source code including broadcast type, send the implicit invocation feature of broadcast flag and described calling program in the source code file from described application program, there is described in obtaining the calling program kidnapping risk;

3rd extraction module, does not include the described explicit source code calling feature for extracting in the source code file from described application program, has the calling program kidnapping risk described in obtaining.

9. the device according to claim 7 or 8, is characterized in that, described detection module comprises:

First analog module, for calling the calling program called described in detection module simulation in Risk list described in passing through, obtain described calling program corresponding call test procedure;

Injection module, for importing the described test procedure that calls into described application program;

First sending module, sends call request to described application program for calling test procedure described in basis;

First determination module, calls result if successfully returned for described application program or calls result described in returning for empty, then described safety detection result is that described calling program exists and kidnaps leak;

Second determination module, if call result described in not returning for described application program or call result described in returning for empty, then described safety detection result is that described calling program does not exist abduction leak.

10. the device according to claim 7 or 8, is characterized in that, described detection module comprises:

Sub-extraction module, calls the broadcast title calling the calling program in Risk list described in detection module extraction described in passing through;

Registering modules, for registering corresponding radio receiver in described application program according to described broadcast title;

Second analog module, for calling the calling program in Risk list described in simulating, obtains the test broadcast that described calling program is corresponding;

Second sending module, contains for sending the described radio receiver that the described test of calling test procedure is broadcast to correspondence in described application program;

First sub-acquisition module, for obtain in described test broadcast comprise described in call that test procedure returns call result;

3rd determination module, if call result described in successfully returning for described radio receiver or call result described in returning for empty, then described safety detection result is that described calling program exists and kidnaps leak;

4th determination module, if call result described in not returning for described radio receiver or call result described in returning for empty, then described safety detection result is that described calling program does not exist abduction leak.

11. devices according to claim 10, is characterized in that, described second analog module comprises:

Second sub-acquisition module, calls component Name in Risk list in each calling program and module diagnostic for obtaining with described;

Generation module, for using described component Name and described module diagnostic to construct broadcast corresponding to described calling program, generates described test broadcast.

12. devices according to claim 7, is characterized in that, described acquisition module comprises:

Read module, for reading the installation file of described application program;

Decompression module, for the installation file of the described application program that decompresses, obtains class file collection;

Decompiling module, for using reversal technique to carry out decompiling to described class file collection, generates the source code file of described application program.