CN112699376A - Source code logic vulnerability detection method and device, computer equipment and storage medium - Google Patents
Source code logic vulnerability detection method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN112699376A CN112699376A CN202011605104.7A CN202011605104A CN112699376A CN 112699376 A CN112699376 A CN 112699376A CN 202011605104 A CN202011605104 A CN 202011605104A CN 112699376 A CN112699376 A CN 112699376A
- Authority
- CN
- China
- Prior art keywords
- path
- source code
- detected
- probability distribution
- distribution map
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The embodiment of the invention discloses a source code logic vulnerability detection method and device, computer equipment and a storage medium. The method belongs to the technical field of software engineering and information security, and comprises the following steps: inputting the service logic of the source code to be detected into a rule engine to generate a preset file; analyzing a source code to be detected to obtain a control flow graph; generating a path probability distribution map according to the control flow graph and a preset generation technology; performing constraint solution on each path in the path probability distribution map according to the path probability distribution map and a preset file to obtain a constraint solution value; and judging whether the source code to be detected has logic loopholes according to the constraint solving value to obtain a detection result. The whole detection process of the embodiment of the application omits the configuration of the running environment and the writing of test cases because the source code program to be detected does not need to be really run, thereby reducing the labor cost, shortening the test time and improving the test efficiency.
Description
Technical Field
The invention relates to the technical field of software engineering and information security, in particular to a source code logic vulnerability detection method and device, computer equipment and a storage medium.
Background
With the continuous development of informatization, software products have increasingly more and more influence on the life of people, but due to the complexity of the software products, various defects or bugs often exist after the coding is completed and the products are widely used, and the defects or bugs often cause more serious influence.
Disclosure of Invention
The embodiment of the invention provides a source code logic vulnerability detection method, a source code logic vulnerability detection device, computer equipment and a storage medium, and aims to solve the problems of long test time and low test efficiency of the conventional source code logic vulnerability detection.
In a first aspect, an embodiment of the present invention provides a method for detecting a source code logic vulnerability, including:
inputting the service logic of the source code to be detected into a rule engine to generate a preset file;
analyzing the source code to be detected to obtain a control flow graph;
generating a path probability distribution map according to the control flow graph and a preset generation technology;
performing constraint solving on each path in the path probability distribution map according to the path probability distribution map and the preset file to obtain a constraint solving value;
and judging whether the source code to be detected has a logic vulnerability according to the constraint solving value to obtain a detection result.
In a second aspect, an embodiment of the present invention further provides a device for detecting a source code logic vulnerability, which includes:
the first generating unit is used for inputting the service logic of the source code to be detected into the rule engine to generate a preset file;
the analysis unit is used for analyzing the source code to be detected to obtain a control flow graph;
the second generation unit is used for generating a path probability distribution map according to the control flow graph and a preset generation technology;
the solving unit is used for carrying out constraint solving on each path in the path probability distribution map according to the path probability distribution map and the preset file to obtain a constraint solving value;
and the judging unit is used for judging whether the source code to be detected has a logic vulnerability according to the constraint solving value so as to obtain a detection result.
In a third aspect, an embodiment of the present invention further provides a computer device, which includes a memory and a processor, where the memory stores a computer program, and the processor implements the above method when executing the computer program.
In a fourth aspect, the present invention also provides a computer-readable storage medium, which stores a computer program, and the computer program can implement the above method when being executed by a processor.
The embodiment of the invention provides a source code logic vulnerability detection method and device, computer equipment and a storage medium. Wherein the method comprises the following steps: inputting the service logic of the source code to be detected into a rule engine to generate a preset file; analyzing the source code to be detected to obtain a control flow graph; generating a path probability distribution map according to the control flow graph and a preset generation technology; performing constraint solving on each path in the path probability distribution map according to the path probability distribution map and the preset file to obtain a constraint solving value; and judging whether the source code to be detected has a logic vulnerability according to the constraint solving value to obtain a detection result. According to the technical scheme of the embodiment of the invention, the business logic of the source code to be detected is abstractly described by using the rule engine to obtain the preset file, so that the defect that the custom rule is not supported in the existing multi-source code analysis technology is overcome; on the basis of obtaining the preset file, a path probability distribution map is generated by adopting a symbolic execution technology and an SMT technology, and then each path in the path probability distribution map is subjected to constraint solving so as to realize the detection of the logical vulnerability of the source code to be detected.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flow chart of a method for detecting a vulnerability of source code logic according to an embodiment of the present invention;
fig. 2 is a sub-flow diagram of a method for detecting a vulnerability of source code logic according to an embodiment of the present invention;
fig. 3 is a sub-flow diagram of a method for detecting a vulnerability of source code logic according to an embodiment of the present invention;
fig. 4 is a sub-flow diagram of a method for detecting a vulnerability of source code logic according to an embodiment of the present invention;
fig. 5 is a sub-flow diagram of a method for detecting a vulnerability of source code logic according to an embodiment of the present invention;
fig. 6 is a schematic flowchart of a method for detecting a vulnerability of source code logic according to another embodiment of the present invention;
fig. 7 is a schematic block diagram of a source code logic vulnerability detection apparatus according to an embodiment of the present invention;
fig. 8 is a schematic block diagram of an analysis unit of a source code logic vulnerability detection apparatus according to an embodiment of the present invention;
fig. 9 is a schematic block diagram of a second generation unit of the source code logic vulnerability detection apparatus according to the embodiment of the present invention;
FIG. 10 is a schematic block diagram of a marking unit of a source code logic vulnerability detection apparatus according to an embodiment of the present invention;
fig. 11 is a schematic block diagram of a second generation subunit of the source code logic vulnerability detection apparatus provided in the embodiment of the present invention;
FIG. 12 is a schematic block diagram of a source code logic vulnerability detection apparatus according to another embodiment of the present invention; and
fig. 13 is a schematic block diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
Referring to fig. 1, fig. 1 is a schematic flowchart illustrating a method for detecting a source code logic vulnerability according to an embodiment of the present invention. The source code logic vulnerability detection method can be applied to terminals, such as intelligent terminal equipment of a portable computer, a notebook computer, a desktop computer and the like, and is realized through an application program installed on the terminal, so that the labor cost is reduced, the test time is shortened, and the test efficiency is improved. As shown in fig. 1, the method includes the following steps S100-S140.
S100, inputting the business logic of the source code to be detected into a rule engine to generate a preset file.
In the embodiment of the invention, the business logic of the source code to be detected is firstly input into the rule engine to generate the preset file, and then vulnerability detection is carried out on the source code to be detected based on the preset file. The preset file is a conf file which abstracts the service logic of the code to be detected into a specific language description in the field. Domain Specific Language (DSL) is a Language that abstracts certain Domain Specific operations and concepts to solve Domain Specific problems. The rule engine is a component nested in the application program, and realizes the separation of the business rules from the application program code.
And S110, analyzing the source code to be detected to obtain a control flow graph.
In the embodiment of the invention, after the business logic of the source code to be detected is input into the rule engine to generate the preset file, the source code to be detected is analyzed to obtain the control flow graph. Specifically, semantic analysis is performed on the source code to be detected to obtain a control flow graph. The Control Flow Graph (CFG) is also called a Control Flow Graph, is an abstract representation of a process or a program, is an abstract data structure used in a compiler, is maintained internally by the compiler, and represents all paths traversed during a program execution process. Semantic analysis is a logical phase of the compilation process, the task of which is to perform context-related property scrutiny, type-scrutiny, on structurally correct source programs.
Referring to fig. 2, in an embodiment, for example, in the embodiment of the present invention, the step S110 includes the following steps S111-S112.
And S111, analyzing the source code to be detected for the first time to obtain an abstract syntax tree.
And S112, carrying out second analysis on the abstract syntax tree to obtain a control flow graph, wherein the first analysis and the second analysis are semantic analysis.
In the embodiment of the invention, the first semantic analysis is carried out on the source code to be detected to obtain the abstract syntax tree, and then the second semantic analysis is carried out on the abstract syntax tree to obtain the control flow graph. Wherein, the Abstract Syntax Tree (AST) is a tree representation of the Abstract Syntax structure of the source Code, and each node on the tree represents a structure in the source Code. The "syntax" is abstract in that the abstract syntax tree does not represent every detail of the real syntax, for example, the nesting brackets are hidden in the structure of the tree and are not represented in the form of nodes.
It should be noted that, in the embodiment of the present invention, a source code to be detected is subjected to semantic analysis twice by using a root static analysis tool.
And S120, generating a path probability distribution map according to the control flow graph and a preset generation technology.
In the embodiment of the invention, after the source code to be detected is analyzed to obtain the control flow graph, the path probability distribution graph is generated according to the control flow graph and the preset generation technology. The preset generation technology comprises a symbol execution technology and an SMT solving technology. Symbolic execution techniques are program analysis techniques that can analyze a program to obtain input for a particular code region to execute. The SMT is called as the Satisfiability module tools, and can be translated into Satisfiability model theory, Satisfiability problem under multiple Theories or Satisfiability problem under a specific background theory, and the judgment algorithm of the SMT is called as an SMT solver. Briefly, an SMT problem is a problem that determines whether an SMT formula can be satisfied. An SMT formula is a logical formula that incorporates a theoretical background, where propositional variables can represent the theoretical formula. The probability distribution refers to a function which can be expressed by an event that the random variable X is smaller than any known real number X, and is used for expressing the probability law of the random variable value. The path probability distribution map in this embodiment is used to express a probability rule of each labeled path value.
Referring to fig. 3, in an embodiment, for example, in the embodiment of the present invention, the step S120 includes the following steps S121 to S123.
And S121, marking reachable points in the control flow graph by adopting preset marks.
In the embodiment of the present invention, the preset mark is a self-defined mark, for example, a symbol "#" and a number "1" may be both used as the preset mark.
Referring to fig. 4, in an embodiment, for example, in the embodiment of the present invention, the step S121 includes the following steps S1211-S1212.
S1211, conducting arrival fixed value analysis on the control flow graph to establish an reachable point set.
And S1212, marking the reachable points in the reachable point set by adopting preset marks.
In the embodiment of the invention, the reachable points in the control flow graph are marked by adopting the preset marks, specifically, the control flow graph is subjected to arrival fixed value analysis to establish a reachable point set, and the reachable points in the reachable point set are marked by adopting the preset marks. In the embodiment of the present invention, the constant value of the variable x is a statement that a value is assigned to x. A constant value is reached if there is a path from a point immediately following the constant value d to a certain program point p and d is not "killed" on this path (if there is another constant value d 'for the variable x on this path, the variable x is said to be "killed" by this constant value d'), the constant value d is said to reach the program point p. The control flow graph is subjected to constant value analysis by using an arrival constant value analysis method, and the conditions that the loop is unchanged, the constants are combined and whether the variable x is quoted without a constant value at the point p can be detected.
It should be noted that, in the embodiment of the present invention, an reachable point set and an unreachable point set are established according to a control flow graph, so as to reduce a marking range and shorten a marking time, and then a reachable point in the reachable point set is preset to be marked.
And S122, generating a marking path according to the preset mark and the entrance of the source code to be detected.
And S123, generating a path probability distribution map by using a preset generation technology according to the marked path.
In the embodiment of the present invention, a preset generation technology is used to generate a path probability distribution map according to the labeled path, specifically, a path heuristic search is performed on the labeled path by using a symbolic execution technology, and an SMT solution technology is used to generate the path probability distribution map.
Referring to fig. 5, in an embodiment, for example, in the embodiment of the present invention, the step S123 includes the following steps S1231-S1233.
And S1231, performing path heuristic search on the marked paths by using a symbolic execution technology, and calculating the number of solutions of the path conditions of each marked path by using the SMT solving technology.
And S1232, calculating the probability of each marked path according to the number of the solutions of the path condition of each marked path.
And S1233, arranging the probability of each marked path in a descending order to generate the path probability distribution map.
In the embodiment of the invention, the path heuristic search is carried out on the marked path by using the symbolic execution technology, so that the search space of the marked path can be reduced. The path condition is that the logic in the code to be detected can be implemented by a plurality of statements, for example, to implement the loop function, the logic can be implemented by a for statement, a while statement or a do-while statement, and the for statement, the while statement or the do-while statement is the path condition.
S130, performing constraint solving on each path in the path probability distribution map according to the path probability distribution map and the preset file to obtain a constraint solving value.
In the embodiment of the invention, after the path probability distribution map is generated according to the control flow map, the coincidence execution technology and the SMT solving technology, each path in the path probability distribution map is subjected to constraint solving according to the path probability distribution map and a preset file to obtain a constraint solving value, and then the constraint solving value is obtained so as to perform logic vulnerability judgment on the source code to be detected subsequently. In the embodiment of the invention, the process of constraint solving is a proving process, namely, whether a path corresponding to the constraint solving has a logic vulnerability or not is proved.
S140, judging whether the source code to be detected has logic loopholes according to the constraint solving value to obtain a detection result.
In the embodiment of the invention, after each path in the path probability distribution map is subjected to constraint solving to obtain a constraint solving value, whether the source code to be detected has logic loopholes or not is judged according to the constraint solving value to obtain a detection result.
Fig. 6 is a flowchart illustrating a method for detecting a source code logic vulnerability, according to another embodiment of the present invention, as shown in fig. 6, in the present embodiment, the method includes steps S100 to S150. That is, in the present embodiment, after step S140 of the above embodiment, the method further includes step S150.
And S150, generating a logic vulnerability analysis report according to the detection result.
In the embodiment of the invention, a logic vulnerability analysis report is generated according to the detection result. In a specific practical scene, if the detection result is not a preset value, which indicates that a logic leak exists in a path corresponding to constraint solving, the path is recorded in a logic leak analysis report so that development testers can check and analyze the path; otherwise, the constraint solving path does not have the logic vulnerability and does not need to be recorded in the logic vulnerability analysis report. The preset value of 1 indicates that the path subjected to constraint solving has no logic loophole, and the preset value of 0 indicates that the path subjected to constraint solving has logic loophole.
Fig. 7 is a schematic block diagram of a source code logic vulnerability detection apparatus 200 according to an embodiment of the present invention. As shown in fig. 7, the present invention further provides a source code logic vulnerability detection apparatus 200 corresponding to the above source code logic vulnerability detection method. The source code logic vulnerability detection apparatus 200 includes a unit for executing the above-described source code logic vulnerability detection method, and the apparatus may be configured in a terminal. Specifically, referring to fig. 7, the source code logic vulnerability detection apparatus 200 includes a first generation unit 201, an analysis unit 202, a second generation unit 203, a solving unit 204 and a judgment unit 205.
The first generating unit 201 is configured to input the service logic of the source code to be detected into the rule engine to generate a preset file; the analysis unit 202 is configured to analyze the source code to be detected to obtain a control flow graph; the second generation unit 203 is used for generating a path probability distribution map according to the control flow graph and a preset generation technology; the solving unit 204 is configured to perform constraint solving on each path in the path probability distribution map according to the path probability distribution map and the preset file to obtain a constraint solved value; the determining unit 205 is configured to determine whether the source code to be detected has a logic vulnerability according to the constraint solution value to obtain a detection result.
In some embodiments, such as the present embodiment, as shown in fig. 8, the analysis unit 202 includes a first analysis subunit 2021 and a second analysis subunit 2022.
The first analysis subunit 2021 is configured to perform a first analysis on the source code to be detected to obtain an abstract syntax tree; the second analysis subunit 2022 is configured to perform a second analysis on the abstract syntax tree to obtain a control flow graph, where the first analysis and the second analysis are both semantic analysis.
In some embodiments, for example, in this embodiment, as shown in fig. 9, the second generating unit 203 includes a marking unit 2031, a first generating subunit 2032, and a second generating subunit 2033.
The marking unit 2031 is configured to mark an reachable point in the control flow graph with a preset mark; the first generating subunit 2032 is configured to generate a mark path according to the preset mark and the entry of the source code to be detected; the second generation subunit 2033 is configured to generate a path probability distribution map according to the labeled paths by using a preset generation technique.
In some embodiments, for example, in this embodiment, as shown in fig. 10, the marking unit 2031 includes a creating unit 20311 and a marking subunit 20312.
The establishing unit 20311 is configured to perform arrival fixed value analysis on the control flow graph to establish an reachable point set; the marking subunit 20312 is configured to mark reachable points in the set of reachable points with preset marks.
In some embodiments, such as this embodiment, as shown in fig. 11, the second generation subunit 2033 includes a first calculation unit 20331, a second calculation unit 20332, and a third generation subunit 20333.
The first calculating unit 20331 is configured to perform a path heuristic search on the marked paths by using a symbolic execution technique, and calculate the number of solutions of the path condition of each marked path by using the SMT solving technique; the second calculating unit 20332 is configured to calculate a probability of each labeled path according to the number of solutions of the path condition of each labeled path; the third generating subunit 20333 is configured to arrange the probabilities of each of the labeled paths in a descending order to generate the path probability distribution map.
In some embodiments, such as the present embodiment, the apparatus 200 further comprises a third generating unit 206, as shown in fig. 12.
The third generating unit 206 is configured to generate a logic vulnerability analysis report according to the detection result.
Referring to fig. 13, fig. 13 is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device 300 is a terminal, and the terminal may be an electronic device with a communication function, such as a tablet computer, a notebook computer, and a desktop computer.
Referring to fig. 13, the computer device 300 includes a processor 302, memory, and a network interface 305 connected by a system bus 301, wherein the memory may include a non-volatile storage medium 503 and an internal memory 304.
The nonvolatile storage medium 303 may store an operating system 3031 and a computer program 3032. The computer program 3032, when executed, may cause the processor 302 to perform a method for source code logic vulnerability detection.
The processor 302 is used to provide computing and control capabilities to support the operation of the overall computer device 300.
The internal memory 304 provides an environment for the running of the computer program 3032 in the non-volatile storage medium 303, and when the computer program 3032 is executed by the processor 302, the processor 302 can be caused to execute a source code logic vulnerability detection method.
The network interface 305 is used for network communication with other devices. Those skilled in the art will appreciate that the architecture shown in fig. 13 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing device 300 to which the disclosed aspects apply, as a particular computing device 300 may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
Wherein the processor 302 is configured to run a computer program 3032 stored in the memory to implement the following steps: inputting the service logic of the source code to be detected into a rule engine to generate a preset file; analyzing the source code to be detected to obtain a control flow graph; generating a path probability distribution map according to the control flow graph and a preset generation technology; performing constraint solving on each path in the path probability distribution map according to the path probability distribution map and the preset file to obtain a constraint solving value; and judging whether the source code to be detected has a logic vulnerability according to the constraint solving value to obtain a detection result.
In some embodiments, for example, in this embodiment, when the processor 302 implements the step of analyzing the source code to be detected to obtain the control flow graph, the following steps are specifically implemented: analyzing the source code to be detected for the first time to obtain an abstract syntax tree; and performing second analysis on the abstract syntax tree to obtain a control flow graph, wherein the first analysis and the second analysis are semantic analysis.
In some embodiments, for example, in this embodiment, when the processor 302 implements the step of generating the path probability distribution map according to the control flow graph and the preset generation technique, the following steps are specifically implemented: marking reachable points in the control flow graph by adopting preset marks; generating a mark path according to the preset mark and the entrance of the source code to be detected; and generating a path probability distribution map by using a preset generation technology according to the marked path.
In some embodiments, for example, in this embodiment, when the processor 302 implements the step of marking the reachable point in the control flow graph by using the preset mark, the following steps are implemented: carrying out arrival fixed value analysis on the control flow graph to establish an reachable point set; and marking the reachable points in the reachable point set by adopting preset marks.
In some embodiments, for example, in this embodiment, when the processor 302 implements the step of generating the path probability distribution map according to the labeled path by using the preset generation technology, the following steps are specifically implemented: performing path heuristic search on the marked paths by using a symbolic execution technology, and calculating the number of solutions of the path condition of each marked path by using the SMT solution technology; calculating the probability of each marked path according to the number of solutions of the path condition of each marked path; the probabilities for each of the labeled paths are arranged in descending order to generate the path probability distribution map.
In some embodiments, for example, in this embodiment, after the step of determining whether the source code to be detected has the logic vulnerability according to the constraint solution value to obtain the detection result is implemented by the processor 302, the implementation further includes the following steps: and generating a logic vulnerability analysis report according to the detection result.
It should be understood that, in the embodiment of the present Application, the Processor 302 may be a Central Processing Unit (CPU), and the Processor 302 may also be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, and the like. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It will be understood by those skilled in the art that all or part of the flow of the method implementing the above embodiments may be implemented by a computer program instructing associated hardware. The computer program may be stored in a storage medium, which is a computer-readable storage medium. The computer program is executed by at least one processor in the computer system to implement the flow steps of the embodiments of the method described above. Accordingly, the present invention also provides a storage medium. The storage medium may be a computer-readable storage medium. The storage medium stores a computer program. The computer program, when executed by a processor, causes the processor to perform the steps of: inputting the service logic of the source code to be detected into a rule engine to generate a preset file; analyzing the source code to be detected to obtain a control flow graph; generating a path probability distribution map according to the control flow graph and a preset generation technology; performing constraint solving on each path in the path probability distribution map according to the path probability distribution map and the preset file to obtain a constraint solving value; and judging whether the source code to be detected has a logic vulnerability according to the constraint solving value to obtain a detection result.
In some embodiments, for example, in this embodiment, when the processor executes the computer program to implement the step of analyzing the source code to be detected to obtain the control flow graph, the following steps are specifically implemented: analyzing the source code to be detected for the first time to obtain an abstract syntax tree; and performing second analysis on the abstract syntax tree to obtain a control flow graph, wherein the first analysis and the second analysis are semantic analysis.
In some embodiments, for example, in this embodiment, when the processor executes the computer program to implement the step of generating the path probability distribution map according to the control flow graph and the preset generation technique, the following steps are specifically implemented: marking reachable points in the control flow graph by adopting preset marks; generating a mark path according to the preset mark and the entrance of the source code to be detected; and generating a path probability distribution map by using a preset generation technology according to the marked path.
In some embodiments, for example, in this embodiment, when the processor executes the computer program to implement the step of marking the reachable point in the control flow graph by using the preset mark, the following steps are specifically implemented: carrying out arrival fixed value analysis on the control flow graph to establish an reachable point set; and marking the reachable points in the reachable point set by adopting preset marks.
In some embodiments, for example, in this embodiment, when the processor executes the computer program to implement the step of generating the path probability distribution map according to the labeled path by using a preset generation technique, the following steps are specifically implemented: performing path heuristic search on the marked paths by using a symbolic execution technology, and calculating the number of solutions of the path condition of each marked path by using the SMT solution technology; calculating the probability of each marked path according to the number of solutions of the path condition of each marked path; the probabilities for each of the labeled paths are arranged in descending order to generate the path probability distribution map.
In some embodiments, for example, in this embodiment, after the processor executes the computer program to implement the step of determining whether the source code to be detected has the logic vulnerability according to the constraint solution value to obtain the detection result, the specific implementation further includes the following steps: and generating a logic vulnerability analysis report according to the detection result.
The storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, or an optical disk, which can store various computer readable storage media.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, various elements or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs. The units in the device of the embodiment of the invention can be merged, divided and deleted according to actual needs. In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a storage medium. Based on such understanding, the technical solution of the present invention essentially or partially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a terminal, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, while the invention has been described with respect to the above-described embodiments, it will be understood that the invention is not limited thereto but may be embodied with various modifications and changes.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A method for detecting a source code logic vulnerability includes:
inputting the service logic of the source code to be detected into a rule engine to generate a preset file;
analyzing the source code to be detected to obtain a control flow graph;
generating a path probability distribution map according to the control flow graph and a preset generation technology;
performing constraint solving on each path in the path probability distribution map according to the path probability distribution map and the preset file to obtain a constraint solving value;
and judging whether the source code to be detected has a logic vulnerability according to the constraint solving value to obtain a detection result.
2. The method according to claim 1, wherein the analyzing the source code to be detected to obtain a control flow graph comprises:
analyzing the source code to be detected for the first time to obtain an abstract syntax tree;
and performing second analysis on the abstract syntax tree to obtain a control flow graph, wherein the first analysis and the second analysis are semantic analysis.
3. The method of claim 1, wherein generating a path probability distribution map from the control flow graph and a preset generation technique comprises:
marking reachable points in the control flow graph by adopting preset marks;
generating a mark path according to the preset mark and the entrance of the source code to be detected;
and generating a path probability distribution map by using a preset generation technology according to the marked path.
4. The method of claim 3, wherein marking reachable points in the control flow graph with preset marks comprises:
carrying out arrival fixed value analysis on the control flow graph to establish an reachable point set;
and marking the reachable points in the reachable point set by adopting preset marks.
5. The method of claim 3, wherein generating a path probability distribution map from the labeled paths using a preset generation technique comprises:
and performing path heuristic search on the marked paths by using a symbolic execution technology, and generating a path probability distribution map by using an SMT solving technology.
6. The method of claim 5, wherein generating a path probability distribution map from the labeled paths using a preset generation technique comprises:
performing path heuristic search on the marked paths by using a symbolic execution technology, and calculating the number of solutions of the path condition of each marked path by using the SMT solution technology;
calculating the probability of each marked path according to the number of solutions of the path condition of each marked path;
the probabilities for each of the labeled paths are arranged in descending order to generate the path probability distribution map.
7. The method according to claim 1, wherein after the step of determining whether the source code to be detected has a logic vulnerability according to the constraint solution value to obtain a detection result, the method further comprises:
and generating a logic vulnerability analysis report according to the detection result.
8. A source code logic vulnerability detection apparatus, comprising:
the first generating unit is used for inputting the service logic of the source code to be detected into the rule engine to generate a preset file;
the analysis unit is used for analyzing the source code to be detected to obtain a control flow graph;
the second generation unit is used for generating a path probability distribution map according to the control flow graph and a preset generation technology;
the solving unit is used for carrying out constraint solving on each path in the path probability distribution map according to the path probability distribution map and the preset file to obtain a constraint solving value;
and the judging unit is used for judging whether the source code to be detected has a logic vulnerability according to the constraint solving value so as to obtain a detection result.
9. A computer arrangement, characterized in that the computer arrangement comprises a memory having stored thereon a computer program and a processor implementing the method according to any of claims 1-7 when executing the computer program.
10. A computer-readable storage medium, characterized in that the storage medium stores a computer program which, when executed by a processor, implements the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011605104.7A CN112699376A (en) | 2020-12-30 | 2020-12-30 | Source code logic vulnerability detection method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011605104.7A CN112699376A (en) | 2020-12-30 | 2020-12-30 | Source code logic vulnerability detection method and device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112699376A true CN112699376A (en) | 2021-04-23 |
Family
ID=75512342
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011605104.7A Pending CN112699376A (en) | 2020-12-30 | 2020-12-30 | Source code logic vulnerability detection method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112699376A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113742724A (en) * | 2021-07-28 | 2021-12-03 | 中国科学院信息工程研究所 | Method for detecting security mechanism defect of network protocol software |
-
2020
- 2020-12-30 CN CN202011605104.7A patent/CN112699376A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113742724A (en) * | 2021-07-28 | 2021-12-03 | 中国科学院信息工程研究所 | Method for detecting security mechanism defect of network protocol software |
| CN113742724B (en) * | 2021-07-28 | 2023-09-12 | 中国科学院信息工程研究所 | Security mechanism defect detection method of network protocol software |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109426722B (en) | SQL injection defect detection method, system, equipment and storage medium | |
| US9983984B2 (en) | Automated modularization of graphical user interface test cases | |
| US9507943B1 (en) | Analysis tool for data security | |
| CN104899147B (en) | A kind of code Static Analysis Method towards safety inspection | |
| CN111104335B (en) | C language defect detection method and device based on multi-level analysis | |
| US11835987B2 (en) | Methods and apparatus for finding long methods in code | |
| KR20060045568A (en) | Method and system for probe optimization while instrumenting a program | |
| KR20190041912A (en) | System for detecting security vulnerability based on binary, method and program thereof | |
| US20110145799A1 (en) | Path-sensitive dataflow analysis including path refinement | |
| CN110245085B (en) | Embedded real-time operating system verification method and system by using online model inspection | |
| WO2013161195A1 (en) | Program unit test assistance device | |
| KR102114547B1 (en) | Testing method and apparatus of target function incluede in target program | |
| CN110321458B (en) | Data flow analysis method and device based on control flow graph | |
| JP5868515B2 (en) | Signature verification apparatus, signature verification method and program | |
| Park et al. | A survey of parametric static analysis | |
| Reger et al. | Automata-based pattern mining from imperfect traces | |
| US11709764B2 (en) | Creating test cases for testing software using anonymized log data | |
| CN112699376A (en) | Source code logic vulnerability detection method and device, computer equipment and storage medium | |
| Mouzarani et al. | A smart fuzzing method for detecting heap-based buffer overflow in executable codes | |
| EP3872663A1 (en) | Method and device for symbolic analysis of a software program | |
| Li et al. | DepTaint: a static taint analysis method based on program dependence | |
| WO2019142266A1 (en) | Test case generation device, test case generation method, and test case generation program | |
| US8639490B2 (en) | Concretization of abstracted traces | |
| US11853751B2 (en) | Indirect function call target identification in software | |
| Mohamed et al. | A control flow representation for component-based software reliability analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |