CN114036526A - Vulnerability testing method and device, computer equipment and storage medium - Google Patents

Vulnerability testing method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN114036526A
CN114036526A CN202111290262.2A CN202111290262A CN114036526A CN 114036526 A CN114036526 A CN 114036526A CN 202111290262 A CN202111290262 A CN 202111290262A CN 114036526 A CN114036526 A CN 114036526A
Authority
CN
China
Prior art keywords
source code
vulnerability
variable
code
token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111290262.2A
Other languages
Chinese (zh)
Inventor
黄士超
钟国新
吴梓宏
梁兆楷
温诗华
王辉鹏
陈浩云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Power Supply Bureau of Guangdong Power Grid Co Ltd
Original Assignee
Guangzhou Power Supply Bureau of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Power Supply Bureau of Guangdong Power Grid Co Ltd filed Critical Guangzhou Power Supply Bureau of Guangdong Power Grid Co Ltd
Priority to CN202111290262.2A priority Critical patent/CN114036526A/en
Publication of CN114036526A publication Critical patent/CN114036526A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • G06F8/42Syntactic analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • G06F8/43Checking; Contextual analysis
    • G06F8/436Semantic checking

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Quality & Reliability (AREA)
  • Computing Systems (AREA)
  • Computational Linguistics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The application relates to a vulnerability testing method, a vulnerability testing device, computer equipment and a storage medium. The method comprises the steps of obtaining a source code to be detected, cutting the source code according to preset rules to obtain a token file, tracking the token file by using an analysis engine to determine an input interface of the source code, tracing variables associated with the input interface of the source code in a forward and reverse direction, performing backtracking check in a variable tracing process, searching for a vulnerability in a transmission process, and performing semantic analysis and syntax analysis on the code to obtain a syntax tree; and traversing the syntax tree and determining a logical relationship between a network address path corresponding to the vulnerability after the source code is compiled by the system and the vulnerability position in the source code by combining the vulnerability in the variable transmission process found by the forward and reverse tracking variables associated with the input interfaces of the codes. The relationship between the source code and the system code layer is better displayed, the service tester can better reproduce and retest the existing bugs, and the code quality of programmers is effectively improved.

Description

Vulnerability testing method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of application security testing technologies, and in particular, to a vulnerability testing method and apparatus, a computer device, and a storage medium.
Background
In order to discover the bugs and defects of the software application and ensure the security of the WEB application before and after delivery, a security testing technology is required to actively identify the weak points and bugs of the architecture in the WEB application (the application program which can be accessed through WEB), so as to prevent the corresponding application from being used by hackers and illegal persons to cause security hazards.
After years of development, WEB application security testing technologies such as SAST, DAST, and IAST are available, but the inventor finds that, in the implementation process, the conventional WEB application security testing technology has the defect that a specific vulnerability position cannot be determined, and for agents which can realize vulnerability position detection and are difficult to be applied to different types, the input research and development cost is high, and the application scenario is limited.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a vulnerability testing method, apparatus, computer device and storage medium capable of dynamic vulnerability tracking backtracking and vulnerability discovery.
In one aspect, a vulnerability testing method is provided, and the method includes:
acquiring a source code to be detected, and cutting the source code according to a preset rule to obtain a token file;
tracking the token file by using an analysis engine to determine an input interface of the source code;
tracing variables associated with the input interface of the source code in a forward and reverse direction, performing backtracking check in a variable tracing process, and searching for a vulnerability in a variable transmission process;
performing semantic analysis and syntax analysis on the source code to obtain a corresponding syntax tree;
and traversing the syntax tree and determining a logical relationship between a network address path corresponding to the vulnerability after the source code is compiled by the system and the vulnerability position in the source code by combining the vulnerability in the variable transmission process found by the forward and reverse tracking variables associated with the input interfaces of the codes.
In one embodiment, the step of finding a bug in the variable transfer process by tracking the variable associated with the input interface of each code in the forward and backward directions includes:
and tracking variables associated with the input interface in a forward and backward direction, and determining the vulnerability in the variable transfer process by checking whether the variables have code logic vulnerability in the transfer process and/or checking whether the variables are transmitted to a high-risk function and/or checking parameters of a sensitive function.
In one embodiment, the token file is a token list, the steps of obtaining the source code to be detected, and cutting the source code according to the preset rule to obtain the token file include:
cutting the source code according to a preset rule to obtain a plurality of tokens;
and cutting each token of the source code into a list to form a token list.
In one embodiment, the step of cutting the source code according to the preset rule to obtain a plurality of tokens includes:
removing contents which do not influence the code semantics in the source code;
and cutting the source codes which remove the contents which do not influence the code semantics line by line, and converting each line of codes into a corresponding token.
In one embodiment, tracking the token file with the analysis engine to determine the input interface of the source code comprises:
and comparing the token file through forward and reverse tracking by utilizing an analysis engine, and determining that an external access interface corresponding to the token file receiving the external input parameters is an input interface of the source code.
In one embodiment, the vulnerability testing method further includes:
and generating and sending a vulnerability test report according to the logical relationship between the network address path corresponding to the vulnerability after the source code is compiled by the system and the vulnerability position in the source code.
On the other hand, a vulnerability testing device is also provided, and the device comprises:
the token file acquisition module is used for acquiring a source code to be detected and cutting the source code according to a preset rule to obtain a token file;
the source code input interface determining module is used for tracking the token file by utilizing the analysis engine so as to determine the input interface of the source code;
the vulnerability searching module is used for tracing variables associated with the input interface of the source code in a forward and reverse direction, carrying out backtracking check on a variable tracing process and searching for vulnerabilities in a variable transmission process;
the syntax tree acquisition module is used for performing semantic analysis and syntax analysis on the source code to obtain a corresponding syntax tree;
and the vulnerability path and position relation determining module is used for traversing the syntax tree, tracking vulnerabilities in the variable transmission process found by the variables associated with the input interfaces of the codes in a forward and reverse mode, and determining the logical relation between the network address path corresponding to the vulnerabilities and the vulnerability positions in the source codes after the source codes are compiled by the system.
In one embodiment, the vulnerability discovery module comprises:
and the backtracking query unit is used for tracking the variable associated with the input interface in a forward and backward direction, and determining the vulnerability in the variable transfer process by checking whether the variable has a code logic vulnerability in the transfer process and/or checking whether the variable is transmitted to a high-risk function and/or checking the parameter of a sensitive function.
The computer equipment comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the steps of the vulnerability testing method when executing the computer program.
A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the above-mentioned vulnerability testing method.
The vulnerability testing method, the vulnerability testing device, the computer equipment and the storage medium have at least the following beneficial effects:
the vulnerability testing method includes the steps of obtaining a source code to be tested, cutting the source code according to preset rules to obtain a token file, tracking the token file by using an analysis engine to determine an input interface of the source code, further tracking a variable associated with the input interface of the source code in a forward and reverse mode, and searching for vulnerabilities in a variable transmission process. The method has the advantages that the white box testing technology can be utilized to find the loopholes, semantic analysis and syntax analysis are further carried out on the source codes to obtain the corresponding syntax trees, the logical relationship between the network address path corresponding to the loopholes and the loophole positions in the source codes after the source codes are compiled through traversing the syntax trees and combining the variables associated with the input interfaces of the codes with positive and negative tracking, the relationship between the source codes and the system code layers is better displayed, the loopholes existing in the reappearance and retest of testers are better served, and the code quality of programmers is effectively improved. The dynamic tracing backtracking can be realized, the position of the bug entrance can be found, and then the black box tester can be effectively helped to carry out targeted bug verification tests.
Drawings
FIG. 1 is a diagram of an application environment for a vulnerability testing method in an embodiment;
FIG. 2 is a schematic flow chart illustrating a vulnerability testing method in one embodiment;
FIG. 3 is a schematic flow chart illustrating a vulnerability testing method in one embodiment;
FIG. 4 is a block diagram of a vulnerability testing apparatus in an embodiment;
FIG. 5 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The security vulnerability detection method provided by the application can be applied to the application environment shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. The server 104 obtains the source code of the WEB application program on the terminal 102, performs vulnerability detection on the source code of the WEB application program based on the following security vulnerability detection method, and can further generate a vulnerability detection report for a user to check, thereby providing a powerful guarantee for improving the security of the WEB application. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the server 104 may be implemented by an independent server or a server cluster formed by a plurality of servers.
Currently, WEB application security testing techniques commonly used in the industry are mainly classified into three categories: SAST, DAST and IAST.
In the description, the SAST (Static Application Security Testing) generally analyzes the syntax, structure, process, interface, etc. of a source code or a binary file of an Application program at an encoding stage to discover Security vulnerabilities existing in the program code, and is mainly a white-box code auditing technology at a development stage.
DAST (Dynamic Application Security Testing), which analyzes a Dynamic operating state of an Application at a test or operating stage, is mainly a black box vulnerability scanning technology at an operating stage, and determines whether the WEB Application is vulnerable by performing Dynamic attack on the Application by simulating a hacking behavior and analyzing a reaction of the Application.
An Agent probe, a flow Agent/VPN (virtual private network) or host system software and the like are deployed at a service end, function execution and data transmission processes of WEB Application program operation are collected and monitored, real-time interaction is performed with a scanner end, safety defects and vulnerabilities are identified efficiently and accurately, and code files, line numbers, functions and parameters where the vulnerabilities are located can be determined accurately.
However, SAST has a high false alarm rate and takes more time to clear false alarms instead of fixing bugs. Not only different development languages need to be distinguished, but also used WEB program frameworks need to be supported, and if the SAST tool does not support the development language and the framework of a certain application program, the test is also hindered.
The DAST test method may have a certain impact on the service test, and dirty data of the security test may pollute data of the service test. Meanwhile, the bugs discovered by the DAST can locate URLs (network addresses) of the bugs, but specific code line numbers of the bugs and causes of the bugs cannot be located, and therefore, professional personnel are required to locate the bugs and analyze the causes.
The main problems of IAST are that different types of agents are needed for WEB applications developed by different languages, especially, the difficulty and investment for developing a passive IAST technology are huge, and a crawler technology is not available and data messages are not actively replayed, so that WEB applications without agents cannot be detected, and the method is not applicable to IAST of scenes needing remote vulnerability scanning.
In view of the above problem, in an embodiment, as shown in fig. 2, a vulnerability testing method is provided, which includes:
s100: the method includes the steps of obtaining a source code to be detected, and cutting the source code according to a preset rule to obtain a token file, wherein the preset rule can be a self-defined source code cutting rule, for example, the rule includes cutting line by line or cutting with a carriage return symbol, and in one embodiment, the cutting of the source code can be performed by the line by line cutting rule. The token file is tokens, is a certificate for establishing contact at the front end and the back end, and can be a one-dimensional array or a table file.
S200: the token file is tracked with an analysis engine to determine the input interface for the source code.
And comparing the token files by utilizing an analysis engine through forward and reverse tracking to find out which token files receive parameters transmitted from the outside, namely receiving the parameters from an external input interface, so as to find out the input of the source code. The tracked rules and management of configuration information may be configured at the analysis engine side, or the analysis engine configuration file may be configured. The analysis engine may track the source code through the external access interface to determine an input interface for the source code. The method and the system can track the token file by utilizing an analyzer in an analysis engine, the analyzer can perform routine analysis, data/control flow analysis and advanced analysis, the analysis engine can also perform process monitoring of a source code transmission process, and generate a system log for storage based on an analysis result, so that a user can conveniently query the log, and in order to conveniently track the token file, the analysis engine can store codes and intermediate data and can also store a test result.
S300: and searching for a vulnerability in the variable transmission process by tracking the variable associated with the input interface of the source code in the forward and reverse directions. Variables associated with an input interface of source code refer to those variables that can control the behavior of the point at which the input interface is located. After the input interface is found, whether a security vulnerability exists in the transmission process of the tracking variable can be determined, for example, the vulnerability can be detected by using a white-box test method. By tracing back to the most original beginning of the variable, the source of the variable and what other variables the variable is affected by can be obtained, and if the variables are externally controllable, the code corresponding to the variable can be considered to have a bug.
S500: and performing semantic analysis and Syntax analysis on the source code to obtain a corresponding Syntax Tree (AST). During the conversion process, each source code corresponds to an AST file, which may be an XML-formatted file. Each line of the source code can be correspondingly converted into a node in the AST file, so that subsequent line-by-line detection is facilitated, and in the semantic and pre-issuance analysis process, the vulnerability detection program is arranged at a trigger point of the source code, namely the node, so that the specific position of the vulnerability can be determined. The semantic analysis may be a process of performing word segmentation according to a word segmentation rule by scanning a character stream constituting a source code in a process of reading in the source code. Parsing may be a process of combining grammatical phrases on a word-segmented basis.
S600: and traversing the syntax tree and determining a logical relationship between a network address (URL) path corresponding to the vulnerability after the source code is compiled by the system and the vulnerability position in the source code by combining the vulnerability in the variable transmission process searched by the forward and reverse tracking variables associated with the input interfaces of the codes.
Specifically, the vulnerability testing method includes the steps of obtaining a source code to be detected, cutting the source code according to preset rules to obtain a token file, tracking the token file by using an analysis engine to determine an input interface of the source code, further tracking variables associated with the input interface of the source code in a forward and reverse mode, and searching for vulnerabilities in a variable transmission process. The method has the advantages that the white box testing technology can be utilized to find the loopholes, semantic analysis and syntax analysis are further carried out on the source codes to obtain the corresponding syntax trees, the logical relationship between the network address path corresponding to the loopholes and the loophole positions in the source codes after the source codes are compiled through traversing the syntax trees and combining the variables associated with the input interfaces of the codes with positive and negative tracking, the relationship between the source codes and the system code layers is better displayed, the loopholes existing in the reappearance and retest of testers are better served, and the code quality of programmers is effectively improved. The dynamic tracing backtracking can be realized, the position of the bug entrance can be found, and then the black box tester can be effectively helped to carry out targeted bug verification tests.
Compared with the traditional SAST white box code audit, the vulnerability testing method provided by the embodiment of the application cannot be associated with the vulnerability entry position of an actual system, so that potential problem entry points of black box testers cannot be informed, vulnerabilities discovered by the white box code audit and variable dynamic tracking backtracking can be carried out through the method, the vulnerability entry position can be discovered, and the black box testers can be effectively assisted to develop targeted vulnerability verification tests.
In one embodiment, the step S300 of finding a bug in the variable transmission process by tracking the variable associated with the input interface of each code in the forward and backward directions includes:
and tracking variables associated with the input interface in a forward and backward direction, and determining the vulnerability in the variable transfer process by checking whether the variables have code logic vulnerability in the transfer process and/or checking whether the variables are transmitted to a high-risk function and/or checking parameters of a sensitive function.
By tracking the variables, whether the codes of the variables have logic bugs in the transmission process is checked, and the bugs are searched by whether business logic bug variables generated by coding errors are transmitted into high-risk functions or sensitive functions and the like. Specifically, the development language editor may be called or interpreted to convert the front-end language code (such as JAVA, C/C + +) into an intermediate code, and the analysis on the calling relationship, execution environment, context, and the like between the source codes is made clear, the security problem existing in the use of the unsafe function (high-order function or sensitive function) and method in the analysis program may be tracked, recorded, and analyzed, the security problem generated during the data transfer process in the program may be tracked, recorded, and analyzed, the security problem of the execution of the operation instruction in the specific time and state of the program may be analyzed, and the security problem of the sensitive information and missing configuration in the project configuration file may be analyzed, for example, the missing of the authority configuration may be analyzed. Security issues in the context and structure of the program may be analyzed to discover vulnerabilities. The high-risk function herein refers to a high-risk function in a specific language code used, for example, functions such as in _ array (), filter _ var (), class _ exists (), struts, mail, escapeshelld, escapeshelarg, preg _ place, and the like in PHP language. The sensitive functions refer to high-risk functions with the codes, which are extracted based on actual source code content, and the number of the sensitive functions can be more than or equal to the high-risk functions.
When the high-risk function and the sensitive function are checked, whether the vulnerability exists in the source code can be judged through token verification, for example, a reference token (reference token) of the source code is configured, then the reference token is compared with a target token (token actually corresponding to the source code in the transmission process), a difference value is calculated, token information is recorded, and a basis is provided for vulnerability searching.
In one embodiment, as shown in fig. 3, the step S100 of obtaining the source code to be detected by using the token file as a token list and cutting the source code according to the preset rule to obtain the token file includes:
s110: and cutting the source code according to a preset rule to obtain a plurality of tokens. The preset rule may be configured in advance, for example, the preset rule may be cut line by line, or the preset rule may be cut in units of sentences, for example, the preset rule may be cut by using a carriage return symbol as an end identifier of a sentence of codes. And for each part of the code after cutting, correspondingly converting the code into a symbolic representation as a token.
S120: and cutting each token of the source code into a list to form a token list. The token list may also be understood as a one-dimensional array, and the token file (token file) is finally generated according to the configured storage manner.
In order to further speed up the efficiency of vulnerability testing, in one embodiment, the step S110 of cutting the source code according to the preset rule to obtain a plurality of tokens includes:
and removing the content which does not influence the code semantics in the source code. The content which does not affect the semantics of the code refers to a part which does not affect the content to be described by the code after deletion, such as a blank character, a comment and the like.
And cutting the source codes which remove the contents which do not influence the code semantics line by line, and converting each line of codes into a corresponding token. At this time, the useless parts for semantic analysis, such as blank characters, are eliminated, so the efficiency of code cutting is improved, and when the cut codes are subjected to subsequent semantic analysis and grammar analysis, the efficiency is further improved, thereby the efficiency of vulnerability testing is integrally improved.
In one embodiment, the step S200 of tracking the token file by the analysis engine to determine the input interface of the source code includes:
and comparing the token file through forward and reverse tracking by utilizing an analysis engine, and determining that an external access interface corresponding to the token file receiving the external input parameters is an input interface of the source code.
In one embodiment, as shown in fig. 3, the vulnerability testing method further includes:
s700: and generating and sending a vulnerability test report according to the logical relationship between the network address path corresponding to the vulnerability after the source code is compiled by the system and the vulnerability position in the source code. The vulnerability test report content can include the defect distribution of codes in source codes and URL paths from the code vulnerabilities to system variations, problems in positioning and tracking the codes are provided, potential safety hazards in the system are excavated, and information safety problems caused by code defects after the system is operated on line can be avoided. The vulnerability test report may be sent to a terminal side used by an engineer, such as a notebook, a cell phone, or a tablet. And in the process of sending the data to the terminal, the data transmission safety is improved in a data encryption mode.
It should be understood that although the various steps in the flow charts of fig. 2-3 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-3 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least some of the other steps.
In another aspect, a vulnerability testing apparatus is also provided, as shown in fig. 4, the apparatus includes:
the token file obtaining module 100 is configured to obtain a source code to be detected, and cut the source code according to a preset rule to obtain a token file;
a source code input interface determining module 200, configured to track the token file by using the analysis engine to determine an input interface of the source code;
the vulnerability searching module 300 is configured to perform backtracking check in the variable tracking process by tracking the variable associated with the input interface of the source code in the forward and reverse directions, and search for a vulnerability in the variable transmission process;
a syntax tree obtaining module 500, configured to perform semantic analysis and syntax analysis on the source code to obtain a corresponding syntax tree;
and a vulnerability path and position relation determining module 600, configured to traverse the syntax tree, track vulnerabilities in the variable transfer process found by the variables associated with the input interfaces of the codes in combination with the forward and reverse directions, and determine a logical relation between a network address path corresponding to the vulnerability after the source code is compiled by the system and vulnerability positions in the source code.
In one embodiment, the vulnerability discovery module 300 includes:
and the backtracking query unit is used for tracking the variable associated with the input interface in a forward and backward direction, and determining the vulnerability in the variable transfer process by checking whether the variable has a code logic vulnerability in the transfer process and/or checking whether the variable is transmitted to the high-risk function and/or checking the parameter of the sensitive function.
In one embodiment, as shown in fig. 4, the token file is a token list, and the token file obtaining module 100 includes:
the source code cutting unit 110 is configured to cut a source code according to a preset rule to obtain a plurality of tokens;
and the list generating unit 120 is configured to cut each token of the source code into a list to form a token list.
In one embodiment, the source code cutting unit 110 includes:
an irrelevant information removal unit, which is used for removing the content which does not influence the code semantics in the source code; such as whitespace, annotations, etc., do not affect portions of the code's semantics.
And the line-by-line cutting token conversion unit is used for performing line-by-line cutting on the source code which removes the content which does not influence the code semantics and converting each line of code into a corresponding token.
In one embodiment, the source code input interface determining module 200 includes:
and the source code input confirmation unit is used for comparing the token file through forward and reverse tracking by utilizing the analysis engine and determining the external access interface corresponding to the token file for receiving the external input parameters as the input interface of the source code.
In one embodiment, as shown in fig. 4, the vulnerability testing apparatus further includes:
the vulnerability test report generating module 700 generates and sends a vulnerability test report according to a logical relationship between a network address path corresponding to the vulnerability after the source code is compiled by the system and a vulnerability position in the source code.
For the specific limitation of the vulnerability testing apparatus, reference may be made to the above limitation on the vulnerability testing method, which is not described herein again. All or part of the modules in the vulnerability testing device can be realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 5. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing data such as preset rules and the like. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a vulnerability testing method.
Those skilled in the art will appreciate that the architecture shown in fig. 5 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
s100: the method includes the steps of obtaining a source code to be detected, and cutting the source code according to a preset rule to obtain a token file, wherein the preset rule can be a self-defined source code cutting rule, for example, the rule includes cutting line by line or cutting with a carriage return symbol, and in one embodiment, the cutting of the source code can be performed by the line by line cutting rule.
S200: the token file is tracked with an analysis engine to determine the input interface for the source code.
S300: tracking variables associated with an input interface of a source code in a forward and reverse direction, and searching for a vulnerability in a variable transmission process;
s500: performing semantic analysis and syntax analysis on the source code to obtain a corresponding syntax tree;
s600: and traversing the syntax tree and determining a logical relationship between a network address path corresponding to the vulnerability after the source code is compiled by the system and the vulnerability position in the source code by combining the vulnerability in the variable transmission process found by the forward and reverse tracking variables associated with the input interfaces of the codes.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
and tracking variables associated with the input interface in a forward and backward direction, and determining the vulnerability in the variable transfer process by checking whether the variables have code logic vulnerability in the transfer process and/or checking whether the variables are transmitted to a high-risk function and/or checking parameters of a sensitive function.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
s110: cutting the source code according to a preset rule to obtain a plurality of tokens;
s120: and cutting each token of the source code into a list to form a token list.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
removing contents which do not influence the code semantics in the source code;
and cutting the source codes which remove the contents which do not influence the code semantics line by line, and converting each line of codes into a corresponding token.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
and comparing the token file through forward and reverse tracking by utilizing an analysis engine, and determining that an external access interface corresponding to the token file receiving the external input parameters is an input interface of the source code.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
s700: and generating and sending a vulnerability test report according to the logical relationship between the network address path corresponding to the vulnerability after the source code is compiled by the system and the vulnerability position in the source code.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
s100: the method includes the steps of obtaining a source code to be detected, and cutting the source code according to a preset rule to obtain a token file, wherein the preset rule can be a self-defined source code cutting rule, for example, the rule includes cutting line by line or cutting with a carriage return symbol, and in one embodiment, the cutting of the source code can be performed by the line by line cutting rule.
S200: the token file is tracked with an analysis engine to determine the input interface for the source code.
S300: tracking variables associated with an input interface of a source code in a forward and reverse direction, and searching for a vulnerability in a variable transmission process;
s500: performing semantic analysis and syntax analysis on the source code to obtain a corresponding syntax tree;
s600: and traversing the syntax tree and determining a logical relationship between a network address path corresponding to the vulnerability after the source code is compiled by the system and the vulnerability position in the source code by combining the vulnerability in the variable transmission process found by the forward and reverse tracking variables associated with the input interfaces of the codes.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A vulnerability testing method, the method comprising:
acquiring a source code to be detected, and cutting the source code according to a preset rule to obtain a token file;
tracking the token file with an analysis engine to determine an input interface of the source code;
tracing variables associated with the input interface of the source code in a forward and reverse direction, performing backtracking check in a variable tracing process, and searching for a vulnerability in a variable transmission process;
performing semantic analysis and syntax analysis on the source code to obtain a corresponding syntax tree;
and traversing the syntax tree and determining a logic relationship between a network address path corresponding to the vulnerability after the source code is compiled by the system and the vulnerability position in the source code by combining the vulnerability in the variable transmission process found by the variables associated with the input interfaces of the codes in forward and reverse tracking.
2. The method according to claim 1, wherein the trace-back checking of the variable tracking process is performed by tracing a variable associated with the input interface of the source code in a forward-backward direction, and the step of finding a vulnerability in the variable transfer process comprises:
and tracking the variable associated with the input interface in a positive and negative direction, and determining the vulnerability in the variable transfer process by checking that the variable has a code logic vulnerability in the transfer process, and/or checking whether the variable is transmitted to a high-risk function, and/or checking the parameter of a sensitive function.
3. The method according to claim 1, wherein the token file is a token list, and the step of obtaining the source code to be detected and cutting the source code according to a preset rule to obtain the token file comprises:
cutting the source code according to a preset rule to obtain a plurality of tokens;
and cutting each token of the source code into a list to form the token list.
4. The method of claim 3, wherein the step of cutting the source code according to the preset rule to obtain a plurality of tokens comprises:
removing contents which do not influence code semantics in the source code;
and cutting the source codes which remove the contents which do not influence the code semantics line by line, and converting each line of codes into a corresponding token.
5. The method of claim 1, wherein tracking the token file with an analysis engine to determine the input interface of the source code comprises:
and comparing the token file through forward and reverse tracking by utilizing an analysis engine, and determining that an external access interface corresponding to the token file receiving the external input parameters is an input interface of the source code.
6. The method of any one of claims 1 to 5, further comprising:
and generating and sending a vulnerability test report according to the logical relationship between the network address path corresponding to the vulnerability after the source code is compiled by the system and the vulnerability position in the source code.
7. A vulnerability testing apparatus, the apparatus comprising:
the token file acquisition module is used for acquiring a source code to be detected and cutting the source code according to a preset rule to obtain a token file;
the source code input interface determining module is used for tracking the token file by utilizing an analysis engine so as to determine the input interface of the source code;
the vulnerability searching module is used for tracing variables associated with the input interface of the source code in a forward and reverse direction, carrying out backtracking check on a variable tracing process and searching for vulnerabilities in a variable transmission process;
the syntax tree acquisition module is used for performing semantic analysis and syntax analysis on the source code to obtain a corresponding syntax tree;
and the vulnerability path and position relation determining module is used for traversing the syntax tree, tracking vulnerabilities in the variable transmission process found by the variables associated with the input interfaces of the codes in a forward and reverse mode, and determining the logical relation between the network address path corresponding to the vulnerabilities and vulnerability positions in the source codes after the source codes are compiled by the system.
8. The apparatus of claim 7, wherein the vulnerability discovery module comprises:
and the backtracking query unit is used for tracking the variable associated with the input interface in a forward and backward direction, and determining the vulnerability in the variable transfer process by checking whether the variable has a code logic vulnerability in the transfer process and/or checking whether the variable is transmitted to a high-risk function and/or checking the parameter of a sensitive function.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor when executing the computer program implements the steps of the vulnerability testing method of any of claims 1 to 6.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the vulnerability testing method according to any of claims 1 to 6.
CN202111290262.2A 2021-11-02 2021-11-02 Vulnerability testing method and device, computer equipment and storage medium Pending CN114036526A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111290262.2A CN114036526A (en) 2021-11-02 2021-11-02 Vulnerability testing method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111290262.2A CN114036526A (en) 2021-11-02 2021-11-02 Vulnerability testing method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114036526A true CN114036526A (en) 2022-02-11

Family

ID=80142649

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111290262.2A Pending CN114036526A (en) 2021-11-02 2021-11-02 Vulnerability testing method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114036526A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114564728A (en) * 2022-04-29 2022-05-31 成都无糖信息技术有限公司 Code-free process visualization vulnerability detection method and system
CN114579969A (en) * 2022-05-05 2022-06-03 北京邮电大学 Vulnerability detection method and device, electronic equipment and storage medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114564728A (en) * 2022-04-29 2022-05-31 成都无糖信息技术有限公司 Code-free process visualization vulnerability detection method and system
CN114564728B (en) * 2022-04-29 2022-12-06 成都无糖信息技术有限公司 Code-free process visualization vulnerability detection method and system
CN114579969A (en) * 2022-05-05 2022-06-03 北京邮电大学 Vulnerability detection method and device, electronic equipment and storage medium
CN114579969B (en) * 2022-05-05 2022-08-23 北京邮电大学 Vulnerability detection method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
KR101904911B1 (en) Method for Automatically Detecting Security Vulnerability Based on Hybrid Fuzzing, and Apparatus thereof
EP3566166B1 (en) Management of security vulnerabilities
CN114036526A (en) Vulnerability testing method and device, computer equipment and storage medium
CN112131120B (en) Source code defect detection method and device
CN112131122B (en) Method and device for source code defect detection tool misinformation evaluation
CN112035354A (en) Method, device and equipment for positioning risk code and storage medium
KR101696694B1 (en) Method And Apparatus For Analysing Source Code Vulnerability By Using TraceBack
CN112131573A (en) Method and device for detecting security vulnerability and storage medium
CN115269427A (en) Intermediate language representation method and system for WEB injection vulnerability
CN110287700B (en) iOS application security analysis method and device
CN115168847A (en) Application patch generation method and device, computer equipment and readable storage medium
CN112817877B (en) Abnormal script detection method and device, computer equipment and storage medium
US11449408B2 (en) Method, device, and computer program product for obtaining diagnostic information
CN113328914A (en) Fuzzy test method and device for industrial control protocol, storage medium and processor
CN116932381A (en) Automatic evaluation method for security risk of applet and related equipment
CN116361793A (en) Code detection method, device, electronic equipment and storage medium
Mostafa et al. Netdroid: Summarizing network behavior of android apps for network code maintenance
CN112446030B (en) Method and device for detecting file uploading vulnerability of webpage end
CN115310087A (en) Website backdoor detection method and system based on abstract syntax tree
CN114553551A (en) Method and device for testing intrusion prevention system
CN113419960A (en) Seed generation method and system for kernel fuzzy test of trusted operating system
CN111934949A (en) Safety test system based on database injection test
CN116305131B (en) Static confusion removing method and system for script
CN112162777B (en) Source code feature extraction method and device
CN117195241B (en) Firmware vulnerability detection method, device and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination