CN116401174A - Code vulnerability detection method, device, equipment and storage medium - Google Patents
Code vulnerability detection method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN116401174A CN116401174A CN202310504593.4A CN202310504593A CN116401174A CN 116401174 A CN116401174 A CN 116401174A CN 202310504593 A CN202310504593 A CN 202310504593A CN 116401174 A CN116401174 A CN 116401174A
- Authority
- CN
- China
- Prior art keywords
- code
- target
- asynchronous data
- attack
- obtaining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 69
- 238000000034 method Methods 0.000 claims abstract description 93
- 238000002347 injection Methods 0.000 claims abstract description 86
- 239000007924 injection Substances 0.000 claims abstract description 86
- 230000003068 static effect Effects 0.000 claims description 25
- 238000004590 computer program Methods 0.000 claims description 19
- 238000012545 processing Methods 0.000 claims description 17
- 238000010586 diagram Methods 0.000 description 14
- 230000015654 memory Effects 0.000 description 10
- 238000004891 communication Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 6
- 238000003780 insertion Methods 0.000 description 4
- 230000037431 insertion Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000014509 gene expression Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002085 persistent effect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3612—Software analysis for verifying properties of programs by runtime analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
Abstract
The disclosure provides a code vulnerability detection method, a device, equipment and a storage medium, which can be applied to the technical field of computers and the technical field of finance. The method comprises the following steps: obtaining a first asynchronous data request interface code and an attribute tag of a page element by scanning a script file and a hypertext markup language code block of a target page, wherein the first asynchronous data request interface code comprises a calling method field for calling asynchronous data; according to the calling method field and the attribute label of the page element, obtaining a target attack code by inquiring an attack code base; inserting a target attack code into the calling method field by using a script injection tool to obtain a second asynchronous data request interface code; respectively operating a first asynchronous data request interface code and a second asynchronous data request interface code to obtain a first operation result and a second operation result; and comparing the first operation result with the second operation result to obtain a code vulnerability detection result.
Description
Technical Field
The present disclosure relates to the field of computer technology and financial technology, and in particular, to a method, apparatus, device, medium, and program product for code vulnerability detection.
Background
XSS (Cross-Site script) attacks are Cross-Site script attacks that require the detection of vulnerabilities in the page code in order to defend against XSS attacks. In the related art, detecting vulnerabilities is generally based on a script code analysis tool, and static analysis is performed on script codes to obtain vulnerability detection results. Because XSS attack generally occurs in the asynchronous data transmission process, the detection accuracy is lower in the static analysis mode.
Disclosure of Invention
In view of the foregoing, the present disclosure provides code vulnerability detection methods, apparatus, devices, media, and program products.
According to a first aspect of the present disclosure, there is provided a code vulnerability detection method, including: obtaining a first asynchronous data request interface code and an attribute tag of a page element by scanning a script file and a hypertext markup language code block of a target page, wherein the first asynchronous data request interface code comprises a calling method field for calling asynchronous data;
obtaining a target attack code by querying an attack code library according to the calling method field and the attribute tag of the page element;
inserting the target attack code into the calling method field by using a script injection tool to obtain a second asynchronous data request interface code;
Respectively operating the first asynchronous data request interface code and the second asynchronous data request interface code to obtain a first operation result and a second operation result; and
and comparing the first operation result with the second operation result to obtain the code bug detection result.
According to an embodiment of the present disclosure, the obtaining, by scanning a script file and a hypertext markup language code block of a target page, an attribute tag of a first asynchronous data request interface code and a page element includes:
scanning the hypertext markup language code blocks of the target page to obtain a static path of the script file and attribute tags of page elements;
based on the static path of the front-end script, obtaining the front-end script code of the target page element by scanning a script file; and
and analyzing the front-end script code by using an interface code analysis tool to obtain the first asynchronous data request interface code.
According to an embodiment of the present disclosure, the obtaining, by scanning the hypertext markup language code block of the target page, a static path of a script file and an attribute tag of a page element includes:
Scanning the hypertext markup language code blocks of the target page to obtain a static path of a script file and a hypertext markup language tag form; and
and obtaining the attribute tag of the page element by inquiring the hypertext markup language tag form.
According to an embodiment of the present disclosure, the obtaining, by querying an attack code library, the target attack code according to the calling method field and the attribute tag of the page element includes:
determining an asynchronous data processing mode according to the calling method field;
according to the asynchronous data processing mode, a first attack code is obtained by inquiring the attack code library;
obtaining a second attack code by querying the attack code library according to the attribute tag of the page element; and
and obtaining the target attack code according to the first attack code and the second attack code.
According to an embodiment of the present disclosure, the obtaining the target attack code according to the first attack code and the second attack code includes:
when the first attack code and the second attack code are determined to be the same, determining the first attack code or the second attack code as the target attack code; and
And under the condition that the first attack code and the second attack code are different, splicing the first attack code and the second attack code to obtain the target attack code.
According to an embodiment of the present disclosure, the obtaining the code bug detection result by comparing the first operation result and the second operation result includes:
obtaining a first target hypertext markup language code according to the first operation result;
obtaining a second target hypertext markup language code according to the second operation result; and
and comparing the first target hypertext markup language code with the second target hypertext markup language code according to the characteristic field of the target attack code to obtain the code vulnerability detection result.
According to an embodiment of the present disclosure, the inserting, by using a script injection tool, the target attack code into the calling method field, to obtain a second asynchronous data request interface code includes:
determining a code injection position based on the injection strategy of the script injection tool; and
and inserting the target attack code into the calling method field by using the script injection tool according to the code injection position.
According to an embodiment of the present disclosure, determining a code injection position based on the injection strategy of the script injection tool includes:
determining a code injection position based on the injection strategy of the script injection tool; and
and determining a start end of the feature field and a termination end of the feature field as the code injection positions when the calling method field is determined to include the feature field.
According to an embodiment of the present disclosure, the inserting, by the script injection tool, the target attack code into the calling method field according to the code injection position includes:
inserting an identifier at the code injection location by using the script injection tool according to the code injection location; and
the target attack code is inserted in the calling method field by identifying the identifier.
A second aspect of the present disclosure provides a code vulnerability detection apparatus, including: the first obtaining module is used for obtaining a first asynchronous data request interface code and an attribute tag of a page element by scanning a script file and a hypertext markup language code block of a target page, wherein the first asynchronous data request interface code comprises a calling method field for calling asynchronous data;
The query module is used for obtaining a target attack code by querying an attack code library according to the calling method field and the attribute label of the page element;
the second obtaining module is used for inserting the target attack code into the calling method field by utilizing a script injection tool to obtain a second asynchronous data request interface code;
the third obtaining module is used for respectively operating the first asynchronous data request interface code and the second asynchronous data request interface code to obtain a first operation result and a second operation result; and
and the comparison module is used for obtaining the code bug detection result by comparing the first operation result with the second operation result.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described method.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above method.
According to the code vulnerability detection method, device, equipment, medium and program product provided by the disclosure, a script file and a hypertext markup language code block of a target page are scanned to obtain attribute labels of a first asynchronous data request interface code and page elements, a target attack code is obtained by inquiring an attack code library according to a calling method field and the attribute labels of the page elements in the first asynchronous data request interface code, a target attack code is inserted into the calling method field by using a script injection tool to obtain a second asynchronous data request interface code, the first asynchronous data request interface code and the second asynchronous data request interface code are respectively operated, a first operation result and a second operation result are obtained, and a code vulnerability detection result is obtained by comparing and analyzing. The code vulnerability detection result is obtained by inserting the target attack code into the calling method field, synchronously running the first asynchronous data request interface code and the second asynchronous data request interface code, comparing and analyzing the running results, so that the problem of static analysis and low detection precision of the script code is at least partially solved, and the technical effect of improving the code vulnerability detection precision is realized.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario diagram of a code vulnerability detection method, apparatus, device, medium, and program product according to an embodiment of the disclosure;
FIG. 2 schematically illustrates a flow chart of a code vulnerability detection method according to an embodiment of the disclosure;
FIG. 3 schematically illustrates a flow diagram of deriving attribute tags for a first asynchronous data request interface code and page elements, in accordance with an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow chart for obtaining target attack code by querying an attack code library according to the calling method field and the attribute tags of the page elements;
FIG. 5 schematically illustrates a flow chart for deriving a second asynchronous data request interface code;
FIG. 6 schematically illustrates an overall flow diagram of a code vulnerability detection apparatus according to an embodiment of the disclosure;
FIG. 7 schematically illustrates a block diagram of a code vulnerability detection apparatus according to an embodiment of the disclosure; and
fig. 8 schematically illustrates a block diagram of an electronic device adapted to implement a code bug detection method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
In the technical scheme of the disclosure, the related data (such as including but not limited to personal information of a user) are collected, stored, used, processed, transmitted, provided, disclosed, applied and the like, all conform to the regulations of related laws and regulations, necessary security measures are adopted, and the public welcome is not violated.
XSS vulnerability types can be divided into 3 basic types: reflected/non-persistent XSS, stored/persistent XSS, and DOM (document object model) -based XSS attacks (DOM based XSS). XSS attacks are cross-site scripting attacks, which require the detection of whether vulnerabilities exist in the page code in order to defend against XSS attacks. The detection of the loopholes is generally based on a script code analysis tool, and static analysis is performed on the script codes to obtain a loophole detection result. Because XSS attack generally occurs in the asynchronous data transmission process, the detection accuracy is lower in the static analysis mode.
The embodiment of the disclosure provides a code vulnerability detection method, which comprises the steps of obtaining a first asynchronous data request interface code and an attribute tag of a page element by scanning a script file and a hypertext markup language code block of a target page, wherein the first asynchronous data request interface code comprises a calling method field for calling asynchronous data; according to the calling method field and the attribute label of the page element, obtaining a target attack code by inquiring an attack code base; inserting a target attack code into the calling method field by using a script injection tool to obtain a second asynchronous data request interface code; respectively operating a first asynchronous data request interface code and a second asynchronous data request interface code to obtain a first operation result and a second operation result; and comparing the first operation result with the second operation result to obtain a code vulnerability detection result.
Fig. 1 schematically illustrates an application scenario diagram of a code vulnerability detection method according to an embodiment of the present disclosure.
As shown in fig. 1, an application scenario 100 according to this embodiment may include a first terminal device 101, a second terminal device 102, a third terminal device 103, and a server 105. The network 104 is a medium used to provide a communication link between the first terminal device 101, the second terminal device 102, the third terminal device 103, and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 through the network 104 using at least one of the first terminal device 101, the second terminal device 102, the third terminal device 103, to receive or send messages, etc. Various communication client applications, such as a shopping class application, a web browser application, a search class application, an instant messaging tool, a mailbox client, social platform software, etc. (by way of example only) may be installed on the first terminal device 101, the second terminal device 102, and the third terminal device 103.
The first terminal device 101, the second terminal device 102, the third terminal device 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by the user using the first terminal device 101, the second terminal device 102, and the third terminal device 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that, the code bug detection method provided by the embodiments of the present disclosure may be generally executed by the server 105. Accordingly, the code vulnerability detection apparatus provided by the embodiments of the present disclosure may be generally disposed in the server 105. The code bug detection method provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103, and/or the server 105. Accordingly, the code bug detection apparatus provided by the embodiments of the present disclosure may also be provided in a server or a server cluster that is different from the server 105 and is capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103, and/or the server 105.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The code vulnerability detection method of the disclosed embodiment will be described in detail below with reference to fig. 2 to 6 based on the scenario described in fig. 1.
Fig. 2 schematically illustrates a flow chart of a code vulnerability detection method according to an embodiment of the disclosure.
As shown in fig. 2, the code bug detection method of the embodiment includes operations S210 to S230.
In operation S210, a first asynchronous data request interface code and an attribute tag of a page element are obtained by scanning a script file and a hypertext markup language code block of a target page, wherein the first asynchronous data request interface code includes a calling method field for calling asynchronous data.
According to an embodiment of the present disclosure, a script file of a target page characterizes a script file containing JavaScript code. The JavaScript code is injected into the uniform resource locator by an attacker and sent to a user, and after the user clicks to access, the browser returns a hypertext markup language code block.
The hypertext markup language code blocks represent HTML texts, the HTML texts can be analyzed into DOM tree structures, XSS attacks based on DOM can be caused to occur in the analysis process, and an attacker can acquire important authority information of a user.
According to the embodiment of the disclosure, a first asynchronous data request interface code is obtained by scanning a script file of a target page, wherein the first asynchronous data request interface code comprises a calling method field for calling asynchronous data. The hypertext markup language code block characterizes an HTML text, the HTML text is a descriptive text composed of HTML commands, the HTML is a language for establishing a webpage file, contents such as characters, graphics, animation, sounds, tables, links and the like are displayed through a marked instruction, and attribute tags of page elements characterize graphics, animation, sounds, tables, links and the like. And obtaining the attribute labels of the page elements by scanning the hypertext markup language code blocks.
In operation S220, the target attack code is obtained by querying the attack code library according to the calling method field and the attribute tag of the page element.
In operation S230, a target attack code is inserted in the calling method field using the script injection tool, resulting in a second asynchronous data request interface code.
According to the embodiment of the disclosure, the script injection tool characterizes the dynamic insertion of the target attack code in the calling method field through the JavaScript code script, and the second asynchronous data request interface code containing the target attack code is obtained.
In operation S240, the first and second asynchronous data request interface codes are respectively operated to obtain a first operation result and a second operation result.
According to the embodiment of the disclosure, the first asynchronous data request interface code is not inserted into the target attack code, so that a first operation result is normal; the second asynchronous data request interface code is inserted into the target attack code, so that a second operation result is abnormal, and the second operation result can acquire important authority information of the user.
In operation S250, a code bug detection result is obtained by comparing the first operation result and the second operation result.
According to the embodiment of the disclosure, a script file and a hypertext markup language code block of a target page are scanned to obtain a first asynchronous data request interface code and an attribute tag of a page element, a target attack code is obtained by inquiring an attack code library according to a calling method field and the attribute tag of the page element in the first asynchronous data request interface code, a script injection tool is utilized to insert the target attack code into the calling method field to obtain a second asynchronous data request interface code, the first asynchronous data request interface code and the second asynchronous data request interface code are respectively operated to obtain a first operation result and a second operation result, and a code vulnerability detection result is obtained by comparing and analyzing. The code vulnerability detection result is obtained by inserting the target attack code into the calling method field, synchronously running the first asynchronous data request interface code and the second asynchronous data request interface code, comparing and analyzing the running results, so that the problem of static analysis and low detection precision of the script code is at least partially solved, and the technical effect of improving the code vulnerability detection precision is realized.
FIG. 3 schematically illustrates a flow diagram for deriving attribute tags for a first asynchronous data request interface code and page elements, according to an embodiment of the disclosure.
As shown in fig. 3, the obtaining the attribute tag of the first asynchronous data request interface code and the page element of this embodiment includes operations S310 to S330.
In operation S310, a static path of the script file and an attribute tag of the page element are obtained by scanning the hypertext markup language code block of the target page.
According to the embodiment of the disclosure, the hypertext markup language code block for scanning the target page is black box static scanning, the whole website is scanned, the whole scanning method is realized on the basis of combining NodeJS and Phantom JS, and the static path of the script file and the attribute label of the page element are obtained on the basis of automatic scanning of the file path simulating the user behavior of the browser.
In operation S320, the front-end script code of the target page element is obtained by scanning the script file based on the static path of the front-end script.
According to an embodiment of the present disclosure, a script file is scanned for front-end script code for target page elements corresponding to a static path of a front-end script.
In operation S330, the front-end script code is analyzed using an interface code analysis tool to obtain a first asynchronous data request interface code.
According to the embodiment of the disclosure, the front-end script code is analyzed by using an interface code analysis tool written based on NodeJS to obtain the first asynchronous data request interface code, so that the scanning time is shortened, the efficiency of obtaining the first asynchronous data request interface code is improved, and the efficiency of detecting code loopholes is further improved.
In operation S310, obtaining a static path of the script file and an attribute tag of the page element by scanning the hypertext markup language code block of the target page, including obtaining a static path of the script file and a hypertext markup language tag form by scanning the hypertext markup language code block of the target page; and obtaining the attribute tag of the page element by inquiring the hypertext markup language tag form.
According to embodiments of the present disclosure, the hypertext markup language code blocks characterize HTML text, which is descriptive text composed of HTML commands that can specify words, graphics, animations, sounds, tables, links, etc. The HTML text can be analyzed into a DOM tree structure of multi-layer nodes, the nodes are divided into different types, each type respectively represents different information or marks in the HTML text, each node has different characteristics, data and methods, the nodes have relations, and the relations among the nodes form a hierarchy.
In accordance with an embodiment of the present disclosure, a hypertext markup language tag form characterizes various portions of a web page to be displayed marked by a markup symbol. And obtaining the attribute tag of the page element by inquiring the hypertext markup language tag form, wherein the attribute tag of the page element characterizes graphics, animation, sound, forms, links and the like.
Fig. 4 schematically shows a flow chart for obtaining target attack code by querying an attack code library according to the calling method field and the attribute tag of the page element.
As shown in fig. 4, the obtaining the target attack code of the embodiment includes operations S410 to S440.
In operation S410, an asynchronous data processing manner is determined according to the calling method field.
According to embodiments of the present disclosure, the asynchronous data processing manner includes two manners, one is to directly acquire asynchronous data from a server, and the other is to acquire asynchronous data after interacting with the server.
For example: the call method field may be a "get" field, indicating that the asynchronous data processing mode is "get asynchronous data directly from the server".
In operation S420, according to the asynchronous data processing mode, the first attack code is obtained by querying the attack code library.
For example: according to the asynchronous data processing mode of directly acquiring asynchronous data from a server, a first attack code can be obtained by querying an attack code library.
In operation S430, a second attack code is obtained by querying the attack code library according to the attribute tags of the page elements.
According to the embodiment of the disclosure, the second attack code is obtained according to the attribute tag of the page element by querying the attack code library.
It should be noted that, there is no necessary association between the asynchronous data processing manner and the attribute tag of the page element, so that the attack code library is queried from two dimensions, namely, the asynchronous data processing manner and the attribute tag of the page element, respectively, so that different attack codes can be obtained, and the accuracy of code vulnerability detection is improved.
In operation S440, a target attack code is obtained from the first attack code and the second attack code.
According to an embodiment of the present disclosure, obtaining a target attack code from a first attack code and a second attack code includes determining the first attack code or the second attack code as the target attack code in case that it is determined that the first attack code and the second attack code are identical in operation S440; and under the condition that the first attack code and the second attack code are different, splicing the first attack code and the second attack code to obtain the target attack code.
According to the embodiment of the disclosure, in the case that the first attack code and the second attack code are the same, the target attack code acquired through the first mode and the second mode is characterized to be the same, so that the first attack code or the second attack code is determined as the target attack code.
According to the embodiment of the disclosure, under the condition that the first attack code and the second attack code are different, the fact that the target attack codes acquired through the first mode and the second mode are different is characterized, and the first attack code and the second attack code are spliced to obtain the target attack code.
According to the embodiment of the disclosure, according to the calling method field and the attribute tag of the page element in the first asynchronous data request interface code, the target attack code is obtained by inquiring the attack code library, so that the target attack code can be comprehensively obtained, and the code vulnerability detection precision is improved.
Fig. 5 schematically shows a flow chart for deriving a second asynchronous data request interface code.
As shown in fig. 5, the obtaining the second asynchronous data request interface code of this embodiment includes operations S510 to S520.
In operation S510, a code injection position is determined based on an injection strategy of the script injection tool.
In operation S520, a target attack code is inserted in the calling method field using the script injection tool according to the code injection position.
In accordance with an embodiment of the present disclosure, determining a code injection location based on an injection policy of a script injection tool in operation S510 includes determining a code injection location based on an injection policy of a script injection tool; in the case that the calling method field is determined to include the feature field, a start end of the feature field and a stop end of the feature field are determined to be code injection positions.
According to an embodiment of the present disclosure, the code injection location characterizes the generation location of the asynchronous data. In the case that the calling method field is determined to include the feature field, a start end of the feature field and a stop end of the feature field are determined to be code injection positions. For example, the calling method field is "BBAAABB", wherein the feature field is "AAA", and the start end of the feature field and the end of the feature field are determined as code injection positions.
According to an embodiment of the present disclosure, inserting a target attack code in a calling method field using a script injection tool according to a code injection location, including inserting an identifier at the code injection location using the script injection tool according to the code injection location in operation S520; by identifying the identifier, the target attack code is inserted in the calling method field.
According to an embodiment of the present disclosure, a start end of the feature field "AAA" and a termination end of the feature field are determined as code injection positions, identifiers, such as "#" characterizing identifiers, are inserted at the code injection positions, and a calling method field of the inserted identifiers is "bb#aaa#bb" for injecting an attack code between the two code injection positions. By identifying the identifier, the target attack code is inserted in the calling method field.
According to an embodiment of the present disclosure, in operation S250, a code bug detection result is obtained by comparing a first operation result and a second operation result, including obtaining a first target hypertext markup language code according to the first operation result; obtaining a second target hypertext markup language code according to the second operation result; and comparing the first target hypertext markup language code with the second target hypertext markup language code according to the characteristic field of the target attack code to obtain a code vulnerability detection result.
According to the embodiment of the disclosure, a first asynchronous data request interface code and a second asynchronous data request interface code are respectively operated to obtain a first operation result and a second operation result. For example. The first operation result is (0, 0), and the second operation result is (1, 0). Obtaining a first target hypertext markup language code according to the first operation result; and obtaining a second target hypertext markup language code according to the second operation result. And comparing the first target hypertext markup language code with the second target hypertext markup language code according to the characteristic field of the target attack code.
According to the embodiment of the disclosure, a detection result of the existence of the code bug is obtained in the case that the second target hypertext markup language code is different from the first target hypertext markup language code. And under the condition that the second target hypertext markup language code is the same as the first target hypertext markup language code, obtaining a detection result without the code loophole.
According to the embodiment of the disclosure, the target attack code is inserted into the calling method field, the first asynchronous data request interface code and the second asynchronous data request interface code are synchronously operated, the operation result is compared and analyzed, the code vulnerability detection result is obtained, the problem of low detection precision of static analysis of the script code is solved, and the technical effect of improving the code vulnerability detection precision is achieved.
Fig. 6 schematically illustrates an overall flow diagram of a code vulnerability detection apparatus according to an embodiment of the disclosure.
According to an embodiment of the present disclosure, as shown in fig. 4, the embodiment includes operations S601 to S611.
In operation S601, a script file and a hypertext markup language code block of a target page are scanned.
In operation S602, a first asynchronous data request interface code and an attribute tag of a page element are obtained.
In operation S603, a first asynchronous data request interface code is run. And obtaining a first operation result.
In operation S604, the attack code library is queried to obtain the target attack code.
In operation S605, a code injection position is determined based on an injection strategy of the script injection tool.
In operation S606, a target attack code is inserted using a script injection tool.
In operation S607, a second asynchronous data request interface code is obtained.
In operation S608, the second asynchronous data request interface code is executed to obtain a second execution result.
In operation S609, it is determined whether the first operation result and the second operation result are the same, if so, operation S610 is performed, and if not, operation S611 is performed.
In operation S610, a detection result that no code bug exists is obtained.
In operation S611, a detection result of the presence of the code bug is obtained.
Based on the code vulnerability detection method, the disclosure also provides a code vulnerability detection device. The device will be described in detail below in connection with fig. 7.
Fig. 7 schematically illustrates a block diagram of a code vulnerability detection apparatus according to an embodiment of the disclosure.
As shown in fig. 7, the code bug detection apparatus 700 of this embodiment includes a first obtaining module 710, a querying module 720, a second obtaining module 730, a third obtaining module 740, and a comparing module 750.
The first obtaining module 710 is configured to obtain a first asynchronous data request interface code and an attribute tag of a page element by scanning a script file and a hypertext markup language code block of a target page, where the first asynchronous data request interface code includes a calling method field for calling asynchronous data. In an embodiment, the first obtaining module 710 may be configured to perform the operation S210 described above, which is not described herein.
The query module 720 is configured to obtain a target attack code by querying the attack code library according to the calling method field and the attribute tag of the page element. In an embodiment, the query module 720 may be configured to perform the operation S220 described above, which is not described herein.
The second obtaining module 730 is configured to insert the target attack code into the calling method field by using the script injection tool, so as to obtain a second asynchronous data request interface code. In an embodiment, the second obtaining module 730 may be configured to perform the operation S230 described above, which is not described herein.
The second obtaining module 740 is configured to operate the first asynchronous data request interface code and the second asynchronous data request interface code respectively, so as to obtain a first operation result and a second operation result. In an embodiment, the second obtaining module 740 may be configured to perform the operation S240 described above, which is not described herein.
The second obtaining module 750 is configured to obtain a code bug detection result by comparing the first operation result and the second operation result. In an embodiment, the second obtaining module 750 may be used to perform the operation S250 described above, which is not described herein.
According to an embodiment of the present disclosure, the first obtaining module includes a first scanning sub-module, a second scanning sub-module, and an analysis sub-module. And the first scanning sub-module is used for obtaining the static path of the script file and the attribute label of the page element by scanning the hypertext markup language code block of the target page. And the second scanning sub-module is used for obtaining the front-end script code of the target page element by scanning the script file based on the static path of the front-end script. And the analysis sub-module is used for analyzing the front-end script code by using an interface code analysis tool to obtain a first asynchronous data request interface code.
According to an embodiment of the present disclosure, the first scanning submodule includes a scanning unit and an inquiry unit. And the scanning unit is used for obtaining the static path of the script file and the hypertext markup language tag form by scanning the hypertext markup language code blocks of the target page. And the query unit is used for obtaining the attribute tags of the page elements by querying the hypertext markup language tag form.
According to an embodiment of the present disclosure, the second obtaining module includes a first determining sub-module, a first obtaining sub-module, a second obtaining sub-module, and a third obtaining sub-module. And the first determining submodule is used for determining an asynchronous data processing mode according to the calling method field. The first obtaining sub-module is used for obtaining a first attack code by inquiring the attack code library according to the asynchronous data processing mode. And the second obtaining submodule is used for obtaining a second attack code by inquiring the attack code library according to the attribute label of the page element. And the third obtaining submodule is used for obtaining the target attack code according to the first attack code and the second attack code.
According to an embodiment of the present disclosure, the third obtaining sub-module includes a first determining unit and an obtaining unit. And a first determination unit configured to determine the first attack code or the second attack code as the target attack code, in a case where the first attack code and the second attack code are determined to be the same. The acquisition unit is used for splicing the first attack code and the second attack code to obtain the target attack code under the condition that the first attack code and the second attack code are different.
According to an embodiment of the present disclosure, the comparison module includes a fourth obtaining sub-module, a fifth obtaining sub-module, and a sixth obtaining sub-module. And a fourth obtaining sub-module, configured to obtain a first target hypertext markup language code according to the first operation result. And fifth obtaining a sub-module, configured to obtain a second target hypertext markup language code according to the second operation result. And a sixth obtaining sub-module, configured to compare the first target hypertext markup language code with the second target hypertext markup language code according to the feature field of the target attack code, so as to obtain a code vulnerability detection result.
According to an embodiment of the present disclosure, the second obtaining module comprises a second determining sub-module and an inserting sub-module. And the second determining submodule is used for determining the code injection position based on the injection strategy of the script injection tool. And the inserting sub-module is used for inserting the target attack code into the calling method field by utilizing the script injection tool according to the code injection position.
According to an embodiment of the present disclosure, the second determination submodule includes a second determination unit and a third determination unit. And the second determining unit is used for determining the code injection position based on the injection strategy of the script injection tool. And a third determining unit, configured to determine, as the code injection position, a start end of the feature field and a stop end of the feature field, in a case where it is determined that the calling method field includes the feature field.
According to an embodiment of the present disclosure, the insertion sub-module includes a first insertion unit and a second insertion unit. And the first inserting unit is used for inserting the identifier at the code injection position by utilizing the script injection tool according to the code injection position. And the second inserting unit is used for inserting the target attack code into the calling method field through the identification identifier.
According to an embodiment of the present disclosure, any of the first obtaining module 710, the query module 720, the second obtaining module 730, the third obtaining module 740, and the comparing module 750 may be combined in one module to be implemented, or any of the modules may be split into a plurality of modules. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the first obtaining module 710, the querying module 720, the second obtaining module 730, the third obtaining module 740, and the comparing module 750 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable way of integrating or packaging the circuitry, or in any one of or a suitable combination of any of the three implementations of software, hardware, and firmware. Alternatively, at least one of the first obtaining module 710, the querying module 720, the second obtaining module 730, the third obtaining module 740, and the comparing module 750 may be at least partially implemented as computer program modules, which when executed, may perform the respective functions.
Fig. 8 schematically illustrates a block diagram of an electronic device adapted to implement a code bug detection method according to an embodiment of the present disclosure.
As shown in fig. 8, an electronic device 800 according to an embodiment of the present disclosure includes a processor 801 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. The processor 801 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 801 may also include on-board memory for caching purposes. The processor 801 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the disclosure.
In the RAM 803, various programs and data required for the operation of the electronic device 800 are stored. The processor 801, the ROM 802, and the RAM 803 are connected to each other by a bus 804. The processor 801 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 802 and/or the RAM 803. Note that the program may be stored in one or more memories other than the ROM 802 and the RAM 803. The processor 801 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, the electronic device 800 may also include an input/output (I/O) interface 805, the input/output (I/O) interface 805 also being connected to the bus 804. The electronic device 800 may also include one or more of the following components connected to an input/output (I/O) interface 805: an input portion 806 including a keyboard, mouse, etc.; an output portion 807 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage section 808 including a hard disk or the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. The drive 810 is also connected to an input/output (I/O) interface 805 as needed. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as needed so that a computer program read out therefrom is mounted into the storage section 808 as needed.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 802 and/or RAM 803 and/or one or more memories other than ROM 802 and RAM 803 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code, when executed in a computer system, causes the computer system to implement the item recommendation method provided by embodiments of the present disclosure.
The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 801. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed, and downloaded and installed in the form of a signal on a network medium, and/or from a removable medium 811 via a communication portion 809. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network via the communication section 809, and/or installed from the removable media 811. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 801. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.
Claims (13)
1. A code vulnerability detection method comprising:
obtaining a first asynchronous data request interface code and an attribute tag of a page element by scanning a script file and a hypertext markup language code block of a target page, wherein the first asynchronous data request interface code comprises a calling method field for calling asynchronous data;
Obtaining a target attack code by querying an attack code library according to the calling method field and the attribute tag of the page element;
inserting the target attack code into the calling method field by using a script injection tool to obtain a second asynchronous data request interface code;
respectively operating the first asynchronous data request interface code and the second asynchronous data request interface code to obtain a first operation result and a second operation result; and
and comparing the first operation result with the second operation result to obtain the code vulnerability detection result.
2. The method according to claim 1, wherein the obtaining the attribute tag of the first asynchronous data request interface code and the page element by scanning the script file and the hypertext markup language code block of the target page includes:
obtaining a static path of a script file and an attribute tag of a page element by scanning a hypertext markup language code block of the target page;
based on the static path of the front-end script, obtaining a front-end script code of the target page element by scanning a script file; and
and analyzing the front-end script code by using an interface code analysis tool to obtain the first asynchronous data request interface code.
3. The method according to claim 2, wherein the obtaining the static path of the script file and the attribute tag of the page element by scanning the hypertext markup language code block of the target page includes:
scanning the hypertext markup language code blocks of the target page to obtain a static path of a script file and a hypertext markup language tag form; and
and obtaining the attribute tag of the page element by inquiring the hypertext markup language tag form.
4. The method of claim 1, wherein the obtaining the target attack code by querying an attack code base according to the calling method field and the attribute tag of the page element includes:
determining an asynchronous data processing mode according to the calling method field;
according to the asynchronous data processing mode, a first attack code is obtained by inquiring the attack code library;
obtaining a second attack code by querying the attack code library according to the attribute tag of the page element; and
and obtaining the target attack code according to the first attack code and the second attack code.
5. The method of claim 4, wherein the deriving the target attack code from the first attack code and the second attack code comprises:
Determining the first attack code or the second attack code as the target attack code in the case that the first attack code and the second attack code are determined to be the same; and
and under the condition that the first attack code and the second attack code are different, splicing the first attack code and the second attack code to obtain the target attack code.
6. The method of claim 1, wherein the obtaining the code vulnerability detection result by comparing the first operation result and the second operation result comprises:
obtaining a first target hypertext markup language code according to the first operation result;
obtaining a second target hypertext markup language code according to the second operation result; and
and comparing the first target hypertext markup language code with the second target hypertext markup language code according to the characteristic field of the target attack code to obtain the code vulnerability detection result.
7. The method of claim 1, wherein inserting the target attack code in the calling method field with a script injection tool results in a second asynchronous data request interface code, comprising:
Determining a code injection position based on an injection strategy of the script injection tool; and
and inserting the target attack code into the calling method field by utilizing the script injection tool according to the code injection position.
8. The method of claim 7, wherein the determining a code injection location based on an injection strategy of the script injection tool comprises:
determining a code injection position based on an injection strategy of the script injection tool; and
and determining a starting end of the feature field and a terminating end of the feature field as the code injection positions in the case that the calling method field is determined to comprise the feature field.
9. The method of claim 7, wherein said inserting the target attack code in the calling method field according to the code injection location using the script injection tool comprises:
inserting an identifier at the code injection location using the script injection tool according to the code injection location; and
the target attack code is inserted in the calling method field by identifying the identifier.
10. A code vulnerability detection apparatus comprising:
The first obtaining module is used for obtaining a first asynchronous data request interface code and an attribute tag of a page element by scanning a script file and a hypertext markup language code block of a target page, wherein the first asynchronous data request interface code comprises a calling method field for calling asynchronous data;
the query module is used for obtaining a target attack code by querying an attack code library according to the calling method field and the attribute tag of the page element;
the second obtaining module is used for inserting the target attack code into the calling method field by utilizing a script injection tool to obtain a second asynchronous data request interface code;
the third obtaining module is used for respectively operating the first asynchronous data request interface code and the second asynchronous data request interface code to obtain a first operation result and a second operation result; and
and the comparison module is used for obtaining the code vulnerability detection result by comparing the first operation result with the second operation result.
11. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-9.
12. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1 to 9.
13. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310504593.4A CN116401174A (en) | 2023-05-06 | 2023-05-06 | Code vulnerability detection method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310504593.4A CN116401174A (en) | 2023-05-06 | 2023-05-06 | Code vulnerability detection method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116401174A true CN116401174A (en) | 2023-07-07 |
Family
ID=87010594
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310504593.4A Pending CN116401174A (en) | 2023-05-06 | 2023-05-06 | Code vulnerability detection method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116401174A (en) |
-
2023
- 2023-05-06 CN CN202310504593.4A patent/CN116401174A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9747441B2 (en) | Preventing phishing attacks | |
| US8407766B1 (en) | Method and apparatus for monitoring sensitive data on a computer network | |
| US10491629B2 (en) | Detecting sensitive data sent from client device to third-party | |
| CN102882886A (en) | Network terminal and method for presenting visited website associated information | |
| US20230259637A1 (en) | Detecting Injection Vulnerabilities of Client-Side Templating Systems | |
| CN113347177A (en) | Phishing website detection method, phishing website detection system, electronic device and readable storage medium | |
| CN113536253A (en) | Method, apparatus, device and medium for controlling display authority of page element | |
| CN112463729A (en) | Data file storage method and device, electronic equipment and medium | |
| CN115061874A (en) | Log information verification method, device, equipment and medium | |
| CN115599386A (en) | Code generation method, device, equipment and storage medium | |
| CN115357761A (en) | Link tracking method and device, electronic equipment and storage medium | |
| US20220078161A1 (en) | Method and apparatus for advertisement anti-blocking | |
| CN114153703A (en) | Micro-service exception positioning method and device, electronic equipment and program product | |
| CN114626061A (en) | Webpage Trojan horse detection method and device, electronic equipment and medium | |
| CN116401174A (en) | Code vulnerability detection method, device, equipment and storage medium | |
| CN110209959B (en) | Information processing method and device | |
| JPWO2018056299A1 (en) | INFORMATION COLLECTION SYSTEM, INFORMATION COLLECTION METHOD, AND PROGRAM | |
| CN115203178A (en) | Data quality inspection method and device, electronic equipment and storage medium | |
| CN113419740A (en) | Program data stream analysis method and device, electronic device and readable storage medium | |
| CN112966167A (en) | Data crawling method, device, computer system and computer readable storage medium | |
| CN113037746A (en) | Method and device for extracting client fingerprint, identifying identity and detecting network security | |
| CN111597485A (en) | Information presentation method and device | |
| CN113535568B (en) | Verification method, device, equipment and medium for application deployment version | |
| CN116069675B (en) | Stain analysis method and device for micro-service architecture application | |
| CN114817007A (en) | Information processing method and device, electronic equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |