CN103455759A - Page loophole detection device and page loophole detection method - Google Patents
Page loophole detection device and page loophole detection method Download PDFInfo
- Publication number
- CN103455759A CN103455759A CN2012101820545A CN201210182054A CN103455759A CN 103455759 A CN103455759 A CN 103455759A CN 2012101820545 A CN2012101820545 A CN 2012101820545A CN 201210182054 A CN201210182054 A CN 201210182054A CN 103455759 A CN103455759 A CN 103455759A
- Authority
- CN
- China
- Prior art keywords
- abstract syntax
- syntax tree
- node
- page
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention relates to a page loophole detection device which comprises an abstract syntax tree management module, a symbol table module and a stain backtracking module. The abstract syntax tree management module is used for detecting an abstract syntax tree of a detected program source code, the symbol table module is used for managing symbol table information of the detected program source code, the stain backtracking module is used for reading the abstract syntax tree from the abstract syntax management module, traversing the abstract syntax tree to acquire a set of all pre-configured triggering nodes and backtracking all correlated variables of each triggering node according to the symbol table information, and if correlated variables can be input and changed by an attacker in a controllable manner, existence of loopholes at the triggering nodes is judged, and loophole information is output. By the page loophole detection device, loophole coverage rate can be increased, and false alarm rate can be lowered. In addition, the invention provides a page loophole detection method.
Description
Technical field
The present invention relates to the safe web page technology, relate in particular to a kind of page Hole Detection device and detection method, particularly, relate to a kind of PHP page Hole Detection device and detection method.
Background technology
The detection comings and goings page is mainly black box scanning as the method for PHP page leak at present.By constructing the use-case of a large amount of deformities, access the PHP page, then judge the content of back page.If there is particular data in back page, think that this PHP page can not correctly process input, there is leak.
The black box scan mode has following shortcoming:
The first, its effect relies on the mode of structure use-case, if use-case very little, the PHP page source code path covered is inadequate, has in a large number and fails to report.If the use-case structure is not comprehensive, still overlay path is inadequate, fails to report in a large number.
The second, use-case may need AD HOC, and as just continued to process with " http " character string beginning PHP page, otherwise all use-cases all can be dropped, and advance less than the internal layer logic, do not reach the test effect, are still to fail to report in a large number.
The 3rd, black box scanning relies on back page and judges test result, if the PHP page does not return, can fail to report.
Four, black box scanning relies on the correct deployment of the PHP page, can only test the PHP page that can normally access of having made the overall arrangement for, and while providing separately a PHP page source code of not disposing, black box scanning can not be worked.
Other page vulnerability scanning method is exactly the feature string coupling, in the PHP page, searches dangerous function, as eval () function, if find this class dangerous function, thinks that there is leak in this PHP page.
The shortcoming of feature string matching way is that wrong report is too many, because the input of dangerous function is if fixing, can not victim controls, and the use of dangerous function can not produce leak.
Summary of the invention
In view of this, be necessary to provide a kind of method of page Hole Detection device and detection, it has lower rate of false alarm and higher leak coverage rate than traditional black box scanner uni feature string matching way.
Above-described page Hole Detection device is achieved through the following technical solutions:
A kind of page Hole Detection device comprises: the abstract syntax tree administration module, for managing the abstract syntax tree of detected program's source code; The symbol table module, for managing the symbol table information of detected program's source code; And stain is recalled module, for from the abstract syntax tree administration module, reading abstract syntax tree, and the traversal abstract syntax tree is to obtain the set of all pre-configured triggering nodes, trigger node for each and recall its all correlated variabless according to symbol table information, if but have the controllable input of correlated variables victim to change be considered as described triggering Nodes to have leak and export vulnerability information.
As further improvement in the technical proposal, above-mentioned symbol table module also for: read abstract syntax tree information by the abstract syntax administration module, resolve all assignment statements, obtain the symbol table information that comprises each variable information, and described symbol table information is offered to described stain recall module.
As further improvement in the technical proposal, above-mentioned page Hole Detection device further comprises: the morphology syntax Analysis Module, for reading in detected program's source code, will be detected program's source code and be converted to abstract syntax tree, and export abstract syntax tree to the abstract syntax tree administration module.
As further improvement in the technical proposal, above-mentioned page Hole Detection device further comprises: pretreatment module, for the constant definition node of resolving abstract syntax tree and comprise node, and the write-back resolving information is to abstract syntax tree.
As further improvement in the technical proposal, above-mentioned page Hole Detection device further comprises: the function summarization module, for resolving the function declaration node of abstract syntax tree, then the relation of the rreturn value of analytical function and parameter obtains the function summary.
As further improvement in the technical proposal, above-mentioned stain recall module also for: when abstract syntax tree has the node of comprising, abstract syntax tree administration module, symbol table module and stain are recalled module and are jumped to the involved file of pack processing containing node, are back to after involved file processing and process detected source code.
As further improvement in the technical proposal, above-mentioned stain recall module also for: when abstract syntax tree has the function declaration node, the child node of traversal function declaration node obtains triggering the set of node, trigger node for each and recall its all correlated variabless according to described symbol table information, if but have the controllable input of correlated variables victim to change be considered as described triggering Nodes to have leak and export vulnerability information.
As further improvement in the technical proposal, while in described function declaration node, thering is the node of comprising, abstract syntax tree administration module, symbol table module and stain are recalled module and are jumped to the involved file of pack processing containing node, are back to after involved file processing and process the function declaration node.
Above-described page leak detection method is achieved through the following technical solutions:
A kind of page leak detection method comprises: step 1, provide abstract syntax tree and the symbol table information of detected program's source code; Step 2, traversal abstract syntax tree obtain the set of all triggering nodes, trigger node and refer to node corresponding with the sensitive operation statement in abstract syntax tree; Triggering node for each carries out: step 3, the set of extracting its all correlated variabless according to symbol table; And step 4, recall each correlated variables, if but find that the controllable input of correlated variables victim changes is considered as finding place's leak and exports vulnerability information.
As further improvement in the technical proposal, step 1 also comprises: read abstract syntax tree information, resolve all assignment statements, obtain the symbol table information that comprises each variable information.
As further improvement in the technical proposal, comprise before step 1 and read detected program's source code, carry out the morphology grammatical analysis and obtain abstract syntax tree, and further resolve all Evaluation nodes in abstract syntax tree and obtain symbol table information.
As further improvement in the technical proposal, in step 1, abstract syntax tree and symbol table information are provided by external program.
As further improvement in the technical proposal, said method also comprises: while in described abstract syntax tree, having the node of comprising, resolve all nodes that comprise in abstract syntax tree, and the path of the involved file of write-back is to described abstract syntax tree.
As further improvement in the technical proposal, said method also comprises: while in abstract syntax tree, having the node of comprising, suspend the treatment scheme of detected program's source code, go to for involved file recurrence execution step one to step 4.
As further improvement in the technical proposal, said method also comprises: while having the constant definition node in abstract syntax tree, child node analyzed of constant definition node obtained the constant definition value and the constant definition value is written back in abstract syntax tree.
As further improvement in the technical proposal, said method also comprises: while having the function declaration node in abstract syntax tree, the rreturn value of analytical function and the relation of parameter obtain function and make a summary and be written back in abstract syntax tree.
As further improvement in the technical proposal, said method also comprises: for the function declaration node, perform step two to step 4, but if but directly in function inside, just find that there is the change of triggering node victim control inputs, be considered as leak and export vulnerability information.
As further improvement in the technical proposal, said method also comprises: when described function inside has the node of comprising, for the described involved file recurrence that comprises node, carry out described step 1 to step 4.
In above-described page Hole Detection device and detection method, by the program compilation principle, program's source code is converted to abstract syntax tree, recall the variable relevant to trigger point for the leak trigger point, if it is that the assailant is controlled that variable is arranged, show that this place, trigger point is leaky.Than black box scanning of the prior art, all possible leak of covering that the page Hole Detection device of the present embodiment can be complete, improved the leak coverage rate; And, than keyword search mode of the prior art, can avoid those have been used to dangerous statement, but its correlated variables assailant uncontrollable situation are considered as leak, have reduced rate of false alarm.
For above and other purpose of the present invention, feature and advantage can be become apparent, preferred embodiment cited below particularly, and coordinate appended graphicly, be described in detail below.
The accompanying drawing explanation
The module frame chart of the page Hole Detection device that Fig. 1 provides for first embodiment of the invention.
The abstract syntax tree node schematic diagram that Fig. 2 provides for first embodiment of the invention.
The process flow diagram of the page leak detection method that Fig. 3 provides for second embodiment of the invention.
Embodiment
For further setting forth the present invention, be technological means and the effect that the predetermined goal of the invention of realization is taked, below in conjunction with accompanying drawing and preferred embodiment, the page Hole Detection device that foundation the present invention is proposed and embodiment, structure, feature and the effect thereof of detection method, be described in detail as follows.
The first embodiment
Consult Fig. 1, the first embodiment provides a kind of page Hole Detection device 100, it comprises: morphology syntax Analysis Module 11, abstract syntax tree (Abstract Syntax Tree, AST) administration module 12, pretreatment module 13, symbol table module 14, function summarization module 15 and stain are recalled module 16.
Morphology syntax Analysis Module 11 is for the read-in programme source code, and morphology, grammatical analysis process by Fundamentals of Compiling, change into AST to source code, and transfers to the AST administration module and manage.For instance, each statement in program's source code can corresponding change into the node of AST.Consult Fig. 2, as the node that if () { } can change into an ifStmt, can preserve corresponding oss message (as row information) in node.The condition judgment statement of if the inside (parts in the first row parenthesis) and substatement (the second row) be conStmt child node and the echoStmt child node of corresponding conversion below ifStmt respectively.Be appreciated that Fig. 2 is only an example, any technician who knows Fundamentals of Compiling all should be appreciated that these contents and can make change according to actual conditions.
A program's source code fragment only is shown, for obtaining the AST of whole program's source code after whole part of program's source code execution said process in Fig. 2.
Watermark pre-processor 13, by AST administration module 12 management AST information, for resolving all constant definition nodes, is written back in AST information; And resolve all nodes that comprise, and calculate the true path of involved file, be written back in AST information.Certainly, the true path of involved file is not limited to be written back in AST information, can also preserve separately.
Above-mentioned constant definition node is for example for the define statement in program's source code, and comprising node is for example for the include statement in program's source code.Be appreciated that the difference of the programming language adopted according to program's source code, its concrete key word may be different as define, include, but its principle is identical or similar, can adopt same or similar processing mode.
Symbol table divides global symbol table and local symbol table, corresponds respectively to global variable and local variable.The similar secondary array of symbol list organization.The first order is preserved all variablees, and each is for a concrete variable.The information of each concrete variable is the second level, has preserved all assignment relations for this variable, and each assignment is preserved line number information, endless loop while avoiding recalling.
Stain is recalled module 16 and is read AST information by AST administration module 12, resolves the triggering node in all configurations, obtains triggering node relevant with which variable, is also which variable can be controlled the behavior that triggers node.Then start these variablees of back jump tracking and get wherefrom, by what other variable affected.According to each variable assignments relation of symbol table module 14 records, can find again the last layer impact to trigger the variables collection of node.Rule is recalled to the end always like this, if find the initial value input controlled from the assailant of variable, thinks that these all variablees on recalling are all contaminated, is that the assailant is controllable, has leak.Take the PHP page as example, and the controlled input of assailant refers to the parameter that the assailant provides while accessing the PHP page, $ _ GET, $ _ POST etc. as built-in as PHP.
Trigger node and refer to the node in the corresponding AST of some sensitive operation statements, and these sensitive operation statements refer to the statement that may cause page leak, specifically can be configured in advance by the user.This belongs to common contents for those of ordinary skills.
By and large, page leak, the particularly leak of website programming language can be divided into cross-site scripting attack (Cross-Site Scripting, XSS) leak and SQL injection (SQL Injection) leak.
For the XSS leak, for example the echo statement in PHP outputs to back page to parameter, if parameter is contaminated, can cause leak, so echo is the triggering node of XSS leak in a PHP program.With echo similar also have the printf statement.For the SQL injection loophole, relevant triggering node has the statements such as mysql_query, sqlite_exec.
Be appreciated that above triggering node only take the PHP language and describe as example, yet those skilled in the art can use aforesaid way to other programming languages arbitrarily.In addition, As time goes on, also can constantly have new page leak to be found, these newfound leaks can be as triggering node.
In addition, the page Hole Detection device 100 of the present embodiment has comprised morphology syntax Analysis Module 11, pretreatment module 13, symbol table module 14, has reached function summarization module 15, that is AST information and symbol table information all self are completed by page Hole Detection device 100.Yet, be appreciated that page Hole Detection device 100 can also not comprise morphology syntax Analysis Module 11, pretreatment module 13, symbol table module 14, reach function summarization module 15.Now can be provided by external program AST information and the symbol table information of program's source code.
In the page Hole Detection device 100 of the present embodiment, by the program compilation principle, program's source code is converted to abstract syntax tree, recall the variable relevant to trigger point for the leak trigger point, if it is that the assailant is controlled that variable is arranged, show that this place, trigger point is leaky.Than black box scanning of the prior art, all possible leak of covering that the page Hole Detection device of the present embodiment can be complete, improved the leak coverage rate; And, than keyword search mode of the prior art, can avoid those have been used to dangerous statement, but its correlated variables assailant uncontrollable situation are considered as leak, have reduced rate of false alarm.
The second embodiment
Consult Fig. 3, the second embodiment provides a kind of detection method of page leak, and it comprises the following steps:
Step 1, provide abstract syntax tree and the symbol table information of detected program's source code;
Triggering node for each carries out:
Step 3, the set of extracting its all correlated variabless according to symbol table information; And
Step 4, recall each correlated variables, if but find that the controllable input of this correlated variables victim changes is considered as finding place's leak and exports vulnerability information.
Abstract syntax tree in step 1 and symbol table information can be to prepare before execution step 1, or the abstract syntax tree and the symbol table information that directly adopt other external programs to be disposed.The concrete set-up procedure of abstract syntax tree and symbol table information is as follows:
Step 1.1, the preparation of abstract syntax tree specifically comprises:
Step 1.1.1, the read-in programme sound code file, judge whether to have corresponding abstract syntax tree, if exist skip follow-up step 1.1.2 and 1.1.3, otherwise continues to carry out; For instance, program's source code generally all can generate from the program's source code same names but the intermediate file of different suffix names when compiling under same directory, and different suffix names have different meanings.Therefore can search after the read-in programme sound code file under same directory and whether there is the file of preserving abstract syntax tree.Certainly, also can directly specify the file of preserving abstract syntax tree by the user.
Step 1.1.2, carry out the morphology stream that lexical analysis obtains program's source code.
Step 1.1.3, flow to lang method general analyzes to the morphology of program's source code and obtain abstract syntax tree.
Can carry out step 1.2 after obtaining abstract syntax tree, the preparation of symbol table information specifically can comprise:
Step 1.2.1, all Evaluation nodes in the traversal abstract syntax tree, take out nodal information, builds global symbol table.Particularly, for each Evaluation node, take out affected variable, then take out all nodes of r value, then at global symbol table, in the second level symbol table of corresponding variable, add an assignment relation.Above-mentioned r value refers to the value on assignment operator the right.
Step 1.2.2, build the local symbol table.The local symbol table is the symbol table for the local variable in function, and its process of establishing is similar to step 1.2.1, and difference only is that the local symbol table is only for the local variable in function.
Can carry out step 2 after obtaining abstract syntax tree and symbol table information, the traversal abstract syntax tree obtains the set of all triggering nodes.Triggering node for example refers to and the corresponding node of sensitive operation statement.And these sensitive operation statements refer to the statement that may cause page leak, specifically can be configured in advance by the user.
After obtaining triggering node set, start this triggering Nodes of back jump tracking for each triggering node and whether have leak, particularly, it can comprise:
Step 4.1, extract the variables collection that affects trigger point;
Step 4.2, recall each variable; And
Step 4.3, can affect this variable if finally dated back to the controllable input of assailant in step 4.2, thinks and find a leak, exports vulnerability information.
Step 4.2 specifically can comprise:
Step 4.2.1, find item that should variable according to symbol table;
Step 4.2.2, find the assignment that nearest line number is less than this variable line number the second level symbol table pointed to from respective items;
Step 4.2.3, if the assignment found in step 4.2.2 is the constant assignment, jumps out to step 4.2 and continue to recall next variable;
Step 4.2.4, if the assignment found in the step 4.2.2 controllable input assignment that is the assailant jumps to step 4.3 and finishes to recall;
Step 4.2.5, if the assignment found in step 4.2.2 is indirect assignment, the right of assignment operator is its dependent variable, extracts the variables collection of the current assignment of impact;
Step 4.2.6, each variable of the variables collection obtained in recursive backtracking step 4.2.5, specific algorithm is with step 4.2.
Output vulnerability information in step 4.3 for example refer to by vulnerability information be kept in variable, record hereof, output or all vulnerability information is passed to other modules in display.Certainly, above each operates and can also array mode carry out.For example, when finding each leak, just vulnerability information is kept in variable, and after all triggering nodes have been recalled, then by all vulnerability information output displays.
Below only for the flow process of recalling leak, be illustrated, yet, according to concrete program's source code, may further need some other treatment steps just to guarantee that above operation can complete smoothly, yet be appreciated that these steps are not necessary.
For example, while thering is constant definition node (defStmt) in abstract syntax tree, need to obtain to child node analyzed of constant definition node the constant definition value and the constant definition value can be written back in abstract syntax tree.
For example, while thering is the node of comprising (inclStmt) in abstract syntax tree, need to obtain to node analyzed that comprises node the true path of involved file, and the true path of involved file can be written back in abstract syntax tree.In general, in program code, while using include file, often can use defined constant (for example file path constant), therefore, the operation of this step may need to rely on the result of above-mentioned constant definition node analysis simultaneously.
In addition, while in abstract syntax tree, thering is the node of comprising, except carrying out aforesaid operations, also need involved file recurrence is carried out to step 1 to step 4, that is, suspend the treatment scheme of present procedure code, go to for involved file and carry out step 1 to step 4, after involved file processing, continue to return the treatment scheme of present procedure code.
For example, while thering is function declaration node (funcDeclStmt) in abstract syntax tree, need to carry out:
The processing procedure of refer step 1.2.1, build the local symbol table of this function;
Travel through each return node in this function declaration node child node, obtain all variablees in return statement;
According to the algorithm of step 4.2, recall the relation that obtains return statement and parameter, be considered as the function summary;
Algorithm according to step 2 to step 4, if but but directly in function inside, just find that there is the change of triggering node victim control inputs, be considered as leak and export vulnerability information;
If comprise node inner discovery of function, according to the above-mentioned disposal methods that comprises node.
In the page leak detection method of the present embodiment, by the program compilation principle, program's source code being converted to abstract syntax tree, for the leak trigger point, recalling the variable relevant to trigger point, is that the assailant is controlled if variable is arranged, and shows that this place, trigger point is leaky.Than black box scanning of the prior art, all possible leak of covering that the page Hole Detection device of the present embodiment can be complete, improved the leak coverage rate; And, than keyword search mode of the prior art, can avoid those have been used to dangerous statement, but its correlated variables assailant uncontrollable situation are considered as leak, have reduced rate of false alarm.
The above, it is only preferred embodiment of the present invention, not the present invention is done to any pro forma restriction, although the present invention discloses as above with preferred embodiment, yet not in order to limit the present invention, any those skilled in the art, within not breaking away from the technical solution of the present invention scope, when the technology contents that can utilize above-mentioned announcement is made a little change or is modified to the equivalent embodiment of equivalent variations, in every case be not break away from the technical solution of the present invention content, any brief introduction of above embodiment being done according to technical spirit of the present invention is revised, equivalent variations and modification, all still belong in the scope of technical solution of the present invention.
Claims (18)
1. a page Hole Detection device, is characterized in that, comprising:
The abstract syntax tree administration module, for managing the abstract syntax tree of detected program's source code;
The symbol table module, for managing the symbol table information of detected program's source code; And
Stain is recalled module, for from described abstract syntax tree administration module, reading described abstract syntax tree, and travel through described abstract syntax tree to obtain the set of all pre-configured triggering nodes, trigger node for each and recall its all correlated variabless according to described symbol table information, if but have the controllable input of correlated variables victim to change be considered as described triggering Nodes to have leak and export vulnerability information.
2. page Hole Detection device as claimed in claim 1, it is characterized in that, described symbol table module, also for: read abstract syntax tree information by the abstract syntax administration module, resolve all assignment statements, obtain the symbol table information that comprises each variable information, and described symbol table information is offered to described stain recall module.
3. page Hole Detection device as claimed in claim 1, it is characterized in that, further comprise: the morphology syntax Analysis Module, for reading in detected program's source code, to be detected program's source code and be converted to abstract syntax tree, and export abstract syntax tree to described abstract syntax tree administration module.
4. page Hole Detection device as claimed in claim 1, is characterized in that, further comprises: pretreatment module, for the constant definition node of resolving described abstract syntax tree and comprise node, and the write-back resolving information is to described abstract syntax tree.
5. page Hole Detection device as claimed in claim 1, it is characterized in that, further comprise: the function summarization module, for resolving the function declaration node of described abstract syntax tree, then resolve the rreturn value of described function and the relation of parameter and obtain the function summary.
6. page Hole Detection device as claimed in claim 1, it is characterized in that, described stain recall module also for: when described abstract syntax tree has the node of comprising, described abstract syntax tree administration module, symbol table module and stain are recalled module and are jumped to the involved file of pack processing containing node, are back to after involved file processing and process described detected source code.
7. page Hole Detection device as claimed in claim 1, it is characterized in that, described stain recall module also for: when described abstract syntax tree has the function declaration node, the child node that travels through described function declaration node obtains triggering the set of node, trigger node for each and recall its all correlated variabless according to described symbol table information, if but have the controllable input of correlated variables victim to change be considered as described triggering Nodes to have leak and export vulnerability information.
8. page Hole Detection device as claimed in claim 1, it is characterized in that, while in described function declaration node, thering is the node of comprising, described abstract syntax tree administration module, symbol table module and stain are recalled module and are jumped to the involved file of pack processing containing node, are back to after involved file processing and process described function declaration node.
9. a page leak detection method, is characterized in that, comprising:
Step 1, provide abstract syntax tree and the symbol table information of detected program's source code;
Step 2, travel through the set that described abstract syntax tree obtains all triggering nodes, described triggering node refers in abstract syntax tree the node corresponding with sensitive operation statement in program code;
Triggering node for each carries out:
Step 3, the set of extracting its all correlated variabless according to described symbol table; And
Step 4, recall each correlated variables, if but find that the controllable input of this correlated variables victim changes is considered as finding place's leak and exports vulnerability information.
10. page leak detection method as claimed in claim 9, is characterized in that, step 1 also comprises: read abstract syntax tree information, resolve all assignment statements, obtain the symbol table information that comprises each variable information.
11. page leak detection method as claimed in claim 9, it is characterized in that, comprise before step 1 and read detected program's source code, carry out the morphology grammatical analysis and obtain described abstract syntax tree, and further resolve all Evaluation nodes in abstract syntax tree and obtain described symbol table information.
12. page leak detection method as claimed in claim 9 is characterized in that in step 1, abstract syntax tree and symbol table information are provided by external program.
13. page leak detection method as claimed in claim 9, it is characterized in that, described method also comprises: while in described abstract syntax tree, having the node of comprising, resolve all nodes that comprise in described abstract syntax tree, and the path of the involved file of write-back is to described abstract syntax tree.
14. page leak detection method as claimed in claim 13, it is characterized in that, described method also comprises: while in described abstract syntax tree, having the node of comprising, suspend the treatment scheme of described detected program's source code, go to for involved file recurrence and carry out described step 1 to step 4.
15. page leak detection method as claimed in claim 9, it is characterized in that, described method also comprises: while having the constant definition node in described abstract syntax tree, child node analyzed of constant definition node obtained the constant definition value and the constant definition value is written back in abstract syntax tree.
16. page leak detection method as claimed in claim 9, it is characterized in that, described method also comprises: while having the function declaration node in described abstract syntax tree, the relation of resolving the rreturn value of described function and parameter obtains function and makes a summary and be written back in abstract syntax tree.
17. page leak detection method as claimed in claim 15, it is characterized in that, described method also comprises: for the function declaration node, carry out described step 2 to step 4, but if but directly in function inside, find that there is the change of triggering node victim control inputs, be considered as leak and export vulnerability information.
18. page leak detection method as claimed in claim 16, is characterized in that, described method also comprises: when described function inside has the node of comprising, for the described involved file recurrence that comprises node, carry out described step 1 to step 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210182054.5A CN103455759B (en) | 2012-06-05 | 2012-06-05 | A kind of page Hole Detection device and detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210182054.5A CN103455759B (en) | 2012-06-05 | 2012-06-05 | A kind of page Hole Detection device and detection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103455759A true CN103455759A (en) | 2013-12-18 |
| CN103455759B CN103455759B (en) | 2017-03-15 |
Family
ID=49738109
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210182054.5A Active CN103455759B (en) | 2012-06-05 | 2012-06-05 | A kind of page Hole Detection device and detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103455759B (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104850493A (en) * | 2015-04-24 | 2015-08-19 | 百度在线网络技术(北京)有限公司 | Method and device for detecting loophole of source code |
| CN105808423A (en) * | 2016-02-04 | 2016-07-27 | 天津橙子科技有限公司 | Method for constructing execution engine based on WEB engineering test case programming language |
| CN106295346A (en) * | 2015-05-20 | 2017-01-04 | 深圳市腾讯计算机系统有限公司 | A kind of application leak detection method, device and the equipment of calculating |
| CN108875366A (en) * | 2018-05-23 | 2018-11-23 | 四川大学 | A kind of SQL injection behavioral value system towards PHP program |
| CN109002712A (en) * | 2018-06-22 | 2018-12-14 | 北京大学 | A kind of Contaminated Data Analysis method, system and electronic equipment based on value dependency graph |
| CN109241484A (en) * | 2018-09-06 | 2019-01-18 | 平安科技(深圳)有限公司 | A kind of sending method and equipment of the web data based on encryption technology |
| CN109508296A (en) * | 2018-11-22 | 2019-03-22 | 北京知道创宇信息技术有限公司 | Data detection method, device and electronic equipment |
| CN109871693A (en) * | 2019-02-21 | 2019-06-11 | 北京百度网讯科技有限公司 | Method and apparatus for detecting loophole |
| CN110059006A (en) * | 2019-03-29 | 2019-07-26 | 北京创鑫旅程网络技术有限公司 | Code audit method and device |
| CN110245496A (en) * | 2019-05-27 | 2019-09-17 | 华中科技大学 | A kind of source code leak detection method and detector and its training method and system |
| CN110472411A (en) * | 2019-08-20 | 2019-11-19 | 杭州和利时自动化有限公司 | A kind of memory Overflow handling method, apparatus, equipment and readable storage medium storing program for executing |
| CN110532782A (en) * | 2019-07-30 | 2019-12-03 | 平安科技(深圳)有限公司 | A kind of detection method of task execution program, device and storage medium |
| CN110955898A (en) * | 2019-12-12 | 2020-04-03 | 杭州安恒信息技术股份有限公司 | Vulnerability auditing method and system of station building system and related device |
| CN111291373A (en) * | 2020-02-03 | 2020-06-16 | 思客云(北京)软件技术有限公司 | Method, apparatus and computer-readable storage medium for analyzing data pollution propagation |
| CN111475809A (en) * | 2020-04-09 | 2020-07-31 | 杭州奇盾信息技术有限公司 | Script confusion detection method and device, computer equipment and storage medium |
| CN112131573A (en) * | 2020-09-14 | 2020-12-25 | 深信服科技股份有限公司 | Method and device for detecting security vulnerability and storage medium |
| CN114257389A (en) * | 2020-09-22 | 2022-03-29 | 北京安全共识科技有限公司 | Reflection-type XSS detection method and device based on syntactic analysis |
| CN115618363A (en) * | 2022-11-22 | 2023-01-17 | 北京邮电大学 | Vulnerability path mining method and related equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101482847A (en) * | 2009-01-19 | 2009-07-15 | 北京邮电大学 | Detection method based on safety bug defect mode |
| CN101661543A (en) * | 2008-08-28 | 2010-03-03 | 西门子(中国)有限公司 | Method and device for detecting security flaws of software source codes |
| CN101908006A (en) * | 2010-07-30 | 2010-12-08 | 北京理工大学 | GCC abstract syntax tree-based buffer overflow vulnerability detection method |
| CN102185930A (en) * | 2011-06-09 | 2011-09-14 | 北京理工大学 | Method for detecting SQL (structured query language) injection vulnerability |
| CN102385550A (en) * | 2010-08-30 | 2012-03-21 | 北京理工大学 | Detection method for software vulnerability |
-
2012
- 2012-06-05 CN CN201210182054.5A patent/CN103455759B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101661543A (en) * | 2008-08-28 | 2010-03-03 | 西门子(中国)有限公司 | Method and device for detecting security flaws of software source codes |
| CN101482847A (en) * | 2009-01-19 | 2009-07-15 | 北京邮电大学 | Detection method based on safety bug defect mode |
| CN101908006A (en) * | 2010-07-30 | 2010-12-08 | 北京理工大学 | GCC abstract syntax tree-based buffer overflow vulnerability detection method |
| CN102385550A (en) * | 2010-08-30 | 2012-03-21 | 北京理工大学 | Detection method for software vulnerability |
| CN102185930A (en) * | 2011-06-09 | 2011-09-14 | 北京理工大学 | Method for detecting SQL (structured query language) injection vulnerability |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104850493A (en) * | 2015-04-24 | 2015-08-19 | 百度在线网络技术(北京)有限公司 | Method and device for detecting loophole of source code |
| CN106295346B (en) * | 2015-05-20 | 2022-08-30 | 深圳市腾讯计算机系统有限公司 | Application vulnerability detection method and device and computing equipment |
| CN106295346A (en) * | 2015-05-20 | 2017-01-04 | 深圳市腾讯计算机系统有限公司 | A kind of application leak detection method, device and the equipment of calculating |
| CN105808423A (en) * | 2016-02-04 | 2016-07-27 | 天津橙子科技有限公司 | Method for constructing execution engine based on WEB engineering test case programming language |
| CN105808423B (en) * | 2016-02-04 | 2018-11-13 | 天津橙子科技有限公司 | The method for building the enforcement engine based on WEB engineering test use-case programming languages |
| CN108875366A (en) * | 2018-05-23 | 2018-11-23 | 四川大学 | A kind of SQL injection behavioral value system towards PHP program |
| CN109002712A (en) * | 2018-06-22 | 2018-12-14 | 北京大学 | A kind of Contaminated Data Analysis method, system and electronic equipment based on value dependency graph |
| CN109241484A (en) * | 2018-09-06 | 2019-01-18 | 平安科技(深圳)有限公司 | A kind of sending method and equipment of the web data based on encryption technology |
| CN109241484B (en) * | 2018-09-06 | 2023-06-16 | 平安科技(深圳)有限公司 | Method and equipment for sending webpage data based on encryption technology |
| CN109508296A (en) * | 2018-11-22 | 2019-03-22 | 北京知道创宇信息技术有限公司 | Data detection method, device and electronic equipment |
| CN109871693A (en) * | 2019-02-21 | 2019-06-11 | 北京百度网讯科技有限公司 | Method and apparatus for detecting loophole |
| CN110059006A (en) * | 2019-03-29 | 2019-07-26 | 北京创鑫旅程网络技术有限公司 | Code audit method and device |
| CN110245496A (en) * | 2019-05-27 | 2019-09-17 | 华中科技大学 | A kind of source code leak detection method and detector and its training method and system |
| CN110532782A (en) * | 2019-07-30 | 2019-12-03 | 平安科技(深圳)有限公司 | A kind of detection method of task execution program, device and storage medium |
| CN110472411A (en) * | 2019-08-20 | 2019-11-19 | 杭州和利时自动化有限公司 | A kind of memory Overflow handling method, apparatus, equipment and readable storage medium storing program for executing |
| CN110955898A (en) * | 2019-12-12 | 2020-04-03 | 杭州安恒信息技术股份有限公司 | Vulnerability auditing method and system of station building system and related device |
| CN111291373A (en) * | 2020-02-03 | 2020-06-16 | 思客云(北京)软件技术有限公司 | Method, apparatus and computer-readable storage medium for analyzing data pollution propagation |
| CN111291373B (en) * | 2020-02-03 | 2022-06-14 | 思客云(北京)软件技术有限公司 | Method, apparatus and computer-readable storage medium for analyzing data pollution propagation |
| CN111475809A (en) * | 2020-04-09 | 2020-07-31 | 杭州奇盾信息技术有限公司 | Script confusion detection method and device, computer equipment and storage medium |
| CN111475809B (en) * | 2020-04-09 | 2023-10-20 | 杭州奇盾信息技术有限公司 | Script confusion detection method, script confusion detection device, computer equipment and storage medium |
| CN112131573A (en) * | 2020-09-14 | 2020-12-25 | 深信服科技股份有限公司 | Method and device for detecting security vulnerability and storage medium |
| CN114257389A (en) * | 2020-09-22 | 2022-03-29 | 北京安全共识科技有限公司 | Reflection-type XSS detection method and device based on syntactic analysis |
| CN115618363A (en) * | 2022-11-22 | 2023-01-17 | 北京邮电大学 | Vulnerability path mining method and related equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103455759B (en) | 2017-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103455759A (en) | Page loophole detection device and page loophole detection method | |
| CN107832619B (en) | Automatic application program vulnerability mining system and method under Android platform | |
| US10740170B2 (en) | Structure-level anomaly detection for unstructured logs | |
| CN106940773B (en) | Privacy compromise Hole Detection confirmation method based on the analysis of static stain data | |
| CN104298921B (en) | Animation source file security breaches inspection method and device | |
| CN103577324B (en) | Static detection method for privacy information disclosure in mobile applications | |
| CN104331662B (en) | Android malicious application detection method and device | |
| CN112800427B (en) | Webshell detection method and device, electronic equipment and storage medium | |
| CN114579969B (en) | Vulnerability detection method and device, electronic equipment and storage medium | |
| CN104504337A (en) | Method for detecting malicious application disclosing Android data | |
| CN104021084A (en) | Method and device for detecting defects of Java source codes | |
| CN113342639B (en) | Applet security risk assessment method and electronic device | |
| NL2029881A (en) | Methods and apparatus for automatic detection of software bugs | |
| CN104331663A (en) | Detection method of web shell and web server | |
| CN109948334A (en) | A kind of leak detection method, system and electronic equipment and storage medium | |
| CN103914379B (en) | Fault is automatically injected the method with fault detect and system thereof | |
| CN106598866A (en) | smali intermediate language-based static detection system and method | |
| CN114866358B (en) | Automatic penetration testing method and system based on knowledge graph | |
| CN105653946A (en) | Android malicious behavior detection system based on combined event behavior triggering and detection method of Android malicious behavior detection system | |
| CN113596114B (en) | Extensible automatic Web vulnerability scanning system and method | |
| CN105760379A (en) | Webshell page detection method and device based on intra-domain page association | |
| Zhao et al. | A new framework of security vulnerabilities detection in PHP web application | |
| CN108595310A (en) | A kind of log processing method and device | |
| CN107169360A (en) | The detection method and system of a kind of source code security loophole | |
| CN114707152A (en) | Security vulnerability detection method and device for alliance chain intelligent contract |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |