CN103577758B - Method and apparatus for code review procedure - Google Patents

Method and apparatus for code review procedure Download PDF

Info

Publication number
CN103577758B
CN103577758B CN 201210271493 CN201210271493A CN103577758B CN 103577758 B CN103577758 B CN 103577758B CN 201210271493 CN201210271493 CN 201210271493 CN 201210271493 A CN201210271493 A CN 201210271493A CN 103577758 B CN103577758 B CN 103577758B
Authority
CN
Grant status
Grant
Patent type
Application number
CN 201210271493
Other languages
Chinese (zh)
Other versions
CN103577758A (en )
Inventor
汪涛
Original Assignee
西门子公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Abstract

本发明公开了一种利用漏洞模型审核程序代码的方法和装置。 The present invention discloses a method and apparatus exploit the model code review process. 所述利用漏洞模型审核程序代码的方法包括:对程序的源代码进行扫描,当在扫描到功能函数时,确定所述功能函数的输入参数是否被传递到漏洞模型定义的危险函数,和所述输入参数从所述功能函数传递到所述危险函数的路径上是否缺少漏洞模型中定义的检查函数;在确定所述功能函数的输入参数被传递到漏洞模型定义的危险函数,并且所述输入参数从所述功能函数传递到所述危险函数的路径上缺少漏洞模型中定义的检查函数时,将所述功能函数作为新的危险函数加入到漏洞模型中,并确定检测到安全漏洞;所述漏洞模型中至少包含被扫描代码的危险函数和检查函数的定义信息。 The model exploits audit program code comprising: program source code scan, when the scan function to function, the input parameters of the function determines whether the function is passed to the risk vulnerability model definition function, and the from the input parameters passed to the function or lack of function model defined on the vulnerability of the critical function of the path check function; vulnerability is transmitted to the hazard function model defined in function of the input parameter determination function, and the input parameters in the absence of vulnerability check function defined in the model transfer path from the function to the function of the hazard function, the function as a new function added to the function of risk vulnerability model, and determines whether the detected security breach; the vulnerability model of definition information includes at least the critical function and a scanning function to check the code. 采用本发明,能够提高代码审核的效率和适用性。 According to the present invention, it is possible to improve the efficiency and applicability of the code review.

Description

程序的代码审核方法和装置 Method and apparatus for code review procedure

技术领域 FIELD

[0001] 本发明涉及软件安全领域,尤其涉及一种程序的代码审核方法和装置。 [0001] The present invention relates to the field of software security, and particularly to a method and apparatus for code review process.

背景技术 Background technique

[0002] 在软件的开发过程中,需要对软件的源代码进行审核。 [0002] In the software development process, it is necessary to review the software's source code. 代码审核的目的是检测源代码中是否存在安全漏洞并在检测到安全漏洞时发出告警信息。 The purpose of the code is reviewed to detect whether there are security vulnerabilities in the source code and send alerts when it detects security vulnerabilities.

[0003] 其中一种安全漏洞为输入验证(vaI i dat ion)漏洞,该漏洞是由于外部的输入参数没有经过有效的安全检查(即检查该输入参数是否符合设定规范并在不符合规范时对该输入参数进行修正)就被传递到危险函数以作为该危险函数的输入参数所造成的。 [0003] One input security vulnerability verification (vaI i dat ion) vulnerability is due to the external input parameter is not valid after the security check (i.e., check whether the input parameter set does not meet specifications and specification correcting the input parameters) is passed to a hazard function as a function of the input parameters of the danger caused. 危险函数又称为引爆点(sink),是根据传入的输入参数而执行特定操作的函数。 Critical function, also known as a tipping point (sink), is a function of the particular operation performed based on the input parameters passed. 例如,对数据库的SQL查询函数、HTML页面的输出函数和操作系统命令的执行函数等,在输入参数不符合规范时,危险函数的调用会对软件系统带来安全问题。 For example, SQL database query function, the output function of HTML pages and perform functions such as operating system commands, when the input parameters does not meet specifications, the risk of function calls software system will bring security problems. 因此,恶意攻击者可以通过输入不符合规范的参数来达到攻击软件系统的目的。 Therefore, a malicious attacker can not meet the standard parameters by entering achieve the purpose of the attack software systems.

[0004] 目前,使用代码审核工具检测输入验证漏洞的方法如下:代码审核工具在源代码中查找漏洞模型中定义的作为扫描起始点的函数,并从该函数开始进行代码扫描,通过代码扫描确定外部的输入参数的传递路径,在该输入参数没有经过安全检查就到达漏洞模型中定义的危险函数时,确定检测到安全漏洞并发出告警信息。 [0004] Currently, code review tools to detect input validation vulnerability as follows: Code Review Tool lookup functions defined in the model as a vulnerability scan starting point in the source code, and begins scanning from the function code, the code is determined by scanning when the transmission path of the external input parameters, the input parameters in the security check proceeds without risk vulnerability function defined in the model, determine whether the detected security vulnerabilities and send alerts.

[0005] 本发明人发现现有技术存在以下缺陷: [0005] The present inventors have found the following defects in the prior art:

[0006] 其一,代码审核工具在代码审核过程中需要通过代码扫描确定外部的输入参数到危险函数之间的路径,工作量较大,效率较低。 [0006] First, the code review tool is determined by the code in the code review process scan path between the input parameters to the outside dangerous functions, larger workload, low efficiency.

[0007] 其二,在输入参数经过安全检查,但安全检查后的输入参数仍不安全的情况下,并不会发出告警信息,但实际上此时是会导致安全漏洞的,安全漏洞检测方法的适用性较低。 [0007] Second, in the input parameters through security checks, but the input parameters after the security check is still not safe, and will not issue warning information, but in fact at this time will lead to security vulnerabilities, security vulnerability detection method low applicability. 例如在检查函数检查到不安全的输入参数而不对其进行修正时,当其它的函数调用该输入参数时仍然存在安全漏洞。 For example, when checking function checks the input parameters to unsafe without amending them, when other function call the input parameters are still vulnerable.

[0008] 其三,在漏洞模型中仅使用类名和方法名定义作为扫描起始点的函数,由于类名和方法名具有全局唯一性,因此,需要将各个函数逐个定义在漏洞模型中,这导致定义漏洞模型的工作量较大,效率低下,同时定义模式单一。 [0008] Third, in the vulnerability model use only the class and method names defined as a function of the scanning starting point, since the class and method names have global uniqueness, therefore, necessary to each function individually defined in the vulnerability model, which leads to the definition of workload vulnerability model of large, inefficient, while a single definition mode. 相应地在确定代码扫描的起始点时,需要逐条读取漏洞模型中定义的函数,导致审核效率较低。 Accordingly, in determining the starting point of scanning the code, it is necessary to read one by one vulnerability function defined in the model, resulting in lower efficiency review.

发明内容 SUMMARY

[0009] 在本发明中,危险函数又称为引爆点(sink),是根据传入的输入参数而执行特定操作的函数。 [0009] In the present invention, also known as critical function the tipping point (sink), is a function of the particular operation performed based on the input parameters passed. 在其输入参数不符合规范时危险函数被调用会对系统带来安全问题。 When its input parameters do not meet the specifications danger function is called the system will bring security problems. 检查函数是用于对外部的输入参数进行安全检查的函数,源函数为接收程序外部的输入参数的函数。 The check function is a function of the input parameters for security inspection external source as a function of the input parameters of the function of receiving an external program. 功能函数是未被定义为危险函数和检查函数的函数。 Performance function is a function not defined as dangerous function and check function.

[0010] 根据本发明的一个方面,提供一种利用漏洞模型审核程序代码的方法,该方法包括: [0010] In accordance with one aspect of the invention, the program code audit method to provide a model using the vulnerability, the method comprising:

[0011] 对程序的源代码进行扫描,当在扫描到功能函数时,确定所述功能函数的输入参数是否被传递到漏洞模型定义的危险函数、和所述输入参数从所述功能函数传递到所述危险函数之间的路径上是否缺少漏洞模型中定义的检查函数; [0011] The source code of the program scan, when the scan function to the function, the function of determining whether the input parameters are passed to the function model risk vulnerability definition function, and the input parameters passed to the function from the function check whether the lack of vulnerability in the model function defined on a path between the hazard function;

[0012] 在确定所述功能函数的输入参数被传递到漏洞模型定义的危险函数,并且所述输入参数从所述功能函数传递到所述危险函数的路径上缺少漏洞模型中定义的检查函数时, 将所述功能函数作为新的危险函数加入到漏洞模型中,并确定存在安全漏洞;所述漏洞模型中至少包含被扫描代码的危险函数和检查函数的定义信息。 When the [0012] function is passed to the risk vulnerability model defined in the input parameters determining the performance function, the lack of vulnerability and the input path defined in the model parameters from said transfer function is a function to check the function of the critical function , the function as a new function added to the function of risk vulnerability model, and determines there are security vulnerabilities; vulnerabilities the model definition information comprising at least the critical function and a scanning function to check the code.

[0013] 在扫描到的功能函数的输入参数被传递到危险函数,并且所述输入参数从所述功能函数到所述危险函数之间的路径上缺少检查函数时,将所述功能函数作为新的危险函数加入到漏洞模型中。 [0013] in the input parameters are passed to the function of the scanning function to a function of risk, and the input parameters from the function to the function of the check function in the absence of a path between the risk function, the function as a new function dangerous functions added to the vulnerability model. 该方案实现了危险函数的自学习功能,进而能够缩短代码审核所需的时间。 The program realized the danger of self-learning function, and thus can reduce the time required for code review. 例如,若源代码中存在的外部输入参数到危险函数之间的一条传递路径为AB-CD,其中A、D分别为漏洞模型中定义的源函数和危险函数,在没有危险函数的自学习功能时,在根据漏洞模型进行代码扫描的过程中需要扫描的路径为ABCD;在增加了上述危险函数的自学习功能后,如果在自学习过程中将C函数作为新的危险函数加入到了漏洞模型中,之后在根据该漏洞模型进行代码扫描的过程中需要扫描的路径变为ABC,这样就缩短了代码扫码所需的时间,提高了代码审核的效率。 For example, if the external input parameter is present in the source code to a transmission path between the critical function of AB-CD, wherein A, D vulnerabilities are defined in the model and source function hazard function, the self-learning function without risk when, during the code scanning according to the vulnerability in the model to scan path ABCD; the increase in the self-learning functions of the hazard function of the post, if the self-learning C function during the addition as a new critical function to the vulnerability model after the scanning process based on the code vulnerability model becomes necessary to scan the path ABC, thus shortening the time required to scan the code symbols to improve the efficiency of code audit.

[0014] 较佳地,在扫描到检查函数时,根据记录在漏洞模型中该检查函数输入值(InputValue)的属性信息,确定经过该检查函数的安全检查后的输入参数是否安全; [0014] Preferably, when scanning function to check, in accordance with the recording function to check the vulnerabilities model input value (InputValue) attribute information, determining the input parameters through the security check function checks whether the security;

[0015] 在确定输入参数不安全并且该不安全的输入参数被传递到漏洞模型定义的危险函数时,确定检测到安全漏洞。 [0015] In determining the input parameter unsafe and unsafe input parameters are passed to the function of risk vulnerability model definition, to determine whether the detected security vulnerabilities.

[0016] 通过根据检查函数输入值的属性信息判断经过该检查函数的安全检查后的输入参数的安全性,并在输入参数不安全并且该不安全的输入参数被传递到危险函数时,确定检测到安全漏洞,能够检测到现有技术中无法检测到的由于检查函数的无效检查使得不安全的输入参数被传递到危险函数,所造成的安全漏洞。 [0016] inputted through the security parameters after the security check function to check the attribute information determined input value check function, the input parameters and the unsafe and unsafe input parameters are passed to a hazard function, determining detection security breach, security breach can be detected in the prior art can not be detected due to invalid check function checks that the input parameters are passed to the risk of unsafe function caused. 因此,本发明的该实施方式可以进一步提尚代码审核的准确性。 Thus, this embodiment of the present invention may be still further improved accuracy of the code audit.

[0017] 或者可选择地,在扫描到检查函数时,进一步包括: [0017] or, alternatively, when scanning function to check, further comprising:

[0018] 根据记录在漏洞模型中的该检查函数返回值(ReturnVaIue)的属性信息,确定该检查函数的返回参数是否安全; [0018] The recording of the vulnerability inspection function return value model (ReturnVaIue) attribute information, determines whether the return parameters to check the safety function;

[0019] 在确定返回参数不安全并且该返回参数传递到漏洞模型定义的危险函数时,确定存在安全漏洞。 [0019] In determining the parameters return to unsafe and the return parameters passed to the function of risk vulnerability model definition, to determine the presence of security vulnerabilities.

[0020] 在本发明实施方式中,通过根据检查函数返回值的属性信息判断该检查函数的返回参数的安全性,并在返回参数不安全并且该返回参数传递到危险函数时,确定检测到安全漏洞。 [0020] In an embodiment of the present invention, the determination of the return parameters security check function returns the value by the check function according to the attribute information, and the return argument and returns an unsafe parameter passed to the hazard function, determines whether the detected security vulnerability. 该实施方式能够检测到现有技术中无法检测到由于检查函数的不安全的返回参数被传递到危险函数,所造成的安全漏洞。 This embodiment can detect the prior art can not detect unsafe due to security vulnerabilities check function return parameter is passed to a hazard function, it caused. 因此,本发明的该实施方式可以进一步提高代码审核的准确性。 Thus, this embodiment of the present invention can further improve the accuracy of code audit.

[0021] 较佳地,在对程序的源代码进行扫描之前,进一步包括: [0021] Preferably, prior to scanning of the source code program, further comprising:

[0022] 读取漏洞模型中使用父类(superclass)定义的源函数,在源代码中查找该父类的子类的函数,并将查找到的函数确定为代码扫描的起始点;和/或, [0022] The model used to read the vulnerability parent class (the superclass) defined source function, find the subclass is the parent class in the source code, and is determined to find the starting point of the code scanning function; and / or ,

[0023] 读取漏洞模型中使用接口(interface)定义的源函数,在源代码中查找使用该接口的类的函数,并将查找到的函数确定为代码扫描的起始点;所述源函数为接收程序外部的输入参数的函数。 [0023] model using an interface to read vulnerability (interface) defined by the source function, look in the source code using the function of the interface classes, and determines the starting point for the code to find a function of scan; the source function function input parameters received external program.

[0024] 在本发明实施方式中,漏洞模型中的源函数使用父类和/或接口进行定义,这样就减少了定义漏洞模型的工作量。 [0024] In an embodiment of the present invention, the vulnerability of the model function uses source parent class and / or interfaces are defined, thus reducing the workload definition of the vulnerability model. 同时,在确定代码扫描的起始点时,可以直接通过查找该父类的子类的函数和/或使用该接口的类的函数来确定代码扫描的起始点,与现有技术中逐条读取漏洞模型中使用类名和方法名定义的源函数作为代码扫描起始点的方法相比,本发明实施方式的效率更高,进而提高了代码审核的效率。 Meanwhile, when the code determine the starting point of scanning, by looking directly the subclass of the parent class and / or the function of the interface class to determine the starting point of code scanning, one by one prior art read vulnerability used in the model as compared to the class and method names defined as a function of the source code for a method of scanning starting point, more efficient embodiment of the present invention, thereby improving the efficiency of code audit.

[0025] 较佳的,在将所述功能函数作为新的危险函数加入到漏洞模型中时,进一步包括: [0025] Preferably, the function when the function is added to the model as a new vulnerability dangerous functions, further comprising:

[0026] 将输入参数从所述功能函数传递到所述危险函数的所述路径上除所述功能函数之外的第一个函数的信息(例如函数名和类名),作为新的危险函数的根原因(rootcause) 属性信息记录在漏洞模型中,以用于安全漏洞的原因定位分析。 [0026] The input parameters from the function information to the function (e.g., function names and class names) on the path of the critical function of a function other than the function of the first function, a function as a new dangerous root Cause (rootcause) attribute information recorded in the vulnerability model to locate the reason for security vulnerabilities analysis.

[0027] 在本发明实施方式中,将扫描到的功能函数的输入参数到从所述功能函数到危险函数之间的路径上、除所述功能函数之外的第一个函数的信息,作为新的危险函数即所述功能函数的根原因属性信息记录在漏洞模型中,那么,在发出一条关于所述功能函数的安全漏洞告警信息后,人工进行安全漏洞原因定位分析时,可以根据所述功能函数的根原因属性信息找到所述路径上的所述第一个函数,若该第一个函数为所述危险函数,则可以确定安全漏洞是由于所述危险函数的输入参数未得到有效安全检查造成的,安全漏洞原因定位分析结束;若该第一个函数不是所述危险函数,则继续根据该第一个函数的根原因属性信息找到下一个函数,依此类推,直到找到所述危险函数时,可以确定安全漏洞是由于该危险函数的输入参数未得到有效安全检查造成的,安 [0027] In an embodiment of the present invention, the scanning function of the input parameters to the function from function to function on the path between the hazard function, the first function information of a function other than the function as i.e. when a new function of the root cause danger attribute information recorded in the vulnerability of the performance function model, then, after issuing a warning message regarding the security vulnerability functions, a security vulnerability analysis manually positioning reasons, according to the attribute information of the root cause of the performance function found on the path of the first function if the first function is a function of the hazard, security vulnerabilities may be determined because the critical function of the input parameters have not been effective and safe check the cause of security vulnerabilities to locate the end of the analysis; if the first one is not a function of the hazard function, continue to the next function to find information based on the root causes of the properties of the first function, and so on, until you find the dangerous when the function, you can determine the security vulnerability is due to input parameters of the hazard function have not been effective due to security checks, security 漏洞原因定位分析结束。 Vulnerability to locate the end of the analysis. 可见,该实施方式能够使安全漏洞原因得到准确定位。 Seen, this embodiment enables accurate positioning of security vulnerabilities reasons.

[0028] 根据本发明的另一个方面,提供一种利用漏洞模型审核程序代码的装置,该装置包括: [0028] According to another aspect of the present invention, the audit program code means vulnerability model provides a use, the apparatus comprising:

[0029] 代码扫描单元,用于对程序的源代码进行扫描,当在扫描到一个功能函数时,确定所述功能函数的输入参数是否被传递到漏洞模型定义的危险函数,和所述输入参数从所述功能函数传递到所述危险函数的路径上是否缺少漏洞模型定义的检查函数; [0029] The scanning unit of code, the source code for the program to scan, when the scan function to a function, the function of determining whether the input parameters are passed to the function model risk vulnerability definition function, and the input parameters whether the lack of vulnerability check function model defined path transfer function from the function to the function of the danger;

[0030] 函数添加单元,用于在所述代码扫描单元确定所述功能函数的输入参数被传递到漏洞模型定义的危险函数,并且所述输入参数从所述功能函数传递到所述危险函数的路径上缺少漏洞模型定义的检查函数时,将所述功能函数作为新的危险函数加入到漏洞模型中,并确定检测到安全漏洞;所述漏洞模型中至少包含被扫描的代码的危险函数和检查函数的定义信息。 [0030] The function adding unit for determining said function in said code scanning function unit input parameters are passed to the model defined risk vulnerability function, and the input parameters from the function to the function of the hazard function in the absence of vulnerability check function model defined path, the performance function is added as a new function to the risk vulnerability model, and determines whether the detected security breach; the vulnerability model function including at least the risk of being scanned and checking code definition information function.

[0031] 在扫描到的功能函数的输入参数被传递到危险函数并且所述输入参数从所述功能函数到所述危险函数之间的路径上缺少检查函数时,将所述功能函数作为新的危险函数加入到漏洞模型中,从而实现了危险函数的自学习功能,进而能够缩短代码审核所需的时间。 [0031] When an input parameter to the function of the scanning function is transferred to the hazard function and the input parameters of the function from the function to check the lack of a path between the hazard function as a function of the new functionality dangerous loophole function added to the model in order to achieve a self-learning function hazard function, and thus can reduce the time required to review the code. 举例说明,若源代码中存在的外部的输入参数到危险函数之间的一条传递路径为ABCD,其中A、D分别为漏洞模型中定义的源函数和危险函数,在没有危险函数的自学习功能时,在根据漏洞模型进行代码扫描的过程中需要扫描的路径为ABCD;在增加了危险函数的自学习功能后,如果在自学习过程中将C函数作为新的危险函数加入到漏洞模型中,则之后在根据该漏洞模型进行代码扫描的过程中需要扫描的路径为ABC,这样,就就缩短了代码扫码所需的时间,进而缩短了代码审核所需的时间,提高了代码审核的效率。 Way of example, if the external input parameters present in the source code to a transmission path between the hazard function as ABCD, where A, D are as defined in the vulnerability source function model and hazard function, the self-learning function without risk when, in the process according to the vulnerability code scanning to scan the model path ABCD; increased risk of self-learning function, the C function if the self-learning procedure will be as a new function is added to the vulnerability risk model, after the process of the code scanning according to the vulnerability model to scan path ABC, so that it shortens the time required for the code scan code, thereby shortening the time required to review the code, improve the efficiency of the code audit .

[0032] 根据本发明实施例的另一个方面,提供一种利用漏洞模型审核程序代码的方法, 该方法包括: [0032] According to another aspect of embodiments of the present invention, the program code audit method to provide a model using the vulnerability, the method comprising:

[0033] 对程序的源代码进行扫描,在扫描到一个检查函数时: [0033] The source code of the program is scanned in a scan function check:

[0034] 根据预先定义在漏洞模型中该检查函数输入值的属性信息,确定经过该检查函数的安全检查后的输入参数是否安全;在确定输入参数不安全并且该不安全的输入参数被传递到漏洞模型定义的危险函数时,确定检测到安全漏洞;所述漏洞模型中至少包含被扫描代码的检查函数的定义信息;和/或, [0034] The attribute information input function of the value of the inspection vulnerabilities predefined model, the parameters determined through the input of the security check function checks whether security; is transmitted to the input parameter in the determination of the unsafe and unsafe input parameters when the vulnerability critical function model definition, to determine whether the detected security breaches; the vulnerability definition information model comprises at least checking the function code is scanned; and / or,

[0035] 根据预先定义在漏洞模型中该检查函数返回值的属性信息,确定经过该检查函数的返回参数是否安全;在确定返回参数不安全并且该返回参数被传递到漏洞模型定义的危险函数时,确定检测到安全漏洞。 [0035] The check function returns the value of the attribute information in the vulnerability model parameters determined through the return check function according to whether a predefined safety; return parameters identify unsafe and the return parameter is passed to a function defined risk models vulnerability , determining whether the detected security vulnerabilities.

[0036] 通过根据检查函数输入值的属性信息判断经过该检查函数的安全检查后的输入参数的安全性,并在输入参数不安全并且该不安全的输入参数被传递到危险函数时发出检测到安全漏洞的告警信息,能够检测到现有技术中无法检测到的由于检查函数的无效检查使得不安全的输入参数被传递到危险函数,所造成的安全漏洞。 [0036] By detecting the emitted via the security input parameters after the security check function of the check, and the input parameter and the insecure unsafe input parameters are passed to a hazard function determines the attribute information check function input value alarm information security vulnerabilities can be detected in the prior art can not be detected is transmitted to the hazard function, due to the security vulnerability caused by invalid check function checks the input parameters such that unsafe. 因此,本发明实施方式可以进一步提尚代码审核的准确性。 Thus, embodiments of the present invention can be still further improved accuracy of the code audit.

[0037] 通过根据检查函数返回值属性信息判断该检查函数的返回参数的安全性,并在返回参数不安全并且该返回参数传递到危险函数时发出检测到安全漏洞的告警信息,能够检测到现有技术中无法检测到的由于检查函数的不安全的返回参数被传递到危险函数,所造成的安全漏洞。 [0037] The inspection is determined by the return value of the function returns the attribute information of the security check function parameters, and an alarm information detected security vulnerabilities in the return parameters passed insecurity and the return to the hazard function parameter, the current can be detected art can not be detected due to unsafe check function's return parameters are passed to the function danger, caused by security vulnerabilities. 因此,本发明实施方式可以进一步提高代码审核的准确性。 Thus, embodiments of the present invention can further improve the accuracy of code audit.

[0038] 进一步的,在对程序的源代码进行扫描之前,进一步包括: [0038] Further, prior to scanning of the source code program, further comprising:

[0039] 读取漏洞模型中使用superclass定义的源函数,在源代码中查找该父类的子类的函数,并将查找到的函数确定为代码扫描的起始点;和/或, [0039] Vulnerability read function superclass source used in the model definition, to find the subclass of the parent class in the source code, and the code determine the starting point of scanning to find a function; and / or,

[0040] 读取漏洞模型中使用interface定义的源函数,在源代码中查找使用该接口的类的函数,并将查找到的函数确定为代码扫描的起始点;所述源函数为直接接收程序外部的输入参数的函数。 [0040] Vulnerability read source used in the model interface functions defined lookup function using the interface class in the source code, and determined to find the starting point of the code scanning function; the source is a direct function of receiving program function input parameters outside.

[0041] 漏洞模型中的源函数使用父类和/或接口进行定义,在确定代码扫描的起始点时, 可以直接通过查找该父类的子类的函数和/或使用该接口的类的函数来确定代码扫描的起始点,与现有技术中逐条读取漏洞模型中使用类名和方法名定义的源函数作为代码扫描的起始点相比,本发明实施方式的效率更高,进而提高了代码审核的效率。 [0041] Vulnerability model source function defined using the parent class and / or interfaces, in determining the starting point of the code scanning function can find the subclass of the parent class and / or class of this interface is directly scanning the code to determine the starting point, the prior art one by one to read the source function used in the model vulnerability class and method names defined as a starting point of code scanning as compared to more efficient embodiment of the present invention, further improve code efficiency audit.

[0042] 根据本发明实施例的另一个方面,提供一种利用漏洞模型审核程序代码的装置, 该装置包括: [0042] According to another aspect of the present invention embodiment, the audit program code means vulnerability model provides a use, the apparatus comprising:

[0043] 代码扫描单元,用于对程序的源代码进行扫描; [0043] Code scanning means for scanning the source code program;

[0044] 漏洞确定单元,用于在所述代码扫描单元扫描到一个检查函数时: [0044] vulnerability determination unit, when a scanning unit scans said code to a checking function:

[0045] 根据记录在漏洞模型中该检查函数输入值的属性信息,确定经过该检查函数的安全检查后的输入参数是否安全;在确定输入参数不安全并且该不安全的输入参数被传递到漏洞模型定义的危险函数时,确定检测到安全漏洞;所述漏洞模型中至少包含被扫描代码的检查函数的定义信息;和/或, [0045] The recording information of the attribute value input function checks vulnerabilities model parameters determined through the input of the security check function checks whether security; is transmitted to the input parameters in determining the vulnerability unsafe and unsecure the input parameters when risk model definition function, determines whether the detected security breaches; the vulnerability definition information model comprises at least checking the function code is scanned; and / or,

[0046] 根据预先定义在漏洞模型中该检查函数返回值的属性信息,确定经过该检查函数的返回参数是否安全;在确定返回参数不安全并且该返回参数被传递到漏洞模型定义的危险函数时,确定检测到安全漏洞;所述漏洞模型中至少包含被扫描代码的检查函数的定义信息。 [0046] The check function returns the value of the attribute information in the vulnerability model parameters determined through the return check function according to whether a predefined safety; return parameters identify unsafe and the return parameter is passed to a function defined risk models vulnerability , determining whether the detected security breaches; model comprises at least the vulnerability information checking function is defined as a scan code.

[0047] 通过根据检查函数输入值的属性信息判断经过该检查函数的安全检查后的输入参数的安全性,并在输入参数不安全并且该不安全的输入参数被传递到危险函数时,确定检测到安全漏洞,能够检测到现有技术中无法检测到的由于检查函数的无效检查使得不安全的输入参数被传递到危险函数,所造成的安全漏洞。 [0047] inputted through the security parameters after the security check function to check the attribute information determined input value check function, the input parameters and the unsafe and unsafe input parameters are passed to a hazard function, determining detection security breach, security breach can be detected in the prior art can not be detected due to invalid check function checks that the input parameters are passed to the risk of unsafe function caused. 因此,本发明实施方式可以进一步提高代码审核的适用性。 Thus, embodiments of the present invention may further improve the applicability of the code review.

[0048] 通过根据检查函数返回值的属性信息判断该检查函数的返回参数的安全性,并在返回参数不安全并且该返回参数传递到危险函数时,确定检测到安全漏洞,能够检测到现有技术中无法检测到的由于检查函数的不安全的返回参数被传递到危险函数,所造成的安全漏洞。 [0048] The return value is determined according to the attribute information check function returns the check function of the security parameters, and the return argument and returns an unsafe parameter passed to the hazard function, determines whether the detected security breach can be detected prior technology can not be detected security vulnerabilities due to the unsafe check function's return parameters are passed to the function danger, it caused. 因此,本发明实施方式可以进一步提高代码审核的准确性。 Thus, embodiments of the present invention can further improve the accuracy of code audit.

[0049] 根据本发明实施例的再一个方面,提供一种利用漏洞模型审核程序代码的方法, 该方法包括: [0049] According to a further embodiment of the present invention, there is provided a method of auditing models exploit the program code, the method comprising:

[0050] 读取漏洞模型中使用superclass定义的源函数,在程序的源代码中查找该父类的子类的函数,并将查找到的函数确定为代码扫描的起始点;和/或,读取漏洞模型中使用interface定义的源函数,在所述源代码中查找使用该接口的类的函数,并将查找到的函数确定为代码扫描的起始点; [0050] Vulnerability read function superclass source used in the model definition, to find the subclass of the parent class in the source code of the program, and determines the starting point to find a code scanning function; and / or read defined using the interface function takes vulnerability source model, the lookup class function of the interface used in the source code, and determines the starting point for the code to find a function of scan;

[0051] 从所述起始点开始对所述源代码进行扫描;所述源函数为直接接收程序外部的输入参数的函数。 [0051] Start scan of the source code from the starting point; the source as a function of the input parameters of the function of directly receiving an external program.

[0052] 在本发明实施方式中,漏洞模型中的源函数使用父类和/或接口进行定义,在确定代码扫描的起始点时,可以直接通过查找该父类的子类的函数和/或使用该接口的类的函数来确定代码扫描的起始点,与现有技术中逐条读取漏洞模型中使用类名和方法名定义的源函数作为代码扫描的起始点相比,本发明实施方式的效率更高,进而提高了代码审核的效率。 [0052] In an embodiment of the present invention, the vulnerability of the model function uses source parent class and / or interface defined, in determining the starting point of the code scanning can be produced by a direct lookup of the subclass of the parent class and / or function using the interface class to determine the starting point of code scanning to the prior art one by one vulnerability function reads the source used in the model class and method names defined as a starting point of code scanning as compared with the efficiency of the embodiment of the present invention higher, thereby increasing the efficiency of the code review.

[0053] 根据本发明实施例的再一个方面,提供一种利用漏洞模型审核程序代码的装置, 该装置包括: [0053] According to a further embodiment of the aspect of the invention, the vulnerability model audit program code means provides a use, the apparatus comprising:

[0054] 起始点确定单元,用于读取漏洞模型中使用superc I as s定义的源函数,在程序的源代码中查找该父类的子类的函数,并将查找到的函数确定为代码扫描的起始点;和/或, 读取漏洞模型中使用interface定义的源函数,在所述源代码中查找使用该接口的类的函数,并将查找到的函数确定为代码扫描的起始点; [0054] The starting point determination means for reading the model using the vulnerability superc I as s function defined source, find the subclass of the parent class in the source code of the program, and determines the found function codes the starting point of scanning; and / or used in the model reading vulnerability source interface defined function, a lookup function using the interface type in the source code, and determines the starting point for the code to find a function of scan;

[0055] 代码扫描单元,用于从所述起始点开始对所述源代码进行扫描;所述源函数为直接接收程序外部的输入参数的函数。 [0055] The scanning unit of code, source code for starting the scanning from the starting point; the source as a function of the input parameters of the function of directly receiving an external program.

[0056] 在本发明实施方式中,漏洞模型中的源函数使用父类和/或接口进行定义,在确定代码扫描的起始点时,可以直接通过查找该父类的子类的函数和/或使用该接口的类的函数来确定代码扫描的起始点,与现有技术中逐条读取漏洞模型中使用类名和方法名定义的源函数作为代码扫描的起始点相比,本发明实施方式的效率更高,进而提高了代码审核的效率。 [0056] In an embodiment of the present invention, the vulnerability of the model function uses source parent class and / or interface defined, in determining the starting point of the code scanning can be produced by a direct lookup of the subclass of the parent class and / or function using the interface class to determine the starting point of code scanning to the prior art one by one vulnerability function reads the source used in the model class and method names defined as a starting point of code scanning as compared with the efficiency of the embodiment of the present invention higher, thereby increasing the efficiency of the code review.

附图说明 BRIEF DESCRIPTION

[0057] 下文将以明确易懂的方式通过对优选实施方式的说明并结合附图来对本发明上述特性、技术特征、优点及其实施方式予以进一步说明,其中: Further Description [0057] will be clear and understandable manner described below by way of preferred embodiments in conjunction with the features of the present invention to the above-described technical features, and advantages of the embodiments to be drawings in which:

[0058] 图1为本发明实施方式的第一种程序的代码审核方法的流程示意图; Code review process flow of a first program [0058] Figure 1 is a schematic view of an embodiment of the invention;

[0059] 图2为本发明实施方式的第二种程序的代码审核方法的流程示意图; A second method of code review process program [0059] FIG. 2 is a schematic view of an embodiment of the invention;

[0060] 图3为本发明实施方式的第三种程序的代码审核方法的流程示意图; A third method of the code review process program [0060] FIG. 3 is a schematic view of an embodiment of the invention;

[0061] 图4为本发明实施方式的第四种程序的代码审核方法的流程示意图; The method of the fourth code review process program [0061] FIG. 4 is a schematic view of an embodiment of the invention;

[0062] 图5为本发明实施方式的第五种程序的代码审核方法的流程示意图; Code review process flow of the fifth program [0062] FIG. 5 is a schematic view of an embodiment of the invention;

[0063] 图6为本发明实施方式的第六种程序的代码审核方法的流程示意图; Code review process flow of the sixth program [0063] FIG. 6 is a schematic view of an embodiment of the invention;

[0064] 图7为本发明实施方式的第七种程序的代码审核方法的流程示意图; Code review process flow of the seventh program [0064] FIG. 7 is a schematic view of an embodiment of the present invention;

[0065] 图8为本发明实施方式的第一种程序的代码审核装置的结构示意图; A program of the configuration of the [0065] embodiment of the present invention FIG 8 is a schematic view of the code audit apparatus;

[0066] 图9为本发明实施方式的第二种程序的代码审核装置的结构示意图; The second program structure [0066] FIG. 9 embodiment of the present invention means a schematic code audit;

[0067] 图10为本发明实施方式的第三种程序的代码审核装置的结构示意图。 [0067] FIG. 10 is a schematic diagram of a third structure of the code audit apparatus according to an embodiment of the present invention program.

具体实施方式 detailed description

[0068] 实施例一: [0068] Example a:

[0069] 参见图1,本实施例提供一种程序的代码审核方法,包括以下步骤: [0069] Referring to Figure 1, embodiments provide a program code audit method of the present embodiment, comprising the steps of:

[0070] 步骤10:对程序的源代码进行扫描,在扫描到功能函数时,确定该功能函数的输入参数是否被传递到漏洞模型定义的危险函数,和该输入参数从该功能函数传递到该危险函数的路径上是否缺少漏洞模型定义的检查函数; [0070] Step 10: the source code of the program scan, when the scan-to-function, it is determined whether the input parameters of the function of the function is passed to a hazard function vulnerability model definition, and the input parameters from the performance function to the are you missing vulnerability model defined function to check the path of danger function;

[0071] 这里,确定功能函数的输入参数从该功能函数传递到该危险函数的路径上是否缺少漏洞模型定义的检查函数,具体实现方法可以为:将该输入参数从该功能函数传递到该危险函数的路径上的各函数与漏洞模型定义的检查函数进行比对,若比对结果为该路径上的所有函数与漏洞模型定义的检查函数均不相同,则确定该路径上缺少漏洞模型定义的检查函数,若比对结果为该路径上的至少一个函数与漏洞模型定义的检查函数相同,则确定该路径上不缺少漏洞模型定义的检查函数。 Whether the lack of vulnerability check function defined on the model [0071] Here, the input parameter is determined from the transfer function of the function to the function hazard function path, the method may be embodied as follows: pass the input parameters to the function from the function dangerous each function model and vulnerability check function defined function on the path for comparison, if all function models and vulnerability check function defined on the path are not the same for the comparison result, it is determined that the lack of vulnerability definition of the path model check function, if the function is the same as at least a model of flaw inspection function defined on the path for the comparison result, it is determined that no shortage of vulnerability check function model defined on the path. 比如,漏洞模型定义的检查函数包括函数E,功能函数的输入参数从该功能函数传递到该危险函数的路径为A->B->C->D,由于该路径上的函数A、B、C和D与漏洞模型定义的检查函数均不相同,则确定该路径上缺少漏洞模型定义的检查函数;又比如,漏洞模型定义的检查函数包括函数C和函数E,功能函数的输入参数从该功能函数传递到该危险函数的路径为A->B->C->D->E,由于该路径上的函数C和E与漏洞模型定义的检查函数相同,则确定该路径上不缺少漏洞模型定义的检查函数。 For example, the model definition of the vulnerability inspection function including function E, the function of the function of the input parameters passed to the function path of the function from the critical function of A-> B-> C-> D, since the function on the path A, B, C and D are defined vulnerability check function models are not the same, it is determined that the lack of vulnerability check function model defined on the path; another example, the model definition of the vulnerability inspection functions including functions and C function E, the input parameters from the performance function path function passed to the function hazard function of A-> B-> C-> D-> E, C and E are the same functions with the vulnerability of the model on a defined path check function, it is determined that the path does not lack loopholes check the model defined function.

[0072] 步骤11:在确定该功能函数的输入参数被传递到漏洞模型定义的危险函数,并且该输入参数从该功能函数传递到该危险函数的路径上缺少漏洞模型定义的检查函数时,将该功能函数作为新的危险函数加入到漏洞模型中,并确定检测到安全漏洞。 [0072] Step 11: the absence of the vulnerability model definition check function in determining the input parameters of the function of the function is passed to a hazard function vulnerability model definition, and the input parameters from the performance function to the critical function of the path, this feature was added to the vulnerability function model as a new danger function and determines that detected security vulnerabilities.

[0073] 举例说明,当扫描到下面的函数Func3时,由于Func3的输入参数call3argl被传递到了漏洞模型中定义的危险函数,即数据库查询(executeQuery)函数,并且call3argl从Func3到executeQuery函数之间缺少检查函数,因此,将Func3作为新的危险函数加入到漏洞模型中,并将executeQuery函数的函数名或者类名作为Func3的rootcause属性信息记录在漏洞模型中,并确定检测到安全漏洞。 [0073] an example, when scanning the following function Func3, since Func3 input parameters call3argl is passed to the hazard function vulnerability defined in the model, i.e., database queries (executeQuery) function, and call3argl from Func3 between executeQuery function is missing check function, therefore, the risk Func3 added as a new function to the vulnerability model, and the name of the function or executeQuery class name as the attribute information recorded Func3 rootcause vulnerability in the model, and determines whether the detected security breach.

[0074] 当扫描到函数Func2时,由于Func2的输入参数call2arg3被最终传递到了executeQuery函数,并且call2arg3从Func2到executeQuery函数的路径上缺少检查函数, 因此,将Func2作为新的危险函数加入到漏洞模型中。 [0074] When scanning a function Func2, the input parameters call2arg3 Func2 is eventually passed to executeQuery function, and call2arg3 missing check function on a path Func2 to executeQuery function, therefore, the Func2 as a new dangerous functions added to the vulnerability Model in. 并将Func3函数的函数名作为Func2的rootcause属性信息记录在漏洞模型中。 Func3 function name and function as rootcause Func2 attribute information recorded in the vulnerability model.

[0075] 当扫描到函数Funcl时,由于Funcl的输入参数calllargl和calllarg2被最终传递到了executeQuery 函数,并且cal Ilargl和call larg2 从Funcl到executeQuery 函数的路径上缺少检查函数,因此,将Funcl作为新的危险函数加入到漏洞模型中。 [0075] When scanning a function funcl, since funcl input parameters calllargl and calllarg2 is finally passed to executeQuery function, and cal Ilargl and call larg2 missing check function from funcl to the path executeQuery function, therefore, the funcl as a new hazard function added to the vulnerability model. 并将Func2函数的函数名作为Funcl的rootcause属性信息记录在漏洞模型中。 Func2 function name and function as rootcause Funcl attribute information recorded in the vulnerability model.

Figure CN103577758BD00101

[0078] 加入了新的危险函数的漏洞模型可以用于后续的代码审核。 [0078] added vulnerability model of the new risk function can be used in subsequent code review. 危险函数的自学习功能对于第三方控件的漏洞研究很有用处。 Self-learning function hazard function is useful for the study of the vulnerability of third-party controls. 例如,Hibernate是一个受欢迎的收藏有标准数据回调函数的第三方控件。 For example, Hibernate is a popular third-party controls a collection of standard data callback function. 为了识别基于Hibernate的应用程序中的安全漏洞,必须首先为该控件定义危险函数。 In order to identify security vulnerabilities Hibernate-based applications, you must first define the hazard function for the control. 基于本实施方式,代码审核工具可以在扫描该控件代码的过程中自动生成危险函数,这样后续分析所有基于Hibernate的应用程序时,无需再重复分析Hibernate 的代码。 Based on the present embodiment, the code review tool may be automatically generated during the scanning of the hazard function control code, so that all subsequent analysis Hibernate-based applications do not need to repeat the analysis Hibernate code.

[0079] 实施例二: [0079] Example II:

[0080] 参见图2,本实施例提供一种程序的代码审核方法,包括以下步骤: [0080] Referring to Figure 2, embodiments provide a program code audit method of the present embodiment, comprising the steps of:

[0081] 步骤20:对程序的源代码进行扫描,在扫描到一个功能函数时,到步骤21,在扫描到一个检查函数时,到步骤22; [0081] Step 20: the source code of the program scan, when the scan function to a function, to step 21, upon scanning a check function, to step 22;

[0082] 步骤21:确定该功能函数的输入参数是否被传递到漏洞模型定义的危险函数,和该输入参数从该功能函数传递到该危险函数的路径上是否缺少漏洞模型定义的检查函数; 在确定该功能函数的输入参数被传递到漏洞模型定义的危险函数,并且该输入参数从该功能函数传递到该危险函数的路径上缺少漏洞模型定义的检查函数时,将该功能函数作为新的危险函数加入到漏洞模型中,并确定检测到安全漏洞; [0082] Step 21: determining whether the input parameters of the function of the function is passed to a hazard function vulnerability model definition, and the input parameters from the performance function whether the lack of a definition vulnerability model on the path of the hazard function checks Function; in the absence of vulnerability check function defined on the model to determine the input parameters passed to the function is a function hazard function model defined vulnerability, and the input parameters from the function to the function of the hazard function of the path, as a function of the new functionality dangerous function added to the vulnerability model, and determine whether the detected security breaches;

[0083] 步骤22:根据记录在漏洞模型中的该检查函数InputValue的属性信息,确定经过该检查函数的安全检查后的输入参数是否安全;在确定输入参数不安全并且该不安全的输入参数被传递到漏洞模型定义的危险函数时,确定检测到安全漏洞;和/或, [0083] Step 22: The model InputValue the attribute information check function, the input parameters determined through the security check function checks whether the security vulnerabilities in records; insecurity in determining the input parameters and the input parameters are unsafe when the transfer function of the vulnerability to the risk model definition, to determine whether the detected security breaches; and / or,

[0084] 根据预先定义在漏洞模型中的该检查函数ReturnValue的属性信息,确定经过该检查函数的返回参数是否安全;在确定返回参数不安全并且该返回参数被传递到漏洞模型定义的危险函数时,确定检测到安全漏洞息。 Return the determined parameter and the insecure return parameter is passed to the model defined risk vulnerability function; [0084] In accordance with a predefined model of the vulnerability check function ReturnValue attribute information, via return parameters determining whether the security check function , determining whether the detected security vulnerabilities information.

[0085] 检查函数InputValue的的属性信息是人工预先设定在漏洞模型中,表示经过该检查函数的安全检查后的输入参数是否安全的信息。 [0085] The check function InputValue attribute information is set in advance of doing vulnerability model, it represents the input parameters through the security check function checks whether the secure information. 比如,可以设定在InputValue属性信息为〇时,代表经过该检查函数的安全检查后的输入参数安全,在InputValue属性信息为1时, 代表经过该检查函数的安全检查后的输入参数不安全。 For example, the attribute information can be set when InputValue square, representative of the input parameters through the security check function of the security check, the attribute information is InputValue 1, through the input parameter representative of the security check function of the check unsafe.

[0086] 检查函数就是用于检查输入参数的函数,其可以通过多种方式实现。 [0086] The check function is used to check the function of the input parameters, which can be accomplished in various ways. 下面结合三个检查函数的例子来说明该实施例是如何实施的。 Three following is an example to illustrate how the check function of this embodiment is implemented.

Figure CN103577758BD00111

[0091] 该sanitizeA函数执行如下检查输入参数的操作:如果输入参数“in”等于“bad”, 则返回“bad”,否则,返回“good”。 [0091] This function performs the following sanitizeA check input parameters of operation: If the input parameter "in" equals "bad", "bad" is returned, otherwise, return to "good".

Figure CN103577758BD00112

[0096] 该sanitizeB函数执行如下检查输入参数的操作:如果输入参数“in”等于“bad”, 则将“bad”替换为“good”,并返回替换后的参数。 [0096] This function performs the following sanitizeB check input parameters of operation: If the input parameter "in" equals "bad", then the "bad" is replaced with "good", and returns the replaced parameters.

Figure CN103577758BD00113

[0100] 该sanitizeC函数执行如下检查输入参数的操作:如果输入参数“in”等于“bad”, 则产生告警并退出。 [0100] This function performs the following sanitizeC check input parameters of operation: If the input parameter "in" equals "bad", an alarm is generated and exit.

[0101] 在第(2)个sanitizeB例子中输入参数中的badtoken被替换为goodtoken,经过该处理之后输入参数就是安全的。 [0101] Input parameters badtoken goodtoken is replaced in the (2) sanitizeB example, after the input processing parameter is safe. 因此在这里,人工需要预先在漏洞模型中设定该sanitizeB 函数的InputValue属性信息为0,以表示经过该sanitize函数的安全检查后的输入参数是安全的。 So in this case we need to set in advance the artificial flaw model InputValue sanitizeB attribute information of the function is 0, to indicate that after the security check function sanitize the input parameter is safe. 相反,在第(1)和第(3)个检查函数中不安全的输入参数没有被替换,在这种情况下经过检查函数检查后的输入参数依然是不安全的,因此,人工需要预先在漏洞模型中设定sanitizeA和sanitizeC函数的InputValue属性信息为1,以表不经过sanitizeA和sanitizeC函数的安全检查后的输入参数不安全。 Instead, unsafe (1) and (3) Check function input parameters not replaced, in this case after checking function checks the input parameters remains unsafe, therefore, the need to pre artificial vulnerability model set sanitizeA and sanitizeC functions InputValue attribute information to 1 to table without input parameters after the security check sanitizeA and sanitizeC function unsafe.

[0102] 实施例三: [0102] Example III:

[0103] 本实施例提供一种程序的代码审核方法,包括以下步骤: [0103] The present embodiment provides a program code audit method, comprising the steps of:

[0104] 步骤30:读取漏洞模型中使用superclass定义的源函数,在源代码中查找该父类的子类的函数,并将查找到的函数确定为代码扫描的起始点;和/或, [0104] Step 30: Read the vulnerability source used in the model function defined superclass, subclasses lookup functions of the parent class in the source code, and the code determine the starting point of scanning to find a function; and / or,

[0105] 读取漏洞模型中使用interface定义的源函数,在源代码中查找使用该接口的类的函数,并将查找到的函数确定为代码扫描的起始点; [0105] Vulnerability read source used in the model interface functions defined lookup function using the interface class in the source code, and determines the starting point for the code to find a function of scan;

[0106] 步骤31:从确定的起始点开始对程序的源代码进行扫描。 [0106] Step 31: the source code of the program starts scanning from the starting point determined.

[0107] 实施例四: [0107] Example IV:

[0108] 本实施例提供一种程序的代码审核方法,包括以下步骤: [0108] The present embodiment provides a program code audit method, comprising the steps of:

[0109] 步骤40:读取漏洞模型中使用superclass定义的源函数,在源代码中查找该父类的子类的函数,并将查找到的函数确定为代码扫描的起始点;和/或, [0109] Step 40: Read the vulnerability source used in the model function defined superclass, subclasses lookup functions of the parent class in the source code, and the code determine the starting point of scanning to find a function; and / or,

[0110] 读取漏洞模型中使用interface定义的源函数,在源代码中查找使用该接口的类的函数,并将查找到的函数确定为代码扫描的起始点; [0110] Vulnerability read source used in the model interface functions defined lookup function using the interface class in the source code, and determines the starting point for the code to find a function of scan;

[0111] 步骤41:从确定的起始点开始对程序的源代码进行扫描,在扫描到功能函数时,到步骤42,在扫描到一个检查函数时,到步骤43; [0111] Step 41: the source code of the program starts scanning from the starting point is determined, and when the scanning function to function, to step 42, upon scanning a check function, to step 43;

[0112] 步骤42:确定该功能函数的输入参数是否被传递到漏洞模型定义的危险函数,和该输入参数从该功能函数传递到该危险函数的路径上是否缺少漏洞模型定义的检查函数; 在确定该功能函数的输入参数被传递到漏洞模型定义的危险函数,并且该输入参数从该功能函数传递到该危险函数的路径上缺少漏洞模型定义的检查函数时,将该功能函数作为新的危险函数加入到漏洞模型中; [0112] Step 42: determining whether the input parameters of the function of the function is passed to a hazard function vulnerability model definition, and the input parameters from the performance function whether the lack of a definition vulnerability model on the path of the hazard function checks Function; in the absence of vulnerability check function defined on the model to determine the input parameters passed to the function is a function hazard function model defined vulnerability, and the input parameters from the function to the function of the hazard function of the path, as a function of the new functionality dangerous function added to the vulnerability model;

[0113] 步骤43:根据记录在漏洞模型中的该检查函数InputValue的属性信息,确定经过该检查函数的安全检查后的输入参数是否安全;在确定输入参数不安全并且该不安全的输入参数被传递到漏洞模型定义的危险函数时,发出检测到安全漏洞的告警信息;和/或, [0113] Step 43: The recording of the vulnerability inspection function model InputValue attribute information, determining the input parameters through the security check function checks whether the security; insecurity in determining the input parameters and the input parameters are unsafe when the transfer function of the vulnerability to the risk model definition, an alarm information detected vulnerabilities; and / or,

[01 M] 根据预先定义在漏洞模型中的该检查函数ReturnValue的属性信息,确定经过该检查函数的返回参数是否安全;在确定返回参数不安全并且该返回参数被传递到漏洞模型定义的危险函数时,发出检测到安全漏洞的告警信息。 [01 M] in accordance with a predefined model of the vulnerability check function ReturnValue attribute information, via return parameters determining whether the security check function; Return parameter determining unsafe and the return parameter is passed to a function defined risk models vulnerability when an alarm information detected security vulnerabilities.

[0115] 实施例五: [0115] Example Five:

[0116] 本实施例提供一种程序的代码审核方法,包括以下步骤: [0116] The code audit method embodiments provide a program comprising the steps of:

[0117] 步骤50:对程序的源代码进行扫描; [0117] Step 50: the source code of the program is scanned;

[0118] 步骤51:在扫描到一个检查函数时: [0118] Step 51: When scanning a check function:

[0119] 根据预先定义在漏洞模型中的该检查函数InputValue的属性信息,确定经过该检查函数的安全检查后的输入参数是否安全;在确定输入参数不安全并且该不安全的输入参数被传递到漏洞模型定义的危险函数时,发出检测到安全漏洞的告警信息;和/或, [0119] In accordance with a predefined model of the vulnerability InputValue attribute information check function, the input parameters determined through the security check function checks whether the security; is transmitted to the input parameter in the determination of the unsafe and unsafe input parameters when the vulnerability critical function model definition, an alarm information detected vulnerabilities; and / or,

[0120] 根据预先定义在漏洞模型中的该检查函数ReturnValue的属性信息,确定经过该检查函数的返回参数是否安全;在确定返回参数不安全并且该返回参数被传递到漏洞模型定义的危险函数时,发出检测到安全漏洞的告警信息。 Return the determined parameter and the insecure return parameter is passed to the model defined risk vulnerability function; [0120] In accordance with a predefined model of the vulnerability check function ReturnValue attribute information, via return parameters determining whether the security check function An alarm to detect security vulnerabilities.

[0121] 例如,代码审核人员可以人工分析检查函数,如果其认为经过该检查函数检查后的输入参数是安全的(例如检查函数为实施例二中的第(2)个函数时),则就在漏洞模型中将inputvalue标记为0 (0表示输入参数为干净的)。 [0121] For example, code review can manual analysis check function, if it considers the input parameters of the function checks after the inspection is secure (for example checking function II according to paragraph (2) functions embodiment), then it in inputvalue vulnerability in the model is marked 0 (0 indicates that the input parameters for the clean). 相反,如果代码审核人员经过人工分析检查函数后认为经过该检查函数检查后的输入参数仍然是不安全的(例如检查函数为实施例二中的第(1)和(3)个函数时)。 Conversely, if manual analysis code review personnel after checking function that checks a function of the input parameters remains after the inspection (e.g., when the check function in the two cases (1) and (3) functions embodiment) unsafe.

[0122] 下面举例说明该实施例中的代码审核方法。 [0122] The following illustrative code review the method in the embodiment. 扫描到下面代码中的检查函数即sanitize函数时,代码审核人员会先在漏洞模型中将该sanitize函数的InputValue值设定为1,由此可确定经过该sanitize函数的安全检查后的输入参数bbb是不安全的,即输入参数bbb没有得到有效的安全检查,同时又由于输入参数bbb被传递到了漏洞模型中定义的危险函数sink,则发出检测到安全漏洞的告警信息。 Scan to the following code check function sanitize i.e. function code review personnel will first InputValue value in the function is set to sanitize a vulnerability in the model, whereby after determining the security check function of the input parameters sanitize bbb it is unsafe, i.e., the input parameters are not valid bbb security checks, while since the input parameters are passed to the bbb risk vulnerability sink function defined in the model, the alarm information detected security vulnerability is issued.

[0123] Fund (String bbb,) { [0123] Fund (String bbb,) {

[0124] aaa=sanitize (bbb); [0124] aaa = sanitize (bbb);

[0125] sink (bbb); [0125] sink (bbb);

[0126] } [0126]}

[0127] 实施例六: [0127] Example VI:

[0128] 本实施例提供一种程序的代码审核方法,包括以下步骤: [0128] The present embodiment provides a program code audit method, comprising the steps of:

[0129] 步骤60:读取漏洞模型中使用superclass定义的源函数,在源代码中查找该父类的子类的函数,并将查找到的函数确定为代码扫描的起始点;和/或, [0129] Step 60: Read the vulnerability source used in the model function defined superclass, subclasses lookup functions of the parent class in the source code, and the code determine the starting point of scanning to find a function; and / or,

[0130] 读取漏洞模型中使用interface定义的源函数,在源代码中查找使用该接口的类的函数,并将查找到的函数确定为代码扫描的起始点; [0130] Vulnerability read source used in the model interface functions defined lookup function using the interface class in the source code, and determines the starting point for the code to find a function of scan;

[0131] 步骤61:从确定的起始点开始对程序的源代码进行扫描,在扫描到一个检查函数时: [0131] Step 61: the source code of the program starts scanning from the starting point is determined, a check upon scanning function:

[0132] 根据记录在漏洞模型中的该检查函数InputValue的属性信息,确定经过该检查函数的安全检查后的输入参数是否安全;在确定输入参数不安全并且该不安全的输入参数被传递到漏洞模型定义的危险函数时,发出检测到安全漏洞的告警信息;和/或, [0132] The model of the inspection function InputValue attribute information, through the input parameters to determine the security check function checks whether the security vulnerabilities in the record; is transmitted to the input parameters in determining the vulnerability unsafe and unsecure the input parameters when risk model definition function, an alarm information detected vulnerabilities; and / or,

[0133] 根据预先定义在漏洞模型中的该检查函数ReturnValue的属性信息,确定经过该检查函数的返回参数是否安全;在确定返回参数不安全并且该返回参数被传递到漏洞模型定义的危险函数时,发出检测到安全漏洞的告警信息。 Return the determined parameter and the insecure return parameter is passed to the model defined risk vulnerability function; [0133] In accordance with a predefined model of the vulnerability check function ReturnValue attribute information, via return parameters determining whether the security check function An alarm to detect security vulnerabilities.

[0134] 实施例七: [0134] Example VII:

[0135] 本实施例提供一种程序的代码审核方法,包括以下步骤: [0135] The present embodiment provides a program code audit method, comprising the steps of:

[0136] 步骤70:读取漏洞模型中使用superclass定义的源函数,在程序的源代码中查找该父类的子类的函数,并将查找到的函数确定为代码扫描的起始点;和/或,读取漏洞模型中使用interface定义的源函数,在源代码中查找使用该接口的类的函数,并将查找到的函数确定为代码扫描的起始点; [0136] Step 70: Read the vulnerability source used in the model function defined superclass, subclasses lookup functions in the source code of the parent class program, and determined to find the starting point of the code scanning function; and / or, the source used in the model reading vulnerability definition interface function, a function used to find the class interface in the source code, and is determined to find the starting point of the code scanning function;

[0137] 步骤71:从确定的起始点开始对源代码进行扫描。 [0137] Step 71: Start scanning from the source code of the starting point determined.

[0138] 举例说明,为了对基于MVC框架例如互联网框架的程序进行代码审核,现有技术中需要将很多个继承于名称为“com. opensymphony. xwork .Action”的互联网框架系统类的源函数逐一定义在漏洞模型中,采用本实施方式后,可以仅在漏洞模型中定义一个父类,那么,在确定代码扫描的起始点时,直接在程序的源代码中查找该父类的子类的函数,并将查找到的函数确定为代码扫描的起始点。 [0138] illustrated, for example, a program based on MVC framework code review framework of the Internet, the prior art requires a number of the source function inherited name "com. Opensymphony. Xwork .Action" Internet-based frame system one by one model is defined in the vulnerability, the present embodiment can be defined in a parent class only vulnerability model, then, when the code determine the starting point of the scan to find the subclass is the parent class directly in the source code of the program and determining the starting point of code scanning to find a function. 使用一个父类或接口可以定义多个源函数,因此可以降低定义源函数的工作量,并减少存储源函数所需的存储空间,进而有效节省系统资源, 消除了定义模式的单一性。 Using a parent class or interface may define a plurality of source functions, thus reducing the required functions define the source and reduce the required storage space to store the source function, so as to effectively conserve system resources, eliminating unity defined patterns.

[0139] 较佳地,在实施例一、实施例二、实施例三和实施例四中,为了使安全漏洞原因能够得到准确定位,可以在将功能函数作为新的危险函数加入到漏洞模型中时,将功能函数的输入参数从功能函数传递到危险函数的路径上除该功能函数之外的第一个函数的信息, 比如第一个函数的函数名、编号等任何能够代表该函数的信息,作为新的危险函数的rootcause属性信息记录在漏洞模型中,以用于安全漏洞原因的定位分析。 [0139] Preferably, in the first embodiment, second embodiment, third embodiment and fourth embodiment, in order to obtain security vulnerabilities can be accurately positioned reasons, the performance function can be added to the model as a new risk vulnerability function in addition to the feature information of the first function is a function of the path, the transfer function parameter is input from the function to the function of the hazard function, such as a function of the first function name, serial number and any other information that can represent functions as new dangers function rootcause attribute information recorded in the vulnerability model analysis to locate for reasons of security vulnerabilities.

[0140] 实施例一至实施例七的执行主体可以是安装有代码审核工具的设备。 [0140] Embodiment 1 to Embodiment 7 performs the body may be mounted with the code review tool equipment.

[0141] 下面对各实施例进行说明: [0141] Hereinafter, embodiments will be described:

[0142] 实施例八: [0142] Example Eight:

[0143] 本实施例提供一种程序的代码审核装置,该装置包括: [0143] The present embodiment provides a program code audit apparatus, the apparatus comprising:

[0144] 代码扫描单元80,用于对程序的源代码进行扫描,在扫描到功能函数时,确定所述功能函数的输入参数是否被传递到漏洞模型定义的危险函数,和所述输入参数从所述功能函数传递到所述危险函数的路径上是否缺少漏洞模型定义的检查函数; [0144] The scanning unit 80 the code, the source code for the program to scan, when the scan function to the function, the function of determining whether the input parameters are passed to the function model risk vulnerability definition function, and the input parameters from whether the lack of vulnerability check function model defined on the path of the transfer function to the function of the hazard function;

[0145] 函数添加单元81,用于在所述代码扫描单元确定所述功能函数的输入参数被传递到漏洞模型定义的危险函数,并且所述输入参数从所述功能函数传递到所述危险函数的路径上缺少漏洞模型中定义的检查函数时,将所述功能函数作为新的危险函数加入到漏洞模型中;所述危险函数是在其输入参数不符合规范时其被调用会对系统带来安全问题的函数,所述检查函数是用于对外部的输入参数进行安全检查的函数。 [0145] function adding unit 81, a function for determining a function of the code scanning unit in the input parameters are passed to the model defined risk vulnerability function, and the input parameters passed to the function from the function hazard function in the absence of vulnerability check function defined in the model on a path, the performance function is added as a new function to the risk vulnerability model; the critical function when it is non-compliant input parameters which have been invoked to bring the system security function, said function is a function for checking the input parameters of the external security check.

[0146] 实施例九: [0146] Embodiment 9:

[0147] 本实施例提供一种程序的代码审核装置,该装置包括: [0147] The present embodiment provides a program code review apparatus, the apparatus comprising:

[0148] 代码扫描单元90,用于对程序的源代码进行扫描; [0148] Code scanning unit 90 for scanning the source code program;

[0149] 漏洞告警单元91,用于在所述代码扫描单元90扫描到一个检查函数时: [0149] Vulnerability alarm unit 91, configured to, when the scanning unit 90 scans the code to a checking function:

[0150] 根据记录在漏洞模型中的该检查函数InputValue的属性信息,确定经过该检查函数的安全检查后的输入参数是否安全;在确定输入参数不安全并且该不安全的输入参数被传递到漏洞模型定义的危险函数时,发出检测到安全漏洞的告警信息;所述漏洞模型中至少包含被扫描代码的检查函数的定义信息;和/或, [0150] The model of the inspection function InputValue attribute information, through the input parameters to determine the security check function checks whether the security vulnerabilities in the record; is transmitted to the input parameters in determining the vulnerability unsafe and unsecure the input parameters when risk model definition function, an alarm information detected vulnerabilities; vulnerabilities said model comprises at least the code definition information is scanned to check the function; and / or,

[0151] 根据预先定义在漏洞模型中的该检查函数ReturnValue的属性信息,确定经过该检查函数的返回参数是否安全;在确定返回参数不安全并且该返回参数被传递到漏洞模型定义的危险函数时,发出检测到安全漏洞的告警信息。 Return the determined parameter and the insecure return parameter is passed to the model defined risk vulnerability function; [0151] In accordance with a predefined model of the vulnerability check function ReturnValue attribute information, via return parameters determining whether the security check function An alarm to detect security vulnerabilities.

[0152] 实施例十: [0152] Example X:

[0153] 本实施例提供一种程序的代码审核装置,该装置包括: [0153] The present embodiment provides a program code audit apparatus, the apparatus comprising:

[0Ί54] 起始点确定单元101,用于读取漏洞模型中使用superclass定义的源函数,在程序的源代码中查找该父类的子类的函数,并将查找到的函数确定为代码扫描的起始点;和/ 或,读取漏洞模型中使用interface定义的源函数,在所述源代码中查找使用该接口的类的函数,并将查找到的函数确定为代码扫描的起始点; [0Ί54] starting point determination unit 101, the model used for reading the vulnerability source function defined superclass, subclasses lookup function of the parent class in the source code of the program, and determines the found function codes scanned starting point; and / or used in the model reading vulnerability source interface defined function, a lookup function using the interface type in the source code, and determines the starting point for the code to find a function of scan;

[0155] 代码扫描单元102,用于从所述起始点开始对所述源代码进行扫描;所述源函数为直接接收程序外部的输入参数的函数。 [0155] The scanning unit 102 codes, for starting scanning of the source code from the starting point; function of the input parameters of the received source program is a direct function of the outside.

[0156] 需要说明的是,上述各流程和各系统结构图中不是所有的步骤和模块都是必须的,可以根据实际的需要忽略某些步骤或模块。 [0156] Incidentally, each of the above-described processes and a system configuration diagram of the module and not all steps are required, some steps can be omitted or modules according to actual needs. 各步骤的执行顺序不是固定的,可以根据需要进行调整。 Execution order of the steps is not fixed, it can be adjusted as desired. 上述各实施例中描述的系统结构可以是物理结构,也可以是逻辑结构,即,有些模块可能由同一物理实体实现,或者,有些模块可能分由多个物理实体实现,或者,可以由多个独立设备中的某些部件共同实现。 The above system configuration described in the embodiments may be a physical structure, or a logical structure, i.e., some modules may be implemented by the same physical entity, or some sub-modules may be implemented by a plurality of physical entities, or may be composed of a plurality of some components together to achieve an independent device.

[0157] 以上各实施例中,硬件单元可以通过机械方式或电气方式实现。 [0157] In the above embodiments, a hardware unit may be implemented mechanically or electrically. 例如,一个硬件单元可以包括永久性专用的电路或逻辑(如专门的处理器,FPGA或ASIC)来完成相应操作。 For example, one hardware unit may comprise a permanent or dedicated logic circuit (such as a dedicated processor, FPGA, or ASIC) to complete them. 硬件单元还可以包括可编程逻辑或电路(如通用处理器或其它可编程处理器),可以由软件进行临时的设置以完成相应操作。 Hardware unit may further comprise programmable logic or circuitry (e.g., a general purpose processor or other programmable processor), may be performed by software provided to temporarily complete them. 具体的实现方式(机械方式、或专用的永久性电路、或者临时设置的电路)可以基于成本和时间上的考虑来确定。 Specific implementation (mechanically, or special purpose circuitry permanently, or temporarily set circuit) may be determined based on considerations of cost and time.

[0158] 本发明还提供了一种机器可读介质,存储用于使一机器执行如本文所述的程序代码的审核方法的指令。 [0158] The present invention further provides a machine-readable medium storing instructions for causing a machine to perform the method of the audit program code as described herein. 具体地,可以提供配有存储介质的系统或者装置,在该存储介质上存储着实现上述实施例中任一实施例的功能的软件程序代码,且使该系统或者装置的计算机(或CPU或MPU)读出并执行存储在存储介质中的程序代码。 In particular, may be provided with a system or an apparatus a storage medium storing the software program code function according to an embodiment of the above-described embodiments, any implemented on the storage medium, and causing a computer of the system or apparatus (or CPU or MPU ) reads out and executes the program code stored in the storage medium.

[0159] 在这种情况下,从存储介质读取的程序代码本身可实现上述实施例中任何一项实施例的功能,因此程序代码和存储程序代码的存储介质构成了本发明的一部分。 [0159] In this case, the program code itself read from the storage medium realize the above-described embodiments may be functions of any one of embodiments embodiment, and therefore the program code and the storage medium storing the program code constitutes part of the invention.

[0160] 用于提供程序代码的存储介质实施例包括软盘、硬盘、磁光盘、光盘(如⑶-R0M、 CD-R、CD-RW、DVD-ROM、DVD-RAM、DVD-RW、DVD+RW)、磁带、非易失性存储卡和ROM。 Examples include a flexible disk, a hard disk, a magneto-optical disk, an optical disk (e.g. ⑶-R0M, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + storage medium [0160] for supplying the program code, RW), a magnetic tape, a nonvolatile memory card and a ROM. 可选择地, 可以由通信网络从服务器计算机上下载程序代码。 Alternatively, the program code can be downloaded from the server computer by a communication network.

[0161] 此外,应该清楚的是,不仅可以通过执行计算机所读出的程序代码,而且可以通过基于程序代码的指令使计算机上操作的操作系统等来完成部分或者全部的实际操作,从而实现上述实施例中任意一项实施例的功能。 [0161] Further, it should be clear that, not only can the program code read out by executing the computer, but also can make the operating system or the like operating on the computer by an instruction based on the program code to accomplish some or all of the actual operation, in order to achieve the above-described embodiment any one function of the embodiment.

[0162] 此外,可以理解的是,将由存储介质读出的程序代码写到插入计算机内的扩展板中所设置的存储器中或者写到与计算机相连接的扩展单元中设置的存储器中,随后基于程序代码的指令使安装在扩展板或者扩展单元上的CPU等来执行部分和全部实际操作,从而实现上述实施例中任一实施例的功能。 [0162] Further, it is understood that the storage medium is read out by the program code written to memory expansion board inserted into the computer or provided to the memory expansion unit connected to the computer set, followed based the program code instructions cause the CPU and the like mounted on the expansion board or expansion unit performs part and all of the actual operations, thereby realizing the function of any of the above-described embodiments, according to an embodiment.

[0163] 上文通过附图和优选实施例对本发明进行了详细展示和说明,然而本发明不限于这些已揭示的实施例,基与上述多个实施例本领域技术人员可以知晓,可以组合上述不同实施例中的代码审核手段得到本发明更多的实施例,这些实施例也在本发明的保护范围之内。 [0163] The present invention has been described above in detail by embodiments shown and described preferred embodiments and the accompanying drawings, but the present invention is not limited to these embodiments have been disclosed, for example, those skilled in the plurality of groups can be known embodiments, may be combined with the above-described different embodiments of the code review tools get more embodiments of the present invention, within the scope of these embodiments are also embodiments of the present invention.

Claims (9)

  1. 1. 一种利用漏洞模型审核程序代码的方法,该方法包括: 对程序的源代码进行扫描,当在扫描到功能函数时,确定所述功能函数的输入参数是否被传递到漏洞模型定义的危险函数,和所述输入参数从所述功能函数传递到所述危险函数的路径上是否缺少漏洞模型中定义的检查函数;在确定所述功能函数的输入参数被传递到漏洞模型定义的危险函数,并且所述输入参数从所述功能函数传递到所述危险函数的路径上缺少漏洞模型中定义的检查函数时,将所述功能函数作为新的危险函数加入到漏洞模型中,并确定检测到安全漏洞;所述漏洞模型中至少包含被扫描代码的危险函数和检查函数的定义信息。 The risk to the source code program to scan, when the scan function to the function, the function of determining whether the input parameters passed to the function is defined vulnerability model: 1. A method for auditing model utilizes program code vulnerabilities, the method comprising function, and the input parameters passed to the function of the function or lack of vulnerability on a path defined in the model of the hazard function check function; is passed to the model defined in the input parameters determining the vulnerability of the hazard function of the performance function, in the absence of vulnerability check function defined in the model and on a path from the input parameters passed to the function of the critical function is a function, the function as a new function added to the function of risk vulnerability model, and determines whether the detected security vulnerability; the vulnerability model definition information includes at least the critical function and a scanning function to check the code.
  2. 2. 如权利要求1所述的方法,该方法进一步包括: 在扫描到检查函数时,根据记录在漏洞模型中该检查函数输入值的属性信息,确定经过该检查函数的安全检查后的输入参数是否安全; 在确定输入参数不安全并且该不安全的输入参数被传递到漏洞模型定义的危险函数时,确定检测到安全漏洞。 2. The method according to claim 1, the method further comprising: upon scanning the check function, according to the recording information of the attribute value input function checks the vulnerability model, determine the input parameters after the security check function of the check is safe; unsafe when determining the input parameters and the input parameters are passed unsafe to risk vulnerability model definition function, determines whether the detected security breach.
  3. 3. 如权利要求1所述的方法,该方法进一步包括: 在扫描到一个检查函数时,根据记录在漏洞模型中的该检查函数返回值的属性信息, 确定该检查函数的返回参数是否安全; 在确定返回参数不安全并且该返回参数传递到漏洞模型定义的危险函数时,确定检测到安全漏洞。 3. The method according to claim 1, the method further comprising: upon scanning a check function, the model check function returns the attribute values ​​according to the recording information on vulnerabilities, the return parameters is determined whether the security check function; in determining the parameters of insecurity and the return parameters passed to the hazard function returns vulnerability model definition, to determine whether the detected security vulnerabilities.
  4. 4. 如权利要求1或2或3所述的方法,在对程序的源代码进行扫描之前,该方法进一步包括: 读取漏洞模型中使用父类定义的源函数,在源代码中查找该父类的子类的函数,并将查找到的函数确定为代码扫描的起始点;和/或, 读取漏洞模型中使用接口定义的源函数,在源代码中查找使用该接口的类的函数,并将查找到的函数确定为代码扫描的起始点;所述源函数为接收程序外部的输入参数的函数。 4. The method of claim 1 or 2 or as claimed in claim 3, prior to scanning of the source code program, the method further comprising: reading the source model vulnerability parent class definition, look in the source code of the parent classes of the subclass, and determines the found code is a function of the starting point of the scan; and / or read using the source model vulnerability definition function interface, used to find the class interface functions in the source code, and determining a function as a starting point to find the code scan; the source as a function of the input parameters of the function of receiving an external program.
  5. 5. 如权利要求1或2或3所述的方法,在将所述功能函数作为新的危险函数加入到漏洞模型中时,该方法进一步包括: 将输入参数从所述功能函数传递到所述危险函数的所述路径上除所述功能函数之外的第一个函数的信息,作为新的危险函数的根原因属性信息记录在漏洞模型中,以用于安全漏洞的原因定位分析。 5. The method of claim 1 or 2 or as claimed in claim 3, when a function is added to the function model as a new vulnerability risk function, the method further comprising: pass input parameters to the function from the function information other than the function of a function of the path function hazard function as a function of the new root cause dangerous attribute information is recorded in the vulnerability model to locating the reason for security vulnerabilities analysis.
  6. 6. —种利用漏洞模型审查程序代码的方法,该方法包括: 对程序的源代码进行扫描,在扫描到检查函数时: 根据预先定义在漏洞模型中该检查函数输入值的属性信息,确定经过该检查函数的安全检查后的输入参数是否安全;在确定输入参数不安全并且该不安全的输入参数被传递到漏洞模型定义的危险函数时,确定检测到安全漏洞;所述漏洞模型中至少包含被扫描代码的检查函数的定义信息;和/或, 根据预先定义在漏洞模型中该检查函数返回值的属性信息,确定经过该检查函数的返回参数是否安全;在确定返回参数不安全并且该返回参数被传递到漏洞模型定义的危险函数时,确定检测到安全漏洞;所述漏洞模型中至少包含被扫描代码的检查函数的定义信息。 6. - The method of using the kind of program code review the vulnerability model, the method comprising: scanning the source code program, upon scanning the check function: checking attribute information input function of the value of the vulnerability in the model is defined in advance, it is determined through input parameters of the security check function checks whether security; insecurity in determining the input parameters and the input parameters are passed unsafe function vulnerability to the risk model definition, determining whether the detected security breaches; model comprises at least the vulnerability is defined as information checking function of the scan code; and / or, according to a pre-defined check function returns the value of the attribute information in the vulnerability model parameters determined through the return check whether the security function; determining the return parameters and returns unsafe when the parameters are passed to the function of risk vulnerability model definition, determining whether the detected security breaches; model comprises at least the vulnerability information checking function is defined as a scan code.
  7. 7. 如权利要求6所述的方法,在对程序的源代码进行扫描之前,该方法进一步包括: 读取漏洞模型中使用父类定义的源函数,在源代码中查找该父类的子类的函数,并将查找到的函数确定为代码扫描的起始点;和/或, 读取漏洞模型中使用接口定义的源函数,在源代码中查找使用该接口的类的函数,并将查找到的函数确定为代码扫描的起始点;所述源函数为接收程序外部的输入参数的函数。 7. The method according to claim 6, prior to scanning of the source code program, the method further comprising: reading the source model vulnerability parent class definition, look subclass of this parent class in the source code function, and determines the found scan code for the function as a starting point; and / or read using the source model vulnerability interface definition function, using lookup functions of the interface class in the source code, and find the starting point of the code is determined as a function of scan; said external source is a function of receiving a function of input parameters.
  8. 8. —种利用漏洞模型审核程序代码的装置,该装置包括: 代码扫描单元,用于对程序的源代码进行扫描,当在扫描到一个功能函数时,确定所述功能函数的输入参数是否被传递到漏洞模型定义的危险函数,和所述输入参数从所述功能函数传递到所述危险函数的路径上是否缺少漏洞模型定义的检查函数; 函数添加单元,用于在所述代码扫描单元确定所述功能函数的输入参数被传递到漏洞模型定义的危险函数,并且所述输入参数从所述功能函数传递到所述危险函数的路径上缺少漏洞模型定义的检查函数时,将所述功能函数作为新的危险函数加入到漏洞模型中,并确定检测到安全漏洞;所述漏洞模型中至少包含被扫描的代码的危险函数和检查函数的定义信息。 8. - Model audit program code means Vulnerability species utilized, the apparatus comprising: a scanning unit of code, the source code for the program to scan, when the scan function to a function, determining an input parameter of the function whether the function transmitted to the model defined risk vulnerability function, and the input parameters passed to the function of the function or lack of definition of the vulnerability of the path of the risk model function check function; add function unit, said code for determining the scanning unit when the input parameters passed to the function is a function of risk vulnerability model definition function, and the input parameters passed to the function from the function model is ill-defined path vulnerability of the hazard function check function, the performance function It was added as a new function to the risk vulnerability model, and determines whether the detected security breach; the vulnerability definition information model comprises at least the critical function and check function code being scanned.
  9. 9. 一种利用漏洞模型审核程序代码的装置,该装置包括: 代码扫描单元,用于对程序的源代码进行扫描; 漏洞确定单元,用于在所述代码扫描单元扫描到一个检查函数时: 根据预先定义在漏洞模型中所述检查函数输入值的属性信息,确定经过该检查函数的安全检查后的输入参数是否安全;在确定输入参数不安全并且该不安全的输入参数被传递到漏洞模型定义的危险函数时,确定检测到安全漏洞;所述漏洞模型中至少包含被扫描代码的检查函数的定义信息;和/或, 根据预先定义在漏洞模型中该检查函数返回值的属性信息,确定经过该检查函数的返回参数是否安全;在确定返回参数不安全并且该返回参数被传递到漏洞模型定义的危险函数时,确定检测到安全漏洞;所述漏洞模型中至少包含被扫描代码的检查函数的定义信息。 An audit program code means vulnerability model utilized, the apparatus comprising: a code scanning unit configured to scan the source code of the program; flaw determining unit configured to, when the scanning unit scans the code to a checking function: the predefined attribute information input to the checking function of the value in the vulnerability model is determined after the security check function checks whether a security parameter input; vulnerability is transmitted to the input parameter in the determination of the unsafe and unsafe input parameters of the model when defining the hazard function, determines whether the detected security breaches; model comprises at least the vulnerability information checking function is defined as a scan code; and / or, the function returns the attribute information check value in accordance with a predefined model vulnerability, determined after the return parameter checks whether security function; insecurity in determining the return parameters and the return parameter is passed to a function defined risk vulnerability model, determines whether the detected security breaches; the model comprises at least vulnerability check function of scan code the definition information.
CN 201210271493 2012-07-31 2012-07-31 Method and apparatus for code review procedure CN103577758B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201210271493 CN103577758B (en) 2012-07-31 2012-07-31 Method and apparatus for code review procedure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201210271493 CN103577758B (en) 2012-07-31 2012-07-31 Method and apparatus for code review procedure

Publications (2)

Publication Number Publication Date
CN103577758A true CN103577758A (en) 2014-02-12
CN103577758B true CN103577758B (en) 2017-05-31

Family

ID=50049520

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201210271493 CN103577758B (en) 2012-07-31 2012-07-31 Method and apparatus for code review procedure

Country Status (1)

Country Link
CN (1) CN103577758B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101482847A (en) * 2009-01-19 2009-07-15 北京邮电大学 Detection method based on safety bug defect mode
CN101714118A (en) * 2009-11-20 2010-05-26 北京邮电大学 Detector for binary-code buffer-zone overflow bugs, and detection method thereof

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100879123B1 (en) * 2007-04-19 2009-01-19 한국전자통신연구원 Fuzzing system and method of distributed computing environment remote procedure call object
US8161470B2 (en) * 2007-08-31 2012-04-17 International Business Machines Corporation Systems, methods, and computer products for automated injection of java bytecode instructions for java load time optimization via runtime checking with upcasts
CN101551836B (en) * 2008-04-03 2011-08-24 西门子(中国)有限公司 Code audit method and device
CN101661543B (en) * 2008-08-28 2015-06-17 西门子(中国)有限公司 Method and device for detecting security flaws of software source codes
US8875115B2 (en) * 2008-11-29 2014-10-28 International Business Machines Corporation Type merging technique to reduce class loading during Java verification
CN101807232A (en) * 2009-02-18 2010-08-18 牛婷芝 Method for detecting Java source code insecure input loophole
CN101901184B (en) * 2009-05-31 2012-09-19 西门子(中国)有限公司 Method, device and system for inspecting vulnerability of application program

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101482847A (en) * 2009-01-19 2009-07-15 北京邮电大学 Detection method based on safety bug defect mode
CN101714118A (en) * 2009-11-20 2010-05-26 北京邮电大学 Detector for binary-code buffer-zone overflow bugs, and detection method thereof

Also Published As

Publication number Publication date Type
CN103577758A (en) 2014-02-12 application

Similar Documents

Publication Publication Date Title
Wassermann et al. Sound and precise analysis of web applications for injection vulnerabilities
Armando et al. The AVISPA tool for the automated validation of internet security protocols and applications
US8943588B1 (en) Detecting unauthorized websites
US20110126286A1 (en) Silent-mode signature testing in anti-malware processing
US20090133125A1 (en) Method and apparatus for malware detection
US20110307956A1 (en) System and method for analyzing malicious code using a static analyzer
US8122436B2 (en) Privacy enhanced error reports
Balzarotti et al. Saner: Composing static and dynamic analysis to validate sanitization in web applications
US20120198558A1 (en) Xss detection method and device
US20060259973A1 (en) Secure web application development environment
Doupé et al. Enemy of the state: A state-aware black-box web vulnerability scanner.
US20090292924A1 (en) Mechanism for detecting human presence using authenticated input activity
US20080184208A1 (en) Method and apparatus for detecting vulnerabilities and bugs in software applications
CN102325062A (en) Abnormal login detecting method and device
CN102801697A (en) Malicious code detection method and system based on plurality of URLs (Uniform Resource Locator)
US20130312102A1 (en) Verifying application security vulnerabilities
US20130086688A1 (en) Web application exploit mitigation in an information technology environment
US20120023486A1 (en) Verification of Information-Flow Downgraders
US20070079361A1 (en) Method and apparatus to authenticate source of a scripted code
US20120159619A1 (en) Formal Analysis of the Quality and Conformance of Information Flow Downgraders
US20120216177A1 (en) Generating Sound and Minimal Security Reports Based on Static Analysis of a Program
Chang et al. Inputs of coma: Static detection of denial-of-service vulnerabilities
US9015102B2 (en) Match engine for detection of multi-pattern rules
Yu et al. Patching vulnerabilities with sanitization synthesis
US20090249186A1 (en) Multi-pass validation of extensible markup language (xml) documents

Legal Events

Date Code Title Description
C06 Publication
GR01