CN105303112B - The detection method and device of component call loophole - Google Patents

Abstract

The invention discloses a kind of detection method and device of component call loophole.Wherein, this method includes：Obtain the source code file and component call loophole rule file of application program；According to the characteristic preserved in component call loophole rule file, characteristic matching is carried out to the source code file of application program, to which extraction has the caller for kidnapping risk, it constitutes and calls Risk list, wherein, component call loophole rule file, which is used to preserve determining caller, has the characteristic for kidnapping risk；Detection module is called based on calling Risk list to construct automatically；Based on calling detection module detection to call the caller in Risk list, the safety detection result of caller is obtained.The present invention, which solves the prior art, can not determine that the component call program of system there is technical issues that kidnap.

Description

The detection method and device of component call loophole

Technical field

The present invention relates to computer internet fields, a kind of detection method in particular to component call loophole and Device.

Background technology

With the development of mobile Internet, mobile platform emerges thousands of miscellaneous application program app so that People's lives are increasingly dependent on intelligent movable equipment, between the component in application program in mobile terminal and application program Between component can complete mutual calling or interaction based on component call program Intent.

For example, in android system, Intent is the tie mutually communicated between different components, realizes different groups The data interaction communicated between part.Intent may include the once-through operation in application function calling process action, action relate to And the description of data, additional data, the application program of android system can call corresponding group according to the description of this Intent Part.It follows that Intent plays a part of media mediation between the component of android system, between special offer component The relevant information mutually called realizes the decoupling between caller and callee.

In addition, in android system, in order to realize calling or the interaction of various aspects third-party product, can open very Multipair outer broadcast interface realizes this function.Such as in android system, component is the basis of Android app, is used for Types of functionality and the service of app are built, wherein Broadcast Receiver components (radio receiver) are for receiving and responding Broadcast.Herein it is clear that, android system provides a set of exclusive propagation data between the components based on broadcast A kind of mechanism, these components can be located at different processes in, play the role of interprocess communication.It in this way can by broadcast mechanism Self data interaction is realized with the data interaction or application of realizing different mobile applications.Broadcast kidnap refer to broadcast transmission it Afterwards, receiving unit is explicitly specified to cause broadcast that may escape from current app and by other app malice abduction due to no

And about the message on Android, inter-module realizes that its loose feature of communication mechanism leads to group by Intent Part communication is easy that there are risks.Rogue program by register valid application the corresponding component of Intent message, it is legal to receive Using the Intent message sent out, leakage of information, malice fishing etc. is caused to kidnap risk.

It can not determine that the component call program of system there are problems that kidnapping risk for the above-mentioned prior art, at present not yet It is proposed effective solution scheme.

Invention content

An embodiment of the present invention provides a kind of detection method and device of component call loophole, at least to solve the prior art It can not determine that the component call program of system there is technical issues that kidnap.

One side according to the ... of the embodiment of the present invention provides a kind of detection method of component call loophole, this method packet It includes：Obtain the source code file and component call loophole rule file of application program；According in component call loophole rule file The characteristic of preservation carries out characteristic matching, to which extraction has the calling for kidnapping risk to the source code file of application program Program constitutes and calls Risk list, wherein component call loophole rule file has abduction wind for preserving determining caller The characteristic of danger；Detection module is called based on calling Risk list to construct automatically；Wind is called based on detection module detection is called Caller in dangerous list obtains the safety detection result of caller.

Another aspect according to the ... of the embodiment of the present invention additionally provides a kind of detection device of component call loophole, the device Including：Acquisition module, the source code file for obtaining application program and component call loophole rule file；Module is built, is used The characteristic preserved according to component call loophole rule file carries out feature to the source code file of application program Match, to which extraction has the caller for kidnapping risk, constitutes and call Risk list, wherein component call loophole rule file There is the characteristic for kidnapping risk for preserving determining caller；Detection module, for automatic based on calling Risk list Construction calls detection module, and based on calling detection module detection to call the caller in Risk list, obtains caller Safety detection result.

In embodiments of the present invention, using the source code file and component call loophole rule file for obtaining application program； According to the characteristic preserved in component call loophole rule file, characteristic matching is carried out to the source code file of application program, To which extraction has the caller for kidnapping risk, constitutes and call Risk list, wherein component call loophole rule file is used for It preserves and determines that caller has the characteristic for kidnapping risk；Detection module is called based on calling Risk list to construct automatically； Based on calling detection module detection to call the caller in Risk list, the side of the safety detection result of caller is obtained Formula can obtain the calling journey that there is high risk to be held as a hostage after carrying out characteristic matching to the source program code of application program The file set of sequence, for these callers, by constructing corresponding test device, to realize that the automation of caller is surveyed Method for testing can construct test caller and be sent to corresponding application program, the result fed back by the component of application program Come determine in application program for caller whether safety, thus solve the component tune that the prior art can not determine system There is technical issues that kidnap with program, may thereby determine that the invocation component or caller in current application program It is held as a hostage with high risk.

Description of the drawings

Attached drawing described herein is used to provide further understanding of the present invention, and is constituted part of this application, this hair Bright illustrative embodiments and their description are not constituted improper limitations of the present invention for explaining the present invention.In the accompanying drawings：

Fig. 1 is a kind of movement for running the method for the component call loophole of detection application program of the embodiment of the present invention The hardware block diagram of terminal；

Fig. 2 is the flow chart of the method for the component call loophole of according to embodiments of the present invention one detection application program；

Fig. 3 is the detail flowchart of according to embodiments of the present invention one broadcast safe detection method；

Fig. 4 is according to embodiments of the present invention one to carry out reverse-engineering to the compression installation kit of application program and be converted to java The method flow schematic diagram of source code；

Fig. 5 is the schematic diagram of the detection device of according to embodiments of the present invention two component call loophole；

Fig. 6 is a kind of schematic diagram of the detection device of according to embodiments of the present invention two optional component call loophole；

Fig. 7 is a kind of schematic diagram of the detection device of according to embodiments of the present invention two optional component call loophole；

Fig. 8 is a kind of schematic diagram of the detection device of according to embodiments of the present invention two optional component call loophole；

Fig. 9 is a kind of schematic diagram of the detection device of according to embodiments of the present invention two optional component call loophole；With And

Figure 10 is a kind of structure diagram of mobile terminal according to the ... of the embodiment of the present invention.

Specific implementation mode

In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people The every other embodiment that member is obtained without making creative work should all belong to the model that the present invention protects It encloses.

It should be noted that term " first " in description and claims of this specification and above-mentioned attached drawing, " Two " etc. be for distinguishing similar object, without being used to describe specific sequence or precedence.It should be appreciated that using in this way Data can be interchanged in the appropriate case, so as to the embodiment of the present invention described herein can in addition to illustrating herein or Sequence other than those of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that cover It includes to be not necessarily limited to for example, containing the process of series of steps or unit, method, system, product or equipment to cover non-exclusive Those of clearly list step or unit, but may include not listing clearly or for these processes, method, product Or the other steps or unit that equipment is intrinsic.

Below just to this application involves to name word concept illustrate：

Android：It is a kind of freedom based on Linux and the operating system of open source code, is mainly used for movement and sets Standby, such as smart mobile phone and tablet computer reach 80% in current smart mobile phone occupation rate of market.

Reverse-engineering：Also known as reversal technique or reverse engineering, refer to executable program or application by decryption, dis-assembling, The structure of the methods of decompiling dismantling and analysis software or application program, algorithm and code etc..

App：Herein refer to the application program run in Android platform.

APK:It is the abbreviation of Application Package File, refers to the application program installation kit of android system File format.

Intent components：The tie mutually communicated between android system difference component encapsulates and leads between different components The condition of news.

Implicitly (implicit) is called：The title of target element is not explicitly defined so that caller is unknown to call Who, only knows the action of execution, this request is handled by Systematic selection component.

Explicitly (explicit) is called：Define the title of target element so that caller, which is known, will call whom, pass through group Part name specifies specific callee.

In explicit Intent information, determine that the unique elements of target element are component Name, therefore, if in Intent The title for having exactly defined target element, without re-defining other Intent contents.

And for implicit Intent information, due to not specific target element title, therefore, it is necessary to android systems Application matches are helped to obtain being intended to most matched component with Intent requests.

Embodiment 1

The embodiment of the present invention can provide a kind of embodiment of the method for the component call loophole of detection application program, need Illustrate, step shown in the flowchart of the accompanying drawings can be in the computer system of such as a group of computer-executable instructions It executes, although also, logical order is shown in flow charts, and it in some cases, can be with suitable different from herein Sequence executes shown or described step.

The embodiment of the method that the embodiment of the present application one is provided can be held in mobile terminal or similar communication device Row.For running on mobile terminals, Fig. 1 is a kind of component tune for running detection application program of the embodiment of the present invention With the hardware block diagram of the mobile terminal of the method for loophole.As shown in Figure 1, mobile terminal 10 may include one or more (processor 102 can include but is not limited to Micro-processor MCV or programmable logic device to (one is only shown in figure) processor 102 The processing unit of part FPGA etc.), memory 104 for storing data and the transmitting device 106 for communication function.

It will appreciated by the skilled person that structure shown in FIG. 1 is only to illustrate, not to above-mentioned electronic device Structure cause to limit.For example, mobile terminal 10 may also include more either less components than shown in Fig. 1 or have The configuration different from shown in Fig. 1.

Memory 104 can be used for storing the software program and module of application software, such as the detection in the embodiment of the present invention Program instruction/module corresponding to the method for the component call loophole of application program and corresponding database data, processor 102 are stored in software program and module in memory 104 by operation, to perform various functions at application and data Reason, that is, realize the processing of the detection method of above-mentioned component call loophole.Wherein, memory 104 may include high speed random storage Device may also include nonvolatile memory, such as one or more magnetic storage device, flash memory or other are non-volatile solid State memory.In some instances, memory 104 can further comprise the memory remotely located relative to processor 102, this A little remote memories can pass through network connection to mobile terminal 10.The example of above-mentioned network includes but not limited to internet, enterprise Industry intranet, LAN, mobile radio communication and combinations thereof.

Transmitting device 106 is used to receive via a network or transmission data.Above-mentioned network specific example may include The wireless network that the communication providers of mobile terminal 10 provide.In an example, transmitting device 106 may include a network Adapter (Network Interface Controller, NIC), can be connected with other network equipments by base station so as to It is communicated with internet.In an example, transmitting device 106 is radio frequency (Radio Frequency, RF) module, is used In wirelessly being communicated with internet.

Under above-mentioned running environment, this application provides the component call loopholes of detection application program as shown in Figure 2 Method.Fig. 2 is the flow chart of the method for the component call loophole of according to embodiments of the present invention one detection application program.

As shown in Fig. 2, the method for the component call loophole of above-mentioned detection application program may include that step is implemented as follows：

Step S20 can obtain the source code file and component call of application program by the processor 102 in Fig. 1 Loophole rule file.

In conjunction with Fig. 3 it is found that by taking Android android system as an example, the source generation of the application program in the application above-mentioned steps S20 Code file can be java source code file collection, the source code file of application program can by the installation kit to application program into The processing of row reverse-engineering obtains.

Component call loophole rule file in above-mentioned steps S20, which can preserve determining caller, has abduction risk Characteristic.Caller can be the Intent components of implicit invocation type, can also be to contain implicit invocation type The broadcast component of Intent data.

Herein it should be noted that in android system, one is constructed in a calling function for application system After the Intent programs of corresponding implicit invocation type, application program system can be matched according to this Intent intentions asked To corresponding component, and can be executed according to the description in Intent or the function of component that Operating match arrives.

Wherein, system is found can realize in the following way with the most matched component of Intent request intentions：Android By the request content of Intent compared with the filter of invocation component, all possible target element is obtained.If calling file In the Intent of a certain component and implicit invocation ask content match, it is determined that the component is as implicit invocation Intent Target element.

Step S22 can be preserved to realize according in component call loophole rule file by the processor 102 in Fig. 1 Characteristic, characteristic matching is carried out to the source code file of application program, to which extraction has the caller for kidnapping risk, It constitutes and calls Risk list, wherein component call loophole rule file, which is used to preserve determining caller, has abduction risk Characteristic.

Still by taking Android Android operation system as an example, above-mentioned caller can be to have already registered in advance using journey Intent components in sequence can also be the broadcast component being registered in application program, when broadcast component sends out broadcast request, Radio receiver can be registered in an operating system to realize by adding receiver labels in system list file (Broadcast Receiver)。

In conjunction with Fig. 3 it is found that it is found that calling the calling in Risk list in above-described embodiment for building Intent components Program Intent can carry out feature according to component call loophole rule file to reverse-engineering treated source code file Match and obtains.

Step S24 can be based on calling Risk list to construct calling inspection automatically by the processor 102 in Fig. 1 to realize Survey module.

In conjunction with Fig. 3 it is found that the construction in above-mentioned steps S24 calls the process of detection module that can pass through the spy of caller Attribute is levied, carries out corresponding simulation process to realize.

Step S26 can be based on calling detection module detection to call risk row by the processor 102 in Fig. 1 to realize Caller in table obtains the safety detection result of caller.

In conjunction with Fig. 3, still by taking Android Android operation system as an example, above-mentioned test process can be for application program In existing caller simulate one new caller of structure, the caller of simulation is injected in detection reaches Executive condition after Android device, to obtain the safety detection result of caller in android system.

The above embodiments of the present application provide caller (Intent) in a kind of automatic detection Android operation system Kidnap the universal method of Hole Detection.Said program is determined to have according to the characteristic in component call loophole rule base and be kidnapped The caller of risk constitutes and calls Risk list, then by calling detection module to calling the calling journey in Risk list Sequence carries out safety monitoring, final to obtain safety monitoring result.

It follows that in the above embodiments of the present application, after carrying out characteristic matching to the source program code of application program, The file set that can obtain the caller that there is high risk to be held as a hostage, it is corresponding by constructing for these callers Test device can construct test caller and be sent to corresponding application to realize the automated testing method of caller Program, the result fed back by the component of application program determine in application program for caller whether safety, thus Solving the prior art can not determine that the component call program of system there is technical issues that kidnap, and may thereby determine that and work as Invocation component or caller in preceding application program are held as a hostage with high risk.

Herein it should be noted that the step S20 to step S26 that the above embodiments of the present application are provided can be mounted with It is run on the mobile terminal of Android operation system, in implementation process, mobile terminal in the above-described embodiments can be installation Client after Android operation system, by the application by taking Android Android operation system as an example, above-mentioned Fig. 1 and figure Embodiment shown in 2 realizes the process of the safety detection result of the caller injected in detection application program, wherein detection Process can include mainly：The installation kit of Android application programs is being converted into java source codes by reverse Engineering Technology After collection, wind can be kidnapped to screen to have according to the component call loophole rule file for presetting and being stored in rule base The caller of danger, determining has high kidnapping risk, the calling Risk list not verified.

In the scheme that the above embodiments of the present application one provide, obtaining for step S20 realizations can be implemented by the following steps Take the scheme of the source code file of application program：

Step S201 reads the installation file of application program.Installation file in step S201 can be a compression Packet document APK.

Step S203, the installation file of decompression applications program obtain class file collection and binary system inventory.It can adopt Above-mentioned APK documents are decompressed with 7z.exe, contain the files such as class file collection (i.e. classes.dex) in the file after decompression With binary system inventory (i.e. AndroidManifest.xml binary documents).

Step S205 carries out decompiling to class file collection using reversal technique, generates the source code file of application program, and Binary system inventory is converted into system list file.

Reversal technique may include a variety of implementation methods such as dis-assembling, decompiling, and the side of decompiling may be used in the application Formula obtains the source code file of application program.

Herein it should be noted that in Android operation system, since AndroidManifest.xml is using soft The core configuration document of part app, the details of most of component for defining application software app, the application can pass through AndroidManifest.xml binary documents are converted to visual XML document by java programs AXMLPrinter2.jar； In addition, classes.dex is the transformed binary file of app compilation of source code, and it can be by dex2jar, jad.exe etc. can Decompiling generates java source codes.

Just the process of the source code file of above-mentioned acquisition application program is described in detail in conjunction with Fig. 4 below.

The reverse modules of APK are the primary and crucial steps of Android application static analyses, input Android application peaces Dress packet, exports java source codes.APK reverse process is divided into that APK unpackings, dex2jar, jar are unpacked and batch decompiling, As shown in figure 4, the specific steps are：

First, after the APK installation kits of input Android app, APK packets are decompressed, obtain classes.dex texts Part.Decompression procedure can be completed by 7z.exe herein.

It is then possible to using the programs decompiling classes.dex files such as dex2jar programs, jad.exe, java is generated Code.The step may include：Classes.dex is first converted into jar file, then decompresses jar file, obtains class classes File set.

Finally, batch decompiling class class files are to java source file set.

In addition, it is also necessary to by AXMLPrinter2.jar Program transformation AndroidManifest.xml documents, generate XML document.

Realizing that Intent interface risks detect mould in Android operation system it follows that this application provides one kind The scheme of block can leak after the java source code set for the program that is applied by APK reversal techniques according to component call The characteristic recorded in the rule file of hole carries out data extraction to above-mentioned source code set, obtains and calls Risk list, the list The source code program with abduction risk is at least saved, and automatically generates the intent list names of list.

Preferably, in the above embodiments of the present application, characteristic may include any one or more features：Caller Implicit invocation feature, broadcast type, the explicit calling feature for sending broadcast flag and caller.As a result, in said program The step S22 of realization is according to the characteristic preserved in component call loophole rule file, to the source code file of application program Carry out characteristic matching, to extraction have kidnap risk caller, constitute call Risk list the step of may include as Any one or more lower realization method：

Mode one：Extraction includes the source code of implicit invocation feature from the source code file of application program, is had There is the caller for kidnapping risk.

Aforesaid way one is described in detail for：

In Android operation system, in the case where caller is Intent components, realized due to Intent components Calling may include：The mode that the mode of implicit invocation and display are called, implicit invocation and display, which are called, has apparent feature Difference, below just the feature description of two kinds of method of calling is illustrated:

Caller under display method of calling can include at least following feature：

intent.setClass(getApplicationContext(),Activtity.class)；

intent.setClassName("com.example.app","com.example.app.activity")；

intent.setComponent(new Component("com.example.app",".activity"))；

Caller under implicit invocation mode can include at least following feature：

intent.setAction(Intent.ACTION)；

startActivity(intent)；

Since the feature of, implicit invocation does not include the information such as title of target element, therefore it is that a kind of there are security risks Intent method of calling, thus, it is possible to define implicit invocation feature formulation detected rule be:If the source generation of application program Include implicit invocation feature in code file, such as：Intent.setAction (), then extraction includes implicit invocation feature Source code as with kidnap risk caller.That is source program generation of the detection as the application APP of intended application Whether the calling of such as " intent.setAction " this method is included in code, if including, it may be considered that above application Program is the application program app for including abduction risk.

Herein it should be noted that scheme provided by the present application, can extract in the source code file from application program Include implicit invocation feature source code after, can by the file extracted directly regard as with kidnap loophole calling Program.

Mode two：Extraction includes broadcast type, sends broadcast flag and call journey from the source code file of application program The source code of the implicit invocation feature of sequence is obtained with the caller for kidnapping risk.

Aforesaid way two is described in detail by taking Android operation system as an example：

In Android operation system, in the case where caller is broadcast, the radio receiver of registration can be built (Broadcast Receiver).Can be in operation to realize by adding receiver labels in system list file Static registration radio receiver (Broadcast Receiver) in system, without starting application program with prior；It can also answer With in program by develop radio receiver (Broadcast Receiver), then this class of radio receiver or object It is registered in Android operation system to realize dynamic registration radio receiver.

Since broadcast files herein include broadcast type, send the implicit invocation Intent of broadcast flag and caller Feature source code so that only need to obtain the broadcast title recorded in broadcast type i.e. during follow-up simulation caller It can.

Herein it should be noted that above-mentioned broadcast type is characterized by following any one or more parameters：

LocalBroadcastManager、

android.support.v4.content.LocalBroadcastManager、

LocalBroadcastManager.getInstance。

Sending broadcast flag can be characterized by parameter sendBroadcast, the implicit invocation Intent's of caller Feature source code may include following any one or more parameters：setAction(),putExtra.

I.e. if it includes the broadcast type parameter using any of the above one or more parameter to detect above-mentioned broadcast files (LocalBroadcastManager, LocalBroadcastManager.getInstance and Android.support.v4.content.LocalBroadcastManager), and include that can characterize current caller For the parameter setAction () and/or putExtra of implicit invocation, and it include the parameter for sending broadcast flag SendBroadcast, it may be considered that the broadcast files have the risk being held as a hostage.

Mode three：Extraction, which does not include, from the source code file of application program the explicit source code for calling feature, obtains With the caller for kidnapping risk.

Said program detect current caller whether be non-explicit invocation pattern method calling (i.e. do not include it is following Explicit call method, i.e., if caller includes following any one or more parameters：setClass,setClassName, SetComponent), then the caller is explicitly to call, and can be confirmed that the wind being held as a hostage is not present in the caller at this time Danger.

The scheme that analysis aforesaid way one and mode two provide is it is found that be determined as containing in the rule with abduction risk The condition of mode three, it follows that aforesaid way three can also be mode as the necessary condition of mode one and mode two One and mode two supplementary condition, for determine in application program have kidnap risk caller.

Herein it should be further noted that above-mentioned three kinds of regular fashions provided by the present application can select one of which, It is applied to extraction and there is the caller for kidnapping risk for two or three, it, can be in the application process that three kinds of modes all use The process for using three kinds of mode sequences to extract successively, the sequence of extraction of these three modes can carry out arbitrary combination, this Shen It does not limit herein please.

Have the mode for the caller for kidnapping risk, one kind that the application can provide optional based on above-mentioned three kinds of determinations Embodiment in, above-mentioned steps S24 and S26 realize based on calling Risk list construct calling detection module automatically, and be based on Detection module detection is called to call the caller in Risk list, the step of obtaining the safety detection result of caller can be with It is achieved by the following scheme：

Step S241 obtains caller pair by calling detection module simulation to call the caller in Risk list The calling test program answered.

Step S241 is realized carries out simulation process for the caller for kidnapping risk, simulates the caller Corresponding test program.

The simulation process that above-mentioned steps S241 is provided is as follows：First, the calling Risk list that cycle detection is got；So Afterwards, the information such as function name, type, the function content of caller in the calling Risk list are read；Then, according to reading To above- mentioned information build new caller, that is, simulate one it is similar to the caller but with the new calling of abduction property Program obtains a calling test program corresponding with caller；At this point, test sequence will be called to be injected into source files of program Precalculated position after, so that it may process is kidnapped so that simulation one is complete, to which application program is running to calling test program Later, the abduction of corresponding destination application app is executed.

Step S243 will call test program to be passed to application program.

The mode that call instruction may be used in above-mentioned steps S243 will call test program to be passed to application program, call life The format of order is：Adb install test program titles.

Analysis is it is found that the caller in above-mentioned steps S241 and the application program of step S243 simulations is held as a hostage and is realized Core code can be as follows：

Intent hijackIntent=new Intent (getBaseContext (),

mHashMap.get(processName))；

hijackIntent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)；

getApplication().startActivity(hijackIntent)；

It is possible to note that the realization principle of this part code key is：Flag bit, which is arranged, is：Intent.FLAG_ ACTIVITY_NEW_TASK realizes the activity that setting starts and is located at stack top, that is to say, that can utilize setting mark Before the calling test program that simulation obtains is set caller in the application by the method for position, or directly replaces and call Program.By taking the interface function in application program as an example, said program may be implemented (such as to step at the interface of normal application app Record interface etc.) it is replaced with the interface forged by calling test program, and then realize the abduction operation of normal application.

Step S245 sends call request to application program, wherein if application program success according to test program is called The call result for returning to call result or return is not sky, thens follow the steps S247, if application program does not return to calling knot The call result of fruit or return is sky, thens follow the steps S249.

Step S247 determines that safety detection result is that caller has abduction loophole.

Step S249 determines that safety detection result is that there is no kidnap loophole for caller.

Based on above-mentioned three kinds of determinations have kidnap risk caller mode, the application can provide another In optional embodiment, above-mentioned steps S24 and being constructed automatically based on calling Risk list for step S26 realizations call detection mould Block, and based on calling detection module detection to call the caller in Risk list, obtain the safety detection result of caller The step of can be achieved by the following scheme：

Step S261, by calling detection module extraction to call the broadcast title of the caller in Risk list.

Step S262 registers corresponding radio receiver in the application according to broadcast title.

The caller in Risk list is called in step S263, simulation, obtains the corresponding test broadcast of caller.

Step S264 sends to contain and the test of test program is called to broadcast into application program corresponding broadcast reception Device.

Step S265, the call result for calling test program to return for including in extraction test broadcast, wherein if broadcast It is not sky that receiver, which successfully returns to call result or the call result of return, S266 is thened follow the steps, if radio receiver The call result for not returning to call result or return is sky, thens follow the steps S267.

Step S266 determines that safety detection result is that caller has abduction loophole.

Step S267 determines that safety detection result is that there is no kidnap loophole for caller.

Preferably, in another alternative embodiment, above-mentioned steps S263 and step S267 are also to pass through following scheme To determine caller with the presence or absence of abduction loophole：Caller i.e. in Risk list is called in simulation, obtains caller After corresponding test broadcast, detect in test broadcast whether (the calling test program refers to leading to comprising test program is called Cross detection method provided by the invention and determine the caller for having and kidnapping risk), wherein it should if do not included in test broadcast Test program is called, then can determine that safety detection result is that there is no abduction loopholes for caller, if wrapped in test broadcast Containing test program is called, but if it is sky to call the parameter of test program, then it can also determine that safety detection result is to call journey Abduction loophole is not present in sequence, and broadcasting the parameter comprising calling test program and calling test program in test in the application is not Sky can then determine that safety detection result is that caller has abduction loophole.

Preferably, the caller in Risk list is called in the simulation that the application above-mentioned steps S263 is realized, is called The scheme of the corresponding test broadcast of program can be achieved by the steps of：

Step S2631 is obtained and is called the component Name and module diagnostic in Risk list in each caller.

Step S2633 generates test broadcast using component Name and the corresponding broadcast of module diagnostic construction caller.

Herein it should be noted that said program, which realizes, simulates each caller for having and kidnapping risk, in structure It builds after corresponding calling test program, debugging test result is sent to application program, for simulating the calling of caller Process tests whether the caller being currently modeled is tool by being tested the result that application program app is responded thereto The component of risky loophole.

In summary, in the Android Android operation system in embodiment one provided by the present application, it is with caller For Intent, whether detection intent components there is the detection process for kidnapping loophole can be divided into Part III：First part, Reverse-engineering processing, source code (the i.e. java for the program that is applied can be carried out by the installation compressed package APK to application program Source code set) and system list file (the AndroidManifest.xml files for registering broadcast)；Second part passes through The source code file of application program is matched according to component call loophole rule file, above-mentioned intent components is obtained and corresponds to Calling Risk list (intent lists), wherein the component call loophole rule file save with kidnap risk tune The characteristic for being included with program；Part III, according to the intent lists of acquisition, simulation sends intent requests to application Program detects application program returned data, if returned data fails or returned data is successful but the returned data is sky, Determine that the intent components of current detection do not have abduction loophole, if returned data is successful and returned data is not sky, really The intent components for determining current detection have abduction loophole.

Detecting system detailed process is as follows：

First, the APK installation kits of input Android applications, and securing component calls the broadcast component of loophole rule file Loophole rule can be carried out characterization said modules by characteristic and call loophole rule.As previously mentioned, passing through the component call Loophole rule match obtains calling Risk list may include three kinds of modes.

Then, APK installation kits are received by the reverse modules of APK, java source code files is converted to by reverse decompiling Collection：

(1), APK installation kits are decompressed, classes.dex files are obtained.

(2), using dex2jar programs, classes.dex is converted as jar file.

(3), jar file is decompressed, class class files and its bibliographic structure are obtained.

(4), batch decompiling class class files obtain java source files and its bibliographic structure.

Then, for a unchecked java source code file in java source code file bibliographic structures, text is opened Part, and execute following operation：

A1, the content that source code file is read by row, read next line (or first trip) content of text, and execute b1.

B1, the intent callers that are determined for recorded in component call loophole rule file had into abduction wind The characteristic of danger is matched with the content of source code file and (if rule needs multirow to match, is read automatically follow-up as rule Style of writing is originally), if correct matching, records source code lines text of the characteristic of registration in source program code text, and jump To d1；Otherwise c1 is skipped to.

C1, judge that current style of writing part is not the end-of-file row of source program code, then return to step a1, otherwise skip to Step d1.

D1, it is detected processing for matching acquisition intent call methods.The test processes process includes being implemented as follows Step：First, being submitted to the source code text message for kidnapping risk recorded in above-mentioned b1 to c1 is constructed automatically Intent detection modules, intent detection modules construction intent requests are sent in the system of application program；Then, pass through Detect whether successfully whether returned data or volume detection returned data are that sky kidnaps leakage to determine whether intent programs have Hole, if there is data successfully return, or not only succeed returned data and returned data are not sky, then illustrate to kidnap successfully, instead It, which, which does not have, kidnaps loophole；Finally, mobile terminal can be acquired in the presence of the successful intent programs of abduction Gather the final detection result as this system.

E1, cleaning temporary file.The temporary file generated in reverse-engineering processing procedure is cleared up, to reduce system resource Waste.

It follows that examples detailed above, which realizes one kind, automating reverse Android application installation packages, the sources java are converted to Program in machine code, and obtain in Android platform for detect caller (such as intent) whether safety rule set after, It is applied to Android to detect whether safe method by sending intent requests automatically.

It is wide with caller in Android Android operation system in another embodiment provided by the present application For broadcasting, whether detection broadcast there is the detection process for kidnapping loophole can equally be divided into Part III：First part, Ke Yitong It crosses the installation compressed package APK to application program and carries out reverse-engineering processing, source code (the i.e. java source codes for the program that is applied Set) and system list file (the AndroidManifest.xml files for registering broadcast)；Second part, by according to group Part calls loophole rule file to match the source code file of application program, obtains by with the broadcast structure for kidnapping risk At broadcast call Risk list, said modules call loophole rule file save with kidnap risk caller is wrapped The characteristic contained；Part III calls Risk list, the corresponding test of simulation caller to broadcast according to the broadcast of acquisition, Application program returned data is detected, the call result that call result or return are successfully returned in radio receiver is not empty feelings Under condition, it is determined that the broadcast of current detection has abduction loophole, if radio receiver does not return to call result or return Call result is sky, it is determined that the broadcast of current detection does not have abduction loophole.

Detecting system detailed process is as follows：

First, the APK installation kits of input Android applications, and securing component calls the broadcast component of loophole rule file Loophole rule can be carried out characterization said modules by characteristic and call loophole rule.As previously mentioned, passing through the component call Loophole rule match obtains calling Risk list may include three kinds of modes.

Then, APK installation kits are received by the reverse modules of APK, java source code files is converted to by reverse decompiling Collection：

(1), APK installation kits are decompressed, classes.dex files are obtained.

(2), using dex2jar programs, classes.dex is converted as jar file.

(3), jar file is decompressed, class class files and its bibliographic structure are obtained.

(4), batch decompiling class class files obtain java source files and its bibliographic structure.

Then, for a unchecked java source code file in java source code file bibliographic structures, text is opened Part, and execute following operation：

A2, the content that source code file is read by row, read next line (or first trip) content of text, and execute b2.

B2, the intent callers that are determined for recorded in component call loophole rule file had into abduction wind The characteristic of danger is matched with the content of source code file and (if rule needs multirow to match, is read automatically follow-up as rule Style of writing is originally), if correct matching, records source code lines text of the characteristic of registration in source program code text, and jump To d2；Otherwise c2 is skipped to.

C2, judge that current style of writing part is not the end-of-file row of source program code, then return to step a2, otherwise skip to Step d2.

D2, it is detected processing for matching acquisition broadcast call method.The test processes process includes that step is implemented as follows Suddenly：First, will there is the source code text message for kidnapping risk recorded in above-mentioned b2 to c2, i.e., will calls Risk list (such as intent Risk lists) submits to the intent detection modules constructed automatically；Then, according to the above-mentioned tune that detected With Risk list (such as intent Risk lists), extraction calls the broadcast corresponded in Risk list in target program (wide Broadcast) title, and according to this broadcast title, radio receiver is registered in the application；Then, according to the target journey got The test that sequence simulation is sent is broadcasted to application program, and detects in the broadcast whether the data comprising caller (can make To call the intent data of test program)；Finally, whether include calling test program, Yi Jijian in broadcast by detecting The supplemental characteristic that parsing calls test program to include is surveyed, to determine whether broadcast has the risk being held as a hostage, wherein if broadcast In include calling test program, and as call test program intent data included supplemental characteristic be sky, then Illustrate to contain and call the broadcast of test program there are the risks of leaking data, test program is called if do not included in broadcast, Although including calling test program but being sky as the supplemental characteristic that the intent data of test program are included is called, then It can be confirmed that the risk of leaking data is not present in above-mentioned broadcast.

E2, cleaning temporary file.

In above-described embodiment, by clearing up the temporary file generated in reverse-engineering processing procedure, it is possible to reduce system provides Source wastes.

It follows that the application, which realizes one kind, automating reverse Android application installation packages, the sources java generation is converted to Coded program, and obtain in Android platform for detecting whether caller (such as including the broadcast of intent data) pacifies After full rule set, applied to Android to detect whether safe method by sending broadcast request automatically.

It should be noted that for each method embodiment above-mentioned, for simple description, therefore it is all expressed as a series of Combination of actions, but those skilled in the art should understand that, the present invention is not limited by the described action sequence because According to the present invention, certain steps can be performed in other orders or simultaneously.Secondly, those skilled in the art should also know It knows, embodiment described in this description belongs to preferred embodiment, and involved action and module are not necessarily of the invention It is necessary.

Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation The method of example can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but it is very much In the case of the former be more preferably embodiment.Based on this understanding, technical scheme of the present invention is substantially in other words to existing The part that technology contributes can be expressed in the form of software products, which is stored in a storage In medium (such as ROM/RAM, magnetic disc, CD), including some instructions are used so that a station terminal equipment (can be mobile phone, calculate Machine, server or network equipment etc.) execute method described in each embodiment of the present invention.

Embodiment 2

According to embodiments of the present invention, a kind of device embodiment for implementing above method embodiment is additionally provided.Fig. 5 is The schematic diagram of the detection device of according to embodiments of the present invention two component call loophole.

As shown in figure 5, the detection device of the component call loophole may include：Acquisition module 50, structure module 52 and inspection Survey module 54.

Wherein, acquisition module 50, the source code file for obtaining application program and component call loophole rule file；Structure Block 52 is modeled, for according to the characteristic preserved in component call loophole rule file, to the source code file of application program Characteristic matching is carried out, to which extraction has the caller for kidnapping risk, constitutes and calls Risk list, wherein component call is leaked Hole rule file, which is used to preserve determining caller, has the characteristic for kidnapping risk；Detection module 54, for based on calling Risk list constructs automatically calls detection module, and calls the caller in Risk list based on calling detection module detection, Obtain the safety detection result of caller.

The above embodiments of the present application provide caller (Intent) in a kind of automatic detection Android operation system Kidnap the fexible unit of Hole Detection.Said program is determined to have according to the characteristic in component call loophole rule base and be kidnapped The caller of risk constitutes and calls Risk list, then by calling detection module to calling the calling journey in Risk list Sequence carries out safety monitoring, final to obtain safety monitoring result.

It follows that in the above embodiments of the present application, after carrying out characteristic matching to the source program code of application program, The file set that can obtain the caller that there is high risk to be held as a hostage, it is corresponding by constructing for these callers Test device can construct test caller and be sent to corresponding application to realize the automated testing method of caller Program, the result fed back by the component of application program determine in application program for caller whether safety, thus Solving the prior art can not determine that the component call program of system there is technical issues that kidnap, and may thereby determine that and work as Invocation component or caller in preceding application program are held as a hostage with high risk.

Herein it should be noted that acquisition module 50, structure module 52 and detection that the above embodiments of the present application are provided Module 54 can be run on the mobile terminal for be mounted with Android operation system, in implementation process, in the above-described embodiments Mobile terminal can be the client after being mounted with Android operation system, to be with Android Android operations in the application For system, embodiment shown in above-mentioned apparatus realizes the safety detection result of the caller injected in detection application program Process, wherein detection process can include mainly：The installation kit of Android application programs is being turned by reverse Engineering Technology Be changed to after java source code collection, can according to preset and be stored in the component call loophole rule file in rule base come The caller for having and kidnapping risk is screened, determining has high kidnapping risk, the calling Risk list not verified.

Herein it should be noted that acquisition module 50, structure module 52 and detection mould that the above embodiments of the present application provide Method and step S20 to the step S26 application scenarios having the same provided in block 54 and embodiment one, but method offer is provided Example.And above-mentioned modules can operate in mobile terminal shown in FIG. 1 as a part for hardware.

In device embodiment provided by the present application, characteristic may include any one or more features：Caller Implicit invocation feature, broadcast type, the explicit calling feature for sending broadcast flag and caller, wherein as shown in fig. 6, The structure module 52 may include any one or more following extraction module：First extraction module 521, the second extraction module 523, third extraction module 525.

First extraction module 521 includes implicit invocation feature for being extracted from the source code file of application program Source code is obtained with the caller for kidnapping risk.

Second extraction module 523 includes broadcast type, transmission broadcast for being extracted from the source code file of application program The source code of the implicit invocation feature of mark and caller, it obtains with the caller for kidnapping risk.

Third extraction module 525 has explicit calling feature for extracting not including from the source code file of application program Source code, obtain with kidnap risk caller.

Herein it should be noted that providing in each extraction module and embodiment one that the above embodiments of the present application provide Three kinds obtain the mode application scenarios having the same for calling Risk list, but are not limited to the example of method offer.And it is above-mentioned Modules can operate in mobile terminal shown in FIG. 1 as a part for hardware.

Preferably, as shown in fig. 7, in a kind of alternative embodiment provided by the present application, above-mentioned detection module 54 may include： First analog module 541a, the first injection module 543a, the first sending module 545a, the first determining module 547a and second determine Module 549a.

Wherein, the first analog module 541a, for by calling detection module simulation to call the calling journey in Risk list Sequence obtains the corresponding calling test program of caller；First injection module 543a, for the incoming application of test program will to be called Program；First sending module 545a, for sending call request to application program according to calling test program；First determining module 547a, if the call result for successfully returning to call result or return for application program is not sky, safety detection result Exist for caller and kidnaps loophole；Second determining module 549a, if not returning to call result for application program or returning The call result returned is sky, then safety detection result is that there is no kidnap loophole for caller.

Herein it should be noted that the first analog module 541a, the first injection module that the above embodiments of the present application provide The side provided in 543a, the first sending module 545a, the first determining module 547a and the second determining module 549a and embodiment one Method step S241 is not limited to the example of method offer to step S249 application scenarios having the same.And above-mentioned each mould Block can operate in mobile terminal shown in FIG. 1 as a part for hardware.

Preferably, as shown in figure 8, in another alternative embodiment provided by the present application, above-mentioned detection module 54 includes： Sub- extraction module 541b, the second registration module 543b, the second analog module 545b, the second sending module 547b, the first son obtain Module 549b, third determining module 551b, the 4th determining module 553b.

Wherein, sub- extraction module 541b, for by calling detection module extraction to call the caller in Risk list Broadcast title；Second registration module 543b, for registering corresponding radio receiver in the application according to broadcast title； Second analog module 545b obtains the corresponding test broadcast of caller for simulating the caller called in Risk list； Second sending module 547b, for send contain call test program test broadcast into application program it is corresponding broadcast connect Receive device；First sub-acquisition module 549b, for obtaining the call result for calling test program to return for including in test broadcast；The Three determining module 551b, if the call result for successfully returning to call result or return for radio receiver is not sky, Safety detection result is that caller has abduction loophole；4th determining module 553b, if do not returned for radio receiver Call result or the call result of return are sky, then safety detection result is that there is no kidnap loophole for caller.

Herein it should be noted that sub- extraction module 541b, the second registration module that the above embodiments of the present application provide 543b, the second analog module 545b, the second sending module 547b, the first sub-acquisition module 549b, third determining module 551b, Method and step S261 to the step S267 application scenarios having the same provided in four determining module 553b and embodiment one, but not The example of method offer is provided.And above-mentioned modules can operate in movement shown in FIG. 1 eventually as a part for hardware End.

Preferably, above-mentioned second analog module 545b may include：Second sub-acquisition module 5451, generation module 5453.

Wherein, the second sub-acquisition module 5451, for obtaining and calling the component in Risk list in each caller Title and module diagnostic；Generation module 5453, for constructing the corresponding broadcast of caller using component Name and module diagnostic, Generate test broadcast.

Herein it should be noted that the second sub-acquisition module 5451 of the above embodiments of the present application offer, generation module 5453 with method and step S2631 to the step S2633 application scenarios having the same that provide in embodiment one, but be not limited to method The example of offer.And above-mentioned modules can operate in mobile terminal shown in FIG. 1 as a part for hardware.

Preferably, the application as described in Figure 9 is provided in above-described embodiment, and above-mentioned acquisition module 50 includes：Read module 501, decompression module 503, decompiling module 505.

Wherein, read module 501, the installation file for reading application program；Decompression module 503, for decompressing The installation file of application program obtains class file collection；Decompiling module 505, for being carried out to class file collection using reversal technique Decompiling generates the source code file of application program.

Herein it should be noted that the read module 501 of the above embodiments of the present application offer, decompression module 503, anti-volume Method and step S201 to the step S205 application scenarios having the same provided in module 505 and embodiment one are provided, but are not limited to The example that method provides.And above-mentioned modules can operate in mobile terminal shown in FIG. 1 as a part for hardware.

Embodiment 3

The embodiment of the present invention can provide a kind of mobile terminal, which can be arbitrary in mobile terminal group One mobile terminal device.Optionally, in the present embodiment, above-mentioned mobile terminal can also replace with the terminals such as terminal Equipment.

Optionally, in the present embodiment, above-mentioned mobile terminal can be located in multiple network equipments of computer network At least one network equipment.

In the present embodiment, above-mentioned mobile terminal can be with the journey of following steps in the detection method of executive module calling loophole Sequence code：Obtain the source code file and component call loophole rule file of application program；According to component call loophole rule text The characteristic preserved in part, characteristic matching is carried out to the source code file of application program, and risk is kidnapped to which extraction has Calling constitutes and calls Risk list, wherein component call loophole rule file has abduction wind for preserving determining caller The characteristic of danger；Detection module is called based on calling Risk list to construct automatically；Wind is called based on detection module detection is called Caller in dangerous list obtains the safety detection result of caller.

Optionally, Figure 10 is a kind of structure diagram of mobile terminal according to the ... of the embodiment of the present invention.As shown in Figure 10, the shifting Moving terminal 10 may include：One or more (one is only shown in figure) processors 51, memory 53 and transmitting device 55.

Wherein, memory 53 can be used for storing software program and module, such as the component call leakage in the embodiment of the present invention Corresponding program instruction/the module of detection method and device in hole, processor 51 are stored in the software in memory 53 by operation Program and module realize the leakage of caller in above-mentioned system to perform various functions application and data processing The detection method of hole attack.Memory 53 may include high speed random access memory, can also include nonvolatile memory, such as one Or multiple magnetic storage devices, flash memory or other non-volatile solid state memories.In some instances, memory 53 can Further comprise that the memory remotely located relative to processor 51, these remote memories can pass through network connection to terminal A.The example of above-mentioned network includes but not limited to internet, intranet, LAN, mobile radio communication and combinations thereof.

Above-mentioned transmitting device 55 is used to receive via a network or transmission data.Above-mentioned network specific example can Including cable network and wireless network.In an example, transmitting device 55 includes a network adapter (Network Interface Controller, NIC), can be connected with other network equipments with router by cable so as to interconnection Net or LAN are communicated.In an example, transmitting device 55 is radio frequency (Radio Frequency, RF) module, is used In wirelessly being communicated with internet.

Wherein, specifically, memory 53 is used to store information and the application of deliberate action condition and default access user Program.

Processor 51 can call the information and application program that memory 53 stores by transmitting device, to execute following steps Suddenly：Obtain the source code file and component call loophole rule file of application program；According in component call loophole rule file The characteristic of preservation carries out characteristic matching, to which extraction has the calling for kidnapping risk to the source code file of application program Program constitutes and calls Risk list, wherein component call loophole rule file has abduction wind for preserving determining caller The characteristic of danger；Detection module is called based on calling Risk list to construct automatically；Wind is called based on detection module detection is called Caller in dangerous list obtains the safety detection result of caller.

Optionally, the program code of following steps can also be performed in above-mentioned processor 51：By calling detection module simulation The caller in Risk list is called, the corresponding calling test program of caller is obtained；It will call test program is incoming to answer Use program；Call request is sent to application program according to test program is called, wherein if application program successfully returns to calling knot The call result of fruit or return is not sky, then safety detection result is that caller has abduction loophole；If application program The call result for not returning to call result or return is sky, then safety detection result is that there is no kidnap loophole for caller.

Optionally, the program code of following steps can also be performed in above-mentioned processor 51：By calling detection module extraction Call the broadcast title of the caller in Risk list；Corresponding broadcast reception is registered in the application according to broadcast title Device；The caller in Risk list is called in simulation, obtains the corresponding test broadcast of caller；Transmission contains calling test Corresponding radio receiver is broadcasted into application program in the test of program；The calling test program for including in extraction test broadcast returns The call result returned；Wherein, if it is not sky that radio receiver, which successfully returns to call result or the call result of return, pacify Full testing result is that caller has abduction loophole；If radio receiver does not return to the calling knot of call result or return Fruit is sky, then safety detection result is that there is no kidnap loophole for caller.

Optionally, the program code of following steps can also be performed in above-mentioned processor 51：It obtains and calls in Risk list Component Name and module diagnostic in each caller；It is corresponding wide using component Name and module diagnostic construction caller It broadcasts, generates test broadcast.

Optionally, the program code of following steps can also be performed in above-mentioned processor 51：Read the installation text of application program Part；The installation file of decompression applications program obtains class file collection；Decompiling is carried out to class file collection using reversal technique, it is raw At the source code file of application program.

It will appreciated by the skilled person that structure shown in Fig. 10 is only to illustrate, terminal can also be Smart mobile phone (such as Android phone, iOS mobile phones), tablet computer, applause computer and mobile internet device (Mobile Internet Devices, MID), the terminal devices such as PAD.Figure 10 it does not cause to limit to the structure of above-mentioned electronic device.Example Such as, terminal 10 may also include more than shown in Figure 10 or less component (such as network interface, display device), Or with the configuration different from shown in Figure 10.

One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can To be completed come command terminal device-dependent hardware by program, which can be stored in a computer readable storage medium In, storage medium may include：Flash disk, read-only memory (Read-Only Memory, ROM), random access device (Random Access Memory, RAM), disk or CD etc..

Embodiment 4

The embodiments of the present invention also provide a kind of storage mediums.Optionally, in the present embodiment, above-mentioned storage medium can For preserving the program code performed by the leak detection method for the application program that above-described embodiment one is provided.

Optionally, in the present embodiment, above-mentioned storage medium can be located in mobile internet in mobile terminal group In any one mobile terminal.

Optionally, in the present embodiment, storage medium is arranged to store the program code for executing following steps：It obtains Take the source code file and component call loophole rule file of application program；According to what is preserved in component call loophole rule file Characteristic carries out characteristic matching, to which extraction has the caller for kidnapping risk, structure to the source code file of application program At calling Risk list, wherein component call loophole rule file, which is used to preserve determining caller, has the spy for kidnapping risk Levy data；Detection module is called based on calling Risk list to construct automatically；Risk list is called based on detection module detection is called In caller, obtain the safety detection result of caller.

Optionally, storage medium is also configured to store the program code for executing following steps：It is detected by calling Module simulation calls the caller in Risk list, obtains the corresponding calling test program of caller；Journey is tested by calling Sequence is passed to application program；Call request is sent to application program according to test program is called, wherein if application program is successfully returned The call result for returning call result or return is not sky, then safety detection result exists for caller kidnaps loophole；If It is sky that application program, which does not return to call result or the call result of return, then safety detection result is that there is no rob for caller Hold loophole.

Optionally, storage medium is also configured to store the program code for executing following steps：It is detected by calling The broadcast title of the caller in Risk list is called in module extraction；It is registered in the application according to broadcast title corresponding Radio receiver；The caller in Risk list is called in simulation, obtains the corresponding test broadcast of caller；Transmission contains The test of test program is called to broadcast into application program corresponding radio receiver；The calling for including in extraction test broadcast is surveyed Try the call result that program returns；Wherein, if radio receiver successfully returns to the call result of call result or return not For sky, then safety detection result is that caller has abduction loophole；If radio receiver does not return to call result or returns The call result returned is sky, then safety detection result is that there is no kidnap loophole for caller.

Optionally, storage medium is also configured to store the program code for executing following steps：It obtains and calls wind Component Name and module diagnostic in dangerous list in each caller；Caller is constructed using component Name and module diagnostic Corresponding broadcast generates test broadcast.

Optionally, storage medium is also configured to store the program code for executing following steps：Read application program Installation file；The installation file of decompression applications program obtains class file collection；Class file collection is carried out using reversal technique anti- Compiling, generates the source code file of application program.

Optionally, in the present embodiment, above-mentioned storage medium can include but is not limited to：USB flash disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random AccessMemory), mobile hard disk, magnetic disc or light The various media that can store program code such as disk.

Optionally, the specific example in the present embodiment can refer to showing described in above-described embodiment 1 and embodiment 2 Example, details are not described herein for the present embodiment.

The embodiments of the present invention are for illustration only, can not represent the quality of embodiment.

If the integrated unit in above-described embodiment is realized in the form of SFU software functional unit and as independent product Sale in use, can be stored in the storage medium that above computer can be read.Based on this understanding, skill of the invention Substantially all or part of the part that contributes to existing technology or the technical solution can be with soft in other words for art scheme The form of part product embodies, which is stored in a storage medium, including some instructions are used so that one Platform or multiple stage computers equipment (can be personal computer, server or network equipment etc.) execute each embodiment institute of the present invention State all or part of step of method.

In the above embodiment of the present invention, all emphasizes particularly on different fields to the description of each embodiment, do not have in some embodiment The part of detailed description may refer to the associated description of other embodiment.

In several embodiments provided herein, it should be understood that disclosed client, it can be by others side Formula is realized.Wherein, the apparatus embodiments described above are merely exemplary, for example, the unit division, only one Kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple units or component can combine or It is desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or discussed it is mutual it Between coupling, direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some interfaces, unit or module It connects, can be electrical or other forms.

The unit illustrated as separating component may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, you can be located at a place, or may be distributed over multiple In network element.Some or all of unit therein can be selected according to the actual needs to realize the mesh of this embodiment scheme 's.

In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list The form that hardware had both may be used in member is realized, can also be realized in the form of SFU software functional unit.

The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims (12)

1. a kind of detection method of component call loophole, which is characterized in that including：

Obtain the source code file and component call loophole rule file of application program；

According to the characteristic preserved in the component call loophole rule file, to the source code file of the application program into Row characteristic matching constitutes to which extraction has the caller for kidnapping risk and calls Risk list, wherein the component call Loophole rule file, which is used to preserve, determines that the caller has the characteristic for kidnapping risk；

It is constructed automatically based on the calling Risk list and calls detection module；

The caller in the calling Risk list is detected based on the calling detection module, obtains the peace of the caller Full testing result.

2. according to the method described in claim 1, it is characterized in that, the characteristic includes any one or more features： The implicit invocation feature of the caller, broadcast type, the explicit calling spy for sending broadcast flag and the caller Sign, wherein according to the characteristic preserved in the component call loophole rule file, to the source code text of the application program Part carries out characteristic matching, and to which extraction has the caller for kidnapping risk, it includes as follows to constitute the step of calling Risk list Any one or more realization method：

Mode one：Extraction includes the source code of the implicit invocation feature from the source code file of the application program, is obtained To the caller for having and kidnapping risk；

Mode two：Extraction includes broadcast type, sends broadcast flag and the tune from the source code file of the application program With the source code of the implicit invocation feature of program, the caller for having and kidnapping risk is obtained；

Mode three：Extraction, which does not include, from the source code file of the application program the explicit source code for calling feature, Obtain the caller for having and kidnapping risk.

3. method according to claim 1 or 2, which is characterized in that construct calling automatically based on the calling Risk list Detection module, and the caller in the calling Risk list is detected based on the calling detection module, obtain the calling The step of safety detection result of program includes：

The caller in the calling Risk list is simulated by the calling detection module, the caller is obtained and corresponds to Calling test program；

The calling test program is passed to the application program；

Call request is sent according to the calling test program to the application program,

Wherein, described if it is not sky that the application program, which successfully returns to call result or the call result of return, Safety detection result is that the caller has abduction loophole；If the application program do not return the call result or The call result returned is sky, then the safety detection result is that there is no kidnap loophole for the caller.

4. method according to claim 1 or 2, which is characterized in that construct calling automatically based on the calling Risk list Detection module, and the caller in the calling Risk list is detected based on the calling detection module, obtain the calling The step of safety detection result of program includes：

The broadcast title of the caller in the calling Risk list is extracted by the calling detection module；

Corresponding radio receiver is registered in the application program according to the broadcast title；

The caller in the calling Risk list is simulated, the corresponding test broadcast of the caller is obtained；

Sending to contain calls the test of test program to broadcast into the application program the corresponding radio receiver；

Extract the call result that the calling test program for including in the test broadcast returns；

Wherein, if it is not sky that the radio receiver, which successfully returns to the call result or the call result of return, Then the safety detection result is that the caller has abduction loophole；If the radio receiver does not return to the calling As a result or the call result of return is sky, then the safety detection result is that there is no abduction to leak for the caller Hole.

5. according to the method described in claim 4, it is characterized in that, the simulation caller called in Risk list, obtains Include to the step of caller corresponding test broadcast：

It obtains and the component Name and module diagnostic in each caller in the calling Risk list；

The corresponding broadcast of the caller is constructed using the component Name and the module diagnostic, it is wide to generate the test It broadcasts.

6. according to the method described in claim 1, it is characterized in that, the step of obtaining the source code file of the application program is wrapped It includes：

Read the installation file of the application program；

The installation file for decompressing the application program obtains class file collection；

Decompiling is carried out to the class file collection using reversal technique, generates the source code file of the application program.

7. a kind of detection device of component call loophole, which is characterized in that including：

Acquisition module, the source code file for obtaining application program and component call loophole rule file；

Module is built, for according to the characteristic preserved in the component call loophole rule file, to the application program Source code file carry out characteristic matching, to extraction have kidnap risk caller, constitute call Risk list, In, the component call loophole rule file, which is used to preserve, determines that the caller has the characteristic for kidnapping risk According to；

Detection module is called detection module for being constructed automatically based on the calling Risk list, and is detected based on the calling Module detects the caller in the calling Risk list, obtains the safety detection result of the caller.

8. device according to claim 7, which is characterized in that the characteristic includes any one or more features： The implicit invocation feature of the caller, broadcast type, the explicit calling spy for sending broadcast flag and the caller Sign, wherein the structure module includes any one or more following extraction module：

First extraction module includes the implicit invocation feature for being extracted from the source code file of the application program Source code obtains the caller for having and kidnapping risk；

Second extraction module includes broadcast type, transmission broadcast mark for being extracted from the source code file of the application program The source code of will and the implicit invocation feature of the caller obtains the caller for having and kidnapping risk；

Third extraction module has the explicit calling feature for extracting not including from the source code file of the application program Source code, obtain the caller for having and kidnapping risk.

9. device according to claim 7 or 8, which is characterized in that the detection module includes：

First analog module is obtained for simulating the caller in the calling Risk list by the calling detection module To the corresponding calling test program of the caller；

Injection module, for the calling test program to be passed to the application program；

First sending module, for sending call request to the application program according to the calling test program；

First determining module, if successfully returning to the call result of call result or return not for the application program For sky, then the safety detection result is that the caller has abduction loophole；

Second determining module, if not returning to the call result or the call result of return for the application program For sky, then the safety detection result is that there is no kidnap loophole for the caller.

10. device according to claim 7 or 8, which is characterized in that the detection module includes：

Sub- extraction module, the broadcast for extracting the caller in the calling Risk list by the calling detection module Title；

Registration module, for registering corresponding radio receiver in the application program according to the broadcast title；

It is corresponding to obtain the caller for simulating the caller in the calling Risk list for second analog module Test broadcast；

Second sending module calls the test of test program to broadcast into the application program correspondence for sending to contain The radio receiver；

First sub-acquisition module, the calling knot returned for obtaining the calling test program for including in the test broadcast Fruit；

Third determining module, if successfully returning to the call result or the calling of return for the radio receiver As a result it is not sky, then the safety detection result is that the caller has abduction loophole；

4th determining module, if not returning to the calling knot of the call result or return for the radio receiver Fruit is sky, then the safety detection result is that there is no kidnap loophole for the caller.

11. device according to claim 10, which is characterized in that second analog module includes：

Second sub-acquisition module, for obtaining and the component Name and component in each caller in the calling Risk list Feature；

Generation module, it is raw for constructing the corresponding broadcast of the caller using the component Name and the module diagnostic It is broadcasted at the test.

12. device according to claim 7, which is characterized in that the acquisition module includes：

Read module, the installation file for reading the application program；

Decompression module, the installation file for decompressing the application program obtain class file collection；

Decompiling module generates the source of the application program for carrying out decompiling to the class file collection using reversal technique Code file.