CN105574368A - Secure calling method and apparatus for Python program module - Google Patents
Secure calling method and apparatus for Python program module Download PDFInfo
- Publication number
- CN105574368A CN105574368A CN201510917414.5A CN201510917414A CN105574368A CN 105574368 A CN105574368 A CN 105574368A CN 201510917414 A CN201510917414 A CN 201510917414A CN 105574368 A CN105574368 A CN 105574368A
- Authority
- CN
- China
- Prior art keywords
- function
- encrypted
- program module
- class
- python
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 230000006870 function Effects 0.000 claims description 252
- 238000006243 chemical reaction Methods 0.000 claims description 13
- 238000005538 encapsulation Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 description 25
- 230000008901 benefit Effects 0.000 description 7
- 238000007405 data analysis Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000004615 ingredient Substances 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/108—Transfer of content, software, digital rights or licenses
Abstract
The invention provides a secure calling method and apparatus for a Python program module. The secure calling method comprises the steps of obtaining a to-be-encrypted Python program module operating in an operating environment with Java and Jpype tools; converting the Python codes of the to-be-encrypted Python program module into Jython codes; performing encryption on the Jython codes to generate a decryption key corresponding to an encrypted file; performing configuration on a loader of the Jpype tool according to the decryption key; calling the encrypted file according to the configured loader to realize secure calling for the Python program module. According to the secure calling method, the core part of the Python program module can be encrypted; the encrypted file is called through the configured Jpype tool, so that the security of the Python codes is improved; meanwhile, less changes of the operating environment and high automatic degree are achieved; and in addition, the secure calling method and apparatus can be used in a cross-platform manner.
Description
Technical field
The present invention relates to field of software protection, in particular to a kind of secure calling method and device of Python program module.
Background technology
Python is a programming language, there is tempo of development fast, third party expands perfect, the advantages such as the code amount of writing is few, above-mentioned advantage due to Python meets large Data Analysis Platform to exploitation efficiency requirements, therefore Python becomes one of exploitation appointed language of numerous large Data Analysis Platform, especially some large Data Analysis Platform specifies Python as the programming language of application program especially; By Python code compilation, speed up processing and hiding source code can be come, in order to ensure the security of Python code during the application issued of generally large Data Analysis Platform.
The above-mentioned advantage of Python, makes Python greatly facilitate the exploitation of software, but, because the source code of Python can only compile, and can not encrypt, and make Python code there is stolen problem always; And the binary file that Python code compilation goes out can use third party software decompiling to return Python source code, thus the stolen problem that Python code is existed can not get effective solution.
Therefore, the invention provides a kind of encryption method and device of Python program module, in order to solve the stolen problem that Python code exists.
Summary of the invention
The object of the present invention is to provide a kind of secure calling method and device of Python program module, to improve the security of Python code, and running environment is with low uncertainty, automaticity is high and can cross-platformly use.
First aspect, embodiments provides a kind of secure calling method of Python program module, comprising:
Obtain Python program module to be encrypted; Wherein, described Python program module operates in the running environment being provided with Java Runtime Environment and Jpype instrument, and described Jpype instrument comprises loader;
Be Jython code by the Python code conversion of described Python program module to be encrypted;
Described Jython code is encrypted, generates the decruption key that encrypt file is corresponding;
Be configured according to the loader of described decruption key to described Jpype instrument, utilize the loader after configuration to call described encrypt file, in order to realize the security invocation to Python program module.
In conjunction with first aspect, embodiments provide the first possible embodiment of first aspect, wherein, described acquisition Python program module to be encrypted comprises:
Function list in acquisition configuration file and the list of class;
The list of described function list and class is analyzed, determines class to be encrypted and function to be encrypted and unencrypted class and non-encrypted function;
Using described class to be encrypted and function to be encrypted as Python program module to be encrypted.
In conjunction with the first possible embodiment of first aspect, embodiments provide the embodiment that the second of first aspect is possible, wherein, described Jython code be encrypted, before generating decruption key corresponding to encrypt file, also comprise:
Obtain the call function that all call relations in the list of described function list and class are corresponding; Wherein, described call relation referent comprises: function sum functions and class and class;
The call function corresponding according to described call relation, determines to treat ambiguity function information in described Python program module to be encrypted; Wherein, treat described in ambiguity function information comprise described in treat in the following information of ambiguity function one or more: title and treat confounding factors;
Default ambiguity function information is utilized to treat that ambiguity function information carries out rename to described; Wherein, described default ambiguity function information comprises one or more in following information: ambiguity function title and confounding factors title; And described ambiguity function title is all different from Python keyword name with described confounding factors title.
In conjunction with the first possible embodiment of first aspect, embodiments provide the third possible embodiment of first aspect, wherein, to be describedly encrypted described Jython code, the decruption key generating encrypt file corresponding comprises:
According to the fill order that user sends, described Jython code wrap is become jar bag function;
Described jar bag function is encrypted, generates the decruption key that described jar bag function is corresponding.
In conjunction with the third possible embodiment of first aspect, embodiments provide the 4th kind of possible embodiment of first aspect, wherein, described method also comprises:
Scan the list of all function lists and class, obtain the described call function that all call relations in the list of described function list and class are corresponding; Wherein, described call relation referent comprises: function sum functions and class and class;
The internal call function that non-encrypted Python program module calls Python program to be encrypted is inquired about in described call function; Wherein, described non-encrypted Python program module comprises unencrypted class and non-encrypted function;
The described internal call function of inquiry is converted to the form being called jar bag function by Jpype instrument.
Second aspect, the embodiment of the present invention additionally provides a kind of security invocation device of Python program module, comprising:
First acquisition module, for obtaining Python program module to be encrypted; Wherein, described Python program module operates in the running environment being provided with Java Runtime Environment and Jpype instrument, and described Jpype instrument comprises loader;
First modular converter, for being Jython code by the Python code conversion of described Python program module to be encrypted;
Encrypting module, for being encrypted described Jython code, generates the decruption key that encrypt file is corresponding;
Configuration module, for being configured according to the loader of described decruption key to described Jpype instrument, utilizes the loader after configuration to call described encrypt file, in order to realize the security invocation to Python program module.
In conjunction with second aspect, embodiments provide the first possible embodiment of second aspect, wherein, described first acquisition module comprises:
Obtain submodule, for obtaining the list of function list in configuration file and class;
Analyzing submodule, for analyzing the list of described function list and class, determining class to be encrypted and function to be encrypted and unencrypted class and non-encrypted function;
Submodule is set, for using described class to be encrypted and function to be encrypted as Python program module to be encrypted.
In conjunction with the first possible embodiment of second aspect, embodiments provide the embodiment that the second of second aspect is possible, wherein, described device also comprises:
Second acquisition module, for obtaining call function corresponding to all call relations in the list of described function list and class; Wherein, described call relation referent comprises: function sum functions and class and class;
Determination module, for the call function corresponding according to described call relation, determines to treat ambiguity function information in described Python program module to be encrypted; Wherein, treat described in ambiguity function information comprise described in treat in the following information of ambiguity function one or more: title and treat confounding factors;
Obscuring module, treating that ambiguity function information carries out rename for utilizing default ambiguity function information to described; Wherein, described default ambiguity function information comprises one or more in following information: ambiguity function title and confounding factors title; And described ambiguity function title is all different from Python keyword name with described confounding factors title.
In conjunction with the first possible embodiment of second aspect, embodiments provide the third possible embodiment of second aspect, wherein, described encrypting module comprises:
Encapsulation submodule, for the fill order sent according to user, becomes jar bag function by described Jython code wrap;
Encryption submodule, for being encrypted described jar bag function, generates the decruption key that described jar bag function is corresponding.
In conjunction with the third possible embodiment of second aspect, embodiments provide the 4th kind of possible embodiment of second aspect, wherein, described device also comprises:
Scan module, for scanning the list of all function lists and class, obtains the described call function that all call relations in the list of described function list and class are corresponding; Wherein, described call relation referent comprises: function sum functions and class and class;
Enquiry module, calls the internal call function of Python program to be encrypted for inquiring about non-encrypted Python program module in described call function; Wherein, described non-encrypted Python program module comprises unencrypted class and non-encrypted function;
Second modular converter, for being converted to the described internal call function of inquiry the form being called jar bag function by Jpype instrument.
The secure calling method of a kind of Python program module that the embodiment of the present invention provides and device, comprising: obtain the Python program module to be encrypted operated in the running environment being provided with Java Runtime Environment and Jpype instrument; Be Jython code by the Python code conversion of Python program module to be encrypted; Jython code is encrypted, generates the decruption key that encrypt file is corresponding; Be configured according to the loader of decruption key to Jpype instrument, utilize the loader after configuration to call encrypt file, to realize the security invocation to Python program module.Compared with the stolen problem existed with Python code of the prior art, it can be encrypted the core in Python program module, and call the rear file of encryption by the Jpype instrument of configuration, to improve the security of Python code, and make that running environment is with low uncertainty, automaticity is high, and can cross-platformly use.
For making above-mentioned purpose of the present invention, feature and advantage become apparent, preferred embodiment cited below particularly, and coordinate appended accompanying drawing, be described in detail below.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, be briefly described to the accompanying drawing used required in embodiment below, be to be understood that, the following drawings illustrate only some embodiment of the present invention, therefore the restriction to scope should be counted as, for those of ordinary skill in the art, under the prerequisite not paying creative work, other relevant accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 shows the process flow diagram of the secure calling method of a kind of Python program module that the embodiment of the present invention provides;
Fig. 2 shows the process flow diagram of the secure calling method of the another kind of Python program module that the embodiment of the present invention provides;
Fig. 3 shows the process flow diagram of the secure calling method of the another kind of Python program module that the embodiment of the present invention provides;
Fig. 4 shows the process flow diagram of the secure calling method of the another kind of Python program module that the embodiment of the present invention provides;
Fig. 5 shows the process flow diagram of the secure calling method of the another kind of Python program module that the embodiment of the present invention provides;
Fig. 6 shows the structural representation of the security invocation device of a kind of Python program module that the embodiment of the present invention provides;
Fig. 7 shows the structural representation of the first acquisition module in the security invocation device of a kind of Python program module that the embodiment of the present invention provides;
Fig. 8 shows the structural representation of the security invocation device of the another kind of Python program module that the embodiment of the present invention provides;
Fig. 9 shows the structural representation of encrypting module in the security invocation device of a kind of Python program module that the embodiment of the present invention provides;
Figure 10 shows the structural representation of the security invocation device of the another kind of Python program module that the embodiment of the present invention provides.
Embodiment
Below in conjunction with accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.The assembly of the embodiment of the present invention describing and illustrate in usual accompanying drawing herein can be arranged with various different configuration and design.Therefore, below to the detailed description of the embodiments of the invention provided in the accompanying drawings and the claimed scope of the present invention of not intended to be limiting, but selected embodiment of the present invention is only represented.Based on embodiments of the invention, the every other embodiment that those skilled in the art obtain under the prerequisite not making creative work, all belongs to the scope of protection of the invention.
Python is a programming language, the advantages such as have tempo of development fast, third party expands perfect, and the code amount of writing is few, above-mentioned advantage due to Python meets large Data Analysis Platform to exploitation efficiency requirements, therefore Python becomes one of exploitation appointed language of numerous large Data Analysis Platform.
Although Python has lot of advantages, the exploitation of software greatly easily, but how protecting Python code not stolen is an insurmountable problem always, because the source code of Python can only compile, and can not encrypt, and the binary file that Python code compilation goes out can use third party software decompiling to return source code, so in the urgent need to studying new anti-theft measure for Python, consider that in actual production, only some core has very high conservation value, as long as so encrypt a part of code can meet production requirement, therefore the embodiment of the present invention gives a kind of scheme of being encrypted by Python code section, i.e. a kind of secure calling method of Python program module and device, the called of the program module safety of Python code compilation can be made, solve the stolen problem that Python program module exists always.
The process flow diagram of the secure calling method of a kind of Python program module provided with reference to the embodiment of the present invention shown in figure 1, described method comprises the steps:
S101, obtain Python program module to be encrypted; Wherein, described Python program module operates in the running environment being provided with Java Runtime Environment and Jpype instrument, and described Jpype instrument comprises loader.
In the embodiment of the present invention, Python program module to be encrypted is the compiled Python code for realizing specific function, this Python program module to be encrypted can be undertaken calling (namely internally calling) by other program module (i.e. non-encrypted Python program module), it is the part in whole Python program module with core value, in order to prevent this part stolen, need to be encrypted it; And the effect of above-mentioned non-encrypted Python program module in Python program module is for externally calling, be namely external disclosure, therefore this portions thereof does not need to be encrypted.
First to obtain Python program module to be encrypted in whole Python program module in the embodiment of the present invention, and this part Python program module to be encrypted is encrypted, prevent it stolen.
The concrete acquisition process of above-mentioned Python program module to be encrypted is as follows: first corresponding to Python program module code divides according to the requirement of configuration, for all program modules of whole Python program module, internally call if be judged as, be then defined as part to be encrypted; Externally call if be judged as, be then defined as non-encrypted part.
S102, be Jython code by the Python code conversion of described Python program module to be encrypted.
Concrete, because Python code cannot realize direct encryption, characteristic similar according to Python with Jython syntax rule height in the embodiment of the present invention, being Jython code by the Python code conversion of Python program module to be encrypted, being encrypted being converted to Jython code so that follow-up.
Wherein, Jython is the realization of Python in Java platform, and the grammer of Jython and the grammer of Python have highly consistent.
S103, described Jython code to be encrypted, to generate the decruption key that encrypt file is corresponding.
Encryption in this step namely, Jython code wrap is packaged as jar bag function, jar bag function is the binary program file after the compiling that can perform of Java operation platform, can do the encryption process, therefore by predetermined encryption method, above-mentioned jar bag function is encrypted, generate the decruption key that jar bag function is corresponding.Wherein, above-mentioned predetermined encryption method can be the close mode of binary add, can be symmetric encipherment algorithm, also can be rivest, shamir, adelman
In addition, consider that above-mentioned Python program module to be encrypted also can as an application program independent operating, jar bag function Python program module to be encrypted being encrypted to generation can also be packaged into the application program under large Data Analysis Platform by the embodiment of the present invention, so that the Python program module after this encryption as an independent application program independent operating, can ensure the security of the source code of this application program simultaneously.
S104, to be configured according to the loader of described decruption key to described Jpype instrument, to utilize the loader after configuration to call described encrypt file, in order to realize the security invocation to Python program module.
In the embodiment of the present invention, third party server being provided with in advance Java Runtime Environment and Python expands the running environment of Jpype instrument, then corresponding according to the jar bag function of the encryption loader of decruption key to Jpype instrument is configured, jar bag function after enabling the loader after configuration run encryption (namely allows Python have the ability to call the function in jar bag, the jar bag function after encryption can be called by the loader of Jpype instrument in order to realize non-encrypted Python program module, finally realize the security invocation to Python program module.
In the embodiment of the present invention; above-mentioned Jpype is Python third party's expansion; the embodiment of the present invention utilizes Jython can be converted into jar bag; and jar wraps the characteristic that can do the encryption process; using Jython as conversion springboard; a part there is the Python program code of economic worth to become the jar bag of an encryption most, allow remaining python program code call this jar by Jpype and wrap, the final object realizing protection part python source code.
The secure calling method of a kind of Python program module that the embodiment of the present invention provides, comprising: obtain the Python program module to be encrypted operated in the running environment being provided with Java Runtime Environment and Jpype instrument; Be Jython code by the Python code conversion of Python program module to be encrypted; Jython code is encrypted, generates the decruption key that encrypt file is corresponding; Be configured according to the loader of decruption key to Jpype instrument, utilize the loader after configuration to call encrypt file, to realize the security invocation to Python program module.Compared with the stolen problem existed with Python code of the prior art, it can be encrypted the core in Python program module, and call the rear file of encryption by the Jpype instrument of configuration, to improve the security of Python code, and make that running environment is with low uncertainty, automaticity is high, and can cross-platformly use.
As mentioned above, the ingredient of Python program module to be encrypted is compiled Python code, and in fact whole Python program module some code is valuable, this part valuable code needs to encrypt (partial code namely internally called), therefore in the embodiment of the present invention, first obtain this Python program module to be encrypted, with reference to figure 2, its concrete grammar is as follows:
Function list in S201, acquisition configuration file and the list of class.
Concrete, Python program module comprises the list of multiple function list and class, first obtains the list of all function lists and class in Python program module.
S202, the list of described function list and class to be analyzed, determine class to be encrypted and function to be encrypted and unencrypted class and non-encrypted function.
Concrete, the function internally called and class are defined as class to be encrypted and function to be encrypted; The function externally called and class are defined as unencrypted class and non-encrypted function.
S203, using described class to be encrypted and function to be encrypted as Python program module to be encrypted.
Then step 202, after determining class to be encrypted and function to be encrypted, it can be used as the Python program module to be encrypted that overall.
In order to ensure the security of the Python program module to be encrypted in Python program module further, in the embodiment of the present invention before above-mentioned steps 103, preferably process is obscured to Python program module to be encrypted, and, the function and the Python key word that contact non-encrypted part and part to be encrypted is avoided when obscuring process, with reference to figure 3, in the embodiment of the present invention to obscure the detailed process of process to Python program module to be encrypted as follows:
S301, the call function that all call relations obtained in the list of described function list and class are corresponding;
Concrete, to obtain in the list of all function lists and class between function function, and the call function that call relation between class with class is corresponding, this call function comprises the call function (i.e. internal call function) that the call function (i.e. external call function) that calls non-encrypted Python program module and non-encrypted Python program module call encryption Python program module.
S302, the call function corresponding according to described call relation, determine to treat ambiguity function information in described Python program module to be encrypted; Wherein, treat described in ambiguity function information comprise described in treat in the following information of ambiguity function one or more: title and treat confounding factors;
Concrete, the call function corresponding according to above-mentioned call relation is determined treat the title of ambiguity function and treat the variable of ambiguity function; In fact, determine that function and the corresponding function variable of internal invoke section (Python program module namely to be encrypted) need to do to obscure process exactly, and externally invoke section (i.e. unencrypted Python program module) does not need to carry out obscuring process.
S303, utilization are preset ambiguity function information and are treated that ambiguity function information carries out rename to described; Wherein, described default ambiguity function information comprises one or more in following information: ambiguity function title and confounding factors title; And described ambiguity function title is all different from Python keyword name with described confounding factors title.
Wherein, above-mentioned default ambiguity function information (i.e. ambiguity function title and confounding factors title) is stochastic generation, utilizes the default ambiguity function information of this stochastic generation to carry out rename to the function name in above-mentioned Python program module to be encrypted and corresponding function variable title.
Because the function name in Python program module to be encrypted and corresponding function variable title all can show the effect of this function and variable, be easy to stolen employment understand and use, in the embodiment of the present invention, by obscuring process to the function name in above-mentioned Python program module to be encrypted and corresponding function variable title, further ensure the security of Python program module to be encrypted.
Be Jython code by the Python code conversion of Python program module to be encrypted in a step 102, and Jython code can decrypted process, based on this, with reference to figure 4, in the embodiment of the present invention, the process that Jython code is encrypted specifically is comprised the steps:
S401, the fill order sent according to user, become jar bag function by described Jython code wrap.
In the embodiment of the present invention, Jython code can be encrypted, and first Jython code wrap is become jar bag function, and the jar bag function of correspondence can be encrypted.
S402, described jar bag function to be encrypted, to generate the decruption key that described jar bag function is corresponding.
Concrete, according to predetermined encryption method, jar bag function is encrypted, generates the decruption key that jar bag function is corresponding; Wherein, above-mentioned predetermined encryption method can be the close mode of binary add, can be symmetric encipherment algorithm, also can be rivest, shamir, adelman.
In addition, whole method in the present embodiment realizes in the running environment being provided with Java Runtime Environment and Jpype instrument, encrypt file is called in order to coordinate the loader in above-mentioned Jpype instrument, the embodiment of the present invention also needs to be configured the function (or being called Python code) of contact Python program module to be encrypted and unencrypted Python program module, can realize making unencrypted Python program module can call function in Python program module to be encrypted, with reference to figure 5, concrete configuration process is as follows:
S501, scan the list of all function lists and class, obtain the described call function that all call relations in the list of described function list and class are corresponding; Wherein, call relation referent comprises: function sum functions and class and class;
First, to obtain in the list of all function lists and class between function function, and the call function that call relation between class with class is corresponding, this call function comprises the call function that the call function that calls non-encrypted Python program module and non-encrypted Python program module call encryption Python program module.
S502, in described call function, inquire about the internal call function that non-encrypted Python program module calls Python program to be encrypted; Wherein, described non-encrypted Python program module comprises unencrypted class and non-encrypted function;
Wherein, in above-mentioned all call functions, obtain the internal call function that non-encrypted Python program module calls encryption Python program module, conversion process is carried out to these internal call functions, match with the Jpype instrument after configuration to make the internal call function after processing.
S503, by inquiry described internal call function be converted to the form being called jar bag function by Jpype instrument.
In this step, the internal call function non-encrypted Python program module being called encryption Python program module is converted to the form that Jpype instrument calls jar bag function, calls the jar bag function after encryption to coordinate the Jpype instrument after configuration.
The secure calling method of a kind of Python program module provided by the invention, it is applied in the application program that Python writes, there is following beneficial effect, be in particular in: 1) running environment is with low uncertainty, only need the running environment of many installation Java and Python third party to expand Jpype; 2) automaticity is high, as long as definition needs the interface sum functions exposed, remaining all can complete in robotization.3) cross-platform use, as long as Python and the Java platform that can run all can use this scheme protect Python source code.
The embodiment of the present invention additionally provides a kind of security invocation device of Python program module, and described device is for performing the secure calling method of above-mentioned Python program module, and with reference to figure 6, described device comprises:
First acquisition module 11, for obtaining Python program module to be encrypted; Wherein, described Python program module operates in the running environment being provided with Java Runtime Environment and Jpype instrument, and described Jpype instrument comprises loader;
First modular converter 12, for being Jython code by the Python code conversion of described Python program module to be encrypted;
Encrypting module 13, for being encrypted described Jython code, generates the decruption key that encrypt file is corresponding;
Configuration module 14, for being configured according to the loader of described decruption key to described Jpype instrument, utilizes the loader after configuration to call described encrypt file, in order to realize the security invocation to Python program module.
As mentioned above, the ingredient of Python program module to be encrypted is compiled Python code, and in fact whole Python program module some code is valuable, need to be encrypted (part namely internally called) this valuable part, based on this, with reference to figure 7, above-mentioned first acquisition module 11 comprises:
Obtain submodule 111, for obtaining the list of function list in configuration file and class;
Analyzing submodule 112, for analyzing the list of described function list and class, determining class to be encrypted and function to be encrypted and unencrypted class and non-encrypted function;
Submodule 113 is set, for using described class to be encrypted and function to be encrypted as Python program module to be encrypted.
In order to ensure the security of the Python program module to be encrypted in Python program module further, preferably process is obscured to Python program module to be encrypted in the embodiment of the present invention, and, the function and the Python key word that contact non-encrypted part and part to be encrypted is avoided when obscuring process, concrete, with reference to figure 8, said apparatus also comprises:
Second acquisition module 15, for obtaining call function corresponding to all call relations in the list of described function list and class; Wherein, described call relation referent comprises: function sum functions and class and class;
Determination module 16, for the call function corresponding according to described call relation, determines to treat ambiguity function information in described Python program module to be encrypted; Wherein, treat described in ambiguity function information comprise described in treat in the following information of ambiguity function one or more: title and treat confounding factors;
Obscuring module 17, treating that ambiguity function information carries out rename for utilizing default ambiguity function information to described; Wherein, described default ambiguity function information comprises one or more in following information: ambiguity function title and confounding factors title; And described ambiguity function title is all different from Python keyword name with described confounding factors title.
The Python code conversion of Python program module to be encrypted has been Jython code by above-mentioned encrypting module, and Jython code can decrypted process, therefore the said apparatus that the embodiment of the present invention provides, with reference to figure 9, encrypting module 13 comprises:
Encapsulation submodule 131, for the fill order sent according to user, becomes jar bag function by described Jython code wrap;
Encryption submodule 132, for being encrypted described jar bag function, generates the decruption key that described jar bag function is corresponding.
In addition, whole method in the present embodiment realizes in the running environment being provided with Java Runtime Environment and Jpype instrument, encrypt file is called in order to coordinate the loader in above-mentioned Jpype instrument, the embodiment of the present invention also needs to be configured the function (or being called Python code) of contact Python program module to be encrypted and unencrypted Python program module, can realize making unencrypted Python program module can call function in Python program module to be encrypted, concrete, with reference to Figure 10, said apparatus also comprises:
Scan module 18, for scanning the list of all function lists and class, obtains the described call function that all call relations in the list of described function list and class are corresponding; Wherein, described call relation referent comprises: function sum functions and class and class;
Enquiry module 19, calls the internal call function of Python program to be encrypted for inquiring about non-encrypted Python program module in described call function; Wherein, described non-encrypted Python program module comprises unencrypted class and non-encrypted function;
Second modular converter 20, for being converted to the described internal call function of inquiry the form being called jar bag function by Jpype instrument.
The security invocation device of a kind of Python program module that the embodiment of the present invention provides, compared with the stolen problem existed with Python code of the prior art, it can be encrypted the core in Python program module, and call the rear file of encryption by the Jpype instrument of configuration, to improve the security of Python code, and the application also makes when being applied in the application program that Python writes that running environment is with low uncertainty, automaticity is high, and can cross-platformly use.
The computer program of what the embodiment of the present invention provided carry out a kind of secure calling method of Python program module, comprise the computer-readable recording medium storing program code, the instruction that described program code comprises can be used for performing the method described in previous methods embodiment, specific implementation see embodiment of the method, can not repeat them here.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the specific works process of the system of foregoing description, device and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
In several embodiments that the application provides, should be understood that disclosed system, apparatus and method can realize by another way.Device embodiment described above is only schematic, such as, the division of described unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, again such as, multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some communication interfaces, and the indirect coupling of device or unit or communication connection can be electrical, machinery or other form.
The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.
If described function using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part of the part that technical scheme of the present invention contributes to prior art in essence in other words or this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform all or part of step of method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, ROM (read-only memory) (ROM, Read-OnlyMemory), random access memory (RAM, RandomAccessMemory), magnetic disc or CD etc. various can be program code stored medium.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; change can be expected easily or replace, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection domain of described claim.
Claims (10)
1. a secure calling method for Python program module, is characterized in that, comprising:
Obtain Python program module to be encrypted; Wherein, described Python program module operates in the running environment being provided with Java Runtime Environment and Jpype instrument, and described Jpype instrument comprises loader;
Be Jython code by the Python code conversion of described Python program module to be encrypted;
Described Jython code is encrypted, generates the decruption key that encrypt file is corresponding;
Be configured according to the loader of described decruption key to described Jpype instrument, utilize the loader after configuration to call described encrypt file, in order to realize the security invocation to Python program module.
2. method according to claim 1, is characterized in that, described acquisition Python program module to be encrypted comprises:
Function list in acquisition configuration file and the list of class;
The list of described function list and class is analyzed, determines class to be encrypted and function to be encrypted and unencrypted class and non-encrypted function;
Using described class to be encrypted and function to be encrypted as Python program module to be encrypted.
3. method according to claim 2, is characterized in that, is encrypted described Jython code, before generating decruption key corresponding to encrypt file, also comprises:
Obtain the call function that all call relations in the list of described function list and class are corresponding; Wherein, described call relation referent comprises: function sum functions and class and class;
The call function corresponding according to described call relation, determines to treat ambiguity function information in described Python program module to be encrypted; Wherein, treat described in ambiguity function information comprise described in treat in the following information of ambiguity function one or more: title and treat confounding factors;
Default ambiguity function information is utilized to treat that ambiguity function information carries out rename to described; Wherein, described default ambiguity function information comprises one or more in following information: ambiguity function title and confounding factors title; And described ambiguity function title is all different from Python keyword name with described confounding factors title.
4. method according to claim 2, is characterized in that, is describedly encrypted described Jython code, and the decruption key generating encrypt file corresponding comprises:
According to the fill order that user sends, described Jython code wrap is become jar bag function;
Described jar bag function is encrypted, generates the decruption key that described jar bag function is corresponding.
5. method according to claim 4, is characterized in that, described method also comprises:
Scan the list of all function lists and class, obtain the described call function that all call relations in the list of described function list and class are corresponding; Wherein, described call relation referent comprises: function sum functions and class and class;
The internal call function that non-encrypted Python program module calls Python program to be encrypted is inquired about in described call function; Wherein, described non-encrypted Python program module comprises unencrypted class and non-encrypted function;
The described internal call function of inquiry is converted to the form being called jar bag function by Jpype instrument.
6. a security invocation device for Python program module, is characterized in that, comprising:
First acquisition module, for obtaining Python program module to be encrypted; Wherein, described Python program module operates in the running environment being provided with Java Runtime Environment and Jpype instrument, and described Jpype instrument comprises loader;
First modular converter, for being Jython code by the Python code conversion of described Python program module to be encrypted;
Encrypting module, for being encrypted described Jython code, generates the decruption key that encrypt file is corresponding;
Configuration module, for being configured according to the loader of described decruption key to described Jpype instrument, utilizes the loader after configuration to call described encrypt file, in order to realize the security invocation to Python program module.
7. device according to claim 6, is characterized in that, described first acquisition module comprises:
Obtain submodule, for obtaining the list of function list in configuration file and class;
Analyzing submodule, for analyzing the list of described function list and class, determining class to be encrypted and function to be encrypted and unencrypted class and non-encrypted function;
Submodule is set, for using described class to be encrypted and function to be encrypted as Python program module to be encrypted.
8. device according to claim 7, is characterized in that, described device also comprises:
Second acquisition module, for obtaining call function corresponding to all call relations in the list of described function list and class; Wherein, described call relation referent comprises: function sum functions and class and class;
Determination module, for the call function corresponding according to described call relation, determines to treat ambiguity function information in described Python program module to be encrypted; Wherein, treat described in ambiguity function information comprise described in treat in the following information of ambiguity function one or more: title and treat confounding factors;
Obscuring module, treating that ambiguity function information carries out rename for utilizing default ambiguity function information to described; Wherein, described default ambiguity function information comprises one or more in following information: ambiguity function title and confounding factors title; And described ambiguity function title is all different from Python keyword name with described confounding factors title.
9. device according to claim 7, is characterized in that, described encrypting module comprises:
Encapsulation submodule, for the fill order sent according to user, becomes jar bag function by described Jython code wrap;
Encryption submodule, for being encrypted described jar bag function, generates the decruption key that described jar bag function is corresponding.
10. device according to claim 9, is characterized in that, described device also comprises:
Scan module, for scanning the list of all function lists and class, obtains the described call function that all call relations in the list of described function list and class are corresponding; Wherein, described call relation referent comprises: function sum functions and class and class;
Enquiry module, calls the internal call function of Python program to be encrypted for inquiring about non-encrypted Python program module in described call function; Wherein, described non-encrypted Python program module comprises unencrypted class and non-encrypted function;
Second modular converter, for being converted to the described internal call function of inquiry the form being called jar bag function by Jpype instrument.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510917414.5A CN105574368B (en) | 2015-12-10 | 2015-12-10 | A kind of secure calling method and device of Python program modules |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510917414.5A CN105574368B (en) | 2015-12-10 | 2015-12-10 | A kind of secure calling method and device of Python program modules |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105574368A true CN105574368A (en) | 2016-05-11 |
| CN105574368B CN105574368B (en) | 2018-05-04 |
Family
ID=55884492
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510917414.5A Active CN105574368B (en) | 2015-12-10 | 2015-12-10 | A kind of secure calling method and device of Python program modules |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105574368B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107808101A (en) * | 2017-11-06 | 2018-03-16 | 上海金途信息科技有限公司 | A kind of Intellectual Property Right Protection System by encrypting Python plaintext source codes token |
| CN108153518A (en) * | 2017-12-25 | 2018-06-12 | 厦门市美亚柏科信息股份有限公司 | A kind of antialiasing method of JAVA programs and terminal |
| CN108427559A (en) * | 2018-03-14 | 2018-08-21 | 新华三技术有限公司 | A kind of script file generates and call method and device |
| CN108629162A (en) * | 2017-03-23 | 2018-10-09 | 北京小唱科技有限公司 | A kind of source code means of defence and device |
| CN110175024A (en) * | 2019-05-29 | 2019-08-27 | 上海耕子教育科技有限公司 | A kind of Python programming authoring platform |
| CN110619215A (en) * | 2019-08-23 | 2019-12-27 | 苏州浪潮智能科技有限公司 | Code security scanning method and system |
| CN110659022A (en) * | 2019-08-19 | 2020-01-07 | 浙江邦盛科技有限公司 | Method for automatically calling Python script based on Java |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102009004276A1 (en) * | 2009-01-05 | 2010-07-08 | Core Mountains Gmbh | Method for generation of compilation from platform independent python byte code, involves forming native platform dependent dynamic library, and delivering resulted compilation without associated source code and byte code |
| CN102346834A (en) * | 2011-11-25 | 2012-02-08 | 武汉钢铁(集团)公司 | Method for encrypting and protecting Java application software |
| CN104573425A (en) * | 2014-12-31 | 2015-04-29 | 上海格尔软件股份有限公司 | Python program module encryption method based on symmetric algorithm and dedicated loading module |
-
2015
- 2015-12-10 CN CN201510917414.5A patent/CN105574368B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102009004276A1 (en) * | 2009-01-05 | 2010-07-08 | Core Mountains Gmbh | Method for generation of compilation from platform independent python byte code, involves forming native platform dependent dynamic library, and delivering resulted compilation without associated source code and byte code |
| CN102346834A (en) * | 2011-11-25 | 2012-02-08 | 武汉钢铁(集团)公司 | Method for encrypting and protecting Java application software |
| CN104573425A (en) * | 2014-12-31 | 2015-04-29 | 上海格尔软件股份有限公司 | Python program module encryption method based on symmetric algorithm and dedicated loading module |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108629162A (en) * | 2017-03-23 | 2018-10-09 | 北京小唱科技有限公司 | A kind of source code means of defence and device |
| CN108629162B (en) * | 2017-03-23 | 2020-06-02 | 北京小唱科技有限公司 | Source code protection method and device |
| CN107808101A (en) * | 2017-11-06 | 2018-03-16 | 上海金途信息科技有限公司 | A kind of Intellectual Property Right Protection System by encrypting Python plaintext source codes token |
| CN108153518A (en) * | 2017-12-25 | 2018-06-12 | 厦门市美亚柏科信息股份有限公司 | A kind of antialiasing method of JAVA programs and terminal |
| CN108153518B (en) * | 2017-12-25 | 2021-02-26 | 厦门市美亚柏科信息股份有限公司 | JAVA program anti-confusion method and terminal |
| CN108427559A (en) * | 2018-03-14 | 2018-08-21 | 新华三技术有限公司 | A kind of script file generates and call method and device |
| CN110175024A (en) * | 2019-05-29 | 2019-08-27 | 上海耕子教育科技有限公司 | A kind of Python programming authoring platform |
| CN110659022A (en) * | 2019-08-19 | 2020-01-07 | 浙江邦盛科技有限公司 | Method for automatically calling Python script based on Java |
| CN110659022B (en) * | 2019-08-19 | 2020-09-04 | 浙江邦盛科技有限公司 | Method for automatically calling Python script based on Java |
| CN110619215A (en) * | 2019-08-23 | 2019-12-27 | 苏州浪潮智能科技有限公司 | Code security scanning method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105574368B (en) | 2018-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105574368A (en) | Secure calling method and apparatus for Python program module | |
| KR101328012B1 (en) | Apparatus for tamper protection of application code and method thereof | |
| CN102043932B (en) | Method for preventing Java program from being decompiled | |
| CN102947835B (en) | The system and method encapsulating and enable protection is carried out by the variation change in software library | |
| US8166471B2 (en) | Implementing portable content protection to secure secrets | |
| KR102433011B1 (en) | Method of apk file protection, apk file protection system performing the same, and storage medium storing the same | |
| CN102346834A (en) | Method for encrypting and protecting Java application software | |
| CN103827879A (en) | Method of securing memory against malicious attack | |
| CA2376576A1 (en) | Tamper resistant software encoding | |
| CN104573416A (en) | Method and device for generating application installation package and executing application | |
| CN109598107B (en) | Code conversion method and device based on application installation package file | |
| CN110414261A (en) | A kind of data desensitization method, device, equipment and readable storage medium storing program for executing | |
| CN103413075A (en) | Method and device for protecting JAVA executable program through virtual machine | |
| CN104298534A (en) | Programming method and device based on Lua language | |
| CN110147656B (en) | Js code encryption and bottom layer operation decryption method | |
| CN103853943A (en) | Program protection method and device | |
| CN107871066B (en) | Code compiling method and device based on android system | |
| CN111159661B (en) | Decompilation prevention method and device, electronic equipment and storage medium | |
| CN114925338A (en) | Compiling method, device, equipment, medium and product | |
| CN107220528A (en) | The protection of java applet and operation method, device and terminal | |
| KR102336521B1 (en) | Methods for computer-aided obfuscation of program code | |
| CN112966227A (en) | Code encryption and decryption method and device and storage medium | |
| KR20150069844A (en) | Method of Obfuscating Files Based on Advanced RISC Machine Processor | |
| CN108021790B (en) | File protection method and device, computing equipment and computer storage medium | |
| CN104506630A (en) | Method, server and system for generating authority data on basis of user roles |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100029 room 1005, Jin Ji Ye building, No. 2, Sheng Gu Road, anzhen bridge, Chaoyang District, Beijing Patentee after: Hua Qing Rong Tian (Beijing) software Limited by Share Ltd Address before: 100029 room 1005, Jin Ji Ye building, No. 2, Sheng Gu Road, anzhen bridge, Chaoyang District, Beijing Patentee before: China Qingrong day (Beijing) technology Limited by Share Ltd |
|
| CP01 | Change in the name or title of a patent holder |