CN106295353A - A kind of method of engine Hole Detection and detection device - Google Patents

A kind of method of engine Hole Detection and detection device Download PDF

Info

Publication number
CN106295353A
CN106295353A CN201610643329.9A CN201610643329A CN106295353A CN 106295353 A CN106295353 A CN 106295353A CN 201610643329 A CN201610643329 A CN 201610643329A CN 106295353 A CN106295353 A CN 106295353A
Authority
CN
China
Prior art keywords
application
programming interface
api
application programming
detected
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610643329.9A
Other languages
Chinese (zh)
Other versions
CN106295353B (en
Inventor
张蓓
邹越
袁明凯
严明
魏学峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201610643329.9A priority Critical patent/CN106295353B/en
Publication of CN106295353A publication Critical patent/CN106295353A/en
Application granted granted Critical
Publication of CN106295353B publication Critical patent/CN106295353B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Abstract

A kind of method that the embodiment of the invention discloses engine Hole Detection, including: obtain application program to be detected;Obtaining the application programming interface API experience storehouse of the first application development engine, described first application development engine is used for developing described application program to be detected, comprises at least one API information that there are security breaches in described API experience storehouse;Extract the API of described application program to be detected;According to described API experience storehouse, it is judged that whether the API of described application program to be detected exists security breaches, the most then from the API of described application program to be detected, determine target API that there are security breaches.The embodiment of the present invention also provides for a kind of detection device.The embodiment of the present invention is without writing test case for each application development engine, but the API experience storehouse of application development engine is set up according to the API information of security breaches, scan API leak present in application program to be detected by this API experience storehouse, thus reduce the testing cost of API leak.

Description

A kind of method of engine Hole Detection and detection device
Technical field
The present invention relates to field of computer technology and field of information security technology, particularly relate to a kind of engine Hole Detection Method and detection device.
Background technology
Nowadays, along with the development of information technology, application program also becoming increasingly popular.In order to enrich the daily life of people Living, developer develops diversified application program, such as social class application, game class application, electricity business's class application, search Class application and forum's class application etc..But, during exploitation application program application programming interface (English full name: Application Programming Interface, english abbreviation: API) it is possible that leak, thus cause this application Program is delayed the situation of machine in running.
The frequency of the machine of delaying occurs to reduce application program in running, a kind of means can be used at present to API Whether there is leak to detect.
It is concrete as it is shown in figure 1, Fig. 1 is the schematic flow sheet detecting application programming interface leak in prior art.Step In rapid 101, developer needs first to be familiar with application program Core Feature and framework, and then design there may be the field of performance issue Scape.In step 102, developer can be that every API in exploitation engine writes interface testing use-case so that in step 103 In can use every interface testing use-case that corresponding each API is carried out interface testing.Due to amendment exploitation engine Basic API Risk is higher, and is unfavorable for updating and maintenance engine code, it is generally required to carried out the upper layer logic generation of calling interface by step 104 Code.Finally, in step 105, will position, in output step 104, the high-risk API code row obtained, developer can be according to defeated The high-risk API code row gone out is repaired in time.
But, owing to the API of exploitation engine has a lot, and there is more exploitation Engine Version, the API of each version is again There is certain difference, it is therefore desirable to write substantial amounts of test case for each exploitation version, thus expend huge API leakage Hole testing cost.
Summary of the invention
Embodiments provide method and the detection device of a kind of engine Hole Detection, can be each answering Write test case with exploitation engine, but set up API warp according to the API information that there are security breaches in application development engine Test storehouse, scan API leak present in application program to be detected by this API experience storehouse, thus reduce the inspection of API leak Survey cost.
In view of this, first aspect present invention provides a kind of method of engine Hole Detection, including:
Obtain application program to be detected;
Obtaining the API experience storehouse of the first application development engine, described first application development engine is used for developing described to be checked Survey application program, described API experience storehouse comprises at least one API information that there are security breaches;
Extract application programming interface API of described application program to be detected;
According to described API experience storehouse, it is judged that whether the API of described application program to be detected exists security breaches, the most then Target API that there are security breaches is determined from the API of described application program to be detected.
Second aspect, present aspect embodiment also provides for a kind of detection device, including:
First acquisition module, is used for obtaining application program to be detected;
Second acquisition module, for obtaining the API experience storehouse of the first application development engine, described first application development engine For developing the application program described to be detected that described first acquisition module obtains, described API experience storehouse comprises at least one There is the API information of security breaches;
Extraction module, compiles for extracting the application program of the application program described to be detected that described first acquisition module obtains Journey interface API;
Determine module, for the described API experience storehouse obtained according to described second acquisition module, it is judged that described extraction module Whether the API of the application program described to be detected extracted exists security breaches, the most then from described application program to be detected API determines target API that there are security breaches.
As can be seen from the above technical solutions, the embodiment of the present invention has the advantage that
In the embodiment of the present invention, it is provided that a kind of detect the method for API leak in application program, detection device first obtains to be treated Detection application program and the API experience storehouse of the first application development engine, wherein, the first application development engine is used for developing to be checked Surveying application program, comprise at least one API information that there are security breaches in this API experience storehouse, then detection device extracts and treats The API of detection application program, finally according to API experience storehouse, it is judged that whether the API of application program to be detected exists security breaches, From the API of application program to be detected, the most then determine target API that there are security breaches.Use aforesaid way, it is not necessary to for often Individual application development engine writes test case, but sets up the API warp of application development engine according to the API information of security breaches Test storehouse, scan API leak present in application program to be detected by this API experience storehouse, thus reduce the inspection of API leak Survey cost.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet detecting application programming interface leak in prior art;
Fig. 2 is one embodiment schematic diagram of method of engine Hole Detection in the embodiment of the present invention;
Fig. 3 is to detect the schematic flow sheet of API leak in application program in the embodiment of the present invention;
Fig. 4 is the schematic flow sheet setting up API experience storehouse in the embodiment of the present invention;
Fig. 5 is the schematic flow sheet realizing application development engine detection in the embodiment of the present invention;
Fig. 6 is the interface display figure in application scenarios before CocosCheck tool detection;
Fig. 7 is interface display figure during CocosCheck tool detection in application scenarios;
Fig. 8 is the interface display figure in application scenarios after CocosCheck tool detection;
Fig. 9 is detection one embodiment schematic diagram of device in the embodiment of the present invention;
Figure 10 is detection another embodiment schematic diagram of device in the embodiment of the present invention;
Figure 11 is detection another embodiment schematic diagram of device in the embodiment of the present invention;
Figure 12 is detection another embodiment schematic diagram of device in the embodiment of the present invention;
Figure 13 is detection another embodiment schematic diagram of device in the embodiment of the present invention;
Figure 14 is detection another embodiment schematic diagram of device in the embodiment of the present invention;
Figure 15 is detection another embodiment schematic diagram of device in the embodiment of the present invention;
Figure 16 is detection one structural representation of device in the embodiment of the present invention.
Detailed description of the invention
Embodiments provide method and the detection device of a kind of engine Hole Detection, it is not necessary to open for each application Carry out the coffin upon burial to hold up and write test case, but set up API experience according to the API information that there are security breaches in application development engine Storehouse, scans API leak present in application program to be detected by this API experience storehouse, thus reduces the detection of API leak Cost.
Term " first " in description and claims of this specification and above-mentioned accompanying drawing, " second ", " the 3rd ", " Four " etc. (if present) is for distinguishing similar object, without being used for describing specific order or precedence.Should manage Solve the data so used can exchange in the appropriate case, in order to embodiments of the invention described herein such as can be to remove Order beyond those that here illustrate or describe is implemented.Additionally, term " includes " and " having " and theirs is any Deformation, it is intended that cover non-exclusive comprising, such as, contain series of steps or the process of unit, method, system, product Product or equipment are not necessarily limited to those steps or the unit clearly listed, but can include the most clearly listing or for this Other step that a little processes, method, product or equipment are intrinsic or unit.
Should be understood that the application development engine in the embodiment of the present invention is a kind of based on open source software permission agreement (English Literary composition full name: Massachusetts Institute of Technology, english abbreviation: MIT) Open Framework, the most permissible Open Framework for Cocos.Cocos provides engine and the developing instrument of a complete set, contains from early stage design, resources making, opens Send out debugging and a complete set of solution of reaching the standard grade of packing.Cocos is used for building game, application program and other graphical interfaces and alternately should With, can be with emphasis Optimization Work stream, the whole development process of specification, reduces and links up cost, improve development efficiency.
The function of the Open Framework of Cocos mainly has Row control, and Row control can manage different field easily Row control between scape.Except the function of Row control, also there is following functions, such as:
(1) action (English full name: Sprites) function, combined action as mobile, rotate and scaling etc.;
(2) specially good effect (English full name: Effects) function, including wave, rotation and lens etc.;
(3) plane map (English full name: Tiled Maps) function, supports to include rectangle and hexagon plane map;
(4) conversion (English full name: Transitions) function, moves to another one different-style from a scene Scene;
(5) menu (English full name: Menus) function, creates built-in menu;
(6) text renders (English full name: Text Rendering) function, supports label and HyperText Markup Language (English full name: HyperText Markup Language, english abbreviation: HTML);
(7) document (English full name: Documents function, Programming Guide, API reference, video teaching and much teach use The simple test example how family uses.
In actual applications, the Open Framework of Cocos is as the engine developing instrument of interactive application, it is also possible to meeting Including or strengthen more function, the most exhaustive.
Should be understood that the application program to be detected in the embodiment of the present invention can be game application, it is not limited to game Application, it is also possible to be other kinds of application, such as social class application, the application of media play class or service class application etc., this Place is not construed as limiting.
And the detection device in the present invention can be specifically a detection instrument used for Cocos Open Framework, It is a client that this detection instrument can be described as CocosCheck, CocosCheck displayed on the terminals, passes through CocosCheck Client the associated documents that application program to be detected comprises are added, detect and export, so that User Exploitation people Member can position rapidly the code position occurring API leak in application program to be detected, and repairs in time, to recover Application program to be detected properly functioning.
Additionally, the present invention can be applied to Windows (English full name: the Windows of Microsoft's exploitation Operation System, english abbreviation: Windows OS), Windows OS have employed graphic user interface (English full name: Graphical User Interface, english abbreviation: GUI).Along with computer hardware and the continuous upgrading of software, Microsoft Windows also in constantly upgrading, it should be noted that this programme can be applied to window-operating experience version (English full name: Windows Experience, english abbreviation: Windows XP) OS, Windows 7OS, Windows 8OS or Windows 10OS, it is also possible to be applied to other kinds of Windows OS, do not limit.
Referring to Fig. 2, in the embodiment of the present invention, one embodiment of the method for engine Hole Detection includes:
201, application program to be detected is obtained;
In the present embodiment, detection device obtains application program to be detected, and wherein, this application program to be detected is by first Application development engine exploitation, the first application development engine can be the Open Framework of Cocos, detects device the most permissible Be for Cocos Open Framework design one for detecting the instrument of API leak.
202, obtaining the API experience storehouse of the first application development engine, the first application development engine is used for developing to be detected answering By program, API experience storehouse comprises at least one API information that there are security breaches;
In the present embodiment, detect device and then call and obtain the API experience storehouse that the first application development engine is corresponding.Its In, API experience storehouse contains at least one API information that there are security breaches, there is the API information of security breaches and be and deposit In the API information of high risk, be may determine that the refinement rule of high risk API type by this API information.
Specifically, such as API information includes API Name and the appearance in whole section of source code security breaches occur Position, the refinement rule of high risk API type i.e. goes out in whole section of source code for navigating to this API according to API Name Existing position.Thus, detection device can utilize this refinement rule to find out in application program to be detected and be likely to occur API leak Code position.
203, application programming interface API of application program to be detected is extracted;
In the present embodiment, detection device can utilize the API of keyword extraction application program to be detected.
API is some predefined functions, it is therefore an objective to provide application program and developer based on certain software or hardware Accessed the ability of one group of routine, and without access originator code or the details that understands internal work mechanism.
204, according to API experience storehouse, it is judged that whether the API of application program to be detected exists security breaches, the most then from treating The API of detection application program determines target API that there are security breaches.
In the present embodiment, detection device is after getting the API experience storehouse corresponding to the first application development engine, it is judged that treat Whether the API of detection application program deposits occurs that the API information of security breaches is consistent, for example whether have phase with API experience storehouse Same API Name, if it has, it is judged that determine the target that there are security breaches in the API of this application program to be detected API。
In order to make it easy to understand, refer to Fig. 3, Fig. 3 is to detect the flow process of API leak in application program in the embodiment of the present invention Schematic diagram, as it can be seen, particularly as follows:
In step 301, the means analyzed by static scanning, analyze the source code of application development engine, wherein, for answering Would generally occur that multiple version, the most up-to-date version are the first application development engine for exploitation engine.Specifically, dig Dig the source code of each version Cocos Open Framework, then find out the inside and there is high risk API of risk;
In step 302, by static scanning analysis result in step 301, set up the high risk of Cocos according to version API experience storehouse, alternatively it is also possible to add high risk API corresponding for more redaction to API experience storehouse, the most every time The Cocos of each version need to be set up respective API experience storehouse, but be continuously updated API experience storehouse, thus save calculating Machine storage resource;
In step 303, CocosChec instrument refines rule according to the high risk API type in API experience storehouse, it is achieved The check item of CocosCheck instrument;
In step 304, use the source code of CocosCheck tool scans application program to be detected;
In step 305, CocosCheck tool scans navigates to call the code line of high risk API, developer Directly modify.
In the embodiment of the present invention, it is not necessary to write test case for each application development engine, but according to security breaches API information sets up the API experience storehouse of application development engine, is scanned in application program to be detected by this API experience storehouse and deposits API leak, thus reduce the testing cost of API leak.
Alternatively, on the basis of the embodiment that above-mentioned Fig. 2 is corresponding, the engine Hole Detection that the embodiment of the present invention provides In first alternative embodiment of method, before obtaining the API experience storehouse of the first application development engine, it is also possible to including:
Obtain the source code of the first application development engine;
Search the API that there are security breaches in the source code of the first application development engine;
According to there is the API of security breaches, set up API experience storehouse.
In the present embodiment, before detection device obtains the API experience storehouse of the first application and development burner, set up the most in advance Play this API experience storehouse.
Specifically, referring to Fig. 4, Fig. 4 is the schematic flow sheet setting up API experience storehouse in the embodiment of the present invention, such as figure institute Show, just can be set up the API experience storehouse of the first application development engine by the step in below scheme.
In step 401, first obtain each version source code of the first application development engine, i.e. Cocos, if only one of which Version, obtains the source code of this version.
In step 402, then travel through each version source code of the first application development engine, so-called traversal refer to along Certain search pattern, all does once and only does once accessing successively to each node.
In step 403, have stepped through each version source code of the first application development engine in step 402, therefrom The source code that latest edition is corresponding can be found, the source code by static code analysis current version exists null pointer risk API.
Wherein, use static code analysis without operation code, simply by the static scanning of code, program is entered Row is analyzed, and speed is fast, efficiency is high in execution.At present ripe code static analysis tools is per second scans line code up to ten thousand, relatively In dynamically analyzing, there is the detection feature that speed is fast, efficiency is high.
It should be noted that the static code analysis technology that this programme uses can be morphological analysis, or syntactic analysis, Or abstract syntax tree analysis, it is also possible to be semantic analysis, control flow analysis or data-flow analysis, in actual applications, also Other kinds of static code analysis technology can be used, be not construed as limiting herein.
In step 404, after the static code analysis in step 403, obtain the source code that latest edition is corresponding is deposited In API Name and the corresponding parameter position of high-risk API risk, and record these high-risk API information.
In step 405, set up, according to the API information of step 404 record, the API experience storehouse that latest edition is corresponding.Due to The version of the first application development engine Cocos can be constantly updated, and also will again perform step 402 after therefore completing step 405, with This ensures that API experience storehouse covers version and the API information of correspondence of all first application development engine.
Alternatively, static code analysis can also detect different script in call parameters by code scans further Time legitimacy, do not mate if there is parameter when calling mutually between script, or the API called not in the presence of, also There may be risk.
Secondly, in the embodiment of the present invention, it is also possible to there is safety by the source code of the first application development engine is searched The API of leak, sets up API experience storehouse with this so that the API information in this API experience storehouse is more complete, thus lifting scheme Feasibility and practicality.
Alternatively, on the basis of first corresponding for above-mentioned Fig. 2 embodiment, the engine leak that the embodiment of the present invention provides In second alternative embodiment of method of detection, search the API that there are security breaches in the source code of the first application development engine, May include that
Detect the API that there is null pointer in the source code of the first application development engine;
Obtain the API Name corresponding to API and the parameter position that there is null pointer.
In the present embodiment, whether detection device source code in searching the first application development engine Cocos Open Framework Existing and have security breaches API, a kind of feasible pattern is whether to there is the API of null pointer in detection resources code, if it does, Just obtain API Name and the parameter position that there is null pointer API.
Wherein, the document that null pointer is general tends to represent with NULL, for pointer type, return NULL and return It is of equal value for returning 0, because NULL and 0 represents " null pointer (null pointer) ".
The mode abnormal about being automatically positioned null pointer, is specifically as follows, first combines the Static Analysis Technology of program, profit Stack information tutorial program section when running by program, then carries out null pointer analysis and alias analysis to the section obtained, Draw the suspicious statement set causing null pointer abnormal, finally provide location of mistake report.In actual applications, can be there is it He positions null pointer at mode, does not limits.
Again, in the embodiment of the present invention, the foundation specifically defining detection API leak can be in detection resources code Whether API exists null pointer, owing to the appearance of null pointer is the key factor causing the machine of delaying, therefore examines as API leak The standard surveyed is more beneficial for the practicality of lifting scheme, and meanwhile, the mode of detection null pointer is the most relatively simple, thus the side of improving The detection efficiency of case.
Alternatively, on the basis of second corresponding for above-mentioned Fig. 2 embodiment, the engine leak that the embodiment of the present invention provides In the 3rd alternative embodiment of method of detection, according to there is the API of security breaches, setting up API experience storehouse, may include that
According to the API Name existed corresponding to the API of null pointer and parameter position, set up the first application development engine API experience storehouse.
In the present embodiment, detection device, for there is the API of security breaches, will set up the API experience storehouse of correspondence, should API experience storehouse includes the relevant information of high risk API, such as, there is the API Name corresponding to the API of null pointer and ginseng Numerical digit is put.
The following is the high-risk API experience storehouse example of a kind of Cocos, as shown in table 1 below:
Table 1
Further, in the embodiment of the present invention, illustrate the foundation that API experience storehouse is set up, wherein there is the API of null pointer It is considered as high-risk API, then can record the relevant information of these high-risk API in API experience storehouse, in order to follow-up carry out leak Detection, with the feasibility of this lifting scheme.
Alternatively, on the basis of corresponding for above-mentioned Fig. 2 first, second or the 3rd embodiment, the embodiment of the present invention carries In the 4th alternative embodiment of the method for the engine Hole Detection of confession, after obtaining the API experience storehouse of the first application development engine, Can also include:
When the first application development engine is updated to the second application development engine, obtain the source generation of the second application development engine Code;
Search the API that there are security breaches in the source code of the second application development engine;
According to there is the API of security breaches, the API experience storehouse of the first application development engine is updated to the second application and development The API experience storehouse of engine.
In the present embodiment, it is assumed that the first application development engine has carried out version updating, the second application after being updated is opened Carrying out the coffin upon burial and hold up, in other words, the second application development engine and the first application development engine are all with a software, but version is different, Wherein, the second application development engine is than the version updating of the first application development engine.
Specifically, detection device will constantly travel through the version of the first application development engine, when finding to there is information version, May determine that the first application development engine is updated to the second application development engine, then detection device is again from application development engine The source code of the second application development engine is transferred on official website.It follows that detection device will search the source of the second application development engine Code exists the API of security breaches, i.e. searches whether to exist the API of null pointer, there is safety if there is being considered as this API Leak.
Finally, the API experience storehouse of the first application development engine, according to there is the API of security breaches, is updated by detection device It is the API experience storehouse of the second application development engine, namely the high-risk API information of the second application development engine is added supreme one The API experience storehouse that individual version is corresponding.
Further, in the embodiment of the present invention, when the version of application development engine occurs to update, detection device is permissible Find out the API that there are security breaches in the application development engine after renewal, and directly update API experience storehouse, it is not necessary to again Set up the API experience storehouse that after updating, application development engine is corresponding, but fresh information is added the API experience storehouse of a supreme version , not only can improve the efficiency setting up API experience storehouse, but also save the storage resource of detection device.
Alternatively, on the basis of the 3rd corresponding for above-mentioned Fig. 2 embodiment, the engine leak that the embodiment of the present invention provides In the 5th alternative embodiment of method of detection, according to API experience storehouse, it is judged that whether the API of application program to be detected exists peace Full leak, may include that
Travel through the API Name of application program to be detected;
Judge that the API Name of application program to be detected is the most consistent, the most then with the API Name comprised in API experience storehouse The parameter position that in application program to be detected, API Name is corresponding is obtained according to API experience storehouse;
If parameter corresponding on parameter position is null pointer, it is determined that the API of application program to be detected exists security breaches.
In the present embodiment, detection device is according to the high-risk API information in API experience storehouse, it is judged that application program to be detected Whether API exists the specific implementation of security breaches is introduced as follows:
Referring to Fig. 5, Fig. 5 is the schematic flow sheet realizing application development engine detection in the embodiment of the present invention, step In 501, detection device first obtains the first application development engine version number of use of application program to be scanned, specifically can be from Extracting in the cocos2dVersion function of cocos2d.cpp, its code extracted is as follows:
#include“cocos2d.h”
NS_CC_BEGIN
Const char*cocos2dversion()
{
{return“2.2.1”;
}
}
Version number can be extracted by above-mentioned code, alternatively it is also possible to the version number that extracting directly latest edition is corresponding.
In step 502, check whether to exist the API experience storehouse of corresponding version, this API experience storehouse contains high-risk API Information, if exist, then go successively to step 503, otherwise jump to step 510;
In step 503, find the API experience storehouse of correspondence according to the version number of the first application development engine, and extract this API Experience storehouse;
In step 504, being scanned each file in application program to be detected, these files are to be detected The source code of application program, the function call of the everywhere in ergodic source code.
In step 505, detection device travels through after the everywhere in application program to be detected calls in step 504, obtains The function name of each API.
In step 506, it follows that detection device is by the function name and the API experience storehouse that get API in step 505 Function name contrasts, thus determines whether high-risk API, if function name is consistent, then may be considered high-risk API, then Enter step 507, the most then jump to step 504, i.e. continue the everywhere function call in ergodic source code.
In step 507, detection device, according to the high-risk API information of storage in API experience storehouse, can find api function Parameter information corresponding to Ming, such as its position occurred and code content etc..
In step 508, it is judged that whether the parameter calling API position is NULL, the most then enter step 509, otherwise just jump Go to step 504, i.e. continue the everywhere function call in ergodic source code.
In step 509, export the risk information of application program to be detected, including the filename started a leak, code line number, The API Name called and error information etc..
In step 510, terminate the detection of this API leak.
Yet further, in the embodiment of the present invention, it is provided that utilize API experience storehouse that application program to be detected is carried out API The mode of Hole Detection, by the high-risk API information comprised in API experience storehouse, determines in application program to be detected and is likely to occur High-risk API, relative to prior art, it is not necessary on the basis of the high-risk API navigated to, then search upper strata and call the ginseng of this API Numerical digit is put, but is directly targeted to the parameter position of high-risk API, thus significantly reduces the cost excavating high-risk API.
Alternatively, on the basis of the embodiment that above-mentioned Fig. 2 is corresponding, the engine Hole Detection that the embodiment of the present invention provides In six alternative embodiments of method, after determining target API that there are security breaches from the API of application program to be detected, also May include that
Exporting the risk information in application program to be detected, risk information includes the application journey to be detected that there is target API At least one in the filename of sequence, code position, the API Name called and error information.
In the present embodiment, after detection device exists target API of security breaches in determining application program to be detected, also may be used Further the risk information of target API is shown in front-end interface, check for developer and repair in time.
It should be noted that the risk information of target API includes the filename of application program to be detected, code position, tune API Name and error information at least one, but in actual applications, include but are not limited to above-mentioned letter Breath.
Wherein, the filename of application program to be detected in risk information, represent that application program to be detected occurs high-risk API File which is;Code position in risk information, represents the generation occurring high-risk API in the source code of application program to be detected Code position;The API Name called in risk information, represents the title of high-risk API;In risk information, error information is exactly one and disappears Breath prompting, occurs in that API leak for the application program to be detected pointing out developer current.
Secondly, in the embodiment of the present invention, detection device can be shown about application program to be detected a series of risk letter Breath so that developer can get information API leak occur in time, thus promotes the effect repairing application program to be detected Rate.
For ease of understanding, with a concrete application scenarios, the method for engine Hole Detection a kind of in the present invention is carried out below Describe in detail, particularly as follows:
Developer's first uses Cocos Open Framework to develop a game, in order to ensure that what this played reaches the standard grade smoothly, Developer's first uses whether this game of CocosCheck tool detection exists API leak.Its detecting step is as follows:
First, developer's first double-clicks " CocosCheck.exe " instrument on computer, then enters CocosCheck work The use interface of tool, referring to Fig. 6, Fig. 6 is interface display figure before CocosCheck tool detection in application scenarios, menu bar In " Check " for detection function, " File " be file select function, " Edit " is editting function, and " View " is view function, " Help " is help function.
Then, developer's first selects the detection function in menu bar, i.e. clicks on " Check ", then reselection " Check " In " Directory " option.Game source code mesh to be detected is arisen that on the interface of CocosCheck instrument after selection Record, is specifically interface display figure during CocosCheck tool detection in application scenarios such as Fig. 7, Fig. 7, and developer's first have selected In this game, all of source code file is scanned.
After CocosCheck tool scans completes, by display interface as shown in Figure 8, during Fig. 8 is application scenarios Interface display figure after CocosCheck tool detection, developer's first, it can be seen that result after having scanned, is opened up in result Showing the code file entitled " QGAuto.cpp " calling high-risk API, corresponding lines of code is 247 row, this high-risk API Name For " initWithMaskSprite ".
Then, developer quickly finds the file high-risk API occur, and finds the place made mistakes according to code position, Repaired the most in time, thus ensured that this game is reached the standard grade smoothly.
Below the detection device in the present invention is described in detail, refers to Fig. 9, the detection dress in the embodiment of the present invention Put and include:
First acquisition module 601, is used for obtaining application program to be detected;
Second acquisition module 602, for obtaining the API experience storehouse of the first application development engine, described first application and development Engine for develop described first acquisition module 601 obtain application program described to be detected, described API experience storehouse comprises to There is the API information of security breaches in one item missing;
Extraction module 603, for extracting the application of the application program described to be detected that described first acquisition module 601 obtains Program Interfaces API;
Determine module 604, for according to described second acquisition module 602 obtain described API experience storehouse, it is judged that described in carry Whether the API of application program described to be detected that delivery block 603 extracts exists security breaches, the most then from described to be detected should With the API of program determines target API that there are security breaches.
In the present embodiment, the first acquisition module 601 obtains application program to be detected, and the second acquisition module 602 obtains first The API experience storehouse of application development engine, described first application development engine is for developing what described first acquisition module 601 obtained Described application program to be detected, comprises at least one API information that there are security breaches, extraction module in described API experience storehouse 603 application programming interfaces API extracting the application program described to be detected that described first acquisition module 601 obtains, determine The described API experience storehouse that module 604 obtains according to described second acquisition module 602, it is judged that the institute that described extraction module 603 extracts Whether the API stating application program to be detected exists security breaches, the most then determine from the API of described application program to be detected There is target API of security breaches.
In the embodiment of the present invention, it is not necessary to write test case for each application development engine, but according to security breaches API information sets up the API experience storehouse of application development engine, is scanned in application program to be detected by this API experience storehouse and deposits API leak, thus reduce the testing cost of API leak.
Alternatively, on the basis of the embodiment corresponding to above-mentioned Fig. 9, referring to Figure 10, the embodiment of the present invention provides In another embodiment of detection device, described detection device also includes:
3rd acquisition module 605A, obtains the API experience of the first application development engine for described second acquisition module 602 Before storehouse, obtain the source code of described first application development engine;
First searches module 605B, and described first application and development obtained for searching described 3rd acquisition module 605A is drawn The source code held up exists the API of security breaches;
First set up module 605C, for searching, according to described first, the described security breaches that exist that module 605B is searched API, sets up described API experience storehouse.
Secondly, in the embodiment of the present invention, it is also possible to there is safety by the source code of the first application development engine is searched The API of leak, sets up API experience storehouse with this so that the API information in this API experience storehouse is more complete, thus lifting scheme Feasibility and practicality.
Alternatively, on the basis of the embodiment corresponding to above-mentioned Figure 10, referring to Figure 11, the embodiment of the present invention provides In another embodiment of detection device,
Described first searches module 605B includes:
, in the source code detecting described first application development engine, there is the API of null pointer in detector unit 605B1;
First acquiring unit 605B2, for obtaining the described API that there is null pointer of described detector unit 605B1 detection Corresponding API Name and parameter position.
Again, in the embodiment of the present invention, the foundation specifically defining detection API leak can be in detection resources code Whether API exists null pointer, owing to the appearance of null pointer is the key factor causing the machine of delaying, therefore examines as API leak The standard surveyed is more beneficial for the practicality of lifting scheme, and meanwhile, the mode of detection null pointer is the most relatively simple, thus the side of improving The detection efficiency of case.
Alternatively, on the basis of the embodiment corresponding to above-mentioned Figure 11, referring to Figure 12, the embodiment of the present invention provides In another embodiment of detection device,
Described first sets up module 605C includes:
Set up unit 605C1, for the described API that there is null pointer obtained according to described first acquiring unit 605B2 Corresponding API Name and parameter position, set up the API experience storehouse of described first application development engine.
Further, in the embodiment of the present invention, illustrate the foundation that API experience storehouse is set up, wherein there is the API of null pointer It is considered as high-risk API, then can record the relevant information of these high-risk API in API experience storehouse, in order to follow-up carry out leak Detection, with the feasibility of this lifting scheme.
Alternatively, on the basis of the embodiment corresponding to above-mentioned Figure 10, Figure 11 or Figure 12, refer to Figure 13, the present invention In another embodiment of the detection device that embodiment provides,
Described detection device 60 also includes:
4th acquisition module 606A, obtains the API experience of the first application development engine for described second acquisition module 602 After storehouse, when described first application development engine is updated to the second application development engine, obtains described second application and development and draw The source code held up;
Second searches module 606B, and described second application and development obtained for searching described 4th acquisition module 606A is drawn The source code held up exists the API of security breaches;
More new module 606C, for searching, according to described second, the described API that there are security breaches that module 606B is searched, The API experience storehouse of described first application development engine is updated to the API experience storehouse of described second application development engine.
Further, in the embodiment of the present invention, when the version of application development engine occurs to update, detection device is permissible Find out the API that there are security breaches in the application development engine after renewal, and directly update API experience storehouse, it is not necessary to again Set up the API experience storehouse that after updating, application development engine is corresponding, but fresh information is added the API experience storehouse of a supreme version , not only can improve the efficiency setting up API experience storehouse, but also save the storage resource of detection device.
Alternatively, on the basis of the embodiment corresponding to above-mentioned Figure 12, referring to Figure 14, the embodiment of the present invention provides In another embodiment of detection device,
Described determine that module 604 includes:
Traversal Unit 6041, for traveling through the API Name of described application program to be detected;
Second acquisition unit 6042, the application program described to be detected obtained for judging described Traversal Unit 6041 to travel through API Name, if consistent with the API Name comprised in described API experience storehouse, the most then according to described API experience storehouse obtain The parameter position that described in described application program to be detected, API Name is corresponding;
Determine unit 6043, if parameter corresponding on the described parameter position that described second acquisition unit 6042 obtains For null pointer, it is determined that the API of described application program to be detected exists security breaches.
Yet further, in the embodiment of the present invention, it is provided that utilize API experience storehouse that application program to be detected is carried out API The mode of Hole Detection, by the high-risk API information comprised in API experience storehouse, determines in application program to be detected and is likely to occur High-risk API, relative to prior art, it is not necessary on the basis of the high-risk API navigated to, then search upper strata and call the ginseng of this API Numerical digit is put, but is directly targeted to the parameter position of high-risk API, thus significantly reduces the cost excavating high-risk API.
Alternatively, on the basis of the embodiment corresponding to above-mentioned Fig. 9, referring to Figure 15, the embodiment of the present invention provides In another embodiment of detection device,
Described detection device 60 also includes:
For described, output module 607, determines that module 604 determines existence peace from the API of described application program to be detected After target API of full leak, exporting the risk information in described application program to be detected, described risk information includes there is institute State in the filename of application program to be detected of target API, code position, the API Name called and error information at least One.
Secondly, in the embodiment of the present invention, detection device can be shown about application program to be detected a series of risk letter Breath so that developer can get information API leak occur in time, thus promotes the effect repairing application program to be detected Rate.
The embodiment of the present invention additionally provides another kind of detection device, as shown in figure 16, for convenience of description, illustrate only with The part that the embodiment of the present invention is relevant, concrete ins and outs do not disclose, and refer to embodiment of the present invention method part.This terminal Can be to include PC (English full name: Personal Computer, english abbreviation: PC), mobile phone, panel computer, individual Digital assistants (English full name: Personal Digital Assistant, english abbreviation: PDA), point-of-sale terminal (English full name: Point of Sales, english abbreviation: POS), the arbitrarily terminal unit such as vehicle-mounted computer, as a example by terminal is as PC:
Figure 16 is illustrated that the block diagram of the part-structure of the PC relevant to the terminal of embodiment of the present invention offer.With reference to figure 16, PC include: radio frequency (English full name: Radio Frequency, english abbreviation: RF) circuit 710, memorizer 720, input list Unit 730, display unit 740, sensor 750, voicefrequency circuit 760, Wireless Fidelity (English full name: wireless fidelity, English abbreviation: WiFi) module 770, the parts such as processor 780 and power supply 790.It will be understood by those skilled in the art that Figure 16 Shown in PC structure be not intended that the restriction to PC, can include that ratio illustrates more or less of parts, or combine some Parts, or different parts layouts.
Below in conjunction with Figure 16 each component parts of PC carried out concrete introduction:
RF circuit 710 can be used for receiving and sending messages or in communication process, the reception of signal and transmission, especially, by base station After downlink information receives, process to processor 780;It addition, be sent to base station by designing up data.Generally, RF circuit 710 Include but not limited to antenna, at least one amplifier, transceiver, bonder, low-noise amplifier (English full name: Low Noise Amplifier, english abbreviation: LNA), duplexer etc..Additionally, RF circuit 710 can also pass through radio communication and network Communicate with other equipment.Above-mentioned radio communication can use arbitrary communication standard or agreement, includes but not limited to that the whole world is mobile logical News system (English full name: Global System of Mobile communication, english abbreviation: GSM), general packet Wireless service (English full name: General Packet Radio Service, GPRS), CDMA (English full name: Code Division Multiple Access, english abbreviation: CDMA), WCDMA (English full name: Wideband Code Division Multiple Access, english abbreviation: WCDMA), Long Term Evolution (English full name: Long Term Evolution, english abbreviation: LTE), Email, Short Message Service (English full name: Short Messaging Service, SMS) etc..
Memorizer 720 can be used for storing software program and module, and processor 780 is stored in memorizer 720 by operation Software program and module, thus perform PC various functions application and data process.Memorizer 720 can mainly include depositing Storage program area and storage data field, wherein, storage program area can store the application program needed for operating system, at least one function (such as sound-playing function, image player function etc.) etc.;Storage data field can store the data that the use according to PC is created (such as voice data, phone directory etc.) etc..Additionally, memorizer 720 can include high-speed random access memory, it is also possible to include Nonvolatile memory, for example, at least one disk memory, flush memory device or other volatile solid-state parts.
Input block 730 can be used for receiving numeral or the character information of input, and produce with the user setup of PC and Function controls relevant key signals input.Specifically, input block 730 can include contact panel 731 and other input equipments 732.Contact panel 731, also referred to as touch screen, can collect user thereon or neighbouring touch operation (such as user uses hands Any applicable object or the adnexa operations on contact panel 731 or near contact panel 731 such as finger, stylus), and according to Formula set in advance drives corresponding attachment means.Optionally, contact panel 731 can include touch detecting apparatus and touch control Two parts of device processed.Wherein, the touch orientation of touch detecting apparatus detection user, and detect the signal that touch operation brings, will Signal sends touch controller to;Touch controller receives touch information from touch detecting apparatus, and is converted into contact Coordinate, then give processor 780, and order that processor 780 sends can be received and performed.Furthermore, it is possible to employing resistance The polytypes such as formula, condenser type, infrared ray and surface acoustic wave realize contact panel 731.Except contact panel 731, input is single Unit 730 can also include other input equipments 732.Specifically, other input equipments 732 can include but not limited to secondary or physical bond One or more in dish, function key (such as volume control button, switch key etc.), trace ball, mouse, action bars etc..
Display unit 740 can be used for respectively planting vegetables of the information that inputted by user of display or the information being supplied to user and PC Single.Display unit 740 can include display floater 741, optionally, can use liquid crystal display (English full name: Liquid Crystal Display, english abbreviation: LCD), Organic Light Emitting Diode (English full name: Organic Light-Emitting Diode, english abbreviation: OLED) etc. form configure display floater 741.Further, contact panel 731 can cover display surface Plate 741, when contact panel 731 detects thereon or after neighbouring touch operation, sends processor 780 to determine touch thing The type of part, provides corresponding visual output with preprocessor 780 according to the type of touch event on display floater 741.Though The most in figure 16, contact panel 731 and display floater 741 are to realize input and the input work of PC as two independent parts Can, but in some embodiments it is possible to by integrated to contact panel 731 and display floater 741 and realize input and the output of PC Function.
PC may also include at least one sensor 750, such as optical sensor, motion sensor and other sensors.Tool Body ground, optical sensor can include ambient light sensor and proximity transducer, and wherein, ambient light sensor can be according to ambient light Light and shade regulates the brightness of display floater 741, proximity transducer can when PC moves in one's ear, close display floater 741 and/or Backlight.As the one of motion sensor, accelerometer sensor can detect the big of (generally three axles) acceleration in all directions Little, can detect that size and the direction of gravity time static, can be used for identifying that the application of PC attitude is (such as horizontal/vertical screen switching, relevant Game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, percussion) etc.;The gyro that can also configure as PC Other sensors such as instrument, barometer, drimeter, thermometer, infrared ray sensor, do not repeat them here.
Voicefrequency circuit 760, speaker 761, microphone 762 can provide the audio interface between user and PC.Voicefrequency circuit The signal of telecommunication after the 760 voice data conversions that can will receive, is transferred to speaker 761, speaker 761 is converted to sound letter Number output;On the other hand, the acoustical signal of collection is converted to the signal of telecommunication by microphone 762, voicefrequency circuit 760 change after receiving For voice data, then after voice data output processor 780 is processed, through RF circuit 710 to be sent to such as another PC, or Voice data is exported to memorizer 720 to process further.
WiFi belongs to short range wireless transmission technology, PC by WiFi module 770 user can be helped to send and receive e-mail, Browsing webpage and access streaming video etc., it has provided the user wireless broadband internet and has accessed.Although Figure 16 shows WiFi module 770, but it is understood that, it is also not belonging to must be configured into of PC, can not change as required completely Omit in the scope of the essence of invention.
Processor 780 is the control centre of PC, utilizes various interface and the various piece of the whole PC of connection, by fortune Row or execution are stored in the software program in memorizer 720 and/or module, and call the data being stored in memorizer 720, Perform the various functions of PC and process data, thus PC is carried out integral monitoring.Optionally, processor 780 can include one or Multiple processing units;Preferably, processor 780 can integrated application processor and modem processor, wherein, application processor Mainly processing operating system, user interface and application program etc., modem processor mainly processes radio communication.It is appreciated that , above-mentioned modem processor can not also be integrated in processor 780.
PC also includes the power supply 790 (such as battery) powered to all parts, it is preferred that power supply can pass through power management System is logically contiguous with processor 780, thus realizes management charging, electric discharge and power managed etc. by power-supply management system Function.
Although not shown, PC can also include photographic head, bluetooth module etc., does not repeats them here.
In embodiments of the present invention, the processor 780 included by this terminal also has a following functions:
Obtain application program to be detected;
Obtaining the API experience storehouse of the first application development engine, described first application development engine is used for developing described to be checked Survey application program, described API experience storehouse comprises at least one API information that there are security breaches;
Extract application programming interface API of described application program to be detected;
According to described API experience storehouse, it is judged that whether the API of described application program to be detected exists security breaches, the most then Target API that there are security breaches is determined from the API of described application program to be detected.
Those skilled in the art is it can be understood that arrive, for convenience and simplicity of description, and the system of foregoing description, The specific works process of device and unit, is referred to the corresponding process in preceding method embodiment, does not repeats them here.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method are permissible Realize by another way.Such as, device embodiment described above is only schematically, such as, and described unit Dividing, be only a kind of logic function and divide, actual can have other dividing mode, the most multiple unit or assembly when realizing Can in conjunction with or be desirably integrated into another system, or some features can be ignored, or does not performs.Another point, shown or The coupling each other discussed or direct-coupling or communication connection can be the indirect couplings by some interfaces, device or unit Close or communication connection, can be electrical, machinery or other form.
The described unit illustrated as separating component can be or may not be physically separate, shows as unit The parts shown can be or may not be physical location, i.e. may be located at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected according to the actual needs to realize the mesh of the present embodiment scheme 's.
It addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it is also possible to It is that unit is individually physically present, it is also possible to two or more unit are integrated in a unit.Above-mentioned integrated list Unit both can realize to use the form of hardware, it would however also be possible to employ the form of SFU software functional unit realizes.
If described integrated unit realizes and as independent production marketing or use using the form of SFU software functional unit Time, can be stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially The part that in other words prior art contributed or this technical scheme completely or partially can be with the form of software product Embodying, this computer software product is stored in a storage medium, including some instructions with so that a computer Equipment (can be personal computer, server, or the network equipment etc.) performs the complete of method described in each embodiment of the present invention Portion or part steps.And aforesaid storage medium includes: USB flash disk, portable hard drive, read only memory (English full name: Read-Only Memory, english abbreviation: ROM), random access memory (English full name: Random Access Memory, english abbreviation: RAM), the various medium that can store program code such as magnetic disc or CD.
The above, above example only in order to technical scheme to be described, is not intended to limit;Although with reference to front State embodiment the present invention has been described in detail, it will be understood by those within the art that: it still can be to front State the technical scheme described in each embodiment to modify, or wherein portion of techniques feature is carried out equivalent;And these Amendment or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (14)

1. the method for an engine Hole Detection, it is characterised in that including:
Obtain application program to be detected;
Obtaining the application programming interface experience storehouse of the first application development engine, described first application development engine is used for developing Described application program to be detected, comprises at least one application that there are security breaches in described application programming interface experience storehouse Program Interfaces information;
Extract the application programming interface of described application program to be detected;
According to described application programming interface experience storehouse, it is judged that the application programming interface of described application program to be detected is No there are security breaches, the most then from the application programming interface of described application program to be detected, determine existence safety leakage The destination application DLL in hole.
Method the most according to claim 1, it is characterised in that the application program of described acquisition the first application development engine is compiled Before journey interface experience storehouse, described method also includes:
Obtain the source code of described first application development engine;
Search the application programming interface that there are security breaches in the source code of described first application development engine;
According to the described application programming interface that there are security breaches, set up described application programming interface experience storehouse.
Method the most according to claim 1 and 2, it is characterised in that the source of described first application development engine of described lookup Code exists the application programming interface of security breaches, including:
Detect the application programming interface that there is null pointer in the source code of described first application development engine;
Obtain the application programming interface title corresponding to the described application programming interface that there is null pointer and parameter bit Put.
Method the most according to claim 3, it is characterised in that described according to the described application program volume that there are security breaches Journey interface, sets up described application programming interface experience storehouse, including:
According to the application programming interface title corresponding to the described application programming interface that there is null pointer and parameter bit Put, set up the application programming interface experience storehouse of described first application development engine.
5. according to the method according to any one of claim 2 to 4, it is characterised in that described acquisition the first application development engine Application programming interface experience storehouse after, described method also includes:
When described first application development engine is updated to the second application development engine, obtain described second application development engine Source code;
Search the application programming interface that there are security breaches in the source code of described second application development engine;
According to the described application programming interface that there are security breaches, the application program of described first application development engine is compiled Journey interface experience storehouse is updated to the application programming interface experience storehouse of described second application development engine.
Method the most according to claim 4, it is characterised in that described according to described application programming interface experience storehouse, Judge whether the application programming interface of described application program to be detected exists security breaches, including:
Travel through the application programming interface title of described application program to be detected;
Judge the application programming interface title of described application program to be detected whether with described application programming interface warp Test the application programming interface title comprised in storehouse consistent, the most then obtain according to described application programming interface experience storehouse Take the parameter position that described in described application program to be detected, application programming interface title is corresponding;
If parameter corresponding on described parameter position is null pointer, it is determined that the application programming of described application program to be detected There are security breaches in interface.
Method the most according to claim 1, it is characterised in that the described application program volume from described application program to be detected After determining the destination application DLL that there are security breaches in journey interface, described method also includes:
Exporting the risk information in described application program to be detected, described risk information includes that there is described destination application compiles The filename of application program to be detected of journey interface, code position, the application programming interface title called and the letter that reports an error At least one in breath.
8. a detection device, it is characterised in that including:
First acquisition module, is used for obtaining application program to be detected;
Second acquisition module, for obtaining the application programming interface experience storehouse of the first application development engine, described first should With exploitation engine for developing the application program described to be detected that described first acquisition module obtains, described application programming connects Mouth comprises at least one application programming interface information that there are security breaches in experience storehouse;
Extraction module, connects for extracting the application programming of the application program described to be detected that described first acquisition module obtains Mouth application programming interface;
Determine module, for the described application programming interface experience storehouse obtained according to described second acquisition module, it is judged that institute Whether the application programming interface stating the application program described to be detected that extraction module extracts exists security breaches, the most then From the application programming interface of described application program to be detected, determine that the destination application programming that there are security breaches connects Mouthful.
Detection device the most according to claim 8, it is characterised in that described detection device also includes:
3rd acquisition module, obtains the application programming interface warp of the first application development engine for described second acquisition module Before testing storehouse, obtain the source code of described first application development engine;
First searches module, in the source code searching described first application development engine that described 3rd acquisition module obtains There is the application programming interface of security breaches;
First sets up module, for searching the described application programming that there are security breaches of module searches according to described first Interface, sets up described application programming interface experience storehouse.
Detection device the most according to claim 9, it is characterised in that described first searches module includes:
Detector unit, the application programming that there is null pointer in the source code detecting described first application development engine connects Mouthful;
First acquiring unit, for obtaining the described application programming interface institute that there is null pointer of described detector unit detection Corresponding application programming interface title and parameter position.
11. detection devices according to claim 10, it is characterised in that described first sets up module includes:
Set up unit, for the described application programming interface institute that there is null pointer obtained according to described first acquiring unit Corresponding application programming interface title and parameter position, the application programming setting up described first application development engine connects Mouth experience storehouse.
12. according to the detection device according to any one of claim 9 to 11, it is characterised in that described detection device also includes:
4th acquisition module, obtains the application programming interface warp of the first application development engine for described second acquisition module After testing storehouse, when described first application development engine is updated to the second application development engine, obtain described second application and development The source code of engine;
Second searches module, in the source code searching described second application development engine that described 4th acquisition module obtains There is the application programming interface of security breaches;
More new module, connects for searching the described application programming that there are security breaches of module searches according to described second Mouthful, the application programming interface experience storehouse of described first application development engine is updated to described second application development engine Application programming interface experience storehouse.
13. detection devices according to claim 11, it is characterised in that described determine that module includes:
Traversal Unit, for traveling through the application programming interface title of described application program to be detected;
Second acquisition unit, for judging that described Traversal Unit travels through the application program volume of the application program described to be detected obtained Journey interface name, if consistent with the application programming interface title comprised in described application programming interface experience storehouse, The most then obtain application programming described in described application program to be detected according to described application programming interface experience storehouse The parameter position that interface name is corresponding;
Determine unit, if parameter corresponding on the described parameter position that described second acquisition unit obtains is null pointer, then Determine that the application programming interface of described application program to be detected exists security breaches.
14. detection devices according to claim 8, it is characterised in that described detection device also includes:
For described, output module, determines that module determines existence from the application programming interface of described application program to be detected After the destination application DLL of security breaches, export the risk information in described application program to be detected, described wind Danger information includes there is the filename of application program to be detected of described destination application DLL, code position, calling Application programming interface title and error information at least one.
CN201610643329.9A 2016-08-08 2016-08-08 Engine vulnerability detection method and detection device Active CN106295353B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610643329.9A CN106295353B (en) 2016-08-08 2016-08-08 Engine vulnerability detection method and detection device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610643329.9A CN106295353B (en) 2016-08-08 2016-08-08 Engine vulnerability detection method and detection device

Publications (2)

Publication Number Publication Date
CN106295353A true CN106295353A (en) 2017-01-04
CN106295353B CN106295353B (en) 2020-04-07

Family

ID=57666471

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610643329.9A Active CN106295353B (en) 2016-08-08 2016-08-08 Engine vulnerability detection method and detection device

Country Status (1)

Country Link
CN (1) CN106295353B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108920943A (en) * 2018-05-08 2018-11-30 国家计算机网络与信息安全管理中心 The method and device of installation binding behavior is detected for application software
CN109933989A (en) * 2019-02-25 2019-06-25 腾讯科技(深圳)有限公司 A kind of method and device detecting loophole
CN110572399A (en) * 2019-09-10 2019-12-13 百度在线网络技术(北京)有限公司 vulnerability detection processing method, device, equipment and storage medium
CN110855642A (en) * 2019-10-30 2020-02-28 腾讯科技(深圳)有限公司 Application vulnerability detection method and device, electronic equipment and storage medium
CN111240719A (en) * 2020-01-23 2020-06-05 复旦大学 Defect-driven third-party library version upgrade recommendation method
CN112580060A (en) * 2021-01-21 2021-03-30 国网新疆电力有限公司信息通信公司 Vulnerability hidden danger checking system for data interface of application system
CN113535559A (en) * 2021-07-14 2021-10-22 杭州默安科技有限公司 Application interface coverage rate statistical method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130298245A1 (en) * 2011-02-24 2013-11-07 Red Hat, Inc. Generating vulnerability reports based on application binary interface/application programming interface usage
CN103473509A (en) * 2013-09-30 2013-12-25 清华大学 Android platform malware automatic detecting method
CN104537309A (en) * 2015-01-23 2015-04-22 北京奇虎科技有限公司 Application program bug detection method, application program bug detection device and server
CN105827664A (en) * 2016-06-06 2016-08-03 江苏通付盾科技有限公司 Vulnerability detection method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130298245A1 (en) * 2011-02-24 2013-11-07 Red Hat, Inc. Generating vulnerability reports based on application binary interface/application programming interface usage
CN103473509A (en) * 2013-09-30 2013-12-25 清华大学 Android platform malware automatic detecting method
CN104537309A (en) * 2015-01-23 2015-04-22 北京奇虎科技有限公司 Application program bug detection method, application program bug detection device and server
CN105827664A (en) * 2016-06-06 2016-08-03 江苏通付盾科技有限公司 Vulnerability detection method and device

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108920943A (en) * 2018-05-08 2018-11-30 国家计算机网络与信息安全管理中心 The method and device of installation binding behavior is detected for application software
CN109933989A (en) * 2019-02-25 2019-06-25 腾讯科技(深圳)有限公司 A kind of method and device detecting loophole
CN109933989B (en) * 2019-02-25 2021-09-07 腾讯科技(深圳)有限公司 Method and device for detecting vulnerability
CN110572399A (en) * 2019-09-10 2019-12-13 百度在线网络技术(北京)有限公司 vulnerability detection processing method, device, equipment and storage medium
CN110855642A (en) * 2019-10-30 2020-02-28 腾讯科技(深圳)有限公司 Application vulnerability detection method and device, electronic equipment and storage medium
CN110855642B (en) * 2019-10-30 2021-08-03 腾讯科技(深圳)有限公司 Application vulnerability detection method and device, electronic equipment and storage medium
CN111240719A (en) * 2020-01-23 2020-06-05 复旦大学 Defect-driven third-party library version upgrade recommendation method
CN112580060A (en) * 2021-01-21 2021-03-30 国网新疆电力有限公司信息通信公司 Vulnerability hidden danger checking system for data interface of application system
CN113535559A (en) * 2021-07-14 2021-10-22 杭州默安科技有限公司 Application interface coverage rate statistical method and system

Also Published As

Publication number Publication date
CN106295353B (en) 2020-04-07

Similar Documents

Publication Publication Date Title
CN106295353A (en) A kind of method of engine Hole Detection and detection device
CN105788612B (en) A kind of method and apparatus detecting sound quality
CN103699292B (en) Method and device for entering into text selection mode
CN106254436A (en) A kind of method of remote debugging, relevant device and system
CN103702297B (en) Short message enhancement, apparatus and system
CN104571908B (en) A kind of method and apparatus of Object Selection
CN106227774A (en) Information search method and device
CN103678502B (en) Information collection method and device
CN106227588A (en) The creation method of a kind of multi-instance object, device and mobile terminal
CN108156508A (en) Method, apparatus, mobile terminal, server and the system of barrage information processing
CN104102879A (en) Method and device for extracting message format
CN106332020A (en) Short message merging method and apparatus, and terminal device
CN105847325A (en) Method and device for debugging application client side
CN106055480A (en) Webpage debugging method and terminal
CN107329985A (en) A kind of collecting method of the page, device and mobile terminal
CN106303070A (en) The reminding method of a kind of notification message, device and mobile terminal
CN106126174A (en) The control method of a kind of scene audio and electronic equipment
CN106201491A (en) Mobile terminal and mobile terminal remote assist course control method for use, device
CN108279904A (en) Code compiling method and terminal
CN106201890A (en) The performance optimization method of a kind of application and server
CN106201547A (en) Method, device and the mobile terminal that a kind of message based on mobile terminal shows
CN104063400B (en) Data search method and data search device
CN103399706B (en) Page interaction, device and terminal
CN106293738A (en) The update method of a kind of facial expression image and device
CN105740145A (en) Method and device for locating element in control

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant