CN106295353A - A kind of method of engine Hole Detection and detection device - Google Patents
A kind of method of engine Hole Detection and detection device Download PDFInfo
- Publication number
- CN106295353A CN106295353A CN201610643329.9A CN201610643329A CN106295353A CN 106295353 A CN106295353 A CN 106295353A CN 201610643329 A CN201610643329 A CN 201610643329A CN 106295353 A CN106295353 A CN 106295353A
- Authority
- CN
- China
- Prior art keywords
- application
- programming interface
- api
- application programming
- detected
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
A kind of method that the embodiment of the invention discloses engine Hole Detection, including: obtain application program to be detected;Obtaining the application programming interface API experience storehouse of the first application development engine, described first application development engine is used for developing described application program to be detected, comprises at least one API information that there are security breaches in described API experience storehouse;Extract the API of described application program to be detected;According to described API experience storehouse, it is judged that whether the API of described application program to be detected exists security breaches, the most then from the API of described application program to be detected, determine target API that there are security breaches.The embodiment of the present invention also provides for a kind of detection device.The embodiment of the present invention is without writing test case for each application development engine, but the API experience storehouse of application development engine is set up according to the API information of security breaches, scan API leak present in application program to be detected by this API experience storehouse, thus reduce the testing cost of API leak.
Description
Technical field
The present invention relates to field of computer technology and field of information security technology, particularly relate to a kind of engine Hole Detection
Method and detection device.
Background technology
Nowadays, along with the development of information technology, application program also becoming increasingly popular.In order to enrich the daily life of people
Living, developer develops diversified application program, such as social class application, game class application, electricity business's class application, search
Class application and forum's class application etc..But, during exploitation application program application programming interface (English full name:
Application Programming Interface, english abbreviation: API) it is possible that leak, thus cause this application
Program is delayed the situation of machine in running.
The frequency of the machine of delaying occurs to reduce application program in running, a kind of means can be used at present to API
Whether there is leak to detect.
It is concrete as it is shown in figure 1, Fig. 1 is the schematic flow sheet detecting application programming interface leak in prior art.Step
In rapid 101, developer needs first to be familiar with application program Core Feature and framework, and then design there may be the field of performance issue
Scape.In step 102, developer can be that every API in exploitation engine writes interface testing use-case so that in step 103
In can use every interface testing use-case that corresponding each API is carried out interface testing.Due to amendment exploitation engine Basic API
Risk is higher, and is unfavorable for updating and maintenance engine code, it is generally required to carried out the upper layer logic generation of calling interface by step 104
Code.Finally, in step 105, will position, in output step 104, the high-risk API code row obtained, developer can be according to defeated
The high-risk API code row gone out is repaired in time.
But, owing to the API of exploitation engine has a lot, and there is more exploitation Engine Version, the API of each version is again
There is certain difference, it is therefore desirable to write substantial amounts of test case for each exploitation version, thus expend huge API leakage
Hole testing cost.
Summary of the invention
Embodiments provide method and the detection device of a kind of engine Hole Detection, can be each answering
Write test case with exploitation engine, but set up API warp according to the API information that there are security breaches in application development engine
Test storehouse, scan API leak present in application program to be detected by this API experience storehouse, thus reduce the inspection of API leak
Survey cost.
In view of this, first aspect present invention provides a kind of method of engine Hole Detection, including:
Obtain application program to be detected;
Obtaining the API experience storehouse of the first application development engine, described first application development engine is used for developing described to be checked
Survey application program, described API experience storehouse comprises at least one API information that there are security breaches;
Extract application programming interface API of described application program to be detected;
According to described API experience storehouse, it is judged that whether the API of described application program to be detected exists security breaches, the most then
Target API that there are security breaches is determined from the API of described application program to be detected.
Second aspect, present aspect embodiment also provides for a kind of detection device, including:
First acquisition module, is used for obtaining application program to be detected;
Second acquisition module, for obtaining the API experience storehouse of the first application development engine, described first application development engine
For developing the application program described to be detected that described first acquisition module obtains, described API experience storehouse comprises at least one
There is the API information of security breaches;
Extraction module, compiles for extracting the application program of the application program described to be detected that described first acquisition module obtains
Journey interface API;
Determine module, for the described API experience storehouse obtained according to described second acquisition module, it is judged that described extraction module
Whether the API of the application program described to be detected extracted exists security breaches, the most then from described application program to be detected
API determines target API that there are security breaches.
As can be seen from the above technical solutions, the embodiment of the present invention has the advantage that
In the embodiment of the present invention, it is provided that a kind of detect the method for API leak in application program, detection device first obtains to be treated
Detection application program and the API experience storehouse of the first application development engine, wherein, the first application development engine is used for developing to be checked
Surveying application program, comprise at least one API information that there are security breaches in this API experience storehouse, then detection device extracts and treats
The API of detection application program, finally according to API experience storehouse, it is judged that whether the API of application program to be detected exists security breaches,
From the API of application program to be detected, the most then determine target API that there are security breaches.Use aforesaid way, it is not necessary to for often
Individual application development engine writes test case, but sets up the API warp of application development engine according to the API information of security breaches
Test storehouse, scan API leak present in application program to be detected by this API experience storehouse, thus reduce the inspection of API leak
Survey cost.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet detecting application programming interface leak in prior art;
Fig. 2 is one embodiment schematic diagram of method of engine Hole Detection in the embodiment of the present invention;
Fig. 3 is to detect the schematic flow sheet of API leak in application program in the embodiment of the present invention;
Fig. 4 is the schematic flow sheet setting up API experience storehouse in the embodiment of the present invention;
Fig. 5 is the schematic flow sheet realizing application development engine detection in the embodiment of the present invention;
Fig. 6 is the interface display figure in application scenarios before CocosCheck tool detection;
Fig. 7 is interface display figure during CocosCheck tool detection in application scenarios;
Fig. 8 is the interface display figure in application scenarios after CocosCheck tool detection;
Fig. 9 is detection one embodiment schematic diagram of device in the embodiment of the present invention;
Figure 10 is detection another embodiment schematic diagram of device in the embodiment of the present invention;
Figure 11 is detection another embodiment schematic diagram of device in the embodiment of the present invention;
Figure 12 is detection another embodiment schematic diagram of device in the embodiment of the present invention;
Figure 13 is detection another embodiment schematic diagram of device in the embodiment of the present invention;
Figure 14 is detection another embodiment schematic diagram of device in the embodiment of the present invention;
Figure 15 is detection another embodiment schematic diagram of device in the embodiment of the present invention;
Figure 16 is detection one structural representation of device in the embodiment of the present invention.
Detailed description of the invention
Embodiments provide method and the detection device of a kind of engine Hole Detection, it is not necessary to open for each application
Carry out the coffin upon burial to hold up and write test case, but set up API experience according to the API information that there are security breaches in application development engine
Storehouse, scans API leak present in application program to be detected by this API experience storehouse, thus reduces the detection of API leak
Cost.
Term " first " in description and claims of this specification and above-mentioned accompanying drawing, " second ", " the 3rd ", "
Four " etc. (if present) is for distinguishing similar object, without being used for describing specific order or precedence.Should manage
Solve the data so used can exchange in the appropriate case, in order to embodiments of the invention described herein such as can be to remove
Order beyond those that here illustrate or describe is implemented.Additionally, term " includes " and " having " and theirs is any
Deformation, it is intended that cover non-exclusive comprising, such as, contain series of steps or the process of unit, method, system, product
Product or equipment are not necessarily limited to those steps or the unit clearly listed, but can include the most clearly listing or for this
Other step that a little processes, method, product or equipment are intrinsic or unit.
Should be understood that the application development engine in the embodiment of the present invention is a kind of based on open source software permission agreement (English
Literary composition full name: Massachusetts Institute of Technology, english abbreviation: MIT) Open Framework, the most permissible
Open Framework for Cocos.Cocos provides engine and the developing instrument of a complete set, contains from early stage design, resources making, opens
Send out debugging and a complete set of solution of reaching the standard grade of packing.Cocos is used for building game, application program and other graphical interfaces and alternately should
With, can be with emphasis Optimization Work stream, the whole development process of specification, reduces and links up cost, improve development efficiency.
The function of the Open Framework of Cocos mainly has Row control, and Row control can manage different field easily
Row control between scape.Except the function of Row control, also there is following functions, such as:
(1) action (English full name: Sprites) function, combined action as mobile, rotate and scaling etc.;
(2) specially good effect (English full name: Effects) function, including wave, rotation and lens etc.;
(3) plane map (English full name: Tiled Maps) function, supports to include rectangle and hexagon plane map;
(4) conversion (English full name: Transitions) function, moves to another one different-style from a scene
Scene;
(5) menu (English full name: Menus) function, creates built-in menu;
(6) text renders (English full name: Text Rendering) function, supports label and HyperText Markup Language
(English full name: HyperText Markup Language, english abbreviation: HTML);
(7) document (English full name: Documents function, Programming Guide, API reference, video teaching and much teach use
The simple test example how family uses.
In actual applications, the Open Framework of Cocos is as the engine developing instrument of interactive application, it is also possible to meeting
Including or strengthen more function, the most exhaustive.
Should be understood that the application program to be detected in the embodiment of the present invention can be game application, it is not limited to game
Application, it is also possible to be other kinds of application, such as social class application, the application of media play class or service class application etc., this
Place is not construed as limiting.
And the detection device in the present invention can be specifically a detection instrument used for Cocos Open Framework,
It is a client that this detection instrument can be described as CocosCheck, CocosCheck displayed on the terminals, passes through CocosCheck
Client the associated documents that application program to be detected comprises are added, detect and export, so that User Exploitation people
Member can position rapidly the code position occurring API leak in application program to be detected, and repairs in time, to recover
Application program to be detected properly functioning.
Additionally, the present invention can be applied to Windows (English full name: the Windows of Microsoft's exploitation
Operation System, english abbreviation: Windows OS), Windows OS have employed graphic user interface (English full name:
Graphical User Interface, english abbreviation: GUI).Along with computer hardware and the continuous upgrading of software, Microsoft
Windows also in constantly upgrading, it should be noted that this programme can be applied to window-operating experience version (English full name:
Windows Experience, english abbreviation: Windows XP) OS, Windows 7OS, Windows 8OS or Windows
10OS, it is also possible to be applied to other kinds of Windows OS, do not limit.
Referring to Fig. 2, in the embodiment of the present invention, one embodiment of the method for engine Hole Detection includes:
201, application program to be detected is obtained;
In the present embodiment, detection device obtains application program to be detected, and wherein, this application program to be detected is by first
Application development engine exploitation, the first application development engine can be the Open Framework of Cocos, detects device the most permissible
Be for Cocos Open Framework design one for detecting the instrument of API leak.
202, obtaining the API experience storehouse of the first application development engine, the first application development engine is used for developing to be detected answering
By program, API experience storehouse comprises at least one API information that there are security breaches;
In the present embodiment, detect device and then call and obtain the API experience storehouse that the first application development engine is corresponding.Its
In, API experience storehouse contains at least one API information that there are security breaches, there is the API information of security breaches and be and deposit
In the API information of high risk, be may determine that the refinement rule of high risk API type by this API information.
Specifically, such as API information includes API Name and the appearance in whole section of source code security breaches occur
Position, the refinement rule of high risk API type i.e. goes out in whole section of source code for navigating to this API according to API Name
Existing position.Thus, detection device can utilize this refinement rule to find out in application program to be detected and be likely to occur API leak
Code position.
203, application programming interface API of application program to be detected is extracted;
In the present embodiment, detection device can utilize the API of keyword extraction application program to be detected.
API is some predefined functions, it is therefore an objective to provide application program and developer based on certain software or hardware
Accessed the ability of one group of routine, and without access originator code or the details that understands internal work mechanism.
204, according to API experience storehouse, it is judged that whether the API of application program to be detected exists security breaches, the most then from treating
The API of detection application program determines target API that there are security breaches.
In the present embodiment, detection device is after getting the API experience storehouse corresponding to the first application development engine, it is judged that treat
Whether the API of detection application program deposits occurs that the API information of security breaches is consistent, for example whether have phase with API experience storehouse
Same API Name, if it has, it is judged that determine the target that there are security breaches in the API of this application program to be detected
API。
In order to make it easy to understand, refer to Fig. 3, Fig. 3 is to detect the flow process of API leak in application program in the embodiment of the present invention
Schematic diagram, as it can be seen, particularly as follows:
In step 301, the means analyzed by static scanning, analyze the source code of application development engine, wherein, for answering
Would generally occur that multiple version, the most up-to-date version are the first application development engine for exploitation engine.Specifically, dig
Dig the source code of each version Cocos Open Framework, then find out the inside and there is high risk API of risk;
In step 302, by static scanning analysis result in step 301, set up the high risk of Cocos according to version
API experience storehouse, alternatively it is also possible to add high risk API corresponding for more redaction to API experience storehouse, the most every time
The Cocos of each version need to be set up respective API experience storehouse, but be continuously updated API experience storehouse, thus save calculating
Machine storage resource;
In step 303, CocosChec instrument refines rule according to the high risk API type in API experience storehouse, it is achieved
The check item of CocosCheck instrument;
In step 304, use the source code of CocosCheck tool scans application program to be detected;
In step 305, CocosCheck tool scans navigates to call the code line of high risk API, developer
Directly modify.
In the embodiment of the present invention, it is not necessary to write test case for each application development engine, but according to security breaches
API information sets up the API experience storehouse of application development engine, is scanned in application program to be detected by this API experience storehouse and deposits
API leak, thus reduce the testing cost of API leak.
Alternatively, on the basis of the embodiment that above-mentioned Fig. 2 is corresponding, the engine Hole Detection that the embodiment of the present invention provides
In first alternative embodiment of method, before obtaining the API experience storehouse of the first application development engine, it is also possible to including:
Obtain the source code of the first application development engine;
Search the API that there are security breaches in the source code of the first application development engine;
According to there is the API of security breaches, set up API experience storehouse.
In the present embodiment, before detection device obtains the API experience storehouse of the first application and development burner, set up the most in advance
Play this API experience storehouse.
Specifically, referring to Fig. 4, Fig. 4 is the schematic flow sheet setting up API experience storehouse in the embodiment of the present invention, such as figure institute
Show, just can be set up the API experience storehouse of the first application development engine by the step in below scheme.
In step 401, first obtain each version source code of the first application development engine, i.e. Cocos, if only one of which
Version, obtains the source code of this version.
In step 402, then travel through each version source code of the first application development engine, so-called traversal refer to along
Certain search pattern, all does once and only does once accessing successively to each node.
In step 403, have stepped through each version source code of the first application development engine in step 402, therefrom
The source code that latest edition is corresponding can be found, the source code by static code analysis current version exists null pointer risk
API.
Wherein, use static code analysis without operation code, simply by the static scanning of code, program is entered
Row is analyzed, and speed is fast, efficiency is high in execution.At present ripe code static analysis tools is per second scans line code up to ten thousand, relatively
In dynamically analyzing, there is the detection feature that speed is fast, efficiency is high.
It should be noted that the static code analysis technology that this programme uses can be morphological analysis, or syntactic analysis,
Or abstract syntax tree analysis, it is also possible to be semantic analysis, control flow analysis or data-flow analysis, in actual applications, also
Other kinds of static code analysis technology can be used, be not construed as limiting herein.
In step 404, after the static code analysis in step 403, obtain the source code that latest edition is corresponding is deposited
In API Name and the corresponding parameter position of high-risk API risk, and record these high-risk API information.
In step 405, set up, according to the API information of step 404 record, the API experience storehouse that latest edition is corresponding.Due to
The version of the first application development engine Cocos can be constantly updated, and also will again perform step 402 after therefore completing step 405, with
This ensures that API experience storehouse covers version and the API information of correspondence of all first application development engine.
Alternatively, static code analysis can also detect different script in call parameters by code scans further
Time legitimacy, do not mate if there is parameter when calling mutually between script, or the API called not in the presence of, also
There may be risk.
Secondly, in the embodiment of the present invention, it is also possible to there is safety by the source code of the first application development engine is searched
The API of leak, sets up API experience storehouse with this so that the API information in this API experience storehouse is more complete, thus lifting scheme
Feasibility and practicality.
Alternatively, on the basis of first corresponding for above-mentioned Fig. 2 embodiment, the engine leak that the embodiment of the present invention provides
In second alternative embodiment of method of detection, search the API that there are security breaches in the source code of the first application development engine,
May include that
Detect the API that there is null pointer in the source code of the first application development engine;
Obtain the API Name corresponding to API and the parameter position that there is null pointer.
In the present embodiment, whether detection device source code in searching the first application development engine Cocos Open Framework
Existing and have security breaches API, a kind of feasible pattern is whether to there is the API of null pointer in detection resources code, if it does,
Just obtain API Name and the parameter position that there is null pointer API.
Wherein, the document that null pointer is general tends to represent with NULL, for pointer type, return NULL and return
It is of equal value for returning 0, because NULL and 0 represents " null pointer (null pointer) ".
The mode abnormal about being automatically positioned null pointer, is specifically as follows, first combines the Static Analysis Technology of program, profit
Stack information tutorial program section when running by program, then carries out null pointer analysis and alias analysis to the section obtained,
Draw the suspicious statement set causing null pointer abnormal, finally provide location of mistake report.In actual applications, can be there is it
He positions null pointer at mode, does not limits.
Again, in the embodiment of the present invention, the foundation specifically defining detection API leak can be in detection resources code
Whether API exists null pointer, owing to the appearance of null pointer is the key factor causing the machine of delaying, therefore examines as API leak
The standard surveyed is more beneficial for the practicality of lifting scheme, and meanwhile, the mode of detection null pointer is the most relatively simple, thus the side of improving
The detection efficiency of case.
Alternatively, on the basis of second corresponding for above-mentioned Fig. 2 embodiment, the engine leak that the embodiment of the present invention provides
In the 3rd alternative embodiment of method of detection, according to there is the API of security breaches, setting up API experience storehouse, may include that
According to the API Name existed corresponding to the API of null pointer and parameter position, set up the first application development engine
API experience storehouse.
In the present embodiment, detection device, for there is the API of security breaches, will set up the API experience storehouse of correspondence, should
API experience storehouse includes the relevant information of high risk API, such as, there is the API Name corresponding to the API of null pointer and ginseng
Numerical digit is put.
The following is the high-risk API experience storehouse example of a kind of Cocos, as shown in table 1 below:
Table 1
Further, in the embodiment of the present invention, illustrate the foundation that API experience storehouse is set up, wherein there is the API of null pointer
It is considered as high-risk API, then can record the relevant information of these high-risk API in API experience storehouse, in order to follow-up carry out leak
Detection, with the feasibility of this lifting scheme.
Alternatively, on the basis of corresponding for above-mentioned Fig. 2 first, second or the 3rd embodiment, the embodiment of the present invention carries
In the 4th alternative embodiment of the method for the engine Hole Detection of confession, after obtaining the API experience storehouse of the first application development engine,
Can also include:
When the first application development engine is updated to the second application development engine, obtain the source generation of the second application development engine
Code;
Search the API that there are security breaches in the source code of the second application development engine;
According to there is the API of security breaches, the API experience storehouse of the first application development engine is updated to the second application and development
The API experience storehouse of engine.
In the present embodiment, it is assumed that the first application development engine has carried out version updating, the second application after being updated is opened
Carrying out the coffin upon burial and hold up, in other words, the second application development engine and the first application development engine are all with a software, but version is different,
Wherein, the second application development engine is than the version updating of the first application development engine.
Specifically, detection device will constantly travel through the version of the first application development engine, when finding to there is information version,
May determine that the first application development engine is updated to the second application development engine, then detection device is again from application development engine
The source code of the second application development engine is transferred on official website.It follows that detection device will search the source of the second application development engine
Code exists the API of security breaches, i.e. searches whether to exist the API of null pointer, there is safety if there is being considered as this API
Leak.
Finally, the API experience storehouse of the first application development engine, according to there is the API of security breaches, is updated by detection device
It is the API experience storehouse of the second application development engine, namely the high-risk API information of the second application development engine is added supreme one
The API experience storehouse that individual version is corresponding.
Further, in the embodiment of the present invention, when the version of application development engine occurs to update, detection device is permissible
Find out the API that there are security breaches in the application development engine after renewal, and directly update API experience storehouse, it is not necessary to again
Set up the API experience storehouse that after updating, application development engine is corresponding, but fresh information is added the API experience storehouse of a supreme version
, not only can improve the efficiency setting up API experience storehouse, but also save the storage resource of detection device.
Alternatively, on the basis of the 3rd corresponding for above-mentioned Fig. 2 embodiment, the engine leak that the embodiment of the present invention provides
In the 5th alternative embodiment of method of detection, according to API experience storehouse, it is judged that whether the API of application program to be detected exists peace
Full leak, may include that
Travel through the API Name of application program to be detected;
Judge that the API Name of application program to be detected is the most consistent, the most then with the API Name comprised in API experience storehouse
The parameter position that in application program to be detected, API Name is corresponding is obtained according to API experience storehouse;
If parameter corresponding on parameter position is null pointer, it is determined that the API of application program to be detected exists security breaches.
In the present embodiment, detection device is according to the high-risk API information in API experience storehouse, it is judged that application program to be detected
Whether API exists the specific implementation of security breaches is introduced as follows:
Referring to Fig. 5, Fig. 5 is the schematic flow sheet realizing application development engine detection in the embodiment of the present invention, step
In 501, detection device first obtains the first application development engine version number of use of application program to be scanned, specifically can be from
Extracting in the cocos2dVersion function of cocos2d.cpp, its code extracted is as follows:
#include“cocos2d.h”
NS_CC_BEGIN
Const char*cocos2dversion()
{
{return“2.2.1”;
}
}
Version number can be extracted by above-mentioned code, alternatively it is also possible to the version number that extracting directly latest edition is corresponding.
In step 502, check whether to exist the API experience storehouse of corresponding version, this API experience storehouse contains high-risk API
Information, if exist, then go successively to step 503, otherwise jump to step 510;
In step 503, find the API experience storehouse of correspondence according to the version number of the first application development engine, and extract this API
Experience storehouse;
In step 504, being scanned each file in application program to be detected, these files are to be detected
The source code of application program, the function call of the everywhere in ergodic source code.
In step 505, detection device travels through after the everywhere in application program to be detected calls in step 504, obtains
The function name of each API.
In step 506, it follows that detection device is by the function name and the API experience storehouse that get API in step 505
Function name contrasts, thus determines whether high-risk API, if function name is consistent, then may be considered high-risk API, then
Enter step 507, the most then jump to step 504, i.e. continue the everywhere function call in ergodic source code.
In step 507, detection device, according to the high-risk API information of storage in API experience storehouse, can find api function
Parameter information corresponding to Ming, such as its position occurred and code content etc..
In step 508, it is judged that whether the parameter calling API position is NULL, the most then enter step 509, otherwise just jump
Go to step 504, i.e. continue the everywhere function call in ergodic source code.
In step 509, export the risk information of application program to be detected, including the filename started a leak, code line number,
The API Name called and error information etc..
In step 510, terminate the detection of this API leak.
Yet further, in the embodiment of the present invention, it is provided that utilize API experience storehouse that application program to be detected is carried out API
The mode of Hole Detection, by the high-risk API information comprised in API experience storehouse, determines in application program to be detected and is likely to occur
High-risk API, relative to prior art, it is not necessary on the basis of the high-risk API navigated to, then search upper strata and call the ginseng of this API
Numerical digit is put, but is directly targeted to the parameter position of high-risk API, thus significantly reduces the cost excavating high-risk API.
Alternatively, on the basis of the embodiment that above-mentioned Fig. 2 is corresponding, the engine Hole Detection that the embodiment of the present invention provides
In six alternative embodiments of method, after determining target API that there are security breaches from the API of application program to be detected, also
May include that
Exporting the risk information in application program to be detected, risk information includes the application journey to be detected that there is target API
At least one in the filename of sequence, code position, the API Name called and error information.
In the present embodiment, after detection device exists target API of security breaches in determining application program to be detected, also may be used
Further the risk information of target API is shown in front-end interface, check for developer and repair in time.
It should be noted that the risk information of target API includes the filename of application program to be detected, code position, tune
API Name and error information at least one, but in actual applications, include but are not limited to above-mentioned letter
Breath.
Wherein, the filename of application program to be detected in risk information, represent that application program to be detected occurs high-risk API
File which is;Code position in risk information, represents the generation occurring high-risk API in the source code of application program to be detected
Code position;The API Name called in risk information, represents the title of high-risk API;In risk information, error information is exactly one and disappears
Breath prompting, occurs in that API leak for the application program to be detected pointing out developer current.
Secondly, in the embodiment of the present invention, detection device can be shown about application program to be detected a series of risk letter
Breath so that developer can get information API leak occur in time, thus promotes the effect repairing application program to be detected
Rate.
For ease of understanding, with a concrete application scenarios, the method for engine Hole Detection a kind of in the present invention is carried out below
Describe in detail, particularly as follows:
Developer's first uses Cocos Open Framework to develop a game, in order to ensure that what this played reaches the standard grade smoothly,
Developer's first uses whether this game of CocosCheck tool detection exists API leak.Its detecting step is as follows:
First, developer's first double-clicks " CocosCheck.exe " instrument on computer, then enters CocosCheck work
The use interface of tool, referring to Fig. 6, Fig. 6 is interface display figure before CocosCheck tool detection in application scenarios, menu bar
In " Check " for detection function, " File " be file select function, " Edit " is editting function, and " View " is view function,
" Help " is help function.
Then, developer's first selects the detection function in menu bar, i.e. clicks on " Check ", then reselection " Check "
In " Directory " option.Game source code mesh to be detected is arisen that on the interface of CocosCheck instrument after selection
Record, is specifically interface display figure during CocosCheck tool detection in application scenarios such as Fig. 7, Fig. 7, and developer's first have selected
In this game, all of source code file is scanned.
After CocosCheck tool scans completes, by display interface as shown in Figure 8, during Fig. 8 is application scenarios
Interface display figure after CocosCheck tool detection, developer's first, it can be seen that result after having scanned, is opened up in result
Showing the code file entitled " QGAuto.cpp " calling high-risk API, corresponding lines of code is 247 row, this high-risk API Name
For " initWithMaskSprite ".
Then, developer quickly finds the file high-risk API occur, and finds the place made mistakes according to code position,
Repaired the most in time, thus ensured that this game is reached the standard grade smoothly.
Below the detection device in the present invention is described in detail, refers to Fig. 9, the detection dress in the embodiment of the present invention
Put and include:
First acquisition module 601, is used for obtaining application program to be detected;
Second acquisition module 602, for obtaining the API experience storehouse of the first application development engine, described first application and development
Engine for develop described first acquisition module 601 obtain application program described to be detected, described API experience storehouse comprises to
There is the API information of security breaches in one item missing;
Extraction module 603, for extracting the application of the application program described to be detected that described first acquisition module 601 obtains
Program Interfaces API;
Determine module 604, for according to described second acquisition module 602 obtain described API experience storehouse, it is judged that described in carry
Whether the API of application program described to be detected that delivery block 603 extracts exists security breaches, the most then from described to be detected should
With the API of program determines target API that there are security breaches.
In the present embodiment, the first acquisition module 601 obtains application program to be detected, and the second acquisition module 602 obtains first
The API experience storehouse of application development engine, described first application development engine is for developing what described first acquisition module 601 obtained
Described application program to be detected, comprises at least one API information that there are security breaches, extraction module in described API experience storehouse
603 application programming interfaces API extracting the application program described to be detected that described first acquisition module 601 obtains, determine
The described API experience storehouse that module 604 obtains according to described second acquisition module 602, it is judged that the institute that described extraction module 603 extracts
Whether the API stating application program to be detected exists security breaches, the most then determine from the API of described application program to be detected
There is target API of security breaches.
In the embodiment of the present invention, it is not necessary to write test case for each application development engine, but according to security breaches
API information sets up the API experience storehouse of application development engine, is scanned in application program to be detected by this API experience storehouse and deposits
API leak, thus reduce the testing cost of API leak.
Alternatively, on the basis of the embodiment corresponding to above-mentioned Fig. 9, referring to Figure 10, the embodiment of the present invention provides
In another embodiment of detection device, described detection device also includes:
3rd acquisition module 605A, obtains the API experience of the first application development engine for described second acquisition module 602
Before storehouse, obtain the source code of described first application development engine;
First searches module 605B, and described first application and development obtained for searching described 3rd acquisition module 605A is drawn
The source code held up exists the API of security breaches;
First set up module 605C, for searching, according to described first, the described security breaches that exist that module 605B is searched
API, sets up described API experience storehouse.
Secondly, in the embodiment of the present invention, it is also possible to there is safety by the source code of the first application development engine is searched
The API of leak, sets up API experience storehouse with this so that the API information in this API experience storehouse is more complete, thus lifting scheme
Feasibility and practicality.
Alternatively, on the basis of the embodiment corresponding to above-mentioned Figure 10, referring to Figure 11, the embodiment of the present invention provides
In another embodiment of detection device,
Described first searches module 605B includes:
, in the source code detecting described first application development engine, there is the API of null pointer in detector unit 605B1;
First acquiring unit 605B2, for obtaining the described API that there is null pointer of described detector unit 605B1 detection
Corresponding API Name and parameter position.
Again, in the embodiment of the present invention, the foundation specifically defining detection API leak can be in detection resources code
Whether API exists null pointer, owing to the appearance of null pointer is the key factor causing the machine of delaying, therefore examines as API leak
The standard surveyed is more beneficial for the practicality of lifting scheme, and meanwhile, the mode of detection null pointer is the most relatively simple, thus the side of improving
The detection efficiency of case.
Alternatively, on the basis of the embodiment corresponding to above-mentioned Figure 11, referring to Figure 12, the embodiment of the present invention provides
In another embodiment of detection device,
Described first sets up module 605C includes:
Set up unit 605C1, for the described API that there is null pointer obtained according to described first acquiring unit 605B2
Corresponding API Name and parameter position, set up the API experience storehouse of described first application development engine.
Further, in the embodiment of the present invention, illustrate the foundation that API experience storehouse is set up, wherein there is the API of null pointer
It is considered as high-risk API, then can record the relevant information of these high-risk API in API experience storehouse, in order to follow-up carry out leak
Detection, with the feasibility of this lifting scheme.
Alternatively, on the basis of the embodiment corresponding to above-mentioned Figure 10, Figure 11 or Figure 12, refer to Figure 13, the present invention
In another embodiment of the detection device that embodiment provides,
Described detection device 60 also includes:
4th acquisition module 606A, obtains the API experience of the first application development engine for described second acquisition module 602
After storehouse, when described first application development engine is updated to the second application development engine, obtains described second application and development and draw
The source code held up;
Second searches module 606B, and described second application and development obtained for searching described 4th acquisition module 606A is drawn
The source code held up exists the API of security breaches;
More new module 606C, for searching, according to described second, the described API that there are security breaches that module 606B is searched,
The API experience storehouse of described first application development engine is updated to the API experience storehouse of described second application development engine.
Further, in the embodiment of the present invention, when the version of application development engine occurs to update, detection device is permissible
Find out the API that there are security breaches in the application development engine after renewal, and directly update API experience storehouse, it is not necessary to again
Set up the API experience storehouse that after updating, application development engine is corresponding, but fresh information is added the API experience storehouse of a supreme version
, not only can improve the efficiency setting up API experience storehouse, but also save the storage resource of detection device.
Alternatively, on the basis of the embodiment corresponding to above-mentioned Figure 12, referring to Figure 14, the embodiment of the present invention provides
In another embodiment of detection device,
Described determine that module 604 includes:
Traversal Unit 6041, for traveling through the API Name of described application program to be detected;
Second acquisition unit 6042, the application program described to be detected obtained for judging described Traversal Unit 6041 to travel through
API Name, if consistent with the API Name comprised in described API experience storehouse, the most then according to described API experience storehouse obtain
The parameter position that described in described application program to be detected, API Name is corresponding;
Determine unit 6043, if parameter corresponding on the described parameter position that described second acquisition unit 6042 obtains
For null pointer, it is determined that the API of described application program to be detected exists security breaches.
Yet further, in the embodiment of the present invention, it is provided that utilize API experience storehouse that application program to be detected is carried out API
The mode of Hole Detection, by the high-risk API information comprised in API experience storehouse, determines in application program to be detected and is likely to occur
High-risk API, relative to prior art, it is not necessary on the basis of the high-risk API navigated to, then search upper strata and call the ginseng of this API
Numerical digit is put, but is directly targeted to the parameter position of high-risk API, thus significantly reduces the cost excavating high-risk API.
Alternatively, on the basis of the embodiment corresponding to above-mentioned Fig. 9, referring to Figure 15, the embodiment of the present invention provides
In another embodiment of detection device,
Described detection device 60 also includes:
For described, output module 607, determines that module 604 determines existence peace from the API of described application program to be detected
After target API of full leak, exporting the risk information in described application program to be detected, described risk information includes there is institute
State in the filename of application program to be detected of target API, code position, the API Name called and error information at least
One.
Secondly, in the embodiment of the present invention, detection device can be shown about application program to be detected a series of risk letter
Breath so that developer can get information API leak occur in time, thus promotes the effect repairing application program to be detected
Rate.
The embodiment of the present invention additionally provides another kind of detection device, as shown in figure 16, for convenience of description, illustrate only with
The part that the embodiment of the present invention is relevant, concrete ins and outs do not disclose, and refer to embodiment of the present invention method part.This terminal
Can be to include PC (English full name: Personal Computer, english abbreviation: PC), mobile phone, panel computer, individual
Digital assistants (English full name: Personal Digital Assistant, english abbreviation: PDA), point-of-sale terminal (English full name:
Point of Sales, english abbreviation: POS), the arbitrarily terminal unit such as vehicle-mounted computer, as a example by terminal is as PC:
Figure 16 is illustrated that the block diagram of the part-structure of the PC relevant to the terminal of embodiment of the present invention offer.With reference to figure
16, PC include: radio frequency (English full name: Radio Frequency, english abbreviation: RF) circuit 710, memorizer 720, input list
Unit 730, display unit 740, sensor 750, voicefrequency circuit 760, Wireless Fidelity (English full name: wireless fidelity,
English abbreviation: WiFi) module 770, the parts such as processor 780 and power supply 790.It will be understood by those skilled in the art that Figure 16
Shown in PC structure be not intended that the restriction to PC, can include that ratio illustrates more or less of parts, or combine some
Parts, or different parts layouts.
Below in conjunction with Figure 16 each component parts of PC carried out concrete introduction:
RF circuit 710 can be used for receiving and sending messages or in communication process, the reception of signal and transmission, especially, by base station
After downlink information receives, process to processor 780;It addition, be sent to base station by designing up data.Generally, RF circuit 710
Include but not limited to antenna, at least one amplifier, transceiver, bonder, low-noise amplifier (English full name: Low
Noise Amplifier, english abbreviation: LNA), duplexer etc..Additionally, RF circuit 710 can also pass through radio communication and network
Communicate with other equipment.Above-mentioned radio communication can use arbitrary communication standard or agreement, includes but not limited to that the whole world is mobile logical
News system (English full name: Global System of Mobile communication, english abbreviation: GSM), general packet
Wireless service (English full name: General Packet Radio Service, GPRS), CDMA (English full name: Code
Division Multiple Access, english abbreviation: CDMA), WCDMA (English full name: Wideband Code
Division Multiple Access, english abbreviation: WCDMA), Long Term Evolution (English full name: Long Term
Evolution, english abbreviation: LTE), Email, Short Message Service (English full name: Short Messaging Service,
SMS) etc..
Memorizer 720 can be used for storing software program and module, and processor 780 is stored in memorizer 720 by operation
Software program and module, thus perform PC various functions application and data process.Memorizer 720 can mainly include depositing
Storage program area and storage data field, wherein, storage program area can store the application program needed for operating system, at least one function
(such as sound-playing function, image player function etc.) etc.;Storage data field can store the data that the use according to PC is created
(such as voice data, phone directory etc.) etc..Additionally, memorizer 720 can include high-speed random access memory, it is also possible to include
Nonvolatile memory, for example, at least one disk memory, flush memory device or other volatile solid-state parts.
Input block 730 can be used for receiving numeral or the character information of input, and produce with the user setup of PC and
Function controls relevant key signals input.Specifically, input block 730 can include contact panel 731 and other input equipments
732.Contact panel 731, also referred to as touch screen, can collect user thereon or neighbouring touch operation (such as user uses hands
Any applicable object or the adnexa operations on contact panel 731 or near contact panel 731 such as finger, stylus), and according to
Formula set in advance drives corresponding attachment means.Optionally, contact panel 731 can include touch detecting apparatus and touch control
Two parts of device processed.Wherein, the touch orientation of touch detecting apparatus detection user, and detect the signal that touch operation brings, will
Signal sends touch controller to;Touch controller receives touch information from touch detecting apparatus, and is converted into contact
Coordinate, then give processor 780, and order that processor 780 sends can be received and performed.Furthermore, it is possible to employing resistance
The polytypes such as formula, condenser type, infrared ray and surface acoustic wave realize contact panel 731.Except contact panel 731, input is single
Unit 730 can also include other input equipments 732.Specifically, other input equipments 732 can include but not limited to secondary or physical bond
One or more in dish, function key (such as volume control button, switch key etc.), trace ball, mouse, action bars etc..
Display unit 740 can be used for respectively planting vegetables of the information that inputted by user of display or the information being supplied to user and PC
Single.Display unit 740 can include display floater 741, optionally, can use liquid crystal display (English full name: Liquid
Crystal Display, english abbreviation: LCD), Organic Light Emitting Diode (English full name: Organic Light-Emitting
Diode, english abbreviation: OLED) etc. form configure display floater 741.Further, contact panel 731 can cover display surface
Plate 741, when contact panel 731 detects thereon or after neighbouring touch operation, sends processor 780 to determine touch thing
The type of part, provides corresponding visual output with preprocessor 780 according to the type of touch event on display floater 741.Though
The most in figure 16, contact panel 731 and display floater 741 are to realize input and the input work of PC as two independent parts
Can, but in some embodiments it is possible to by integrated to contact panel 731 and display floater 741 and realize input and the output of PC
Function.
PC may also include at least one sensor 750, such as optical sensor, motion sensor and other sensors.Tool
Body ground, optical sensor can include ambient light sensor and proximity transducer, and wherein, ambient light sensor can be according to ambient light
Light and shade regulates the brightness of display floater 741, proximity transducer can when PC moves in one's ear, close display floater 741 and/or
Backlight.As the one of motion sensor, accelerometer sensor can detect the big of (generally three axles) acceleration in all directions
Little, can detect that size and the direction of gravity time static, can be used for identifying that the application of PC attitude is (such as horizontal/vertical screen switching, relevant
Game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, percussion) etc.;The gyro that can also configure as PC
Other sensors such as instrument, barometer, drimeter, thermometer, infrared ray sensor, do not repeat them here.
Voicefrequency circuit 760, speaker 761, microphone 762 can provide the audio interface between user and PC.Voicefrequency circuit
The signal of telecommunication after the 760 voice data conversions that can will receive, is transferred to speaker 761, speaker 761 is converted to sound letter
Number output;On the other hand, the acoustical signal of collection is converted to the signal of telecommunication by microphone 762, voicefrequency circuit 760 change after receiving
For voice data, then after voice data output processor 780 is processed, through RF circuit 710 to be sent to such as another PC, or
Voice data is exported to memorizer 720 to process further.
WiFi belongs to short range wireless transmission technology, PC by WiFi module 770 user can be helped to send and receive e-mail,
Browsing webpage and access streaming video etc., it has provided the user wireless broadband internet and has accessed.Although Figure 16 shows
WiFi module 770, but it is understood that, it is also not belonging to must be configured into of PC, can not change as required completely
Omit in the scope of the essence of invention.
Processor 780 is the control centre of PC, utilizes various interface and the various piece of the whole PC of connection, by fortune
Row or execution are stored in the software program in memorizer 720 and/or module, and call the data being stored in memorizer 720,
Perform the various functions of PC and process data, thus PC is carried out integral monitoring.Optionally, processor 780 can include one or
Multiple processing units;Preferably, processor 780 can integrated application processor and modem processor, wherein, application processor
Mainly processing operating system, user interface and application program etc., modem processor mainly processes radio communication.It is appreciated that
, above-mentioned modem processor can not also be integrated in processor 780.
PC also includes the power supply 790 (such as battery) powered to all parts, it is preferred that power supply can pass through power management
System is logically contiguous with processor 780, thus realizes management charging, electric discharge and power managed etc. by power-supply management system
Function.
Although not shown, PC can also include photographic head, bluetooth module etc., does not repeats them here.
In embodiments of the present invention, the processor 780 included by this terminal also has a following functions:
Obtain application program to be detected;
Obtaining the API experience storehouse of the first application development engine, described first application development engine is used for developing described to be checked
Survey application program, described API experience storehouse comprises at least one API information that there are security breaches;
Extract application programming interface API of described application program to be detected;
According to described API experience storehouse, it is judged that whether the API of described application program to be detected exists security breaches, the most then
Target API that there are security breaches is determined from the API of described application program to be detected.
Those skilled in the art is it can be understood that arrive, for convenience and simplicity of description, and the system of foregoing description,
The specific works process of device and unit, is referred to the corresponding process in preceding method embodiment, does not repeats them here.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method are permissible
Realize by another way.Such as, device embodiment described above is only schematically, such as, and described unit
Dividing, be only a kind of logic function and divide, actual can have other dividing mode, the most multiple unit or assembly when realizing
Can in conjunction with or be desirably integrated into another system, or some features can be ignored, or does not performs.Another point, shown or
The coupling each other discussed or direct-coupling or communication connection can be the indirect couplings by some interfaces, device or unit
Close or communication connection, can be electrical, machinery or other form.
The described unit illustrated as separating component can be or may not be physically separate, shows as unit
The parts shown can be or may not be physical location, i.e. may be located at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected according to the actual needs to realize the mesh of the present embodiment scheme
's.
It addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it is also possible to
It is that unit is individually physically present, it is also possible to two or more unit are integrated in a unit.Above-mentioned integrated list
Unit both can realize to use the form of hardware, it would however also be possible to employ the form of SFU software functional unit realizes.
If described integrated unit realizes and as independent production marketing or use using the form of SFU software functional unit
Time, can be stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially
The part that in other words prior art contributed or this technical scheme completely or partially can be with the form of software product
Embodying, this computer software product is stored in a storage medium, including some instructions with so that a computer
Equipment (can be personal computer, server, or the network equipment etc.) performs the complete of method described in each embodiment of the present invention
Portion or part steps.And aforesaid storage medium includes: USB flash disk, portable hard drive, read only memory (English full name: Read-Only
Memory, english abbreviation: ROM), random access memory (English full name: Random Access Memory, english abbreviation:
RAM), the various medium that can store program code such as magnetic disc or CD.
The above, above example only in order to technical scheme to be described, is not intended to limit;Although with reference to front
State embodiment the present invention has been described in detail, it will be understood by those within the art that: it still can be to front
State the technical scheme described in each embodiment to modify, or wherein portion of techniques feature is carried out equivalent;And these
Amendment or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (14)
1. the method for an engine Hole Detection, it is characterised in that including:
Obtain application program to be detected;
Obtaining the application programming interface experience storehouse of the first application development engine, described first application development engine is used for developing
Described application program to be detected, comprises at least one application that there are security breaches in described application programming interface experience storehouse
Program Interfaces information;
Extract the application programming interface of described application program to be detected;
According to described application programming interface experience storehouse, it is judged that the application programming interface of described application program to be detected is
No there are security breaches, the most then from the application programming interface of described application program to be detected, determine existence safety leakage
The destination application DLL in hole.
Method the most according to claim 1, it is characterised in that the application program of described acquisition the first application development engine is compiled
Before journey interface experience storehouse, described method also includes:
Obtain the source code of described first application development engine;
Search the application programming interface that there are security breaches in the source code of described first application development engine;
According to the described application programming interface that there are security breaches, set up described application programming interface experience storehouse.
Method the most according to claim 1 and 2, it is characterised in that the source of described first application development engine of described lookup
Code exists the application programming interface of security breaches, including:
Detect the application programming interface that there is null pointer in the source code of described first application development engine;
Obtain the application programming interface title corresponding to the described application programming interface that there is null pointer and parameter bit
Put.
Method the most according to claim 3, it is characterised in that described according to the described application program volume that there are security breaches
Journey interface, sets up described application programming interface experience storehouse, including:
According to the application programming interface title corresponding to the described application programming interface that there is null pointer and parameter bit
Put, set up the application programming interface experience storehouse of described first application development engine.
5. according to the method according to any one of claim 2 to 4, it is characterised in that described acquisition the first application development engine
Application programming interface experience storehouse after, described method also includes:
When described first application development engine is updated to the second application development engine, obtain described second application development engine
Source code;
Search the application programming interface that there are security breaches in the source code of described second application development engine;
According to the described application programming interface that there are security breaches, the application program of described first application development engine is compiled
Journey interface experience storehouse is updated to the application programming interface experience storehouse of described second application development engine.
Method the most according to claim 4, it is characterised in that described according to described application programming interface experience storehouse,
Judge whether the application programming interface of described application program to be detected exists security breaches, including:
Travel through the application programming interface title of described application program to be detected;
Judge the application programming interface title of described application program to be detected whether with described application programming interface warp
Test the application programming interface title comprised in storehouse consistent, the most then obtain according to described application programming interface experience storehouse
Take the parameter position that described in described application program to be detected, application programming interface title is corresponding;
If parameter corresponding on described parameter position is null pointer, it is determined that the application programming of described application program to be detected
There are security breaches in interface.
Method the most according to claim 1, it is characterised in that the described application program volume from described application program to be detected
After determining the destination application DLL that there are security breaches in journey interface, described method also includes:
Exporting the risk information in described application program to be detected, described risk information includes that there is described destination application compiles
The filename of application program to be detected of journey interface, code position, the application programming interface title called and the letter that reports an error
At least one in breath.
8. a detection device, it is characterised in that including:
First acquisition module, is used for obtaining application program to be detected;
Second acquisition module, for obtaining the application programming interface experience storehouse of the first application development engine, described first should
With exploitation engine for developing the application program described to be detected that described first acquisition module obtains, described application programming connects
Mouth comprises at least one application programming interface information that there are security breaches in experience storehouse;
Extraction module, connects for extracting the application programming of the application program described to be detected that described first acquisition module obtains
Mouth application programming interface;
Determine module, for the described application programming interface experience storehouse obtained according to described second acquisition module, it is judged that institute
Whether the application programming interface stating the application program described to be detected that extraction module extracts exists security breaches, the most then
From the application programming interface of described application program to be detected, determine that the destination application programming that there are security breaches connects
Mouthful.
Detection device the most according to claim 8, it is characterised in that described detection device also includes:
3rd acquisition module, obtains the application programming interface warp of the first application development engine for described second acquisition module
Before testing storehouse, obtain the source code of described first application development engine;
First searches module, in the source code searching described first application development engine that described 3rd acquisition module obtains
There is the application programming interface of security breaches;
First sets up module, for searching the described application programming that there are security breaches of module searches according to described first
Interface, sets up described application programming interface experience storehouse.
Detection device the most according to claim 9, it is characterised in that described first searches module includes:
Detector unit, the application programming that there is null pointer in the source code detecting described first application development engine connects
Mouthful;
First acquiring unit, for obtaining the described application programming interface institute that there is null pointer of described detector unit detection
Corresponding application programming interface title and parameter position.
11. detection devices according to claim 10, it is characterised in that described first sets up module includes:
Set up unit, for the described application programming interface institute that there is null pointer obtained according to described first acquiring unit
Corresponding application programming interface title and parameter position, the application programming setting up described first application development engine connects
Mouth experience storehouse.
12. according to the detection device according to any one of claim 9 to 11, it is characterised in that described detection device also includes:
4th acquisition module, obtains the application programming interface warp of the first application development engine for described second acquisition module
After testing storehouse, when described first application development engine is updated to the second application development engine, obtain described second application and development
The source code of engine;
Second searches module, in the source code searching described second application development engine that described 4th acquisition module obtains
There is the application programming interface of security breaches;
More new module, connects for searching the described application programming that there are security breaches of module searches according to described second
Mouthful, the application programming interface experience storehouse of described first application development engine is updated to described second application development engine
Application programming interface experience storehouse.
13. detection devices according to claim 11, it is characterised in that described determine that module includes:
Traversal Unit, for traveling through the application programming interface title of described application program to be detected;
Second acquisition unit, for judging that described Traversal Unit travels through the application program volume of the application program described to be detected obtained
Journey interface name, if consistent with the application programming interface title comprised in described application programming interface experience storehouse,
The most then obtain application programming described in described application program to be detected according to described application programming interface experience storehouse
The parameter position that interface name is corresponding;
Determine unit, if parameter corresponding on the described parameter position that described second acquisition unit obtains is null pointer, then
Determine that the application programming interface of described application program to be detected exists security breaches.
14. detection devices according to claim 8, it is characterised in that described detection device also includes:
For described, output module, determines that module determines existence from the application programming interface of described application program to be detected
After the destination application DLL of security breaches, export the risk information in described application program to be detected, described wind
Danger information includes there is the filename of application program to be detected of described destination application DLL, code position, calling
Application programming interface title and error information at least one.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610643329.9A CN106295353B (en) | 2016-08-08 | 2016-08-08 | Engine vulnerability detection method and detection device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610643329.9A CN106295353B (en) | 2016-08-08 | 2016-08-08 | Engine vulnerability detection method and detection device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106295353A true CN106295353A (en) | 2017-01-04 |
CN106295353B CN106295353B (en) | 2020-04-07 |
Family
ID=57666471
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610643329.9A Active CN106295353B (en) | 2016-08-08 | 2016-08-08 | Engine vulnerability detection method and detection device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106295353B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108920943A (en) * | 2018-05-08 | 2018-11-30 | 国家计算机网络与信息安全管理中心 | The method and device of installation binding behavior is detected for application software |
CN109933989A (en) * | 2019-02-25 | 2019-06-25 | 腾讯科技(深圳)有限公司 | A kind of method and device detecting loophole |
CN110572399A (en) * | 2019-09-10 | 2019-12-13 | 百度在线网络技术(北京)有限公司 | vulnerability detection processing method, device, equipment and storage medium |
CN110855642A (en) * | 2019-10-30 | 2020-02-28 | 腾讯科技(深圳)有限公司 | Application vulnerability detection method and device, electronic equipment and storage medium |
CN111240719A (en) * | 2020-01-23 | 2020-06-05 | 复旦大学 | Defect-driven third-party library version upgrade recommendation method |
CN112580060A (en) * | 2021-01-21 | 2021-03-30 | 国网新疆电力有限公司信息通信公司 | Vulnerability hidden danger checking system for data interface of application system |
CN113535559A (en) * | 2021-07-14 | 2021-10-22 | 杭州默安科技有限公司 | Application interface coverage rate statistical method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130298245A1 (en) * | 2011-02-24 | 2013-11-07 | Red Hat, Inc. | Generating vulnerability reports based on application binary interface/application programming interface usage |
CN103473509A (en) * | 2013-09-30 | 2013-12-25 | 清华大学 | Android platform malware automatic detecting method |
CN104537309A (en) * | 2015-01-23 | 2015-04-22 | 北京奇虎科技有限公司 | Application program bug detection method, application program bug detection device and server |
CN105827664A (en) * | 2016-06-06 | 2016-08-03 | 江苏通付盾科技有限公司 | Vulnerability detection method and device |
-
2016
- 2016-08-08 CN CN201610643329.9A patent/CN106295353B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130298245A1 (en) * | 2011-02-24 | 2013-11-07 | Red Hat, Inc. | Generating vulnerability reports based on application binary interface/application programming interface usage |
CN103473509A (en) * | 2013-09-30 | 2013-12-25 | 清华大学 | Android platform malware automatic detecting method |
CN104537309A (en) * | 2015-01-23 | 2015-04-22 | 北京奇虎科技有限公司 | Application program bug detection method, application program bug detection device and server |
CN105827664A (en) * | 2016-06-06 | 2016-08-03 | 江苏通付盾科技有限公司 | Vulnerability detection method and device |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108920943A (en) * | 2018-05-08 | 2018-11-30 | 国家计算机网络与信息安全管理中心 | The method and device of installation binding behavior is detected for application software |
CN109933989A (en) * | 2019-02-25 | 2019-06-25 | 腾讯科技(深圳)有限公司 | A kind of method and device detecting loophole |
CN109933989B (en) * | 2019-02-25 | 2021-09-07 | 腾讯科技(深圳)有限公司 | Method and device for detecting vulnerability |
CN110572399A (en) * | 2019-09-10 | 2019-12-13 | 百度在线网络技术(北京)有限公司 | vulnerability detection processing method, device, equipment and storage medium |
CN110855642A (en) * | 2019-10-30 | 2020-02-28 | 腾讯科技(深圳)有限公司 | Application vulnerability detection method and device, electronic equipment and storage medium |
CN110855642B (en) * | 2019-10-30 | 2021-08-03 | 腾讯科技(深圳)有限公司 | Application vulnerability detection method and device, electronic equipment and storage medium |
CN111240719A (en) * | 2020-01-23 | 2020-06-05 | 复旦大学 | Defect-driven third-party library version upgrade recommendation method |
CN112580060A (en) * | 2021-01-21 | 2021-03-30 | 国网新疆电力有限公司信息通信公司 | Vulnerability hidden danger checking system for data interface of application system |
CN113535559A (en) * | 2021-07-14 | 2021-10-22 | 杭州默安科技有限公司 | Application interface coverage rate statistical method and system |
Also Published As
Publication number | Publication date |
---|---|
CN106295353B (en) | 2020-04-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106295353A (en) | A kind of method of engine Hole Detection and detection device | |
CN105788612B (en) | A kind of method and apparatus detecting sound quality | |
CN103699292B (en) | Method and device for entering into text selection mode | |
CN106254436A (en) | A kind of method of remote debugging, relevant device and system | |
CN103702297B (en) | Short message enhancement, apparatus and system | |
CN104571908B (en) | A kind of method and apparatus of Object Selection | |
CN106227774A (en) | Information search method and device | |
CN103678502B (en) | Information collection method and device | |
CN106227588A (en) | The creation method of a kind of multi-instance object, device and mobile terminal | |
CN108156508A (en) | Method, apparatus, mobile terminal, server and the system of barrage information processing | |
CN104102879A (en) | Method and device for extracting message format | |
CN106332020A (en) | Short message merging method and apparatus, and terminal device | |
CN105847325A (en) | Method and device for debugging application client side | |
CN106055480A (en) | Webpage debugging method and terminal | |
CN107329985A (en) | A kind of collecting method of the page, device and mobile terminal | |
CN106303070A (en) | The reminding method of a kind of notification message, device and mobile terminal | |
CN106126174A (en) | The control method of a kind of scene audio and electronic equipment | |
CN106201491A (en) | Mobile terminal and mobile terminal remote assist course control method for use, device | |
CN108279904A (en) | Code compiling method and terminal | |
CN106201890A (en) | The performance optimization method of a kind of application and server | |
CN106201547A (en) | Method, device and the mobile terminal that a kind of message based on mobile terminal shows | |
CN104063400B (en) | Data search method and data search device | |
CN103399706B (en) | Page interaction, device and terminal | |
CN106293738A (en) | The update method of a kind of facial expression image and device | |
CN105740145A (en) | Method and device for locating element in control |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |