CN106326103A - Method and apparatus used for detecting vulnerability of to-be-detected application - Google Patents
Method and apparatus used for detecting vulnerability of to-be-detected application Download PDFInfo
- Publication number
- CN106326103A CN106326103A CN201510391266.8A CN201510391266A CN106326103A CN 106326103 A CN106326103 A CN 106326103A CN 201510391266 A CN201510391266 A CN 201510391266A CN 106326103 A CN106326103 A CN 106326103A
- Authority
- CN
- China
- Prior art keywords
- depositor
- leak
- characteristic information
- value
- statement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention provides a method and an apparatus used for detecting a vulnerability of a to-be-detected application. The method comprises the steps of identifying vulnerability feature information of a statement in the to-be-detected application; determining a register corresponding to the vulnerability feature information; tracing the register to obtain a value of the register, wherein if the process that the register is assigned by using a specific jump statement exists in the process of tracing the register, a configuration file storing the specific jump statement and information of a corresponding register needed to be jumped and traced is referred, and the register needed to be jumped and traced is determined to continue to be traced; and judging whether the statement has the vulnerability or not based on the value of the register. According to the method and the apparatus, the vulnerability of the application can be detected more accurately.
Description
Technical field
The application relates to Hole Detection technical field, particularly relates to a kind of for detecting application to be detected
The method and device of leak.
Background technology
The purpose of detection application (APP) leak is to find to apply leak that may be present, with to detection
The leak gone out carries out repairing etc. and processes, thus ensures the properly functioning of application.
The prior art more close with the application is analyzed method by rear orientation trace and is detected application
Leak.The method is reviewed by the depositor being correlated with the statement with leak characteristic information,
To obtain the value of depositor, and it is analyzed to detect leak to the value of depositor.
This rear orientation trace analyzes method can only be at the letter at the described statement place with leak characteristic information
Depositor is reviewed, to obtain the value of the depositor reviewed in number.Namely can only be at a function
Inside review depositor and obtain the value of depositor.But there is the letter at the statement place of leak characteristic information
The statement of reviewed register assignment is not the most existed in number, or by the depositor reviewed
Assigned value is the value that static state cannot obtain, or uses the situations such as function is the register assignment reviewed,
The value of the depositor that this rear orientation trace analysis method is obtained all can not obtain correctly in these cases
The value of depositor, then the value of depositor based on this acquisition carries out applying the result of Hole Detection
The most not accurate enough.
Summary of the invention
The application one of solves the technical problem that and to be to provide a kind of leak for detecting application to be detected
Method and device, it is possible to increase the accuracy of leak that detection application exists.
According to the application embodiment on the one hand, it is provided that one is used for detecting application to be detected
The method of leak, including:
Identify the leak characteristic information of statement in application to be detected;
Determine the depositor corresponding to described leak characteristic information;
Review described depositor, to obtain the value of described depositor, wherein review described depositor
If there is use during specifies skip instruction to be described register assignment, then with reference to storage
State the configuration file specifying information that the need of skip instruction and correspondence redirect the depositor reviewed, determine
The depositor reviewed need to be redirected continue to review;
Value based on described depositor judges whether described statement exists leak.
According to the application embodiment on the other hand, it is provided that one is used for detecting to be detected answering
The device of leak, including:
Recognition unit, for identifying the leak characteristic information of the statement in application to be detected;
Determine unit, for determining the depositor corresponding to described leak characteristic information;
Trace-back unit, is used for reviewing described depositor, to obtain the value of described depositor, Qi Zhong
Skip instruction is specified to be described register assignment if there is use during reviewing described depositor,
Then the need of described appointment skip instruction and correspondence are had to redirect the information of the depositor reviewed with reference to storage
Configuration file, determines that need to redirect the depositor reviewed continues to review;
For value based on described depositor, leak judging unit, judges whether described statement exists leakage
Hole.
Why prior art carries out applying the accuracy of Hole Detection the highest to be because, and it is often only
Depositor can be reviewed in a function and obtain the value of depositor, and value based on this depositor is sentenced
The leak of conclusion sentence, because reviewing depositor in a function is to be relatively easy to, and at function
Between especially redirect function when being register assignment, review the jumping related between different function
Turn, more complicated.The embodiment of the present application make use of storage to have appointment skip instruction and correspondence dexterously
Need redirect the configuration file of information of the depositor reviewed, during reviewing described depositor,
For using appointment skip instruction (to be assignment between function mostly when being described register assignment
Situation), the need being referred to store described appointment skip instruction and correspondence redirect the depositor reviewed
The configuration file of information, determine that need to redirect the depositor reviewed continues to review, thus can review
To source register, it is thus achieved that the value of depositor accurately, thus overcome prior art can only be at one
Review depositor in function and cause the detection inaccurate problem of leak.Therefore the embodiment of the present application is effective
Improve the accuracy of application Hole Detection.
Although those of ordinary skill in the art are it will be appreciated that referenced in schematic is implemented by detailed description below
Example, accompanying drawing are carried out, but the application is not limited in these embodiments.But, scope of the present application
It is widely, and is intended to be bound only by appended claims restriction scope of the present application.
Accompanying drawing explanation
The detailed description that non-limiting example is made made with reference to the following drawings by reading,
Other features, purpose and advantage will become more apparent upon:
Fig. 1 is the method for the leak for detecting application to be detected according to one embodiment of the application
Flow chart.
Fig. 2 is the method for the value reviewing depositor acquisition depositor according to one embodiment of the application
Flow chart.
Fig. 3 is the device of the leak for detecting application to be detected according to one embodiment of the application
Structural representation.
Fig. 4 is the dress of the leak for detecting application to be detected according to another embodiment of the application
The structural representation put.
Although those of ordinary skill in the art are it will be appreciated that referenced in schematic is implemented by detailed description below
Example, accompanying drawing are carried out, but the application is not limited in these embodiments.But, scope of the present application
It is widely, and is intended to be bound only by appended claims restriction scope of the present application.
Detailed description of the invention
It should be mentioned that, some exemplary realities before being discussed in greater detail exemplary embodiment
Execute process or method that example is described as describing as flow chart.Although operations is retouched by flow chart
State into the process of order, but many of which operation can be by concurrently, concomitantly or simultaneously
Implement.Additionally, the order of operations can be rearranged.The most described place
Reason can be terminated, it is also possible to have the additional step being not included in accompanying drawing.Described process
Can correspond to method, function, code, subroutine, subprogram etc..
Described computer equipment includes subscriber equipment and the network equipment.Wherein, described subscriber equipment bag
Include but be not limited to computer, smart mobile phone, PDA etc.;The described network equipment includes but not limited to single
The webserver, multiple webserver composition server group or based on cloud computing (Cloud
Computing) the cloud being made up of a large amount of computers or the webserver, wherein, cloud computing is point
The one that cloth calculates, the super virtual computing being made up of a group loosely-coupled computer collection
Machine.Wherein, described computer equipment isolated operation can realize the application, it is possible to access network is also
By realizing the application with the interactive operation of other computer equipments in network.Wherein, described
Network residing for computer equipment include but not limited to the Internet, wide area network, Metropolitan Area Network (MAN), LAN,
VPN etc..
It should be noted that described subscriber equipment, the network equipment and network etc. are only for example, other
Existing or that be likely to occur from now on computer equipment or network are such as applicable to the application, also should wrap
Within being contained in the application protection domain, and it is incorporated herein with way of reference.
Method (some of them are illustrated by flow chart) discussed hereafter can pass through hardware, soft
Part, firmware, middleware, microcode, hardware description language or its combination in any are implemented.When
When implementing by software, firmware, middleware or microcode, in order to implement the program generation of necessary task
Code or code segment can be stored in machine or computer-readable medium (such as storage medium).(one
Individual or multiple) processor can implement necessity task.
Concrete structure disclosed herein and function detail are the most representational, and are for retouching
State the purpose of the exemplary embodiment of the application.But the application can be come by many alternative forms
Implement, and be not interpreted as being limited only by the embodiments set forth herein.
Although it should be appreciated that here may have been used term " first ", " second " etc.
Describe unit, but these unit should not be limited by these terms.Use these terms
It is only used to make a distinction a unit with another unit.For example, without departing substantially from showing
In the case of the scope of example embodiment, first module can be referred to as second unit, and is similar to
Ground second unit can be referred to as first module.Term "and/or" used herein above includes wherein
Any and all combination of one or more listed associated item.
It should be appreciated that when a unit is referred to as " connection " or " coupled " to another unit
Time, it can be connected or coupled to another unit described, or can there is temporary location.
On the other hand, it is referred to as " being directly connected " or " directly coupled " to another unit when a unit
Time, the most there is not temporary location.Should explain in a comparable manner be used for describe unit it
Between relation other words (such as " and be in ... between " compared to " and be directly in ... between ", " with ...
Neighbouring " compared to " with ... it is directly adjacent to " etc.).
Term used herein above is only used to describe specific embodiment and be not intended to limit exemplary
Embodiment.Unless the context clearly dictates otherwise, singulative " the most used herein above
Individual ", " one " also attempt to include plural number.It is to be further understood that term used herein above " bag
Include " and/or " comprising " specify feature, integer, step, operation, unit and/or the group stated
The existence of part, and do not preclude the presence or addition of other features one or more, integer, step, behaviour
Work, unit, assembly and/or a combination thereof.
It should further be mentioned that in some replace implementation, the function/action being previously mentioned is permissible
Occur according to being different from accompanying drawing the order indicated.For example, involved function/dynamic is depended on
Making, the two width figures in succession illustrated can essentially substantially simultaneously perform or sometimes can be according to phase
Anti-order performs.
Wherein, the embodiment of the present application is to overcome can only reviewing in a function of prior art to deposit
Device, it is impossible to the problem obtaining the value of correct depositor, if run into during reviewing depositor by
The skip instruction specified is the situation of register assignment, then have described appointment skip instruction with reference to storage
And the need of correspondence redirect the configuration file of information of the depositor reviewed, determine and need to redirect posting of reviewing
Storage continues to review, such that it is able to trace back to source register, obtains the value of correct depositor, base
Value in this depositor carries out the analysis of leak and judges can detect leak more accurately.
Below in conjunction with the accompanying drawings the technical scheme of the application is described in further detail.
Fig. 1 is a kind of leak for detecting application to be detected according to one embodiment of the application
The flow chart of method, whether the method can be used for detecting in the types of applications in intelligent mobile terminal deposits
At leak.The method mainly comprises the steps:
S10, the leak characteristic information of the statement identified in application to be detected;
S11, determine the depositor corresponding to described leak characteristic information;
S12, review described depositor, to obtain the value of described depositor, wherein post described in reviewing
Skip instruction is specified to be described register assignment, then with reference to storage if there is use during storage
The need having described appointment skip instruction and correspondence redirect the configuration file of the information of the depositor reviewed,
Determine that need to redirect the depositor reviewed continues to review;
S13, value based on described depositor judge whether described statement exists leak.
Below above steps is described in further detail.
In step slo, the leak characteristic information of statement in application to be detected is identified.
The premise of the leak detecting application to be detected is, first has to application to be detected is decompiled into one
Intermediate language, for example, it is possible to decompile into smali language, afterwards based on the middle language after decompiling
Speech carries out Hole Detection to this application to be detected.Statement in application to be detected described here is will
Any bar statement in intermediate language after application decompiling to be detected.Can be by anti-for application to be detected
Each statement in intermediate language after compiling is applied in the method for the embodiment of the present application one by one,
To find out containing leaky all statements.
Leak characteristic information is in statement, likely correspond to the feature of leak.It is from a large number
In the sample of the known statement that there is leak such as by the method summary such as machine learning out,
So it occurs in statement, the biggest may be along with the existence of leak.But whether it is bound to
Leak, be through the embodiment of the present application step S10~the judgement of S13.
Wherein, the embodiment of the present application can be by leak characteristic information table storage leak characteristic information with described
The depositor that leak characteristic information is corresponding.Therefore, step S10 identifies the statement in application to be detected
The mode of leak characteristic information can be: by the statement in application to be detected and leak characteristic information
Leak characteristic information comparison in table, if existing in described statement and the leakage in leak characteristic information table
The leak characteristic information of hole characteristic information coupling, the most i.e. identifies the leakage of statement in application to be detected
Hole characteristic information.If there is not the leak characteristic information of coupling in described statement, then continuing detection should
Next statement in application to be detected (speaks by the book, is the centre after application decompiling to be detected
Next statement in language, for the sake of simple, without exception will be " after application decompiling
Statement in intermediate language " it is referred to as " statement in application "), until this application to be detected
The last item statement.
It should be noted that described leak characteristic information table also can store and leak characteristic information pair
The leak mark answered, and the leak Rule of judgment corresponding with leak characteristic information.
A kind of implementation of step S11 can be: is found by above-mentioned leak characteristic information table
After the leak characteristic information of the statement of application to be detected, further can by this leak characteristic information table
To obtain the depositor corresponding with this leak characteristic information.
In step S12, the depositor determined in trace back step S11, to obtain described depositor
Value.
Can not determine that this statement is certain owing to the statement of application to be detected comprising leak characteristic information
There is leak, to further determine that whether this statement comprising leak characteristic information exists leak,
The embodiment of the present application obtains the value of depositor and realizes further determining that this statement by reviewing depositor
Whether there is leak.Wherein need the depositor reviewed to be determined by step S11, review and post
With this statement as starting point during storage, review as step S11 before this statement in application to be detected
The statement of the middle register assignment determined.
Concrete review depositor with obtain the value of described depositor step can as shown in Figure 2,
Farther include following sub-step:
Sub-step 20, judge whether use specify skip instruction be described register assignment.
Statement for assignment is divided into two kinds of situations by the embodiment of the present application, a kind of for using appointment to redirect
Statement is register assignment, and another kind of is register assignment for not using appointment skip instruction.Wherein,
Not using appointment skip instruction is that register assignment includes any one situation following:
1) be depositor assigned value be constant;
2) be depositor assigned value be the value that specific static state cannot obtain;
The value that described specific static state cannot obtain includes but not limited to: use in addition to specifying skip instruction
The system function that cannot resolve is register assignment or the member variable etc. being entered as class.
3) it is depositor assigned value for can analytical function.
Namely can obtain the value of depositor by analytical function by calling and resolve this.
It is, after tracing back to as the statement of register assignment, it is possible to it is the discovery that appointment redirects language
Sentence be register assignment, it is also possible to be other statement be register assignment.Other statement is for depositing
The situation of device assignment includes but not limited to above-mentioned three kinds.If other statement is register assignment
Situation, can obtain described depositor institute by assigned value as described in the way of using prior art
The value of depositor, is the most directly retrieved as the value of the constant that depositor is composed, or directly obtains described spy
The value that fixed static state cannot obtain, or call and resolve described can analytical function, analysis result is made
The value of the depositor for obtaining.And when specifying skip instruction to be register assignment for use,
The need being referred to store described appointment skip instruction and correspondence redirect the information of the depositor reviewed
Configuration file, determine that need to redirect the depositor reviewed continues to review.As long as it is, running into institute
The appointment skip instruction stated, the depositor reviewed must change.The most described appointment redirects
Statement is depositor skip instruction, and it may include that the function call specified or the assignment specified
Statement, the described function call specified includes: the system function that can not resolve specified, such as
Ljava/lang/StringBuilder;-> toString () Ljava/lang/String;The described assignment statement specified can
Including: aget, sget, vx, vy, vz etc..
If judging, not using appointment skip instruction is described register assignment, the most above-mentioned three kinds of feelings
One of condition, then enter sub-step 21;Otherwise enter sub-step 22.
Sub-step 21, obtain described depositor by assigned value as the value of described depositor, stop
Review.
Sub-step 22, the need of described appointment skip instruction and correspondence are had to redirect posting of reviewing with reference to storage
The configuration file of the information of storage, determines that need to redirect the depositor reviewed continues to review.
The embodiment of the present application, by pre-setting a configuration file, stores appointment in configuration file and redirects language
Sentence, and the need corresponding with this appointment skip instruction redirect the information of the depositor reviewed.Deposit reviewing
Find during device to use specify skip instruction by reviewed register assignment time, refer to this configuration literary composition
Part, to determine that need to redirect the depositor reviewed continues to review, and i.e. returns to sub-step 20.In sub-step
20 redirect the depositor reviewed again for this has continued to determine whether that specifying skip instruction is its assignment, instead
Multiple such process, until judge not use appointment skip instruction to be register assignment and in sub-step 21
In directly obtain described depositor institute by till the assigned value value as described depositor, just stopping chases after
Trace back.
May be implemented in redirect between different functions by said method and review depositor, post accurately to obtain
The value of storage.
The embodiment of the present application at reference configuration file, need to redirect what the depositor reviewed continued to review to determine
In the case of, recordable number of hops.Such as, allow number of hops be initially 0, often redirect language according to one
Sentence determines that when need to redirect the depositor reviewed and continue to review, number of hops adds one.The embodiment of the present application exists
Review depositor, may also include following sub-step during obtaining the value of depositor:
Judging whether number of hops reaches defined threshold, if reaching defined threshold, then obtaining depositor institute quilt
Assigned value, as the value of depositor, stops reviewing.
Can prevent from unconfined reviewing depositor by the threshold value arranging this number of hops, to affect leak inspection
That surveys is ageing.Described threshold value may be configured as 5 times, 7 times or other more or less of number of times.
It is to say, during reviewing the depositor value with acquisition depositor, do not make if meeting
By any one situation that appointment skip instruction is three kinds of situations included by described register assignment, or
Person meets number of hops and reaches defined threshold, all can stop reviewing.
For being further appreciated by the above-mentioned method reviewing depositor, below with instantiation to said method
It is described further.Assume following one section of one section of content being described as the application to be detected after decompiling.
851 invoke-direct{v2, v3}, Ljava/Lang/StringBuilder;-> < init > (I) v
852
853.line 50
854.local v2, " sb ": Ljava/Lang/StringBuilder;
855 invoke-virtual{v2, v0}, Ljava/Lang/StringBuilder;-> append (Ljava/Lang/CharSequence;)Ljava/lang/StringBuilder;
856
857.line 52
858:try_start_0
859 invoke-virual{v2}, Ljava/Lang/StringBuilder;-> toString () Ljava/Lang/String;
860
861 move-result-object v3
862
863 invoke-static{v3}, Ljava/Lang/Class;-> forName (Ljava/Lang/String;)Ljava/Lang/Class;
Wherein, 851~863 is line number, during detecting the statement of application to be detected, finds
863 row exist as follows with the content that the leak characteristic information in leak characteristic information table mates:
Ljava/Lang/Class;-> forName (Ljava/Lang/String;)Ljava/Lang/Class
Can obtain what the needs corresponding with this leak characteristic information were reviewed by leak characteristic information table simultaneously
Register information is paramcnt=" 1 ", i.e. can determine that the depositor that need to review is v3 depositor.
Then review this V3 depositor, to obtain the value of this V3 depositor, i.e. from this 863 line statement to
The upper lookup statement to this V3 register assignment, finds that 861 row are to V3 register assignment, asignment statement
Sentence is at 859 row.
Determine 859 row to the assignment of V3 depositor be use skip instruction be the situation of register assignment.
In the assignment statement of 859 row, employ following skip instruction to this V3 register assignment:
Api=" Ljava/lang/StringBuilder;-> toString () Ljava/lang/String;″
This skip instruction be in configuration file storage appointment skip instruction, then in reference configuration file with should
It is track-pos=" 0 " that the need that skip instruction is corresponding redirect the information of the depositor reviewed, then can determine that and need to jump
Turning the depositor reviewed is V2 depositor, continues in the case of number of hops is not reaching to defined threshold determining
Continue and up review, i.e. review the statement into V2 register assignment.
This V2 register assignment of 855 behaviors, and the assignment of this V2 depositor of 855 behaviors remains use
Skip instruction is register assignment, and using following skip instruction is V2 register assignment:
Ljava/lang/StringBuilder;-> append (Ljava/lang/CharSequence;)Ljava/lang/St
ringBuilder;
Above-mentioned skip instruction is similarly in configuration file the appointment skip instruction of storage, then search configuration file
In the need corresponding with this skip instruction to redirect the register information reviewed be track-pos=" 1 ", would know that and need
Redirecting the depositor reviewed is V0 depositor, in the case of determining that number of hops is not reaching to defined threshold
Continue up to review, until judging not use appointment skip instruction to be described register assignment or redirect
Number of times stops reviewing till reaching defined threshold.
Whether in the case of not using appointment skip instruction to be described register assignment, or jumping
Turn in the case of number of times reaches defined threshold, the depositor currently traced back to be depositor by assigned value
Value.As above, in example, if trace back to V0 depositor, find that it is described for not using appointment skip instruction
Depositor V0 assignment, then stop reviewing, it is thus achieved that this V0 depositor institute is obtained as final by assigned value
The value of depositor.Or the defined threshold of number of hops is when being 2, even if the statement for this V0 assignment is
Specify skip instruction, the most no longer redirect and review, but be directly retrieved as this V0 depositor assigned value (as
The above-mentioned skip instruction for V0 assignment) as the value of the final depositor obtained.
It should be noted that described configuration file also can store the leakage that described appointment skip instruction is corresponding
Hole identifies.Then when finding to specify skip instruction, can obtain simultaneously by searching configuration file and be somebody's turn to do
The need that skip instruction is corresponding redirect information and the leak mark of the depositor reviewed.The application one is implemented
Example, for improving Hole Detection efficiency, identifies whether the statement comprising leak characteristic information exists leak as early as possible,
After leak mark that can be corresponding with specifying skip instruction in getting configuration file, by this mark and leak
Leak mark comparison corresponding with the leak characteristic information identified in step S10 in characteristic information table, if
Two marks are consistent, then it represents that the leak identified in leak corresponding to this appointment skip instruction and step S10
The leak that characteristic information is corresponding is same leak, then can perform the described operation continuing to review.If differing
Cause, then can stop reviewing depositor, and obtain the depositor institute currently reviewed by assigned value.It is,
Determination described in step S12 need to redirect the step that the depositor reviewed continues to review, and is to determine leakage
The leak that hole characteristic information is corresponding identifies and leakage corresponding with described appointment skip instruction in configuration file
Perform in the case of hole mark is consistent.Advantage of this is that and improve detection application leak further
Accuracy.Certainly the embodiment of the present application is not limited thereto.
Due in step S10, by leak characteristic information table at the leak characteristic information identifying statement
While i.e. obtain the leak Rule of judgment corresponding with this leak characteristic information, then step S13 institute
The value based on described depositor stated judges whether described statement exists leak i.e.: deposit described in judgement
Whether the value of device meets described leak Rule of judgment, if meeting described leak Rule of judgment, it is determined that
There is leak in described statement.If the depositor need to reviewed for same statement is multiple, then obtained
Multiple depositors value combination after meet leak Rule of judgment, then can determine that described statement exist leakage
Hole.
It is understood that in some cases, if the depositor need to reviewed for same statement is
Multiple, in the case of the value determining wherein one or more depositors is unsatisfactory for leak Rule of judgment,
I.e. can determine that when described leak characteristic information does not constitutes leak, can stop reviewing other needs and review
Depositor.
The method of the leak detecting application to be detected of the embodiment of the present application, is identifying to be detected answering
Statement leak characteristic information after, not only can review this corresponding depositing of leak characteristic information
Device, and during reviewing described depositor, for use specify skip instruction be described in post
The situation of storage assignment, is referred to store the need of described appointment skip instruction and correspondence and redirects and chase after
The configuration file of the information of the depositor traced back, determines that need to redirect the depositor reviewed continues to review,
Thus source register can be traced back to, it is thus achieved that the value of depositor accurately, value based on this depositor is entered
Row leak judges can be more accurate.Therefore the embodiment of the present application is effectively increased application Hole Detection
Accuracy.
The embodiment of the present application also provides for a kind of and above-mentioned leak for detecting application to be detected method
The device of the corresponding leak for detecting application to be detected, is described device knot as shown in Figure 3
Structure schematic diagram, this device can be used for detecting the leak of arbitrary application of intelligent mobile terminal, this device
Specifically include that recognition unit 30, determine unit 31, trace-back unit 32 and leak judging unit 33.
Wherein, recognition unit 30, for identifying the leak characteristic information of the statement in application to be detected.
The depositor that described leak characteristic information is corresponding with described leak characteristic information is stored in accordingly
In leak characteristic information table.Statement in application to be detected can be believed by recognition unit 30 with leak feature
Leak characteristic information comparison in breath table, if described statement exists the leak characteristic information of coupling,
The most i.e. identify the leak characteristic information of statement in application to be detected.If described statement does not exists
The leak characteristic information of coupling, then continue to detect next statement in this application to be detected, until
The last item statement of this application to be detected.
Determine unit 31, for determining the depositor corresponding to described leak characteristic information.
Described leak characteristic information table also can store the leak mark corresponding with leak characteristic information,
And the leak Rule of judgment corresponding with leak characteristic information.Visible, at recognition unit 30 according to leakage
While the leak characteristic information of hole characteristic information table identification statement, can obtain and leak feature simultaneously
The information such as depositor corresponding to information, leak mark, leak Rule of judgment.Then determine unit 31 i.e.
Can determine that the depositor corresponding to described leak characteristic information.
Trace-back unit 32, is used for reviewing described depositor, to obtain the value of described depositor, wherein
Skip instruction is specified to be that described depositor is composed if there is use during reviewing described depositor
Value, then have the need of described appointment skip instruction and correspondence to redirect the letter of the depositor reviewed with reference to storage
The configuration file of breath, determines that need to redirect the depositor reviewed continues to review;
Alternatively, described trace-back unit 32 is configured to:
Judge whether that using appointment skip instruction is described register assignment;
If not using appointment skip instruction is described register assignment, then obtain described depositor institute
By assigned value as the value of described depositor, stop reviewing
It is described that not use appointment skip instruction be that described register assignment includes any one situation following:
It is constant for depositor assigned value;
It is the value that specific static state cannot obtain for depositor assigned value;
It is can analytical function for depositor assigned value.
As shown in Figure 4, determine that need to redirect the depositor reviewed continues to chase after at described trace-back unit 32
In the case of tracing back, described device also includes:
Record unit 34, is used for recording number of hops;
Wherein, described trace-back unit 32 is configured to:
Judge whether number of hops reaches defined threshold;
If reaching defined threshold, then obtain depositor by assigned value as the value of described depositor,
Stopping is reviewed.
Wherein, described trace-back unit 32 is configured to determining that need to redirect the depositor reviewed continues to chase after
Before tracing back:
Determine corresponding with described leak characteristic information in described leak characteristic information table leak mark and
Leak mark corresponding with described appointment skip instruction in configuration file is consistent.
For value based on described depositor, leak judging unit 33, judges whether described statement exists
Leak.This leak judging unit 33 is configured to: judge whether the value of described depositor meets leak
Leak Rule of judgment corresponding with described leak characteristic information in characteristic information table;If meeting described leakage
Hole Rule of judgment, it is determined that described statement exists leak.
In sum, the embodiment of the present application is at the leak feature letter of the statement identifying application to be detected
After breath, not only can review the depositor that this leak characteristic information is corresponding, and post described in reviewing
During storage, during for using appointment skip instruction to be described register assignment, permissible
The need of described appointment skip instruction and correspondence are had to redirect the joining of information of the depositor reviewed with reference to storage
Put file, determine that need to redirect the depositor reviewed continues to review, thus source register can be traced back to,
Obtaining the value of depositor accurately, value based on this depositor carries out leak judgement can be more accurate.
Therefore the embodiment of the present application is effectively increased the accuracy of application Hole Detection.
It should be noted that the application can be carried out in the assembly of hardware at software and/or software,
Such as, special IC (ASIC), general purpose computer can be used or any other is similar hard
Part equipment realizes.In one embodiment, the software program of the application can be held by processor
Row is to realize steps described above or function.Similarly, the software program of the application (includes being correlated with
Data structure) can be stored in computer readable recording medium storing program for performing, such as, RAM memory,
Magnetically or optically driver or floppy disc and similar devices.It addition, some steps of the application or function can
Employ hardware to realize, such as, perform each step or function as coordinating with processor
Circuit.
It addition, the part of the application can be applied to computer program, such as computer journey
Sequence instructs, and when it is computer-executed, by the operation of this computer, can call or provide
According to the present processes and/or technical scheme.And call the programmed instruction of the present processes, can
Can be stored in fixing or movably in record medium, and/or by broadcasting or other signals hold
Carry the data stream in media and be transmitted, and/or be stored in the meter run according to described programmed instruction
Calculate in the working storage of machine equipment.Here, include a dress according to an embodiment of the application
Putting, this device includes the memorizer for storing computer program instructions and for performing programmed instruction
Processor, wherein, when this computer program instructions is performed by this processor, trigger this device
Run methods based on aforementioned multiple embodiments according to the application and/or technical scheme.
It is obvious to a person skilled in the art that the application is not limited to above-mentioned one exemplary embodiment
Details, and in the case of without departing substantially from spirit herein or basic feature, it is possible to other
Concrete form realizes the application.Which point therefore, no matter from the point of view of, embodiment all should be regarded as
Exemplary, and be nonrestrictive, scope of the present application by claims rather than on
State bright restriction, it is intended that the institute that will fall in the implication of equivalency and scope of claim
Change and be included in the application.Should not be considered as any reference in claim limiting institute
The claim related to.Furthermore, it is to be understood that " an including " word is not excluded for other unit or step, odd number is not
Get rid of plural number.In system claims multiple unit of statement or device can also by a unit or
Device is realized by software or hardware.The first, the second word such as grade is used for representing title, and also
Do not indicate that any specific order.
Claims (14)
1. the method being used for detecting the leak of application to be detected, it is characterised in that including:
Identify the leak characteristic information of statement in application to be detected;
Determine the depositor corresponding to described leak characteristic information;
Review described depositor, to obtain the value of described depositor, wherein review described depositor
If using during and specifying skip instruction is described register assignment, then have described finger with reference to storage
Determine the configuration file that the need of skip instruction and correspondence redirect the information of the depositor reviewed, determine and need to jump
Turn the depositor reviewed to continue to review;
Value based on described depositor judges whether described statement exists leak.
Method the most according to claim 1, it is characterised in that described in review described depositor, to obtain
The step of the value obtaining described depositor includes:
Judge whether that using appointment skip instruction is described register assignment;
If judging, not using appointment skip instruction is described register assignment, then deposit described in acquisition
Device by assigned value as the value of described depositor, stop reviewing.
3. method as claimed in claim 2, it is characterised in that described do not use appointment to redirect language
Sentence includes any one situation following for described register assignment:
It is constant for depositor assigned value;
It is the value that specific static state cannot obtain for depositor assigned value;
It is can analytical function for depositor assigned value.
4. method as claimed in claim 1 or 2, it is characterised in that review determining to redirect
Depositor continue to review in the case of, described method also includes: record number of hops;
And, described in review described depositor, include obtaining the step of the value of described depositor:
Judge whether number of hops reaches defined threshold;
If reaching defined threshold, then obtain depositor by assigned value as the value of described depositor,
Stopping is reviewed.
Method the most according to claim 1, it is characterised in that described leak characteristic information is with described
The depositor that leak characteristic information is corresponding is stored in leak characteristic information table accordingly.
Method the most according to claim 5, it is characterised in that described leak characteristic information table also stores
The leak mark corresponding with described leak characteristic information, described configuration file also stores and described appointment
The leak mark that skip instruction is corresponding, wherein it is determined that need to redirect before the depositor reviewed continues to review,
Described method also includes:
Determine corresponding with described leak characteristic information in described leak characteristic information table leak mark and
Leak mark corresponding with described appointment skip instruction in configuration file is consistent.
7. method as claimed in claim 5, it is characterised in that in described leak characteristic information table
Also storage has the leak Rule of judgment corresponding with described leak characteristic information, then based on described depositor
Value judge whether described statement exists leak and include:
Judge whether the value of described depositor meets in described leak characteristic information table special with described leak
The leak Rule of judgment that reference breath is corresponding;
If meeting described leak Rule of judgment, it is determined that described statement exists leak.
8. the device being used for detecting the leak of application to be detected, it is characterised in that including:
Recognition unit, for identifying the leak characteristic information of the statement in application to be detected;
Determine unit, for determining the depositor corresponding to described leak characteristic information;
Trace-back unit, is used for reviewing described depositor, to obtain the value of described depositor, Qi Zhong
Skip instruction is specified to be described register assignment if there is use during reviewing described depositor,
Then the need of described appointment skip instruction and correspondence are had to redirect the information of the depositor reviewed with reference to storage
Configuration file, determines that need to redirect the depositor reviewed continues to review;
For value based on described depositor, leak judging unit, judges whether described statement exists leakage
Hole.
Device the most according to claim 8, it is characterised in that described trace-back unit is configured to:
Judge whether that using appointment skip instruction is described register assignment;
If judging, not using appointment skip instruction is described register assignment, then deposit described in acquisition
Device by assigned value as the value of described depositor, stop reviewing.
10. device as claimed in claim 9, it is characterised in that described do not use appointment to redirect
Statement is that described register assignment includes any one situation following:
It is constant for depositor assigned value;
It is the value that specific static state cannot obtain for depositor assigned value;
It is can analytical function for depositor assigned value.
11. devices as claimed in claim 8 or 9, it is characterised in that at described trace-back unit
In the case of determining that need to redirect the depositor reviewed continues to review, described device also includes:
Record unit, is used for recording number of hops;
Wherein, described trace-back unit is configured to:
Judge whether number of hops reaches defined threshold;
If reaching defined threshold, then obtain depositor by assigned value as the value of described depositor,
Stopping is reviewed.
12. devices according to claim 8, it is characterised in that described leak characteristic information is with described
The depositor that leak characteristic information is corresponding is stored in leak characteristic information table accordingly.
13. devices according to claim 12, it is characterised in that described leak characteristic information table is also deposited
Storing up the leak mark corresponding with described leak characteristic information, described configuration file also stores and described finger
Determine skip instruction corresponding leak mark, wherein, described trace-back unit be configured to determine need jump
Turn before the depositor reviewed continues to review, determine in described leak characteristic information table with described leak feature
Leak mark and leak corresponding with described appointment skip instruction in configuration file that information is corresponding identify
Unanimously.
14. devices as claimed in claim 12, it is characterised in that described leak characteristic information table
In also storage have a leak Rule of judgment corresponding with described leak characteristic information, described leak judges single
Unit is configured to:
Judge whether the value of described depositor meets in described leak characteristic information table special with described leak
The leak Rule of judgment that reference breath is corresponding;
If meeting described leak Rule of judgment, it is determined that described statement exists leak.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510391266.8A CN106326103B (en) | 2015-07-06 | 2015-07-06 | For detecting the method and device of the loophole of application to be detected |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510391266.8A CN106326103B (en) | 2015-07-06 | 2015-07-06 | For detecting the method and device of the loophole of application to be detected |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106326103A true CN106326103A (en) | 2017-01-11 |
CN106326103B CN106326103B (en) | 2019-01-04 |
Family
ID=57727382
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510391266.8A Active CN106326103B (en) | 2015-07-06 | 2015-07-06 | For detecting the method and device of the loophole of application to be detected |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106326103B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112905374A (en) * | 2021-02-08 | 2021-06-04 | 烽火通信科技股份有限公司 | Method and device for improving robustness of embedded software |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102306098A (en) * | 2011-08-18 | 2012-01-04 | 电子科技大学 | Implicit taint propagation system and scheme thereof |
CN102521543A (en) * | 2011-12-23 | 2012-06-27 | 中国人民解放军国防科学技术大学 | Method for information semantic analysis based on dynamic taint analysis |
CN102567200A (en) * | 2011-12-14 | 2012-07-11 | 北京航空航天大学 | Parallelization security hole detecting method based on function call graph |
CN103995782A (en) * | 2014-06-17 | 2014-08-20 | 电子科技大学 | Taint analyzing method based on taint invariable set |
US8875298B2 (en) * | 2012-02-16 | 2014-10-28 | Nec Laboratories America, Inc. | Method for scalable analysis of android applications for security vulnerability |
CN104732146A (en) * | 2015-04-03 | 2015-06-24 | 上海斐讯数据通信技术有限公司 | Android program bug detection method and system |
-
2015
- 2015-07-06 CN CN201510391266.8A patent/CN106326103B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102306098A (en) * | 2011-08-18 | 2012-01-04 | 电子科技大学 | Implicit taint propagation system and scheme thereof |
CN102567200A (en) * | 2011-12-14 | 2012-07-11 | 北京航空航天大学 | Parallelization security hole detecting method based on function call graph |
CN102521543A (en) * | 2011-12-23 | 2012-06-27 | 中国人民解放军国防科学技术大学 | Method for information semantic analysis based on dynamic taint analysis |
US8875298B2 (en) * | 2012-02-16 | 2014-10-28 | Nec Laboratories America, Inc. | Method for scalable analysis of android applications for security vulnerability |
CN103995782A (en) * | 2014-06-17 | 2014-08-20 | 电子科技大学 | Taint analyzing method based on taint invariable set |
CN104732146A (en) * | 2015-04-03 | 2015-06-24 | 上海斐讯数据通信技术有限公司 | Android program bug detection method and system |
Non-Patent Citations (2)
Title |
---|
曾述可 等: ""一种针对Android系统隐私保护机制有效性的评估方法"", 《中国科学技术大学学报》 * |
李京哲 等: ""基于控制依赖分析的Android远程控制类恶意软件检测"", 《清华大学学报(自然科学版)》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112905374A (en) * | 2021-02-08 | 2021-06-04 | 烽火通信科技股份有限公司 | Method and device for improving robustness of embedded software |
Also Published As
Publication number | Publication date |
---|---|
CN106326103B (en) | 2019-01-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Tan et al. | Making k-object-sensitive pointer analysis more precise with still k-limiting | |
US8401221B2 (en) | Cognitive control framework for automatic control of application programs exposure a graphical user interface | |
US10761963B2 (en) | Object monitoring in code debugging | |
CN109446107B (en) | A kind of source code detection method and device, electronic equipment | |
US8612944B2 (en) | Code evaluation for in-order processing | |
US20160196116A1 (en) | Method and Apparatus for Detecting Code Change | |
CN110175609A (en) | Interface element detection method, device and equipment | |
CN109901996B (en) | Auxiliary test method and device, electronic equipment and readable storage medium | |
CN106471476A (en) | For to optimized code edit and continue and enhanced optimized debugging technology | |
US8661404B2 (en) | Method for improving execution efficiency of a software package customization | |
US10049031B2 (en) | Correlation of violating change sets in regression testing of computer software | |
CN103559123A (en) | Function call stack analyzing method and device based on VxWorks operation system | |
CN102651062A (en) | System and method for tracking malicious behavior based on virtual machine architecture | |
CN101964062B (en) | Image searching method based on user interface | |
US20090024460A1 (en) | Cursor path vector analysis for detecting click fraud | |
CN109635568A (en) | A kind of concurrent leak detection method combined based on static analysis and fuzz testing | |
KR102013657B1 (en) | Apparatus for statically analyzing assembly code including assoxiated multi files | |
CN109683773A (en) | Corpus labeling method and device | |
CN115567736A (en) | Video content detection method, device, equipment and storage medium | |
CN106326103A (en) | Method and apparatus used for detecting vulnerability of to-be-detected application | |
US20140189656A1 (en) | Flow Analysis in Program Execution | |
US20120233594A1 (en) | Sharable development environment bookmarks for functional/data flow | |
CN113805861B (en) | Code generation method based on machine learning, code editing system and storage medium | |
CN109960656A (en) | Detection method, device and the electronic equipment of program | |
CN110324410A (en) | Initiate method, apparatus, computer equipment and the storage medium of web-page requests |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |