CN106326103B - For detecting the method and device of the loophole of application to be detected - Google Patents
For detecting the method and device of the loophole of application to be detected Download PDFInfo
- Publication number
- CN106326103B CN106326103B CN201510391266.8A CN201510391266A CN106326103B CN 106326103 B CN106326103 B CN 106326103B CN 201510391266 A CN201510391266 A CN 201510391266A CN 106326103 B CN106326103 B CN 106326103B
- Authority
- CN
- China
- Prior art keywords
- register
- loophole
- characteristic information
- retrospect
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Debugging And Monitoring (AREA)
Abstract
This application provides the method and devices of the loophole for detecting application to be detected.The described method includes: identifying the loophole characteristic information of the sentence in application to be detected;Determine register corresponding to the loophole characteristic information;Trace the register, to obtain the value of the register, wherein using specified skip instruction if it exists during tracing the register is the register assignment, then with reference to the configuration file for the information for being stored with the specified skip instruction and the corresponding register that need to jump retrospect, the register that determination need to jump retrospect continues to trace;Value based on the register judges the sentence with the presence or absence of loophole.The application realizes the loophole for more accurately detecting application.
Description
Technical field
This application involves Hole Detection technical field more particularly to a kind of methods for detecting the loophole of application to be detected
And device.
Background technique
The purpose of detection application (APP) loophole is that loophole that may be present is applied in discovery, to carry out to the loophole detected
The processing such as repairing, to guarantee the normal operation of application.
It is that the loophole of application is detected by rear orientation trace analysis method with the relatively similar prior art of the application.This method
By being traced to the relevant register of sentence institute with loophole characteristic information, to obtain the value of register, and to deposit
The value of device is analyzed to detect loophole.
The rear orientation trace analysis method can only be traced in the function with where the sentence of loophole characteristic information and be posted
Storage, to obtain the value of traced register.Namely register can only be traced in a function and obtain register
Value.But it is possible to be not present as the language of the register assignment traced in the function where the sentence with loophole characteristic information
Sentence, or register assigned value to be traced are the static value that can not be obtained, or the register assignment using function to be traced
Situations such as, the value of the rear orientation trace analysis method register obtained cannot obtain correct register in these cases
Value, then to carry out the result using Hole Detection similarly not accurate enough for the value of the register based on the acquisition.
Summary of the invention
One of the technical issues of the application solves is to provide a kind of for detecting the method and dress of the loophole of application to be detected
It sets, can be improved the accuracy of the existing loophole of detection application.
According to one embodiment of the application one side, provide a kind of for detecting the side of the loophole of application to be detected
Method, comprising:
Identify the loophole characteristic information of the sentence in application to be detected;
Determine register corresponding to the loophole characteristic information;
The register is traced, to obtain the value of the register, if wherein depositing during tracing the register
It the use of specified skip instruction is being the register assignment, then with reference to being stored with the specified skip instruction and corresponding need to jump
The configuration file of the information of the register of retrospect, the register that determination need to jump retrospect continue to trace;
Value based on the register judges the sentence with the presence or absence of loophole.
According to one embodiment of the application another aspect, provide a kind of for detecting the dress of the loophole of application to be detected
It sets, comprising:
Recognition unit, for identification the loophole characteristic information of the sentence in application to be detected;
Determination unit, for determining register corresponding to the loophole characteristic information;
Trace-back unit, for tracing the register, to obtain the value of the register, wherein tracing the register
During the use of specified skip instruction is if it exists the register assignment, then with reference to be stored with the specified skip instruction and
The configuration file of the information of the corresponding register that need to jump retrospect, the register that determination need to jump retrospect continue to trace;
Loophole judging unit judges the sentence with the presence or absence of loophole for the value based on the register.
Why the prior art carries out applying the accuracy of Hole Detection not high being because it often can only be in a function
Interior retrospect register and the value for obtaining register, and the value based on the register judges the loophole of sentence, because in a function
Interior retrospect register be relatively easy to, and especially jumped between function function be register assignment when, retrospect get up to relate to
And jumping between different functions, it is more complicated.The embodiment of the present application, which is dexterously utilized, is stored with specified skip instruction and right
The need answered jump the configuration file of the information of the register of retrospect, specified for using during tracing the register
The case where skip instruction is register assignment the case where (be mostly function between assignment), can be described specified with reference to being stored with
The configuration file of the information of skip instruction and the corresponding register that need to jump retrospect, determine need to jump the register of retrospect after
Continuous retrospect, so as to trace back to source register, obtains the value of accurate register, so that overcoming the prior art can only be at one
Retrospect register causes the problem of detection loophole inaccuracy in function.Therefore the embodiment of the present application is effectively increased examines using loophole
The accuracy of survey.
Those of ordinary skill in the art will understand that although following detailed description carries out referenced in schematic embodiment, attached drawing,
But the application is not limited to these embodiments.But scope of the present application is extensive, and is intended to only through appended right
It is required that limiting scope of the present application.
Detailed description of the invention
By reading a detailed description of non-restrictive embodiments in the light of the attached drawings below, the application's is other
Feature, objects and advantages will become more apparent upon:
Fig. 1 is the flow chart according to the method for the loophole for detecting application to be detected of the application one embodiment.
Fig. 2 is the flow chart that the method for value of register is obtained according to the retrospect register of the application one embodiment.
Fig. 3 is the structural representation according to the device of the loophole for detecting application to be detected of the application one embodiment
Figure.
Fig. 4 is the structural representation according to the device of the loophole for detecting application to be detected of the application another embodiment
Figure.
Those of ordinary skill in the art will understand that although following detailed description carries out referenced in schematic embodiment, attached drawing,
But the application is not limited to these embodiments.But scope of the present application is extensive, and is intended to only through appended right
It is required that limiting scope of the present application.
Specific embodiment
It should be mentioned that some exemplary embodiments are described as before exemplary embodiment is discussed in greater detail
The processing or method described as flow chart.Although operations are described as the processing of sequence by flow chart, therein to be permitted
Multioperation can be implemented concurrently, concomitantly or simultaneously.In addition, the sequence of operations can be rearranged.When it
The processing can be terminated when operation completion, it is also possible to have the additional step being not included in attached drawing.The processing
It can correspond to method, function, regulation, subroutine, subprogram etc..
The computer equipment includes user equipment and the network equipment.Wherein, the user equipment includes but is not limited to electricity
Brain, smart phone, PDA etc.;The network equipment includes but is not limited to that single network server, multiple network servers form
Server group or the cloud consisting of a large number of computers or network servers for being based on cloud computing (Cloud Computing), wherein
Cloud computing is one kind of distributed computing, a super virtual computer consisting of a loosely coupled set of computers.Its
In, the computer equipment can isolated operation realize the application, also can access network and by with other calculating in network
The application is realized in the interactive operation of machine equipment.Wherein, network locating for the computer equipment include but is not limited to internet,
Wide area network, Metropolitan Area Network (MAN), local area network, VPN network etc..
It should be noted that the user equipment, the network equipment and network etc. are only for example, other are existing or from now on may be used
The computer equipment or network that can occur such as are applicable to the application, should also be included within the application protection scope, and to draw
It is incorporated herein with mode.
Method (some of them are illustrated by process) discussed hereafter can be by hardware, software, firmware, centre
Part, microcode, hardware description language or any combination thereof are implemented.Implement when with software, firmware, middleware or microcode
When, program code or code segment to implement necessary task can be stored in machine or computer-readable medium and (for example deposit
Storage media) in.Necessary task can be implemented in (one or more) processor.
Specific structure and function details disclosed herein are only representative, and are for describing showing for the application
The purpose of example property embodiment.But the application can be implemented by many alternative forms, and be not interpreted as
It is limited only by the embodiments set forth herein.
Although it should be understood that may have been used term " first ", " second " etc. herein to describe each unit,
But these units should not be limited by these terms.The use of these items is only for by a unit and another unit
It distinguishes.For example, without departing substantially from the range of exemplary embodiment, it is single that first unit can be referred to as second
Member, and similarly second unit can be referred to as first unit.Term "and/or" used herein above include one of them or
Any and all combinations of more listed associated items.
It should be understood that when a unit referred to as " connects " or when " coupled " to another unit, can directly connect
Another unit is connect or be coupled to, or may exist temporary location.In contrast, " directly connect when a unit is referred to as
Connect " or " direct-coupling " to another unit when, then temporary location is not present.It should explain in a comparable manner and be used to retouch
State the relationship between unit other words (such as " between being in ... " compared to " between being directly in ... ", " and with ... it is adjacent
Closely " compared to " with ... be directly adjacent to " etc.).
Term used herein above is not intended to limit exemplary embodiment just for the sake of description specific embodiment.Unless
Context clearly refers else, otherwise singular used herein above "one", " one " also attempt to include plural number.Also answer
When understanding, term " includes " and/or "comprising" used herein above provide stated feature, integer, step, operation,
The presence of unit and/or component, and do not preclude the presence or addition of other one or more features, integer, step, operation, unit,
Component and/or combination thereof.
It should further be mentioned that the function action being previously mentioned can be attached according to being different from some replace implementations
The sequence indicated in figure occurs.For example, related function action is depended on, the two width figures shown in succession actually may be used
Substantially simultaneously to execute or can execute in a reverse order sometimes.
Wherein, the embodiment of the present application be overcome prior art can only trace register in a function, can not obtain
The problem of value of correct register, if being encountered during tracing register by specified skip instruction is register assignment
Situation, then reference is stored with the configuration file of the information of the specified skip instruction and the corresponding register that need to jump retrospect,
The register that determination need to jump retrospect continues to trace, and so as to trace back to source register, obtains the value of correct register, base
It can more accurately detect and spring a leak in the analytical judgment that the value of the register carries out loophole.
The technical solution of the application is described in further detail with reference to the accompanying drawing.
Fig. 1 is according to a kind of for detecting the process of the method for the loophole of application to be detected of the application one embodiment
Figure, this method can be used for detecting in the types of applications in intelligent mobile terminal with the presence or absence of loophole.This method mainly includes as follows
Step:
The loophole characteristic information of S10, sentence in identification application to be detected;
S11, register corresponding to the loophole characteristic information is determined;
S12, the retrospect register, to obtain the value of the register, wherein during tracing the register
It the use of specified skip instruction is if it exists the register assignment, then reference is stored with the specified skip instruction and corresponding need
The configuration file of the information of the register of retrospect is jumped, the register that determination need to jump retrospect continues to trace;
S13, the value based on the register judge the sentence with the presence or absence of loophole.
Above steps is described in further detail below.
In step slo, the loophole characteristic information of the sentence in application to be detected is identified.
The premise for detecting the loophole of application to be detected is to first have to application to be detected decompiling into a kind of intermediate language,
For example, smali language can be decompiled into, loophole inspection is carried out to the application to be detected based on the intermediate language after decompiling later
It surveys.Sentence in application to be detected described here is by any bar language in the intermediate language to be detected using after decompiling
Sentence.Each sentence in intermediate language to be detected using after decompiling can be applied to the side of the embodiment of the present application one by one
In method, contain leaky all sentences to find out.
Loophole characteristic information is in sentence, is possible to correspond to the feature of loophole.It is that there is leakages from a large amount of known
In the sample of the sentence in hole for example by the methods of machine learning sum up come, so it occurs in sentence, just greatly may be used very much
It can be along with the presence of loophole.But whether leaky, to pass through the judgement of the embodiment of the present application step S10~S13 if being bound to.
Wherein, the embodiment of the present application can store loophole characteristic information and the loophole feature by loophole characteristic information table
The corresponding register of information.Therefore, identify that the mode of the loophole characteristic information of the sentence in application to be detected can be in step S10
Are as follows: the sentence in application to be detected is compared with the loophole characteristic information in loophole characteristic information table, if existing in the sentence
With the matched loophole characteristic information of loophole characteristic information in loophole characteristic information table, then the language in application to be detected is identified
The loophole characteristic information of sentence.If matched loophole characteristic information is not present in the sentence, the application to be detected is continued to test
In next sentence (speak by the book, be next sentence in the intermediate language to be detected using after decompiling, hereinafter
For the sake of simplicity, " sentence in application " will be referred to as " using the sentence in the intermediate language after decompiling " without exception), until this
The last item sentence of application to be detected.
It should be noted that can also store loophole mark corresponding with loophole characteristic information in the loophole characteristic information table
Know, and loophole Rule of judgment corresponding with loophole characteristic information.
A kind of implementation of step S11 can be with are as follows: finds application to be detected by above-mentioned loophole characteristic information table
It is further available corresponding with the loophole characteristic information by the loophole characteristic information table after the loophole characteristic information of sentence
Register.
In step S12, the register determined in trace back step S11, to obtain the value of the register.
Due to not can determine that the sentence certainly exists loophole comprising loophole characteristic information in the sentence of application to be detected, if
Further determine that this includes the sentence of loophole characteristic information with the presence or absence of loophole, the embodiment of the present application is obtained by tracing register
The value of register is obtained to realize and further determine that the sentence with the presence or absence of loophole.The register for wherein needing to trace has passed through step
Rapid S11 is determined, using the sentence as starting point when tracing register, into application to be detected, retrospect is step S11 before the sentence
The sentence of the register assignment of middle determination.
The step of value of the specific retrospect register to obtain the register, can be as shown in Figure 2, further comprise as
Lower sub-step:
Sub-step 20 judges whether using specified skip instruction to be the register assignment.
The embodiment of the present application will be divided into two kinds of situations for the sentence of assignment, and it is register that one kind, which is using specified skip instruction,
Assignment, it is register assignment that another kind, which is without using specified skip instruction,.It wherein, is register tax without using specified skip instruction
Value includes following any case:
It 1) be register assigned value is constant;
It 2) be register assigned value is the value that specific static state can not obtain;
The value that the specific static state can not obtain includes but is not limited to: using can not parse in addition to specified skip instruction
System function be register assignment or be assigned a value of the member variable etc. of class.
3) be register assigned value be can analytical function.
Namely by call and parse this can analytical function can be obtained the value of register.
It is, after tracing back to as the sentence of register assignment, it is possible to be the discovery that specified skip instruction is register
Assignment, it is also possible to be other sentences be register assignment.Other sentences be register assignment the case where include but is not limited on
State three kinds.If it is other sentences be register assignment the case where, the register can be obtained by the way of the prior art
Value by assigned value as the register, such as directly acquire the value for the constant assigned for register, or directly acquire described
The value that specific static state can not obtain, or calls and parse it is described can analytical function, using parsing result as the register of acquisition
Value.And the case where for using specified skip instruction to be register assignment, it can refer to and be stored with the specified skip instruction
And the configuration file of the information of the corresponding register that need to jump retrospect, the register that determination need to jump retrospect continue to trace.?
It is exactly that, as long as encountering the specified skip instruction, the register traced must change.Therefore described specify jumps language
Sentence is register skip instruction, may include: specified function call or specified assignment statement, the specified function
Calling includes: the specified system function that can not be parsed, such as Ljava/lang/StringBuilder;- > toString ()
Ljava/lang/String;The specified assignment statement can include: aget, sget, vx, vy, vz etc..
Be one of described register assignment, such as above-mentioned three kinds of situations without using specified skip instruction if judging, then into
Enter sub-step 21;Otherwise enter sub-step 22.
Sub-step 21 obtains value of the register institute by assigned value as the register, stops tracing.
Sub-step 22, with reference to the information for being stored with the specified skip instruction and the corresponding register that need to jump retrospect
Configuration file, the register that determination need to jump retrospect continue to trace.
The embodiment of the present application stores specified skip instruction by presetting a configuration file in configuration file, and
The information of the corresponding register that need to jump retrospect of skip instruction is specified with this.Discovery uses specified during tracing register
Skip instruction for traced register assignment when, can refer to the configuration file, with determination need to jump retrospect register continue
Retrospect returns to sub-step 20.It has been continued to determine whether again for this register for jumping retrospect in sub-step 20 specified
Skip instruction is its assignment, repeatedly such process, until judge without using specified skip instruction to be register assignment and
Directly acquired in sub-step 21 register by value of the assigned value as the register until, just stop retrospect.
It may be implemented in by the above method between different functions and jump retrospect register, to obtain accurate register
Value.
The embodiment of the present application in the case where reference configuration file continues retrospect with the register that determination need to jump retrospect,
Recordable number of hops.For example, number of hops is allowed to be initially 0, the one skip instruction determination of every foundation need to jump the deposit of retrospect
Device and continue retrospect when, number of hops adds one.The embodiment of the present application is during retrospect register, the value to obtain register
It may also include following sub-step:
Judge whether number of hops reaches defined threshold, if reaching defined threshold, obtains register and made by assigned value
For the value of register, stop retrospect.
Threshold value by the way that the number of hops is arranged can prevent unconfined retrospect register, to influence the timeliness of Hole Detection
Property.The threshold value may be configured as 5 times, 7 times or other more or fewer numbers.
That is, jumping language without using specified if meeting during tracing value of the register to obtain register
Sentence is any case of three kinds of situations included by the register assignment, or meets number of hops and reach defined threshold,
It can all stop tracing.
Method to further understand above-mentioned retrospect register, does the above method with specific example further retouch below
It states.Assuming that a following segment description is one section of content of the application to be detected after decompiling.
851 invoke-direct { v2, v3 }, Ljava/Lang/StringBuilder;- > < init > (I) v
852
853.line 50
854.local v2, " sb ": Ljava/Lang/StringBuilder;
855 invoke-virtual { v2, v0 }, Ljava/Lang/StringBuilder;- > append (Ljava/
Lang/CharSequence;)Ljava/lang/StringBuilder;
856
857.line 52
858:try_start_0
859 invoke-virual { v2 }, Ljava/Lang/StringBuilder;- > toString () Ljava/
Lang/String;
860
861 move-result-object v3
862
863 invoke-static { v3 }, Ljava/Lang/Class;- > forName (Ljava/Lang/String;)
Ljava/Lang/Class;
Wherein, 851~863 be line number, is carried out in detection process to the sentence of application to be detected, and 863 rows of discovery exist
It is as follows with the matched content of loophole characteristic information in loophole characteristic information table:
Ljava/Lang/Class;- > forName (Ljava/Lang/String;)Ljava/Lang/Class
The register letter for needing to trace corresponding with the loophole characteristic information can be obtained simultaneously by loophole characteristic information table
Breath is paramcnt=" 1 ", that is, can determine that the register that need to be traced is v3 register.
The V3 register is then traced, to obtain the value of the V3 register, i.e., is searched upwards from 863 line statement and the V3 is posted
The sentence of storage assignment finds 861 rows to V3 register assignment, and assignment statement is in 859 rows.
Determine 859 rows to the assignment of V3 register be using skip instruction be register assignment the case where.In the tax of 859 rows
It is worth in sentence, has used following skip instruction to the V3 register assignment:
Api=" Ljava/lang/StringBuilder;- > toString () Ljava/lang/String;″
The skip instruction is the specified skip instruction that stores in configuration file, then in reference configuration file with the skip instruction
The information of the corresponding register that need to jump retrospect is track-pos=" 0 ", then can determine that the register that need to jump retrospect is V2
Register continues up to trace when determining that number of hops does not reach defined threshold, i.e. retrospect is V2 register assignment
Sentence.
The 855 behaviors V2 register assignment, and it is to post that the assignment of the 855 behaviors V2 registers, which is still using skip instruction,
Storage assignment is V2 register assignment using following skip instruction:
Ljava/lang/StringBuilder;- > append (Ljava/lang/CharSequence;)Ljava/
lang/St ringBuilder;
Above-mentioned skip instruction is similarly the specified skip instruction stored in configuration file, then search in configuration file with the jump
The corresponding register information that need to jump retrospect of GO TO statement is track-pos=" 1 ", would know that the register that need to jump retrospect is
V0 register continues up to trace when determining that number of hops does not reach defined threshold, until judging without using finger
Determining skip instruction is that the register assignment or number of hops reach stopping retrospect until defined threshold.
Whether in the case where being the register assignment without using specified skip instruction, or reach in number of hops
In the case of defined threshold, the register currently traced back to be by assigned value register value.In example as above, if it traces back to
When V0 register, discovery is the register V0 assignment without using specified skip instruction, then stops tracing, obtain the V0 register
Value by assigned value as the register finally obtained.Or the defined threshold of number of hops is when being 2, even if for the V0 assignment
Sentence is specified skip instruction, also no longer jumps retrospect, but directly acquires that (such as above-mentioned is V0 tax for the V0 register assigned value
The skip instruction of value) value as the register finally obtained.
It should be noted that can also store the corresponding loophole mark of the specified skip instruction in the configuration file.Then
When finding specified skip instruction, can obtain simultaneously by searching for configuration file corresponding with the skip instruction need to jump retrospect
The information and loophole of register identify.A kind of embodiment of the application is to improve Hole Detection efficiency, and identification is special comprising loophole as early as possible
The sentence of reference breath whether there is loophole, can in getting configuration file after corresponding with specified skip instruction loophole mark,
Loophole corresponding with the loophole characteristic information identified in step S10 in the mark and loophole characteristic information table mark is compared,
If two marks are consistent, then it represents that this specifies the loophole characteristic information pair identified in the corresponding loophole of skip instruction and step S10
The loophole answered is same loophole, then the operation for continuing retrospect can be performed.If inconsistent, can stop tracing register,
And the register institute currently traced is obtained by assigned value.It is, determination described in step S12 need to jump the register of retrospect
The step of continuing retrospect is to jump language with described specify in determining the corresponding loophole mark of loophole characteristic information and configuration file
It is executed under the corresponding loophole mark unanimous circumstances of sentence.The advantage of doing so is that further increasing detection using the accurate of loophole
Property.Certain the embodiment of the present application is not limited thereto.
Due to being obtained while identifying the loophole characteristic information of sentence by loophole characteristic information table in step S10
Corresponding with loophole characteristic information loophole Rule of judgment, then the value based on the register described in step S13 judges institute
Predicate sentence whether there is loophole i.e.: judge whether the value of the register meets the loophole Rule of judgment, if meeting the leakage
Hole Rule of judgment, it is determined that there are loopholes for the sentence.If the register that need to be traced for same sentence be it is multiple, obtained
Multiple registers value combination after meet loophole Rule of judgment, then can determine that there are loopholes for the sentence.
It is understood that in some cases, if for the register that same sentence need to trace be it is multiple, determining it
The value of middle one or more register is unsatisfactory in the case of loophole Rule of judgment, that is, can determine that the loophole characteristic information is not constituted
When loophole, it can stop tracing other registers for needing to trace.
The method of the loophole of the detection application to be detected of the embodiment of the present application, in the leakage for the sentence for identifying application to be detected
After the characteristic information of hole, the corresponding register of loophole characteristic information can be not only traced, and in the mistake for tracing the register
Cheng Zhong the case where for using specified skip instruction to be the register assignment, described specified can jump language with reference to being stored with
The configuration file of the information of sentence and the corresponding register that need to jump retrospect, determines that the register that need to jump retrospect continues to chase after
It traces back, so as to trace back to source register, obtains the value of accurate register, the value based on the register carries out loophole judgement can more
It is accurate to add.Therefore the embodiment of the present application effectively increases the accuracy using Hole Detection.
The embodiment of the present application also provides a kind of corresponding with the above-mentioned method of loophole for detecting application to be detected be used for
The device of the loophole of application to be detected is detected, is as shown in Figure 3 described device structural schematic diagram, which can be used for detecting intelligence
Can mobile terminal any application loophole, the device mainly includes: recognition unit 30, determination unit 31, trace-back unit 32 and
Loophole judging unit 33.
Wherein, recognition unit 30, for identification the loophole characteristic information of the sentence in application to be detected.The loophole feature
Information, register corresponding with the loophole characteristic information are correspondingly stored in loophole characteristic information table.Recognition unit 30
Sentence in application to be detected can be compared with the loophole characteristic information in loophole characteristic information table, if in the sentence exist
The loophole characteristic information matched then identifies the loophole characteristic information of the sentence in application to be detected.If not deposited in the sentence
In matched loophole characteristic information, then next sentence in the application to be detected is continued to test, until the application to be detected
The last item sentence.
Determination unit 31, for determining register corresponding to the loophole characteristic information.
Loophole mark corresponding with loophole characteristic information can be also stored in the loophole characteristic information table, and special with loophole
Reference ceases corresponding loophole Rule of judgment.As it can be seen that special according to the loophole of loophole characteristic information table identification sentence in recognition unit 30
While reference ceases, the letter such as register corresponding with loophole characteristic information, loophole mark, loophole Rule of judgment can be obtained simultaneously
Breath.Then determination unit 31 can determine register corresponding to the loophole characteristic information.
Trace-back unit 32, for tracing the register, to obtain the value of the register, wherein tracing the deposit
Using skip instruction is specified, for the register assignment, then reference is stored with the specified skip instruction if it exists during device
And the configuration file of the information of the corresponding register that need to jump retrospect, the register that determination need to jump retrospect continue to trace;
Optionally, the trace-back unit 32 is configured as:
Judge whether using specified skip instruction to be the register assignment;
If being the register assignment without using specified skip instruction, the register institute is obtained by assigned value conduct
The value of the register stops retrospect
Described be the register assignment without using specified skip instruction includes following any case:
It is constant for register assigned value;
It is the value that specific static state can not obtain for register assigned value;
Being for register assigned value can analytical function.
As shown in Figure 4, in the case where the register that 32 determination of trace-back unit need to jump retrospect continues retrospect, institute
State device further include:
Recording unit 34, for recording number of hops;
Wherein, the trace-back unit 32 is configured as:
Judge whether number of hops reaches defined threshold;
If reaching defined threshold, obtain register value by assigned value as the register, stop retrospect.
Wherein, the trace-back unit 32 is configured as before the register that determination need to jump retrospect continues retrospect:
It determines in the loophole characteristic information table in loophole mark corresponding with the loophole characteristic information and configuration file
Loophole mark corresponding with the specified skip instruction is consistent.
Loophole judging unit 33 judges the sentence with the presence or absence of loophole for the value based on the register.The loophole
Judging unit 33 is configured as: being judged whether the value of the register meets in loophole characteristic information table and is believed with the loophole feature
Cease corresponding loophole Rule of judgment;If meeting the loophole Rule of judgment, it is determined that there are loopholes for the sentence.
In conclusion the embodiment of the present application not only may be used after identifying the loophole characteristic information of the sentence of application to be detected
To trace the corresponding register of loophole characteristic information, and during tracing the register, for using specified jump
The case where GO TO statement is the register assignment, can be with reference to being stored with the specified skip instruction and corresponding need to jump retrospect
Register information configuration file, determine that the register that need to jump retrospect continues to trace, so as to trace back to source deposit
Device obtains the value of accurate register, and the value based on the register carries out loophole judgement can be more accurate.Therefore the application is implemented
Example effectively increases the accuracy using Hole Detection.
It should be noted that the application can be carried out in the assembly of software and/or software and hardware, for example, can adopt
With specific integrated circuit (ASIC), general purpose computer or any other realized similar to hardware device.In one embodiment
In, the software program of the application can be executed to implement the above steps or functions by processor.Similarly, the application
Software program (including relevant data structure) can be stored in computer readable recording medium, for example, RAM memory,
Magnetic or optical driver or floppy disc and similar devices.In addition, hardware can be used to realize in some steps or function of the application, example
Such as, as the circuit cooperated with processor thereby executing each step or function.
In addition, a part of the application can be applied to computer program product, such as computer program instructions, when its quilt
When computer executes, by the operation of the computer, it can call or provide according to the present processes and/or technical solution.
And the program instruction of the present processes is called, it is possibly stored in fixed or moveable recording medium, and/or pass through
Broadcast or the data flow in other signal-bearing mediums and transmitted, and/or be stored according to described program instruction operation
In the working storage of computer equipment.Here, including a device according to one embodiment of the application, which includes using
Memory in storage computer program instructions and processor for executing program instructions, wherein when the computer program refers to
When enabling by processor execution, method and/or skill of the device operation based on aforementioned multiple embodiments according to the application are triggered
Art scheme.
It is obvious to a person skilled in the art that the application is not limited to the details of above-mentioned exemplary embodiment, Er Qie
In the case where without departing substantially from spirit herein or essential characteristic, the application can be realized in other specific forms.Therefore, no matter
From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and scope of the present application is by appended power
Benefit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent elements of the claims
Variation is included in the application.Any reference signs in the claims should not be construed as limiting the involved claims.This
Outside, it is clear that one word of " comprising " does not exclude other units or steps, and odd number is not excluded for plural number.That states in system claims is multiple
Unit or device can also be implemented through software or hardware by a unit or device.The first, the second equal words are used to table
Show title, and does not indicate any particular order.
Claims (14)
1. a kind of method for detecting the loophole of application to be detected characterized by comprising
Identify the loophole characteristic information of the sentence in application to be detected;
Determine register corresponding to the loophole characteristic information;
The register is traced, to obtain the value of source register, if wherein using specified during tracing the register
Skip instruction is the register assignment, then reference is stored with the specified skip instruction and the corresponding deposit that need to jump retrospect
The configuration file of the information of device, the register that determination need to jump retrospect continue to trace;
Value based on the source register judges the sentence with the presence or absence of loophole.
2. the method according to claim 1, which is characterized in that the retrospect register, to obtain the value of source register
Step includes:
Judge whether using specified skip instruction to be the register assignment;
If judging, without using specified skip instruction be the register assignment, obtains the register institute by assigned value conduct
The value of the source register stops retrospect.
3. method according to claim 2, which is characterized in that described do not use specifies skip instruction for the register assignment
Including following any case:
It is constant for the register assigned value;
It is the value that specific static state can not obtain for the register assigned value;
Being for the register assigned value can analytical function.
4. method according to claim 1 or 2, which is characterized in that continue retrospect in the register that determination need to jump retrospect
In the case of, the method also includes: record number of hops;
And the retrospect register, the step of value to obtain source register, include:
Judge whether number of hops reaches defined threshold;
If reaching defined threshold, obtain register value by assigned value as the source register, stop retrospect.
5. the method according to claim 1, which is characterized in that the loophole characteristic information, corresponding with the loophole characteristic information
The register be correspondingly stored in loophole characteristic information table.
6. method according to claim 5, which is characterized in that the loophole characteristic information table is also stored to be believed with the loophole feature
Cease corresponding loophole mark, the configuration file also store loophole mark corresponding with the specified skip instruction, wherein determination
Need to jump retrospect register continue retrospect before, the method also includes:
Determine in the loophole characteristic information table in corresponding with loophole characteristic information loophole mark and configuration file with institute
It is consistent to state the corresponding loophole mark of specified skip instruction.
7. method as claimed in claim 5, which is characterized in that be also stored in the loophole characteristic information table and the loophole
The corresponding loophole Rule of judgment of characteristic information, the then value based on the source register judge the sentence with the presence or absence of loophole packet
It includes:
It is corresponding with the loophole characteristic information in the loophole characteristic information table to judge whether the value of the source register meets
Loophole Rule of judgment;
If meeting the loophole Rule of judgment, it is determined that there are loopholes for the sentence.
8. a kind of for detecting the device of the loophole of application to be detected characterized by comprising
Recognition unit, for identification the loophole characteristic information of the sentence in application to be detected;
Determination unit, for determining register corresponding to the loophole characteristic information;
Trace-back unit, for tracing the register, to obtain the value of source register, wherein in the process for tracing the register
In the use of specified skip instruction is if it exists the register assignment, then with reference to being stored with the specified skip instruction and corresponding
The configuration file of the information of the register of retrospect need to be jumped, the register that determination need to jump retrospect continues to trace;
Loophole judging unit judges the sentence with the presence or absence of loophole for the value based on the source register.
9. device according to claim 8, which is characterized in that the trace-back unit is configured as:
Judge whether using specified skip instruction to be the register assignment;
If judging, without using specified skip instruction be the register assignment, obtains the register institute by assigned value conduct
The value of the source register stops retrospect.
10. device as claimed in claim 9, which is characterized in that described without using specified skip instruction is that the register is assigned
Value includes following any case:
It is constant for the register assigned value;
It is the value that specific static state can not obtain for the register assigned value;
Being for the register assigned value can analytical function.
11. device as claimed in claim 8 or 9, which is characterized in that the deposit of retrospect need to be jumped in the trace-back unit determination
In the case that device continues retrospect, described device further include:
Recording unit, for recording number of hops;
Wherein, the trace-back unit is configured as:
Judge whether number of hops reaches defined threshold;
If reaching defined threshold, obtain register value by assigned value as the source register, stop retrospect.
12. device according to claim 8, which is characterized in that the loophole characteristic information, corresponding with the loophole characteristic information
The register be correspondingly stored in loophole characteristic information table.
13. device according to claim 12, which is characterized in that the loophole characteristic information table also stores and the loophole feature
Information corresponding loophole mark, the configuration file also stores loophole mark corresponding with the specified skip instruction, wherein institute
It states trace-back unit to be configured as before the register that determination need to jump retrospect continues retrospect, determine in the loophole characteristic information table
And loophole mark corresponding with the specified skip instruction in the corresponding loophole mark of the loophole characteristic information and configuration file
Unanimously.
14. device as claimed in claim 12, which is characterized in that be also stored in the loophole characteristic information table and the leakage
The corresponding loophole Rule of judgment of hole characteristic information, the loophole judging unit are configured as:
It is corresponding with the loophole characteristic information in the loophole characteristic information table to judge whether the value of the source register meets
Loophole Rule of judgment;
If meeting the loophole Rule of judgment, it is determined that there are loopholes for the sentence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510391266.8A CN106326103B (en) | 2015-07-06 | 2015-07-06 | For detecting the method and device of the loophole of application to be detected |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510391266.8A CN106326103B (en) | 2015-07-06 | 2015-07-06 | For detecting the method and device of the loophole of application to be detected |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106326103A CN106326103A (en) | 2017-01-11 |
| CN106326103B true CN106326103B (en) | 2019-01-04 |
Family
ID=57727382
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510391266.8A Active CN106326103B (en) | 2015-07-06 | 2015-07-06 | For detecting the method and device of the loophole of application to be detected |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106326103B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112905374A (en) * | 2021-02-08 | 2021-06-04 | 烽火通信科技股份有限公司 | Method and device for improving robustness of embedded software |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102306098A (en) * | 2011-08-18 | 2012-01-04 | 电子科技大学 | Implicit taint propagation system and scheme thereof |
| CN102521543A (en) * | 2011-12-23 | 2012-06-27 | 中国人民解放军国防科学技术大学 | Method for information semantic analysis based on dynamic taint analysis |
| CN102567200A (en) * | 2011-12-14 | 2012-07-11 | 北京航空航天大学 | Parallelization security hole detecting method based on function call graph |
| CN103995782A (en) * | 2014-06-17 | 2014-08-20 | 电子科技大学 | Taint analyzing method based on taint invariable set |
| US8875298B2 (en) * | 2012-02-16 | 2014-10-28 | Nec Laboratories America, Inc. | Method for scalable analysis of android applications for security vulnerability |
| CN104732146A (en) * | 2015-04-03 | 2015-06-24 | 上海斐讯数据通信技术有限公司 | Android program bug detection method and system |
-
2015
- 2015-07-06 CN CN201510391266.8A patent/CN106326103B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102306098A (en) * | 2011-08-18 | 2012-01-04 | 电子科技大学 | Implicit taint propagation system and scheme thereof |
| CN102567200A (en) * | 2011-12-14 | 2012-07-11 | 北京航空航天大学 | Parallelization security hole detecting method based on function call graph |
| CN102521543A (en) * | 2011-12-23 | 2012-06-27 | 中国人民解放军国防科学技术大学 | Method for information semantic analysis based on dynamic taint analysis |
| US8875298B2 (en) * | 2012-02-16 | 2014-10-28 | Nec Laboratories America, Inc. | Method for scalable analysis of android applications for security vulnerability |
| CN103995782A (en) * | 2014-06-17 | 2014-08-20 | 电子科技大学 | Taint analyzing method based on taint invariable set |
| CN104732146A (en) * | 2015-04-03 | 2015-06-24 | 上海斐讯数据通信技术有限公司 | Android program bug detection method and system |
Non-Patent Citations (2)
| Title |
|---|
| "一种针对Android系统隐私保护机制有效性的评估方法";曾述可 等;《中国科学技术大学学报》;20141031;第44卷(第10期);第853-861页 |
| "基于控制依赖分析的Android远程控制类恶意软件检测";李京哲 等;《清华大学学报(自然科学版)》;20140115;第54卷(第1期);第8-13页 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106326103A (en) | 2017-01-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3032409B1 (en) | Transitive source code violation matching and attribution | |
| US20190317884A1 (en) | Processing automation scripts of software | |
| US9983984B2 (en) | Automated modularization of graphical user interface test cases | |
| US11194553B2 (en) | Identifying and recommending code snippets to be reused by software developer | |
| US8938395B2 (en) | Cursor path vector analysis for detecting click fraud | |
| CN105868096B (en) | For showing the method, device and equipment of web page test result in a browser | |
| CN108647355A (en) | Methods of exhibiting, device, equipment and the storage medium of test case | |
| US10049031B2 (en) | Correlation of violating change sets in regression testing of computer software | |
| CN104200166A (en) | Script-based website vulnerability scanning method and system | |
| US8904352B2 (en) | Systems and methods for processing source code during debugging operations | |
| CN110175609A (en) | Interface element detection method, device and equipment | |
| KR102013657B1 (en) | Apparatus for statically analyzing assembly code including assoxiated multi files | |
| CN107015841B (en) | Preprocessing method for program compiling and program compiling device | |
| US9507691B2 (en) | Conditional component breakpoint setting system and method | |
| CN110221959B (en) | Application program testing method, device and computer readable medium | |
| US9965380B2 (en) | Automated test runs in an integrated development environment system and method | |
| US20200272443A1 (en) | Code completion with machine learning | |
| D’Souza et al. | Collective intelligence for smarter API recommendations in python | |
| US8185881B2 (en) | Procedure summaries for pointer analysis | |
| CN104123085B (en) | By the method and apparatus of voice access multimedia interaction website | |
| CN105515909B (en) | A kind of data acquisition test method and apparatus | |
| CN102866885A (en) | Method and device for confirming clicking position in webpage | |
| CN106326103B (en) | For detecting the method and device of the loophole of application to be detected | |
| KR102021383B1 (en) | Method and apparatus for analyzing program by associating dynamic analysis with static analysis | |
| CN110874475A (en) | Vulnerability mining method, vulnerability mining platform and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |