CN106548076A - Method and apparatus of the detection using bug code - Google Patents
Method and apparatus of the detection using bug code Download PDFInfo
- Publication number
- CN106548076A CN106548076A CN201510613310.5A CN201510613310A CN106548076A CN 106548076 A CN106548076 A CN 106548076A CN 201510613310 A CN201510613310 A CN 201510613310A CN 106548076 A CN106548076 A CN 106548076A
- Authority
- CN
- China
- Prior art keywords
- code
- bug
- sentence
- application
- default
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
This application discloses a kind of method and apparatus of detection using bug code.One specific embodiment of methods described includes:Obtain the application code of the application;The application code carries out decompiling, generates the intermediate code of predetermined format;Based on the function calling relationship in the intermediate code, whether comprising the sentence matched with default leak feature sentence in the detection intermediate code, if so, determine that the application includes suspicious bug code;The intermediate code is performed and is directed to the default Validation Code of the suspicious bug code, determine whether the suspicious bug code is definite bug code according to implementing result.The embodiment can improve effectiveness of the detection using bug code.
Description
Technical field
The application is related to field of computer technology, and in particular to code detection technical field, especially
It is related to detect the method and apparatus using bug code.
Background technology
Leak refers to the weakness or defect of a system presence, and system is attacked to specific threat or endangered
The sensitivity of dangerous event, or the probability of the threat effect attacked.Leak may be from should
The mistake produced during with defect when software or operating system design or coding, it is also possible to from industry
Design defect of the business in iterative process or the unreasonable part in logic flow.These lack
Fall into, mistake or unreasonable part either intentionally or unintentionally may be utilized, so as to a tissue
Assets or operation are adversely affected, and such as information system is attacked or controlled, and capsule information are stolen
Take, user data is tampered, system is by as the springboard for invading other host computer systems.Wherein,
The code for producing these defects, mistake or unreasonable part can be referred to as bug code.
However, existing detection is generally limited to by static analysis using the method for bug code
Or dynamic analysing method finds bug code, and for the inspection and reparation of bug code, often
Lack effective mechanism.For the developer of application can not have found or patching bugs code in time,
The terminal of the application that operation has bug code will face the threat attacked or controlled.Therefore,
This detection is asked using the effectiveness that the method for bug code has bug code detection is relatively low
Topic.
The content of the invention
The purpose of the application is a kind of method and dress for proposing improved detection using bug code
Put, solve the technical problem that background section above is mentioned.
In a first aspect, this application provides a kind of method detected using bug code, the side
Method includes:Obtain the application code of the application;The application code is carried out into decompiling, it is raw
Into the intermediate code of predetermined format;Based on the function calling relationship in the intermediate code, detect
Whether comprising the sentence matched with default leak feature sentence in the intermediate code, if so,
Determine that the application includes suspicious bug code;The intermediate code is performed for described suspicious
Whether the default Validation Code of bug code, determine the suspicious bug code according to implementing result
For definite bug code.
In certain embodiments, the function calling relationship based in the intermediate code, inspection
Survey whether comprising the sentence matched with default leak feature sentence in the intermediate code, if
It is to determine that the application includes comprising suspicious bug code:According to the function of the intermediate code
Call relation is generated and calls path;According to the call relation respectively called on path, to the centre
The sentence of code is matched with default leak feature sentence;If called on path at one
Match the leak feature sentence of predetermined number, determine in the intermediate code comprising with it is default
The sentence that leak feature sentence matches, and determine that the application includes suspicious bug code.
In certain embodiments, methods described also includes:If it is determined that the suspicious bug code
For definite bug code, the intermediate code is repaired based on default reparation rule.
In certain embodiments, methods described is further included:If it is determined that the suspicious leak
Code is definite bug code, and the leak title of the definite bug code is presented;In response to true
The fixed operation repaired to the definite bug code, repairs institute based on default reparation rule
State intermediate code.
In certain embodiments, the default reparation rule includes:By in the intermediate code
The sentence matched with default leak feature sentence is revised as default reparation sentence;And/or,
Increase default sentence in intermediate code;And/or, delete in intermediate code and default leakage
The code that hole feature sentence matches.
In certain embodiments, methods described also includes:Intermediate code after reparation is compiled
Translate, generate and repair application code.
In certain embodiments, it is described that the intermediate code was performed for the suspicious leak generation
According to implementing result, the default Validation Code of code, determines whether the suspicious bug code is definite
Bug code includes:The intermediate code is performed and is tested for the suspicious bug code is default
Card code;Check whether the implementing result is leak behavior outcome, if so, determination is described can
Doubtful bug code is definite bug code.
In certain embodiments, the application code include it is following at least one:Source code, peace
Dress bag code or software tool kit code.
Second aspect, this application provides a kind of device of detection using bug code, the dress
Put including:Acquisition module, is configured to obtain the application code of the application;Decompiling module,
It is configured to for the application code to carry out decompiling, generates the intermediate code of predetermined format;Inspection
Module is surveyed, is configured to based on the function calling relationship in the intermediate code, during detection is described
Between in code whether comprising the sentence matched with default leak feature sentence, if so, determine
The application includes suspicious bug code;Authentication module, is configured to hold the intermediate code
The hand-manipulating of needle, can according to implementing result determines to the default Validation Code of the suspicious bug code
Whether doubtful bug code is definite bug code.
In certain embodiments, the detection module includes:Coordinates measurement unit is called, is configured
Path is called for generating according to the function calling relationship of the intermediate code;Matching unit, matches somebody with somebody
Put for according to the call relation respectively called on path, to the sentence of the intermediate code with it is default
Leak feature sentence matched;Determining unit, if being configured to call path at one
On match the leak feature sentence of predetermined number, determine in the intermediate code comprising with it is default
The sentence that matches of leak feature sentence, and determine that the application includes suspicious bug code.
In certain embodiments, described device also includes:Repair module, if be configured to really
The fixed suspicious bug code is definite bug code, repairs described based on default reparation rule
Intermediate code.
In certain embodiments, the repair module is further included:Display unit, configuration are used
In if it is determined that the suspicious bug code is definite bug code, definite leak generation is presented
The leak title of code;Unit is repaired, is configured in response to determining to the definite bug code
The operation repaired, repairs the intermediate code based on default reparation rule.
In certain embodiments, the default reparation rule includes:By in the intermediate code
The sentence matched with default leak feature sentence is revised as default reparation sentence;And/or,
Increase default sentence in intermediate code;And/or, delete in intermediate code and default leakage
The code that hole feature sentence matches.
In certain embodiments, described device also includes:Collector, is configured to repairing
Intermediate code afterwards is compiled, and generates and repairs application code.
In certain embodiments, the authentication module includes:Performance element, is configured to institute
State intermediate code execution and be directed to the default Validation Code of the suspicious bug code;Verification unit,
It is configured to check whether the implementing result is leak behavior outcome, if so, determination is described can
Doubtful bug code is definite bug code.
In certain embodiments, the application code include it is following at least one:Source code, peace
Dress bag code or software tool kit code.
Method and apparatus of the detection of the application offer using bug code, by obtaining described answering
Application code is then carried out decompiling by application code, generates the middle generation of predetermined format
Whether code, then, based on the function calling relationship in intermediate code, wrap in detecting intermediate code
Containing the sentence matched with default leak feature sentence, if so, determine that application includes suspicious leakage
Hole code, and intermediate code is performed for the default Validation Code of suspicious bug code, according to
Implementing result determines whether suspicious bug code is definite bug code, due to by static generation
The detection method that code statement matching and the checking of dynamic Validation Code combine, can improve detection
Using the effectiveness of bug code.
Description of the drawings
By reading the detailed description to non-limiting example made with reference to the following drawings, this
The other features, objects and advantages of application will become more apparent upon:
Fig. 1 shows the exemplary system architecture that can apply the embodiment of the present application;
Fig. 2 is the stream of the one embodiment for the method that bug code is applied according to the detection of the application
Cheng Tu;
Fig. 3 is an application scenarios of the method that bug code is applied according to the detection of the application
Flow chart;
Fig. 4 is another embodiment of the method that bug code is applied according to the detection of the application
Flow chart;
Fig. 5 is the knot of the one embodiment for the device that bug code is applied according to the detection of the application
Structure schematic diagram;
Fig. 6 shows the computer system that is suitable to each device for realizing the embodiment of the present application
Structural representation.
Specific embodiment
With reference to the accompanying drawings and examples the application is described in further detail.It is appreciated that
, specific embodiment described herein is used only for explaining related invention, rather than to this
Bright restriction.It also should be noted that, for the ease of description, illustrate only in accompanying drawing with
About the related part of invention.
It should be noted that the embodiment and embodiment in the case where not conflicting, in the application
In feature can be mutually combined.Below with reference to the accompanying drawings and in conjunction with the embodiments describing this in detail
Application.
Fig. 1 shows the exemplary system architecture 100 that can apply the embodiment of the present application.
As shown in figure 1, system architecture 100 can include terminal unit 101,102, network 103
With server 104.Network 103 is between terminal unit 101,102 and server 104
The medium of communication link is provided.Network 103 can include various connection types, such as it is wired,
Wireless communication link or fiber optic cables etc..
Terminal unit 101,102 can be interacted with server 104 by network 103, to receive
Or send message etc..Various telecommunication customer end applications can be installed on terminal unit 101,102,
For example bug code detection class application, antivirus class application, searching class application, social platform application,
Mailbox client, JICQ etc..
Terminal unit 101,102 can support bug code detection class application, antivirus class application
Etc. the various electronic equipments being mounted thereon, including but not limited to smart mobile phone, intelligent watch,
Panel computer, personal digital assistant, E-book reader, MP3 player (Moving Picture
Experts Group Audio Layer III, dynamic image expert's compression standard audio frequency aspect 3),
MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image expert pressure
Contracting standard audio aspect 4) player, pocket computer on knee and desk computer etc..
Server 104 can be to provide the server of various services.For example to terminal unit 101,
102 detection provides the background service supported using bug code class application, antivirus class application etc.
Device etc..Server can be carried out storing to the data that receive, be generated etc. and processing, and will process
As a result feed back to terminal unit.
It should be noted that the method that bug code is applied in the detection provided by the embodiment of the present application
Can be performed by terminal unit 101,102, it is also possible to performed by server 104, can with by
Terminal unit 101,102 and server 104 perform part steps therein respectively, for example, can
So that " application code for obtaining application " is performed by terminal unit 101,102, by server 104
Perform " application code being carried out into decompiling, generate the intermediate code of predetermined format " etc..Accordingly
Ground, detection can be arranged in terminal unit 101,102 using the device of bug code, also may be used
To be arranged in server 104, can be with terminal unit 101,102 and server 104
In be respectively provided with part of module therein.
It should be understood that the number of the terminal unit, network and server in Fig. 1 is only illustrated
Property.According to needs are realized, can have any number of terminal unit, network and server.
Fig. 2 is refer to, and detection is it illustrates using one embodiment of the method for bug code
Flow process 200.The flow process 200 of the detection application bug code specifically can apply to electronic equipment
In, the electronic equipment can be terminal unit (such as Fig. 1 with operation terminal applies ability
Shown terminal unit 101, the detection application 102), or to run on terminal unit
The application of bug code class provides the background server (such as the server 104 shown in Fig. 1) supported
In, the application is not limited to this.The flow process 200 is comprised the following steps:
Step 201, obtains the application code of application.
In the present embodiment, electronic equipment can be from the application generation for locally or remotely obtaining application
Code.Specifically, when electronic equipment, detection is run thereon using the application of bug code class
During terminal unit, which can directly from locally obtaining above-mentioned application code;And working as electronic equipment is
During the background server being supported using bug code class application to detection, which can be by having
Line connected mode or radio connection obtain above-mentioned application code from terminal unit.Above-mentioned nothing
Line connected mode includes but is not limited to 3G/4G connections, WiFi connections, bluetooth connection, WiMAX
Connection, Zigbee connections, UWB (ultra wideband) connections, and other are currently known
Or the radio connection developed in the future.
In some optional implementations of the present embodiment, the application code acquired in electronic equipment
Can be source code, installation kit code or the software tool kit code of application.Wherein, source
Code is the initial code that developer writes application, the sentence group such as expressed by C++ programming languages
Into code;Using installation kit code be for installing simultaneously in the operating system of terminal unit
The code of execution, the executable code that such as compilation of source code of application is formed (i.e. machine language
The installation kit AndroidPackage of code, generally binary code, such as Android system,
APK codes);Too development bag (Software Development Kit, SDK) is for specific
Software kit, software frame, hardware platform, exploitation when operating system etc. sets up application software
The set of instrument, software tool kit often encapsulate the letter that many application developments are called
Number, and pass through application programming interface (Application Programming Interface, API)
Form be supplied to programmer, software tool kit code can include these functions and interface.
Application code is carried out decompiling by step 202, generates the intermediate code of predetermined format.
In the present embodiment, electronic equipment then can be answered acquired by static analysis means
It is compiled with code or decompiling, so as to generate the intermediate code of predetermined format.
Compiling can be the process for producing object code using compiler from source code.Compiling can
Realize with by compiler.Assembler language or high-level [computer can be expressed by compiler
Source code (Source program), translate into object language (Target language) expression
Machine code.Source code generally high-level language (High-level language), such as Pascal,
C, C++, Java, Chinese programming language or assembler language etc., and machine language is also referred to as machine
Device code (Machine code), usually binary file.Compiler can be by applying journey
Sequence is realizing, it is also possible to realized by hardware configuration.Further, decompiling can be compiled
The inverse process translated.
Intermediate code can be the code represented by a certain predetermined programming language, for example
The application code that Java language is represented;Can also be that the mathematical logic that can show application code is closed
Other codes of system.In some implementations, application code can be the source code of application, now,
Electronic equipment can be compiled with application code, be converted into intermediate form code.At other
In realization, application code can be the installation kit code of application, and now, electronic equipment can be right
Application code carries out decompiling, so as to application code is converted into intermediate form code.For should
Include the situation of software tool kit code (can be machine code) with code, electronics sets
It is standby decompiling to be carried out with application code, so as to application code is converted into intermediate form code.
Step 203, based on the function calling relationship in intermediate code, in detecting intermediate code be
It is no comprising the sentence matched with default leak feature sentence, if so, determine above-mentioned application bag
Containing suspicious bug code.
In the present embodiment, electronic equipment then can be by various Static Analysis Methods to centre
Code is carried out, and is generated the function calling relationship of intermediate code, and then is closed according to these function calls
Whether comprising the sentence matched with default leak feature sentence in system's detection intermediate code.
In the present embodiment, electronic equipment can not perform code by Static Analysis Method
In the case of the issuable behavior of code is analyzed.Static Analysis Method can for example include
But be not limited to unreachable code (all run under any circumstance less than code) minimizing technology,
Constant propagation (constant propagation) method etc..Wherein, with unreachable code removal side
As a example by a kind of realization of method, electronic equipment can be set up in being represented in the form of data structure chain
Between code control flow chart (Control flow graph, CFG), it is true according to control flow chart
The code of fixed isolated node section is unreachable code, and then unreachable code is removed.Its
In, data structure chain can be generated by the following method:In being read in by character successively from left to right
Between code, the character stream of intermediate code is scanned, by using matching regular expressions side
Application code is converted to method the symbol stream of equivalence.Here, matching regular expressions method is to make
A series of matching of character strings for meeting certain syntactic rule is described, is matched with single character string
Method.
Further, electronic equipment can be according in the static analysis Procedure Acquisition to intermediate code
Between call relation between function included in code, and according to function call order by centre
The sentence of code is matched with default leak feature sentence.Wherein, leak feature sentence can
To prestore on an electronic device.Leak feature sentence can have consistent with intermediate code
Language rule and form, the sentence for for example both being reached by Java language code table.Here,
The sentence of intermediate code can be realized by string matching with matching for leak feature sentence, can
So that the sentence of intermediate code is matched, or in intermediate code with leak feature sentence
Sentence in search the keyword of leak feature sentence, carried out when keyword is found again whole
The matching of sentence, the application are not limited to this.If detected in the sentence of intermediate code
The sentence matched with leak feature sentence, electronic equipment can determine that detected application is included
Suspicious bug code.Alternatively, electronic equipment can preserve matched leak feature sentence
Leak title or type, and intermediate code in include match with leak feature sentence
Position that sentence is located etc..
Leak feature sentence can be obtained by number of ways, for example, by known leak
Code and the leak behavior for causing are analyzed, and cause the root institute of leak behavior in determining code
Code statement, as leak feature sentence;Or, from existing bug code data base
Middle direct access leak feature sentence, etc., the application is not limited to this.Wherein, one
A little to realize, leak feature sentence can be utilized to attack system in code
Or the sentence of control.For example, the image loading in the USER32 storehouses of WINDOWS operating systems
(LoadImage) application programming interface (Application Programming Interface,
API the icon of one bmp, cur, ico or ani form of loading) is allowed being shown, and
Picture size according to being given in picture format adds 4 to carry out the duplication of data, if will be given
Text of the picture size for going out for bmp, cur, ico or ani form of 0xfffffffc-0xffffffff
Part is embedded into HTML (HyperText Markup Language, HTML) page
In face or mail, the terminal system for loading html page or receiving mail will be due to triggering integer
Spilling causes stacker buffer to be capped, and then System Privileges can be obtained easily.In the type
Leak in, can will realize " API allow loading one bmp, cur, ico or ani form
Icon being shown, and add 4 to enter line number according to the picture size be given in picture format
According to duplication " sentence as leak feature sentence.In other realizations, leak feature language
Sentence can also be incorrect parameter setting sentence, such as the API for establishment file
For " openFileOutput (String name, int mode) ", if application developer handle
Mode parameters are set to MODE_WORLD_READABLE, then the file for being created is being created
Can be read by arbitrarily application afterwards.In the bug code, will can realize " mode
Parameter is set to MODE_WORLD_READABLE " sentence as leak feature sentence.
In practice, there are other polytype leak feature sentences, here is no longer enumerated.
Step 204, performs for suspicious bug code default checking generation to above-mentioned intermediate code
According to implementing result, code, determines whether suspicious bug code is definite bug code.
In the present embodiment, as static analysis rate of false alarm is higher, if it is determined that what is detected should
With comprising suspicious bug code, electronic equipment can further can to this by dynamic test means
Doubtful bug code is verified, to determine whether it is definite bug code.Here, it is definite to leak
Hole code can represent necessary being, operationally can make using produce leak behavior generation
Code.
Wherein, dynamic testing method is the method being analyzed to code by operation code.Electricity
Sub- equipment can be set by simulator (simulator, such as Simulation Application), virtual machine or physics
Standby (physical device, including the various equipment that mounted of hardware and operating system) operation institute
The application code of detection application or the intermediate code generated according to application code.
Validation Code is the code verified to suspicious bug code, for example, be available with Lou
The code that hole feature sentence application code is attacked or destroyed.For example, for refusal
In the leak of service, such as Android system, if developer has used the API for obtaining incoming data
" getSerializableExtra () ", without to obtain incoming data do abnormal judgement, then when
When the API " getSerializableExtra () " receives undefined object in application code,
Can cause using local refusal service, then the Validation Code for the bug code can be to this
The Intent of the incoming empty data of API " getSerializableExtra () " (is intended to, answers for ARIXTRA
Communication between every component).
Electronic equipment can according to intermediate code perform Validation Code implementing result with it is default
Implementing result compares, to determine the suspicious bug code whether bug code as necessary being,
I.e. definite bug code.Here, default implementing result can be the leak of suspicious bug code
Behavior outcome, i.e. application code include implementing result during bug code, now, if performed
As a result include default implementing result, it is determined that suspicious bug code is definite bug code, no
Then, it is determined that the application for being detected does not include the suspicious bug code obtained by Static Analysis Method;
Can also be application code do not include bug code when implementing result, now, if performing knot
Fruit includes default implementing result, it is determined that the application for being detected does not include bug code, otherwise,
Determine that suspicious bug code is definite bug code.
In some optional implementations of the present embodiment, can be by with lower section to step 203
Method is realized:First, electronic equipment can be generated according to the function calling relationship of intermediate code and be called
Path, wherein, each function can call multiple functions, in addition to principal function, each function
Path can also be called per bar to form " function A call functions B-letter by multiple function calls
The call relation of number B call functions C-function C call functions D ... ";Then, electronics
Equipment can according to the call relation respectively called on path, to the sentence of intermediate code with it is default
Leak feature sentence is matched, and matching here can be along calling path to carry out, match party
Method is consistent with aforesaid matching process;Then, if electronic equipment calls path at one
Be fitted on the leak feature sentence of predetermined number (such as 3), it is determined that in intermediate code comprising with
The sentence that default leak feature sentence matches, and determine using comprising suspicious bug code.
Alternatively, when electronic equipment calls the leak feature sentence matched on path to include category at one
When the leak feature sentence of the predetermined number of same leak, determine in intermediate code comprising with it is pre-
If the sentence that matches of leak feature sentence, and determine using comprising suspicious bug code.
With continued reference to Fig. 3, Fig. 3 is to apply bug code method according to the detection of the present embodiment
One schematic diagram of application scenarios.In the application scenarios of Fig. 3, in step 3001, user
Terminal unit 301 is initiated through first initiates detection application bug code to background server 302
Request, in some implementations, background server 302 can also active request detection terminal set
The application bug code of the terminal applies in standby 301, now, what step 3001 was not required;
Then, by step 3002, background server 302 obtains to be detected from terminal unit 301
The application code of terminal applies;Then by step 3003, acquired in background server 302 pairs
Application code carry out decompiling, generate the intermediate code of predetermined format;Then, by step
3004, background server 302 obtains the function call in intermediate code by static analysis means
Relation, and the sentence in intermediate code is matched with default leak feature sentence, if
It is fitted on and leak feature sentence identical sentence, in determining terminal applies, includes suspicious bug code;
Then, in step 3005, background server 302 is by dynamic analysing method to intermediate code
The default Validation Code of suspicious bug code for detecting is performed, is determined according to implementing result
Whether suspicious bug code is definite bug code, also, in some implementations, background service
Device 302 can be presented the result to terminal unit 301 by step 3006.
The method that above-described embodiment of the application is provided is by the suspicious bug code of Static Detection and moves
State verifies that suspicious bug code combines, and improves effectiveness of the detection using bug code.
With further reference to Fig. 4, another enforcement of detection using bug code method is it illustrates
The flow process 400 of example.The flow process 400 of the detection application bug code method, comprises the following steps:
Step 401, obtains the application code of application.
In the present embodiment, electronic equipment can be from the application generation for locally or remotely obtaining application
Code.Specifically, when electronic equipment, detection is run thereon using the application of bug code class
During terminal unit, which can directly from locally obtaining above-mentioned application code;And working as electronic equipment is
During the background server being supported using bug code class application to detection, which can be by having
Line connected mode or radio connection obtain above-mentioned application code from terminal unit.
Application code is carried out decompiling by step 402, generates the intermediate code of predetermined format.
In the present embodiment, electronic equipment then can be answered acquired by static analysis means
It is compiled with code or decompiling, so as to generate the intermediate code of predetermined format.Here, in
Between code can be the code represented by a certain predetermined programming language, such as Java language
The application code of expression;Can also be the mathematical logic relation that can show application code other
Code.Electronic equipment can be compiled with application code or decompiling, so as to be converted into centre
Format code.
Step 403, based on the function calling relationship in intermediate code, in detecting intermediate code be
It is no comprising the sentence matched with default leak feature sentence, if so, determine above-mentioned application bag
Containing suspicious bug code.
In the present embodiment, electronic equipment then can be by various Static Analysis Methods to centre
Code is carried out, and is generated the function calling relationship of intermediate code, and then is closed according to these function calls
Whether comprising the sentence matched with default leak feature sentence in system's detection intermediate code.Electricity
Sub- equipment be able to may be produced to code in the case where code is not performed by Static Analysis Method
Behavior be analyzed.Static Analysis Method can for example include but is not limited to unreachable code (
All run in any case less than code) minimizing technology, constant propagation
(constant propagation) method etc..Further, electronic equipment can be according to centre
The call relation between function included in the static analysis Procedure Acquisition intermediate code of code,
And the sentence of intermediate code and default leak feature sentence are carried out according to function call order
Match somebody with somebody.
Step 404, performs for suspicious bug code default checking generation to above-mentioned intermediate code
According to implementing result, code, determines whether suspicious bug code is definite bug code.
In the present embodiment, electronic equipment can be further suspicious to this by dynamic test means
Bug code is verified, to determine whether it is definite bug code.Here, definite leak
Code can represent necessary being, operationally can make using produce leak behavior code.
Wherein, dynamic testing method is the method being analyzed to code by operation code.Electronics sets
It is standby can pass through simulator, virtual machine or physical equipment run detected application application code or
The intermediate code that person is generated according to application code.Validation Code is that suspicious bug code is tested
The code of card, for example, be available with leak feature sentence application code and attacked or destroyed
Code.In some implementations, if electronic equipment is performed for suspicious to above-mentioned intermediate code
The implementing result of the default Validation Code of bug code is leak behavior outcome, it is determined that suspicious leakage
Hole code is definite bug code.
Step 405, if it is determined that suspicious bug code is definite bug code, based on default
Reparation rule repairs intermediate code.
In the present embodiment, the suspicious bug code in application is determined through verification step 404
After definite bug code, electronic equipment can be by default reparation rule to intermediate code
Modify, so as to repair definite bug code.
Wherein, electronic equipment can be directed to different leak feature sentences, prestore corresponding
Reparation rule, make code no longer produce leak behavior.Reparation rule can be including but not limited to
Below at least one:The sentence matched with default leak feature sentence in intermediate code is repaiied
It is changed to default reparation sentence;Increase default sentence in intermediate code;In intermediate code
The code that deletion is matched with default leak feature sentence.For example, for for establishment file
API " openFileOutput (String name, int mode) ", mode parameters are set as
The definite bug code of MODE_WORLD_READABLE, default reparation rule can be with
It is that mode parameters are revised as into " MODE by " MODE_WORLD_READABLE "
PRIVATE ", the then file for being created arbitrarily can not be read;For in the application of Android system
" used API " getSerializableExtra () ", without to obtain incoming data do
It is abnormal judge " definite bug code, default reparation rule can be:Increase try catch
Sentence does abnormal judgement, etc. to the incoming data that " getSerializableExtra () " obtains,
Here will not enumerate.
In practice, user (such as developer) is likely to utilize some definite leaks intentionally
Code is realizing some special functions.For example, certain intra-company is shared using an application
File, can by the application code of the application by calling the API of establishment file
" openFileOutput (String name, int mode) ", is set to mode parameters
MODE_WORLD_READABLE, the then file for being created can be appointed after creation
Meaning application is read, so as to reach the purpose of file-sharing.Now, if electronic equipment is from application
Intermediate code in detect bug code and repaired, then the function of the Application share file
Just without.Therefore, after it is determined that there is definite bug code in electronic equipment, can first to
User is presented (for example present by dialog box, voice) vulnerability information of definite bug code,
For example including but not limited to it is following at least one:Leak title, bug code are in application code
Position (in certain function) of appearance etc..The vulnerability information is presented by electronic equipment can be with
Receive the scheduled operation of user, for example, determine the operation repaired to definite bug code, prohibit
Operation that only definite bug code is repaired etc..Determine to definite leak in response to receiving
The operation repaired by code, electronic equipment can repair above-mentioned based on default reparation rule
Intermediate code.
In some optional implementations of the present embodiment, also include:
Step 406, is compiled to the intermediate code after reparation, generates and repairs application code.
Here, electronic equipment further can enter to repairing the intermediate code after definite bug code
Row is recompilated, and generates the application code repaired.The application code of reparation can be set with electronics
Code that standby acquired application code is expressed using identical programming language, or by centre
The executable code that code compilation is formed, the application are not limited to this.
In the fig. 4 embodiment, the above-mentioned step 401 realized in flow process, step 402, step
403 and step 404 respectively with previous embodiment in step 201, step 202, step 203
It is essentially identical with step 204, will not be described here.
Figure 4, it is seen that from unlike the corresponding embodiments of Fig. 2, in the present embodiment
The flow process 400 of method of detection application bug code had more and repaiied based on default reparation rule
The step of multiple intermediate code 405, can also include being compiled the intermediate code after reparation,
Generate the step of repairing application code 406.The step of by increasing by 405, the present embodiment description
Scheme is favorably improved the intellectuality repaired using bug code.The present embodiment can also be by increasing
Plus step 406, the intermediate code after reparation is recompilated, artificial participation cost has been saved,
So as to contribute to that detection is extended using the function of bug code method, inspection is further improved
Survey the effectiveness using bug code.
Please further refer to Fig. 5, used as the realization to method shown in above-mentioned each figure, the application is carried
A kind of detection has been supplied using one embodiment of the device of bug code, the device embodiment and figure
Embodiment of the method shown in 2 is corresponding, and the device is specifically can apply in electronic equipment.
As shown in figure 5, detection includes using the device 500 of bug code:Acquisition module 501,
Decompiling module 502, detection module 503 and authentication module 504.Wherein, acquisition module 501
May be configured to obtain the application code of application;Decompiling module 502 may be configured to by
Application code carries out decompiling, generates the intermediate code of predetermined format;Detection module 503 can be with
It is configured to based on the function calling relationship in above-mentioned intermediate code, in detecting above-mentioned intermediate code
Whether comprising the sentence matched with default leak feature sentence, above-mentioned application is if so, determined
Comprising suspicious bug code;Authentication module 504 may be configured to perform above-mentioned intermediate code
For the default Validation Code of above-mentioned suspicious bug code, suspicious leak is determined according to implementing result
Whether code is definite bug code.
Detection applies all modules described in the device 500 of bug code and with reference to Fig. 2 descriptions
Each step in method is corresponding.Thus, answer for detection above in association with described by Fig. 2
The operation and feature described with the method for bug code is equally applicable to detect using bug code
Device 500 and the module for wherein including or unit, will not be described here.
It will be understood by those skilled in the art that the device 500 of above-mentioned detection application bug code is also
Including some other known features, such as processor, memorizer etc., in order to unnecessarily obscure
Embodiment of the disclosure, structure known to these are not shown in Figure 5.
Below with reference to Fig. 6, the electronic equipment being suitable to for realizing the embodiment of the present application is it illustrates
Computer system 600 structural representation.
As shown in fig. 6, computer system 600 includes CPU (CPU) 601, its
Can be according to the program being stored in read only memory (ROM) 602 or from storage part 608
The program that is loaded in random access storage device (RAM) 603 and perform various appropriate actions
And process.In RAM 603, the system that is also stored with 600 operates required various program sums
According to.CPU 601, ROM 602 and RAM 603 are connected with each other by bus 604.Input
/ output (I/O) interface 605 is also connected to bus 604.
I/O interfaces 605 are connected to lower component:Including the importation 606 of keyboard, mouse etc.;
Including cathode ray tube (CRT), liquid crystal display (LCD) etc. and speaker etc.
Output par, c 607;Storage part 608 including hard disk etc.;And including such as LAN card,
The communications portion 609 of the NIC of modem etc..Communications portion 609 is via such as
The network of the Internet performs communication process.Driver 610 is also according to needing to be connected to I/O interfaces
605.Detachable media 611, such as disk, CD, magneto-optic disk, semiconductor memory etc.,
Be arranged in driver 610 as needed, in order to the computer program that reads from it according to
Needs are mounted into storage part 608.
Especially, according to embodiments herein, can be with above with reference to the process of flow chart description
It is implemented as computer software programs.For example, embodiments herein includes a kind of computer journey
Sequence product, which includes the computer program being tangibly embodied on machine readable media, the meter
Calculation machine program bag is containing the program code for the method shown in execution flow chart.In such enforcement
In example, the computer program can be downloaded and installed from network by communications portion 609,
And/or it is mounted from detachable media 611.
In the embodiment of the present application, involved unit can be realized by way of software, also may be used
Realize with by way of hardware.Described unit can also be arranged within a processor, example
Such as, can be described as:A kind of processor includes acquisition module, decompiling module, detection module
And authentication module.Wherein, the title of these modules is not constituted under certain conditions to the module
The restriction of itself, for example, acquisition module is also described as " being configured to obtain application
The module of application code ".
On the other hand as, present invention also provides a kind of nonvolatile computer storage media,
The nonvolatile computer storage media can be described in above-described embodiment included in device
Nonvolatile computer storage media;Can also be individualism, without allocating terminal or service into
Nonvolatile computer storage media in device.Above-mentioned nonvolatile computer storage media storage
There is one or more program, when one or more of programs are performed by an equipment,
So that the equipment:Obtain the application code of the application;Compiled the application code counter
Translate, generate the intermediate code of predetermined format;Based on the function calling relationship in the intermediate code,
Whether detect in the intermediate code comprising the sentence matched with default leak feature sentence,
If so, determine that the application includes suspicious bug code;The intermediate code is performed for institute
The default Validation Code of suspicious bug code is stated, the suspicious leak generation is determined according to implementing result
Whether code is definite bug code.
Above description is only the preferred embodiment of the application and saying to institute's application technology principle
It is bright.It will be appreciated by those skilled in the art that invention scope involved in the application, does not limit
In the technical scheme of the particular combination of above-mentioned technical characteristic, at the same should also cover without departing from
In the case of the inventive concept, combination in any is carried out by above-mentioned technical characteristic or its equivalent feature
And other technical schemes for being formed.Such as features described above and (but not limited to) disclosed herein
The technical scheme that technical characteristic with similar functions is replaced mutually and formed.
Claims (16)
1. a kind of method that bug code is applied in detection, it is characterised in that methods described includes:
Obtain the application code of the application;
The application code is carried out into decompiling, the intermediate code of predetermined format is generated;
Based on the function calling relationship in the intermediate code, whether detect in the intermediate code
Comprising the sentence matched with default leak feature sentence, if so, determine that the application is included
Suspicious bug code;
The intermediate code is performed and is directed to the default Validation Code of the suspicious bug code, root
Determine whether the suspicious bug code is definite bug code according to implementing result.
2. method according to claim 1, it is characterised in that described based on the centre
Function calling relationship in code, detect in the intermediate code whether comprising with default leak
The sentence that feature sentence matches, if so, determines that the application includes comprising suspicious bug code:
Generated according to the function calling relationship of the intermediate code and call path;
According to the call relation respectively called on path, to the sentence of the intermediate code with it is default
Leak feature sentence is matched;
If the leak feature sentence that predetermined number is matched on path is called at one, institute is determined
State in intermediate code comprising the sentence matched with default leak feature sentence, and determine described
Using comprising suspicious bug code.
3. method according to claim 1, it is characterised in that methods described also includes:
If it is determined that the suspicious bug code is definite bug code, advised based on default reparation
The intermediate code is repaired then.
4. method according to claim 3, it is characterised in that methods described is further wrapped
Include:
If it is determined that the suspicious bug code is definite bug code, the definite leak is presented
The leak title of code;
In response to determining the operation repaired to the definite bug code, repaiied based on default
Multiple rule repairs the intermediate code.
5. the method according to claim 3 or 4, it is characterised in that described default to repair
Multiple rule includes:
The sentence matched with default leak feature sentence in the intermediate code is revised as pre-
If reparation sentence;And/or
Increase default sentence in intermediate code;And/or
The code matched with default leak feature sentence is deleted in intermediate code.
6. the method according to claim 3 or 4, it is characterised in that methods described is also wrapped
Include:Intermediate code after reparation is compiled, is generated and is repaired application code.
7. method according to claim 1, it is characterised in that described to the middle generation
Code is performed and is directed to the default Validation Code of the suspicious bug code, determines institute according to implementing result
State whether suspicious bug code is that definite bug code includes:
The intermediate code is performed and is directed to the default Validation Code of the suspicious bug code;
Check whether the implementing result is leak behavior outcome, if so, determine the suspicious leakage
Hole code is definite bug code.
8. method according to claim 1, it is characterised in that the application code includes
Below at least one:Source code, installation kit code or software tool kit code.
9. the device of bug code is applied in a kind of detection, it is characterised in that described device includes:
Acquisition module, is configured to obtain the application code of the application;
Decompiling module, is configured to for the application code to carry out decompiling, and generation is fixed in advance
The intermediate code of formula;
Detection module, is configured to, based on the function calling relationship in the intermediate code, detect
Whether comprising the sentence matched with default leak feature sentence in the intermediate code, if so,
Determine that the application includes suspicious bug code;
Authentication module, is configured to perform for the suspicious bug code intermediate code
According to implementing result, default Validation Code, determines whether the suspicious bug code is definite leakage
Hole code.
10. device according to claim 9, it is characterised in that the detection module bag
Include:
Coordinates measurement unit is called, the function calling relationship according to the intermediate code is configured to
Path is called in generation;
Matching unit, is configured to according to the call relation respectively called on path, to the centre
The sentence of code is matched with default leak feature sentence;
Determining unit, if being configured to call the leakage that predetermined number is matched on path at one
Hole feature sentence, is determined in the intermediate code comprising being matched with default leak feature sentence
Sentence, and determine the application include suspicious bug code.
11. devices according to claim 9, it is characterised in that described device also includes:
Repair module, be configured to if it is determined that the suspicious bug code be definite bug code,
The intermediate code is repaired based on default reparation rule.
12. devices according to claim 11, it is characterised in that the repair module is entered
One step includes:
Display unit, be configured to if it is determined that the suspicious bug code be definite bug code,
The leak title of the definite bug code is presented;
Unit is repaired, is configured in response to determining what the definite bug code was repaired
Operation, repairs the intermediate code based on default reparation rule.
13. devices according to claim 11 or 12, it is characterised in that described default
Reparation rule include:
The sentence matched with default leak feature sentence in the intermediate code is revised as pre-
If reparation sentence;And/or
Increase default sentence in intermediate code;And/or
The code matched with default leak feature sentence is deleted in intermediate code.
14. devices according to claim 11 or 12, it is characterised in that described device
Also include:
Collector, is configured to be compiled the intermediate code after reparation, generates to repair and answers
Use code.
15. devices according to claim 9, it is characterised in that the authentication module bag
Include:
Performance element, is configured to perform for the suspicious bug code intermediate code
Default Validation Code;
Verification unit, is configured to check whether the implementing result is leak behavior outcome, if
It is to determine that the suspicious bug code is definite bug code.
16. devices according to claim 9, it is characterised in that the application code bag
Include it is following at least one:Source code, installation kit code or software tool kit code.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510613310.5A CN106548076A (en) | 2015-09-23 | 2015-09-23 | Method and apparatus of the detection using bug code |
| PCT/CN2015/099900 WO2017049800A1 (en) | 2015-09-23 | 2015-12-30 | Method and apparatus for detecting loophole code in application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510613310.5A CN106548076A (en) | 2015-09-23 | 2015-09-23 | Method and apparatus of the detection using bug code |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106548076A true CN106548076A (en) | 2017-03-29 |
Family
ID=58365085
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510613310.5A Pending CN106548076A (en) | 2015-09-23 | 2015-09-23 | Method and apparatus of the detection using bug code |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106548076A (en) |
| WO (1) | WO2017049800A1 (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107632901A (en) * | 2017-09-25 | 2018-01-26 | 青岛海信移动通信技术股份有限公司 | A kind of self-repair method and device of application program operation exception |
| CN108416216A (en) * | 2018-02-28 | 2018-08-17 | 阿里巴巴集团控股有限公司 | leak detection method, device and computing device |
| CN109829298A (en) * | 2018-11-26 | 2019-05-31 | 努比亚技术有限公司 | RAM leakage risk checking method, terminal and computer readable storage medium |
| CN110188544A (en) * | 2019-05-30 | 2019-08-30 | 北京百度网讯科技有限公司 | Leak detection method and device, equipment and storage medium |
| CN110619215A (en) * | 2019-08-23 | 2019-12-27 | 苏州浪潮智能科技有限公司 | Code security scanning method and system |
| CN110968874A (en) * | 2019-11-28 | 2020-04-07 | 腾讯科技(深圳)有限公司 | Vulnerability detection method, device, server and storage medium |
| CN111125644A (en) * | 2018-11-01 | 2020-05-08 | 百度在线网络技术(北京)有限公司 | Information hiding method and device for application product |
| CN111177733A (en) * | 2019-12-30 | 2020-05-19 | 北京航空航天大学 | Software patch detection method and device based on data flow analysis |
| CN112346818A (en) * | 2020-11-02 | 2021-02-09 | 北京新媒传信科技有限公司 | Container application deployment method and device, electronic equipment and storage medium |
| CN112528290A (en) * | 2020-12-04 | 2021-03-19 | 扬州大学 | Vulnerability positioning method, system, computer equipment and storage medium |
| CN112541179A (en) * | 2020-11-27 | 2021-03-23 | 国网河南省电力公司电力科学研究院 | Android application digital certificate verification vulnerability detection system and method |
| CN112632563A (en) * | 2020-12-29 | 2021-04-09 | 北京梆梆安全科技有限公司 | Vulnerability detection method and device, storage medium and electronic equipment |
| CN113672929A (en) * | 2020-05-14 | 2021-11-19 | 阿波罗智联(北京)科技有限公司 | Vulnerability characteristic obtaining method and device and electronic equipment |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107066302B (en) * | 2017-04-28 | 2019-11-05 | 北京邮电大学 | Defect inspection method, device and service terminal |
| US11741238B2 (en) * | 2017-11-27 | 2023-08-29 | Lacework, Inc. | Dynamically generating monitoring tools for software applications |
| CN110363004B (en) * | 2018-04-10 | 2023-01-03 | 腾讯科技(深圳)有限公司 | Code vulnerability detection method, device, medium and equipment |
| CN109344611B (en) * | 2018-09-06 | 2024-02-27 | 天翼安全科技有限公司 | Application access control method, terminal equipment and medium |
| CN112711424A (en) * | 2019-10-25 | 2021-04-27 | 腾讯科技(深圳)有限公司 | Application risk problem determination method and device and storage medium |
| CN111090860A (en) * | 2019-12-10 | 2020-05-01 | 北京邮电大学 | Code vulnerability detection method and device based on deep learning |
| CN110991147B (en) * | 2019-12-19 | 2023-07-07 | 五八有限公司 | Font detection method and device, electronic equipment and storage medium |
| CN113946830A (en) * | 2021-10-09 | 2022-01-18 | 暨南大学 | Multi-mode detection-based Android APP vulnerability fine-grained detection method |
| CN116383834B (en) * | 2023-06-02 | 2023-08-08 | 北京邮电大学 | Detection method for source code vulnerability detection tool abnormality and related equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070240215A1 (en) * | 2006-03-28 | 2007-10-11 | Blue Coat Systems, Inc. | Method and system for tracking access to application data and preventing data exploitation by malicious programs |
| CN103793650A (en) * | 2013-12-02 | 2014-05-14 | 北京邮电大学 | Static analysis method and static analysis device for Android application program |
| CN104021346A (en) * | 2014-06-06 | 2014-09-03 | 东南大学 | Method for detecting Android malicious software based on program flow chart |
-
2015
- 2015-09-23 CN CN201510613310.5A patent/CN106548076A/en active Pending
- 2015-12-30 WO PCT/CN2015/099900 patent/WO2017049800A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070240215A1 (en) * | 2006-03-28 | 2007-10-11 | Blue Coat Systems, Inc. | Method and system for tracking access to application data and preventing data exploitation by malicious programs |
| CN103793650A (en) * | 2013-12-02 | 2014-05-14 | 北京邮电大学 | Static analysis method and static analysis device for Android application program |
| CN104021346A (en) * | 2014-06-06 | 2014-09-03 | 东南大学 | Method for detecting Android malicious software based on program flow chart |
Non-Patent Citations (1)
| Title |
|---|
| 陈平 等: "基于动静态程序分析的整形漏洞检测工具", 《电子学报》 * |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107632901A (en) * | 2017-09-25 | 2018-01-26 | 青岛海信移动通信技术股份有限公司 | A kind of self-repair method and device of application program operation exception |
| CN108416216A (en) * | 2018-02-28 | 2018-08-17 | 阿里巴巴集团控股有限公司 | leak detection method, device and computing device |
| CN111125644A (en) * | 2018-11-01 | 2020-05-08 | 百度在线网络技术(北京)有限公司 | Information hiding method and device for application product |
| CN109829298A (en) * | 2018-11-26 | 2019-05-31 | 努比亚技术有限公司 | RAM leakage risk checking method, terminal and computer readable storage medium |
| CN110188544A (en) * | 2019-05-30 | 2019-08-30 | 北京百度网讯科技有限公司 | Leak detection method and device, equipment and storage medium |
| CN110619215B (en) * | 2019-08-23 | 2021-08-20 | 苏州浪潮智能科技有限公司 | Code security scanning method and system |
| CN110619215A (en) * | 2019-08-23 | 2019-12-27 | 苏州浪潮智能科技有限公司 | Code security scanning method and system |
| CN110968874A (en) * | 2019-11-28 | 2020-04-07 | 腾讯科技(深圳)有限公司 | Vulnerability detection method, device, server and storage medium |
| CN111177733A (en) * | 2019-12-30 | 2020-05-19 | 北京航空航天大学 | Software patch detection method and device based on data flow analysis |
| CN111177733B (en) * | 2019-12-30 | 2022-06-21 | 北京航空航天大学 | Software patch detection method and device based on data flow analysis |
| CN113672929A (en) * | 2020-05-14 | 2021-11-19 | 阿波罗智联(北京)科技有限公司 | Vulnerability characteristic obtaining method and device and electronic equipment |
| CN112346818A (en) * | 2020-11-02 | 2021-02-09 | 北京新媒传信科技有限公司 | Container application deployment method and device, electronic equipment and storage medium |
| CN112541179A (en) * | 2020-11-27 | 2021-03-23 | 国网河南省电力公司电力科学研究院 | Android application digital certificate verification vulnerability detection system and method |
| CN112528290A (en) * | 2020-12-04 | 2021-03-19 | 扬州大学 | Vulnerability positioning method, system, computer equipment and storage medium |
| CN112528290B (en) * | 2020-12-04 | 2023-07-18 | 扬州大学 | Vulnerability positioning method, vulnerability positioning system, computer equipment and storage medium |
| CN112632563A (en) * | 2020-12-29 | 2021-04-09 | 北京梆梆安全科技有限公司 | Vulnerability detection method and device, storage medium and electronic equipment |
| CN112632563B (en) * | 2020-12-29 | 2023-11-21 | 北京梆梆安全科技有限公司 | Vulnerability detection method and device, storage medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017049800A1 (en) | 2017-03-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106548076A (en) | Method and apparatus of the detection using bug code | |
| CN105068932B (en) | A kind of detection method of Android application programs shell adding | |
| KR101143999B1 (en) | Apparatus and method for analyzing application based on application programming interface | |
| CN103632096B (en) | A kind of method and apparatus that safety detection is carried out to equipment | |
| CN104517054B (en) | Method, device, client and server for detecting malicious APK | |
| CN104965712B (en) | Application program method for reinforcing and protecting, device and mobile terminal | |
| TWI575397B (en) | Point-wise protection of application using runtime agent and dynamic security analysis | |
| Lin et al. | Automated forensic analysis of mobile applications on Android devices | |
| CN104331662B (en) | Android malicious application detection method and device | |
| CN110414261B (en) | Data desensitization method, device, equipment and readable storage medium | |
| CN104685477B (en) | Application security is tested | |
| CN108009087A (en) | Data library test method, device and computer-readable recording medium | |
| Jiang et al. | Feature-based software customization: Preliminary analysis, formalization, and methods | |
| CN104537308B (en) | System and method using security audit function is provided | |
| CN107885995A (en) | The security sweep method, apparatus and electronic equipment of small routine | |
| CN104361285B (en) | The safety detection method and device of mobile device application program | |
| CN106055341A (en) | Application installation package checking method and device | |
| CN104063673B (en) | A kind of method carrying out information input in a browser and browser device | |
| CN107451474A (en) | Software vulnerability restorative procedure and device for terminal | |
| JP2012234401A (en) | Application analysis device and program | |
| CN105793862A (en) | Directed execution of dynamic programs in isolated environments | |
| CN110297776A (en) | Examining report generation, method of reseptance, device, equipment and storage medium | |
| CN106682491A (en) | Application downloading method and device | |
| CN104375935B (en) | The test method and device of SQL injection attack | |
| CN110427757A (en) | A kind of Android leak detection method, system and relevant apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170329 |