CN109491912A - A kind of code audit method, apparatus and storage medium - Google Patents

A kind of code audit method, apparatus and storage medium Download PDF

Info

Publication number
CN109491912A
CN109491912A CN201811328946.5A CN201811328946A CN109491912A CN 109491912 A CN109491912 A CN 109491912A CN 201811328946 A CN201811328946 A CN 201811328946A CN 109491912 A CN109491912 A CN 109491912A
Authority
CN
China
Prior art keywords
function
input
code
frame mark
frame
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811328946.5A
Other languages
Chinese (zh)
Inventor
郭垠圻
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Knownsec Information Technology Co Ltd
Original Assignee
Beijing Knownsec Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Knownsec Information Technology Co Ltd filed Critical Beijing Knownsec Information Technology Co Ltd
Priority to CN201811328946.5A priority Critical patent/CN109491912A/en
Publication of CN109491912A publication Critical patent/CN109491912A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • G06F11/3608Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application provides a kind of code audit method, apparatus and storage medium, for solving the problems, such as that conventional code audit facility is to modern frame bad adaptability in the prior art.This method comprises: extracting frame mark from item code;Multiple first input functions corresponding with frame mark are extracted from code audit tool, obtain the first input function list;Multiple second input functions are extracted from item code;Judge that each second input function whether there is in the first input function list in multiple second input functions;If so, the position of the corresponding input variable of the second input function is judged as doubtful loophole.

Description

A kind of code audit method, apparatus and storage medium
Technical field
This application involves the technical field of computer security more particularly to a kind of code audit method, apparatus and storage to be situated between Matter.
Background technique
During traditional code audit, hand digging is the major way of code audit, but following problem Also very much, in testing, security study personnel firstly the need of spending a large amount of learning cost to the programming language of source code and Frame, which is done, to be understood, and then just can enter audit phase, wherein the manpower and material resources spent are huge, and efficiency is lower.
At present in the work of actual code audit, generally it is with the automation code audit based on regular expression Main, Some tools are aided with semantic analysis assistant analysis.But either what kind of automation code audit tool, as long as base In the tool of static source code analysis, it is necessary to boundary is defined at the beginning of the scanning analysis, when input point is controllable, and not by mistake When filtering function processing, loophole exists.Present universal way is to establish the input/filter function list on basis, is then scanned again In the process, when tracing back to input variable controllably and not handled by filter function, loophole exists.For example, being matched to across station foot This attack (XSS, Cross Site Scripting) loophole point, if being matched to the processing of htmlspecialchars function, The loophole point is invalid.But (Hypertext Preprocessor is abbreviated as PHP to present PHP, is a kind of creation dynamic interactivity The strong Server-side Scripting Language of website) exploitation use each class framework of php.As Thinkphp frame uses input Function obtains input.For conventional PHP code static auditing tool, it is difficult adaptive various filtering/inputs Function will lead to original result and significantly report by mistake.Therefore, conventional code audit facility exists in the prior art to the modern times The problem of frame bad adaptability.
Summary of the invention
In view of this, the application provides a kind of code audit method, apparatus and storage medium, for solving in the prior art The problem of conventional code audit facility is to modern frame bad adaptability.
This application provides a kind of code audit method, be applied to server, comprising: frame is extracted from item code Mark;Multiple first input functions corresponding with frame mark are extracted from code audit tool, obtain the first input letter Ordered series of numbers table;Multiple second input functions are extracted from the item code;Judge each in the multiple second input function Two input functions whether there is in the first input function list;If so, second input function is corresponding defeated The position for entering variable is judged as doubtful loophole.
Optionally, in the embodiment of the present application, in the position by the corresponding input variable of second input function It is judged as after doubtful loophole, further includes: multiple first mistakes corresponding with frame mark are extracted from code audit tool Function is filtered, the first filter function list is obtained;Multiple second filter functions are extracted from the item code;Judge the multiple Each second filter function whether there is in the first filter function list in second filter function;If it is not,
The position of the corresponding input variable of second filter function is then judged as confirmation loophole.
Optionally, in the embodiment of the present application, in the position by the corresponding input variable of second filter function It is judged as after confirmation loophole, further includes: loophole report is generated according to the loophole determined;Loophole report is stored to institute State server.
Optionally, in the embodiment of the present application, described before extracting frame mark in item code, further includes: from Frame mark and at least one first input function are analyzed and extracted in the Frame Source of acquisition;It is first defeated to establish at least one The corresponding relationship, at least for entering the corresponding relationship of function and frame mark, and at least one first input function and frame being identified One the first input function and frame mark are stored to the code audit tool.
Optionally, in the embodiment of the present application, described before extracting frame mark in item code, further includes: from Frame mark and at least one first filter function are analyzed and extracted in the Frame Source of acquisition;Establish at least one first mistake The corresponding relationship, at least filtered the corresponding relationship of function and frame mark, and at least one first filter function and frame are identified One the first filter function and frame mark are stored to the code audit tool.
Present invention also provides a kind of code audit devices, are applied to server, the code audit device includes: frame Marker extraction module, for extracting frame mark from item code;First list obtains module, is used for from code audit tool It is middle to extract multiple first input functions corresponding with frame mark, obtain the first input function list;Input function extracts Module, for extracting multiple second input functions from the item code;Input function judgment module is described more for judging Each second input function whether there is in the first input function list in a second input function;Doubtful loophole judgement Module, for the position of the corresponding input variable of second input function to be judged as doubtful loophole.
Optionally, in the embodiment of the present application, further includes: second list obtains module, for from code audit tool Multiple first filter functions corresponding with frame mark are extracted, the first filter function list is obtained;Filter function extracts mould Block, for extracting multiple second filter functions from the item code;Filter function judgment module, it is the multiple for judging Each second filter function whether there is in the first filter function list in second filter function;Confirmation loophole judges mould Block, for the position of the corresponding input variable of second filter function to be judged as confirmation loophole.
Optionally, in the embodiment of the present application, further includes: the first analysis extraction module, for from the frame source generation obtained Code in analyze and extract frame mark and at least one the first input function;First data memory module, for establishing at least The corresponding relationship of one the first input function and frame mark, and the correspondence that at least one first input function and frame are identified Relationship, at least one first input function and frame mark are stored to the code audit tool.
Optionally, in the embodiment of the present application, further includes: the second analysis extraction module, for from the frame source generation obtained Frame mark and at least one first filter function are analyzed and extracted in code;Second data memory module, for establishing at least one The corresponding relationship of a first filter function and frame mark, and the corresponding pass that at least one first filter function and frame are identified System, at least one first filter function and frame mark are stored to the code audit tool.
Present invention also provides a kind of storage medium, it is stored with computer program on the storage medium, the computer program Method as described above is executed when being run by processor.
The application provides a kind of code audit method, apparatus and storage medium, passes through and extracts frame mark from item code After knowledge, multiple first input functions corresponding with frame mark are then extracted from code audit tool as the first input function List compares multiple first input functions with multiple second input functions extracted from item code;If multiple Each second input function is present in the first input function list in two input functions, and the second input function is corresponding The position of input variable is judged as doubtful loophole, and the leakage in the item code for having used frame is identified by using frame mark Hole is greatly improved to the adaptability for having used frame item code.The prior art is efficiently solved in this way The problem of middle conventional code audit facility is to modern frame bad adaptability.
To enable the above object and advantages of the application to be clearer and more comprehensible, preferred embodiment is cited below particularly, and appended by cooperation Attached drawing is described in detail below.
Detailed description of the invention
Illustrate the technical solutions in the embodiments of the present application or in the prior art in order to clearer, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of application for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 shows server architecture schematic diagram provided by the embodiments of the present application;
Fig. 2 shows code audit method flow schematic diagrams provided by the embodiments of the present application;
Fig. 3 shows the flow diagram after code audit method and step S150 provided by the embodiments of the present application;
Fig. 4 shows the flow diagram after code audit method and step S200 provided by the embodiments of the present application;
Fig. 5 shows the flow diagram before code audit method and step S100 provided by the embodiments of the present application;
Fig. 6 shows the first viewing angle constructions schematic diagram of code audit device provided by the embodiments of the present application;
Fig. 7 shows the second viewing angle constructions schematic diagram of code audit device provided by the embodiments of the present application;
Fig. 8 shows the third viewing angle constructions schematic diagram of code audit device provided by the embodiments of the present application.
Icon: 101- server;100- code audit device;110- frame marker extraction module;120- first list obtains Obtain module;130- input function extraction module;140- input function judgment module;The doubtful loophole judgment module of 150-;160- Two lists obtain module;170- filter function extraction module;180- filter function judgment module;190- confirmation loophole judges mould Block;200- first analyzes extraction module;The first data memory module of 210-;220- second analyzes extraction module;The number of 230- second According to memory module;200- processor;300- memory;400- storage medium.
Specific embodiment
The application provides a kind of code audit method, apparatus and storage medium, for solving conventional code in the prior art The problem of audit facility is to modern frame bad adaptability.It wherein, is based on same creation applied to the method and apparatus of server Design, since method and corresponding device are similar with the principle that equipment solves the problems, such as, because of the method and corresponding device and set Standby implementation can be with cross-reference, and overlaps will not be repeated.
The part term in the application will be explained below, in order to those skilled in the art understand that.
Code audit: referring to a kind of static bug excavation method based on source code, and in conventional PHP static auditing work In tool, mostly sensitivity function is matched using regular expression cooperation semantic analysis or other technologies at present, then match whether There is filter function, whether last match parameter is controllable, if condition all meets, loophole is effective.
Tamper: being a kind of customized expansion mode, is added to by the way that input/filter function of associated frame members is arranged In primary input/filter list, the scanning range of script can be expanded.
Sensitivity function: in PHP, there are many be related to the function of loophole generation, such as eval etc..The parameter of this class function If it is controllable, and without will lead to loophole by reasonable filtering.
Active Server Pages (ASP, Active Server Pages) are the services of MicroSoft company, Microsoft exploitation Device end script environment can be used to create dynamically interactive type webpage and establish powerful weblication.When server receives pair When the request of ASP file, it, which can be handled, is included in for constructing hypertext markup language (HTML, the Hyper for being sent to browser Text Markup Language) server side scripts code in web page files.In addition to server side scripts code, ASP text Part also may include text, HTML (including relevant client script) and com component call.
PHP (outer literary fame: PHP:Hypertext Preprocessor, Chinese name: " HyperText Preprocessor ") is a kind of General open source scripting language.
Entitled Java Server Pages, Chinese name are one simplified at all the java server page to JSP entirely Servlet design, it be advocated by Sun Microsystems company, many companies participate in a kind of dynamic web page for establishing together Technical standard.
Webpage back door (WebShell), the also known as Backdoor Tools of website, webshell be exactly with asp, php, jsp or A kind of order performing environment existing for the web page files form such as cgi, can also be referred to as is a kind of webpage back door.Hacker is entering After having invaded a website, it will usually mix asp or php backdoor file and web page files normal under Website server WEB catalogue Together, the back door asp php then can be accessed using browser, obtains an order performing environment, to reach control The purpose of Website server processed.As its name suggests, " web ", which is meant that, has clearly a need for the open web services of server, " shell's " It is meant that acquirement to server operating right in a way.Webshell is commonly referred to as invader by website port to net The permission of site server operated in a way.Due to webshell, it is occurred in the form of dynamic script mostly, is also had People is referred to as the Backdoor Tools of website.
In addition, it is necessary to understand, in the description of the present application, the vocabulary such as " first ", " second " are only used for distinguishing description Purpose, and should not be understood as instruction perhaps imply relative importance can not be interpreted as instruction or hint sequence.
With reference to the accompanying drawing, it elaborates to some embodiments of the application.In the absence of conflict, following Feature in embodiment and embodiment can be combined with each other.
Referring to Figure 1, Fig. 1 shows server architecture schematic diagram provided by the embodiments of the present application.This application provides A kind of server 101, comprising: processor 200 and memory 300, memory 300 are stored with the executable machine of processor 200 Readable instruction executes the method such as first embodiment when machine readable instructions are executed by processor 200.
In the specific implementation process, to convolutional neural networks (Convolutional Neural Network, CNN) Relevant calculation can be accelerated with graphics processor (Graphics Processing Unit, GPU), therefore, the server It can also include graphics processor.In addition, being needed when using distributed computing framework using communication interface, which may be used also To include the components such as communication and network expansion card, sonet card or multi-serial communication card, details are not described herein.
Referring to Figure 1, this application provides a kind of storage medium 400, be stored with computer journey on the storage medium 400 Sequence executes the method such as first embodiment when the computer program is run by processor 200.
It will be understood by those skilled in the art that the structure of server shown in Fig. 1 does not constitute the restriction to the equipment, Equipment provided by the embodiments of the present application may include than illustrating more perhaps less component or different component layouts.
First embodiment
Fig. 2 is referred to, Fig. 2 shows code audit method flow schematic diagrams provided by the embodiments of the present application.The application mentions A kind of code audit method supplied is applied to server, comprising:
Step S110: frame mark is extracted from item code.
Wherein, item code here can be PHP source code, be also possible to other kinds of source code, such as JAVA Source code, ASP source code etc., source code type here should not be construed as the limitation to the application.
Step S120: extracting corresponding with frame mark multiple first input functions from code audit tool, acquisition the One input function list.
Wherein, multiple first input functions corresponding with frame mark are extracted from code audit tool, are had in PHP code Some primary input functions, when variable trace back to $ _ GET, $ _ POST, $ _ COOKIE and newly plus Request- > param When (), it is believed that variable is controllable.Certainly, the input function for also thering are other frames to define in other frames, for example, In the exploitation document of thinkphp, writing developer should be obtained using Request class param method and input Assistant Function Variable.
Step S130: multiple second input functions are extracted from item code.
Wherein, before extracting multiple second input functions in item code, it is necessary first to be carried out to target source code Analysis, can be by scanning crucial point code.Here for two examples, first is that the code of wordpress and Thinkphp frame Code.
Step S140: judge that each second input function whether there is in the first input function in multiple second input functions In list.
Wherein, when executing judgement operation, such as, it can be determined that each second input function in multiple second input functions With the presence or absence of in the first input function list, the first input function list for example be can be including esc_html function and esc_ The list of url function.Before code audit, esc_html function and esc_url function are placed in the first input letter In ordered series of numbers table, this is because clearly writing in the developing plug official document of wordpress using esc_html, esc_url The filter function of equal different locations filters input content, could export content, otherwise will lead to safety problem.Therefore, it is necessary to Esc_html function and esc_url function are placed in the first input function list.
Step S150: if each second input function is present in the first input function list in multiple second input functions In, the position of the corresponding input variable of the second input function is judged as doubtful loophole.
Wherein, be judged as here is the reason of doubtful loophole, and input function is the range for influencing scanning loophole, only sentences Disconnected input variable be it is controllable be just considered doubtful loophole, if the range of the input variable is effectively controlled by filter function, It is not so just loophole, if do not efficiently controlled on the contrary by filter function, then it is confirmed that being loophole.
Refer to Fig. 3, Fig. 3 shows the process after code audit method and step S150 provided by the embodiments of the present application and shows It is intended to.Optionally, in the embodiment of the present application, the position of the corresponding input variable of the second input function is being judged as doubtful leakage After hole, further includes:
Step S160: frame mark is extracted from item code.
Wherein, the target PHP source code obtained here can be the source code of any approach, can be tool input, Either user submits.Here frame mark refers to the configuration file wp-config.php or wp- of wordpress Unique identifier is had in config-sample.php, can identify the frame mark that the item code uses, such as wordpress。
Step S170: extracting corresponding with frame mark multiple first filter functions from code audit tool, acquisition the One filter function list.
Wherein, the code that code audit tool here is used to submit carries out Hole Detection and analysis, code audit work Have the cobra of such as open source, closes the checkmarx etc. in source, therefore, the content and form of code audit tool here should not be managed Solution is the limitation to the application.
Step S180: multiple second filter functions are extracted from item code.
Wherein, item code can first be committed to version control management module;It is obtained from version control management module again Item code.It can also first be committed under file management catalogue, then obtain item code from file management catalogue.Therefore, this In item code obtain mode and approach should not be construed as the limitation to the application.
Step S190: judge that each second filter function whether there is in the first filter function in multiple second filter functions In list.
Wherein, the first filter function list includes but is not limited to: htmlspecialchars function, esc_html function, Esc_url function, input function and strip_tags function.Therefore, the first specific content of filter function list here is not It is interpreted as the limitation to the application.
Step S200: if each second filter function is not present in the first filter function list in multiple second filter functions In, the position of the corresponding input variable of the second filter function is judged as confirmation loophole.
Wherein, the first filtering is put into a manner of Tamper by the filter function in each frame before comparison In function list, therefore, can be derived that here the second filter function with the presence or absence of in the first filter function list as a result, That is whether the position that can know the corresponding input variable of the second filter function is loophole.
Refer to Fig. 4, Fig. 4 shows the process after code audit method and step S200 provided by the embodiments of the present application and shows It is intended to.Optionally, in the embodiment of the present application, the position of the corresponding input variable of the second filter function is being judged as confirmation leakage After hole, further includes:
Step S210: loophole report is generated according to the loophole determined.
Step S220: loophole report is stored to server.
Wherein it is possible to obtain a loophole, which is generated into loophole report, it is also possible to obtain multiple loopholes, and will be more A loophole generates loophole report;Loophole report is generated according to the loophole determined in a word, loophole will can be reported and be stored to clothes Loophole can also will be reported and be sent to user or administrative staff by business device, and therefore, handling loophole report here is specific Mode should not be construed as the limitation to the application.
Fig. 5 is referred to, the process before Fig. 5 shows code audit method and step S100 provided by the embodiments of the present application is shown It is intended to.Optionally, in the embodiment of the present application, before extracting frame mark in item code, further includes:
Step S70: frame mark and at least one first input function are analyzed and extracted from the Frame Source obtained.
Step S80: establish at least one first input function and frame mark corresponding relationship, and by least one first Input function and the corresponding relationship of frame mark, at least one first input function and frame mark are stored to code audit work Tool.
Fig. 5 is referred to, optionally, in the embodiment of the present application, before extracting frame mark in item code, is also wrapped It includes:
Step S90: frame mark and at least one first filter function are analyzed and extracted from the Frame Source obtained.
Step S100: establishing the corresponding relationship of at least one first filter function and frame mark, and by least one the One filter function and the corresponding relationship of frame mark, at least one first filter function and frame mark are stored to code audit work Tool.
It should be noted that be illustrated by taking wordpress frame and thinkphp frame as an example here, In the developing plug official document of wordpress, the filtering letter using different locations such as esc_html, esc_url is clearly write Number filtering input content, content could be exported, otherwise will lead to safety problem.In the exploitation document of thinkphp, write Developer should obtain variable using Request class param method and input Assistant Function.For example, the frame these two types of in audit When frame code, we can be directly added to new input function/filter function in the primary input/filter list of php. Such as when variable trace back to $ _ GET, $ _ POST, $ _ COOKIE and newly plus Request- > param () when, it is believed that Variable is controllable.Corresponding expansion tamper is write, and is added in the tool insert used.
Second embodiment
Fig. 6 is referred to, Fig. 6 shows the first viewing angle constructions signal of code audit device provided by the embodiments of the present application Figure.This application provides a kind of code audit device 100, be applied to server, code audit device 100 includes:
Frame marker extraction module 110, for extracting frame mark from item code.
First list obtains module 120, for extracting corresponding with frame mark multiple first from code audit tool Input function obtains the first input function list.
Input function extraction module 130, for extracting multiple second input functions from item code.
Input function judgment module 140, for judging whether each second input function is deposited in multiple second input functions It is in the first input function list.
Doubtful loophole judgment module 150, for the position of the corresponding input variable of the second input function to be judged as doubtful Loophole.
Fig. 7 is referred to, Fig. 7 shows the second viewing angle constructions signal of code audit device provided by the embodiments of the present application Figure.Optionally, in the embodiment of the present application, code audit device 100 further include:
Second list obtains module 160, for extracting corresponding with frame mark multiple first from code audit tool Filter function obtains the first filter function list.
Filter function extraction module 170, for extracting multiple second filter functions from item code.
Filter function judgment module 180, for judging whether each second filter function is deposited in multiple second filter functions It is in the first filter function list.
Loophole judgment module 190 is confirmed, for the position of the corresponding input variable of the second filter function to be judged as confirmation Loophole.
Fig. 8 is referred to, Fig. 8 shows the third viewing angle constructions signal of code audit device provided by the embodiments of the present application Figure.Optionally, in the embodiment of the present application, code audit device 100 further include:
First analysis extraction module 200, for from the Frame Source obtained analyze and extract frame mark and with to Few first input function.
First data memory module 210, for establishing the corresponding relationship of at least one first input function and frame mark, And the corresponding relationship, at least one first input function and frame mark that at least one first input function and frame identify are deposited It stores up to code audit tool.
Fig. 8 is referred to, optionally, in the embodiment of the present application, code audit device 100 further include:
Second analysis extraction module 220, for the analysis from the Frame Source obtained and extraction frame mark and at least One the first filter function.
Second data memory module 230, for establishing the corresponding relationship of at least one first filter function and frame mark, And the corresponding relationship, at least one first filter function and frame mark that at least one first filter function and frame identify are deposited It stores up to code audit tool.
The application provides a kind of code audit method, apparatus and storage medium, passes through and extracts frame mark from item code After knowledge, multiple first input functions corresponding with frame mark are then extracted from code audit tool as the first input function List compares multiple first input functions with multiple second input functions extracted from item code;If multiple Each second input function is present in the first input function list in two input functions, by the corresponding input of the second input function The position of variable is judged as doubtful loophole, and the loophole in the item code for having used frame is identified by using frame mark, It greatly improves to the adaptability for having used frame item code.It efficiently solves and passes in the prior art in this way The problem of code audit tool unite to modern frame bad adaptability.
The above is only preferred embodiment of the present application, are not intended to limit this application, for those skilled in the art For member, various changes and changes are possible in this application.Within the spirit and principles of this application, it is made it is any modification, Equivalent replacement, improvement etc., should be included within the scope of protection of this application.

Claims (10)

1. a kind of code audit method, which is characterized in that be applied to server, comprising:
Frame mark is extracted from item code;
Multiple first input functions corresponding with frame mark are extracted from code audit tool, obtain the first input function List;
Multiple second input functions are extracted from the item code;
Judge that each second input function whether there is in the first input function list in the multiple second input function In;
If so, the position of the corresponding input variable of second input function is judged as doubtful loophole.
2. the method as described in claim 1, which is characterized in that described by the corresponding input variable of second input function Position be judged as after doubtful loophole, further includes:
Multiple first filter functions corresponding with frame mark are extracted from code audit tool, obtain the first filter function List;
Multiple second filter functions are extracted from the item code;
Judge that each second filter function whether there is in the first filter function list in the multiple second filter function In;
If it is not, the position of the corresponding input variable of second filter function is then judged as confirmation loophole.
3. method according to claim 2, which is characterized in that described by the corresponding input variable of second filter function Position be judged as confirmation loophole after, further includes:
Loophole report is generated according to the loophole determined;
Loophole report is stored to the server.
4. the method as described in claim 1, which is characterized in that described before extracting frame mark in item code, also Include:
Frame mark and at least one first input function are analyzed and extracted from the Frame Source obtained;
The corresponding relationship of at least one first input function and frame mark is established, and by least one first input function and frame Corresponding relationship, at least one first input function and the frame mark of frame mark are stored to the code audit tool.
5. the method as described in claim 1, which is characterized in that described before extracting frame mark in item code, also Include:
Frame mark and at least one first filter function are analyzed and extracted from the Frame Source obtained;
The corresponding relationship of at least one first filter function and frame mark is established, and by least one first filter function and frame Corresponding relationship, at least one first filter function and the frame mark of frame mark are stored to the code audit tool.
6. a kind of code audit device, which is characterized in that be applied to server, the code audit device includes:
Frame marker extraction module, for extracting frame mark from item code;
First list obtains module, for extracting multiple first inputs corresponding with frame mark from code audit tool Function obtains the first input function list;
Input function extraction module, for extracting multiple second input functions from the item code;
Input function judgment module, for judge in the multiple second input function each second input function whether there is in In the first input function list;
Doubtful loophole judgment module, for the position of the corresponding input variable of second input function to be judged as doubtful leakage Hole.
7. code audit device as claimed in claim 6, which is characterized in that further include:
Second list obtains module, for extracting multiple first filterings corresponding with frame mark from code audit tool Function obtains the first filter function list;
Filter function extraction module, for extracting multiple second filter functions from the item code;
Filter function judgment module, for judge in the multiple second filter function each second filter function whether there is in In the first filter function list;
Loophole judgment module is confirmed, for the position of the corresponding input variable of second filter function to be judged as confirmation leakage Hole.
8. code audit device as claimed in claim 6, which is characterized in that further include:
First analysis extraction module, for analyze and extract from the Frame Source obtained frame mark and at least one the One input function;
First data memory module, for establishing the corresponding relationship of at least one first input function and frame mark, and it is near Few first input function and the corresponding relationship of frame mark, at least one first input function and frame mark are stored to institute State code audit tool.
9. code audit device as claimed in claim 6, which is characterized in that further include:
Second analysis extraction module, for from the Frame Source obtained analyze and extract frame mark and at least one first Filter function;
Second data memory module, for establishing the corresponding relationship of at least one first filter function and frame mark, and it is near Few first filter function and the corresponding relationship of frame mark, at least one first filter function and frame mark are stored to institute State code audit tool.
10. a kind of storage medium, which is characterized in that be stored with computer program on the storage medium, which is located Method a method as claimed in any one of claims 1 to 5 is executed when reason device operation.
CN201811328946.5A 2018-11-09 2018-11-09 A kind of code audit method, apparatus and storage medium Pending CN109491912A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811328946.5A CN109491912A (en) 2018-11-09 2018-11-09 A kind of code audit method, apparatus and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811328946.5A CN109491912A (en) 2018-11-09 2018-11-09 A kind of code audit method, apparatus and storage medium

Publications (1)

Publication Number Publication Date
CN109491912A true CN109491912A (en) 2019-03-19

Family

ID=65694112

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811328946.5A Pending CN109491912A (en) 2018-11-09 2018-11-09 A kind of code audit method, apparatus and storage medium

Country Status (1)

Country Link
CN (1) CN109491912A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080209567A1 (en) * 2007-02-16 2008-08-28 Lockhart Malcolm W Assessment and analysis of software security flaws
US20110016356A1 (en) * 2009-07-14 2011-01-20 International Business Machines Corporation Fault detection and localization in dynamic software applications
CN102819710A (en) * 2012-08-22 2012-12-12 西北工业大学 Cross-site script vulnerability detection method based on percolation test
CN104519007A (en) * 2013-09-26 2015-04-15 深圳市腾讯计算机系统有限公司 Loophole detection method and server
CN105553917A (en) * 2014-10-28 2016-05-04 腾讯科技(深圳)有限公司 Detection method and system of webpage bugs
CN108664793A (en) * 2017-03-30 2018-10-16 腾讯科技(深圳)有限公司 A kind of method and apparatus of detection loophole

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080209567A1 (en) * 2007-02-16 2008-08-28 Lockhart Malcolm W Assessment and analysis of software security flaws
US20110016356A1 (en) * 2009-07-14 2011-01-20 International Business Machines Corporation Fault detection and localization in dynamic software applications
CN102819710A (en) * 2012-08-22 2012-12-12 西北工业大学 Cross-site script vulnerability detection method based on percolation test
CN104519007A (en) * 2013-09-26 2015-04-15 深圳市腾讯计算机系统有限公司 Loophole detection method and server
CN105553917A (en) * 2014-10-28 2016-05-04 腾讯科技(深圳)有限公司 Detection method and system of webpage bugs
CN108664793A (en) * 2017-03-30 2018-10-16 腾讯科技(深圳)有限公司 A kind of method and apparatus of detection loophole

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
血梦: "利用Thinkphp 5缓存漏洞实现前台Getshell", 《HTTPS://WWW.HACKSEC.CN/CODESEC/642.HTML》 *

Similar Documents

Publication Publication Date Title
US10044753B2 (en) Intercepting and supervising calls to transformed operations and objects
Yu et al. JavaScript instrumentation for browser security
US10216488B1 (en) Intercepting and injecting calls into operations and objects
Alalfi et al. Modelling methods for web application verification and testing: state of the art
WO2011080062A1 (en) Analyzing objects from a graphical interface for standards verification
CN103870752B (en) A kind of method, apparatus and equipment for being used to detect Flash XSS loopholes
CN109492692A (en) A kind of webpage back door detection method, device, electronic equipment and storage medium
WO2016019105A1 (en) Method and system for testing page link addresses
KR20100100161A (en) Method and apparatus for testing browser compatibility of web contents
Zhu et al. Detecting privilege escalation attacks through instrumenting web application source code
CN103955466B (en) A kind of method and device for showing document in a browser
CN109491912A (en) A kind of code audit method, apparatus and storage medium
CN107526678A (en) The method of testing and device of web application
CN116361793A (en) Code detection method, device, electronic equipment and storage medium
KR100614931B1 (en) Vulnerability analysis apparatus and method of web application
Ablahd et al. Using flask for SQLIA detection and protection
CN111666216B (en) Intelligent contract analysis method and device
CN113849817A (en) Method and device for detecting pollution vulnerability of JavaScript prototype chain
CN111865977A (en) Information processing method and system
JP2018120256A (en) Setting operation input support apparatus and setting operation input support system
Beuster et al. Real world verification–Experiences from the Verisoft email client
CN111414525A (en) Data acquisition method and device for small program, computer equipment and storage medium
Hidhaya et al. Supplementary event-listener injection attack in smart phones
CN111859387A (en) Automatic construction method for Android platform software vulnerability model
CN116719986B (en) Python-based data grabbing method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing

Applicant after: BEIJING KNOWNSEC INFORMATION TECHNOLOGY Co.,Ltd.

Address before: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing

Applicant before: BEIJING KNOWNSEC INFORMATION TECHNOLOGY Co.,Ltd.

CB02 Change of applicant information
RJ01 Rejection of invention patent application after publication

Application publication date: 20190319

RJ01 Rejection of invention patent application after publication