CN109491912A - A kind of code audit method, apparatus and storage medium - Google Patents
A kind of code audit method, apparatus and storage medium Download PDFInfo
- Publication number
- CN109491912A CN109491912A CN201811328946.5A CN201811328946A CN109491912A CN 109491912 A CN109491912 A CN 109491912A CN 201811328946 A CN201811328946 A CN 201811328946A CN 109491912 A CN109491912 A CN 109491912A
- Authority
- CN
- China
- Prior art keywords
- function
- input
- code
- frame mark
- frame
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3608—Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
The application provides a kind of code audit method, apparatus and storage medium, for solving the problems, such as that conventional code audit facility is to modern frame bad adaptability in the prior art.This method comprises: extracting frame mark from item code;Multiple first input functions corresponding with frame mark are extracted from code audit tool, obtain the first input function list;Multiple second input functions are extracted from item code;Judge that each second input function whether there is in the first input function list in multiple second input functions;If so, the position of the corresponding input variable of the second input function is judged as doubtful loophole.
Description
Technical field
This application involves the technical field of computer security more particularly to a kind of code audit method, apparatus and storage to be situated between
Matter.
Background technique
During traditional code audit, hand digging is the major way of code audit, but following problem
Also very much, in testing, security study personnel firstly the need of spending a large amount of learning cost to the programming language of source code and
Frame, which is done, to be understood, and then just can enter audit phase, wherein the manpower and material resources spent are huge, and efficiency is lower.
At present in the work of actual code audit, generally it is with the automation code audit based on regular expression
Main, Some tools are aided with semantic analysis assistant analysis.But either what kind of automation code audit tool, as long as base
In the tool of static source code analysis, it is necessary to boundary is defined at the beginning of the scanning analysis, when input point is controllable, and not by mistake
When filtering function processing, loophole exists.Present universal way is to establish the input/filter function list on basis, is then scanned again
In the process, when tracing back to input variable controllably and not handled by filter function, loophole exists.For example, being matched to across station foot
This attack (XSS, Cross Site Scripting) loophole point, if being matched to the processing of htmlspecialchars function,
The loophole point is invalid.But (Hypertext Preprocessor is abbreviated as PHP to present PHP, is a kind of creation dynamic interactivity
The strong Server-side Scripting Language of website) exploitation use each class framework of php.As Thinkphp frame uses input
Function obtains input.For conventional PHP code static auditing tool, it is difficult adaptive various filtering/inputs
Function will lead to original result and significantly report by mistake.Therefore, conventional code audit facility exists in the prior art to the modern times
The problem of frame bad adaptability.
Summary of the invention
In view of this, the application provides a kind of code audit method, apparatus and storage medium, for solving in the prior art
The problem of conventional code audit facility is to modern frame bad adaptability.
This application provides a kind of code audit method, be applied to server, comprising: frame is extracted from item code
Mark;Multiple first input functions corresponding with frame mark are extracted from code audit tool, obtain the first input letter
Ordered series of numbers table;Multiple second input functions are extracted from the item code;Judge each in the multiple second input function
Two input functions whether there is in the first input function list;If so, second input function is corresponding defeated
The position for entering variable is judged as doubtful loophole.
Optionally, in the embodiment of the present application, in the position by the corresponding input variable of second input function
It is judged as after doubtful loophole, further includes: multiple first mistakes corresponding with frame mark are extracted from code audit tool
Function is filtered, the first filter function list is obtained;Multiple second filter functions are extracted from the item code;Judge the multiple
Each second filter function whether there is in the first filter function list in second filter function;If it is not,
The position of the corresponding input variable of second filter function is then judged as confirmation loophole.
Optionally, in the embodiment of the present application, in the position by the corresponding input variable of second filter function
It is judged as after confirmation loophole, further includes: loophole report is generated according to the loophole determined;Loophole report is stored to institute
State server.
Optionally, in the embodiment of the present application, described before extracting frame mark in item code, further includes: from
Frame mark and at least one first input function are analyzed and extracted in the Frame Source of acquisition;It is first defeated to establish at least one
The corresponding relationship, at least for entering the corresponding relationship of function and frame mark, and at least one first input function and frame being identified
One the first input function and frame mark are stored to the code audit tool.
Optionally, in the embodiment of the present application, described before extracting frame mark in item code, further includes: from
Frame mark and at least one first filter function are analyzed and extracted in the Frame Source of acquisition;Establish at least one first mistake
The corresponding relationship, at least filtered the corresponding relationship of function and frame mark, and at least one first filter function and frame are identified
One the first filter function and frame mark are stored to the code audit tool.
Present invention also provides a kind of code audit devices, are applied to server, the code audit device includes: frame
Marker extraction module, for extracting frame mark from item code;First list obtains module, is used for from code audit tool
It is middle to extract multiple first input functions corresponding with frame mark, obtain the first input function list;Input function extracts
Module, for extracting multiple second input functions from the item code;Input function judgment module is described more for judging
Each second input function whether there is in the first input function list in a second input function;Doubtful loophole judgement
Module, for the position of the corresponding input variable of second input function to be judged as doubtful loophole.
Optionally, in the embodiment of the present application, further includes: second list obtains module, for from code audit tool
Multiple first filter functions corresponding with frame mark are extracted, the first filter function list is obtained;Filter function extracts mould
Block, for extracting multiple second filter functions from the item code;Filter function judgment module, it is the multiple for judging
Each second filter function whether there is in the first filter function list in second filter function;Confirmation loophole judges mould
Block, for the position of the corresponding input variable of second filter function to be judged as confirmation loophole.
Optionally, in the embodiment of the present application, further includes: the first analysis extraction module, for from the frame source generation obtained
Code in analyze and extract frame mark and at least one the first input function;First data memory module, for establishing at least
The corresponding relationship of one the first input function and frame mark, and the correspondence that at least one first input function and frame are identified
Relationship, at least one first input function and frame mark are stored to the code audit tool.
Optionally, in the embodiment of the present application, further includes: the second analysis extraction module, for from the frame source generation obtained
Frame mark and at least one first filter function are analyzed and extracted in code;Second data memory module, for establishing at least one
The corresponding relationship of a first filter function and frame mark, and the corresponding pass that at least one first filter function and frame are identified
System, at least one first filter function and frame mark are stored to the code audit tool.
Present invention also provides a kind of storage medium, it is stored with computer program on the storage medium, the computer program
Method as described above is executed when being run by processor.
The application provides a kind of code audit method, apparatus and storage medium, passes through and extracts frame mark from item code
After knowledge, multiple first input functions corresponding with frame mark are then extracted from code audit tool as the first input function
List compares multiple first input functions with multiple second input functions extracted from item code;If multiple
Each second input function is present in the first input function list in two input functions, and the second input function is corresponding
The position of input variable is judged as doubtful loophole, and the leakage in the item code for having used frame is identified by using frame mark
Hole is greatly improved to the adaptability for having used frame item code.The prior art is efficiently solved in this way
The problem of middle conventional code audit facility is to modern frame bad adaptability.
To enable the above object and advantages of the application to be clearer and more comprehensible, preferred embodiment is cited below particularly, and appended by cooperation
Attached drawing is described in detail below.
Detailed description of the invention
Illustrate the technical solutions in the embodiments of the present application or in the prior art in order to clearer, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of application for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 shows server architecture schematic diagram provided by the embodiments of the present application;
Fig. 2 shows code audit method flow schematic diagrams provided by the embodiments of the present application;
Fig. 3 shows the flow diagram after code audit method and step S150 provided by the embodiments of the present application;
Fig. 4 shows the flow diagram after code audit method and step S200 provided by the embodiments of the present application;
Fig. 5 shows the flow diagram before code audit method and step S100 provided by the embodiments of the present application;
Fig. 6 shows the first viewing angle constructions schematic diagram of code audit device provided by the embodiments of the present application;
Fig. 7 shows the second viewing angle constructions schematic diagram of code audit device provided by the embodiments of the present application;
Fig. 8 shows the third viewing angle constructions schematic diagram of code audit device provided by the embodiments of the present application.
Icon: 101- server;100- code audit device;110- frame marker extraction module;120- first list obtains
Obtain module;130- input function extraction module;140- input function judgment module;The doubtful loophole judgment module of 150-;160-
Two lists obtain module;170- filter function extraction module;180- filter function judgment module;190- confirmation loophole judges mould
Block;200- first analyzes extraction module;The first data memory module of 210-;220- second analyzes extraction module;The number of 230- second
According to memory module;200- processor;300- memory;400- storage medium.
Specific embodiment
The application provides a kind of code audit method, apparatus and storage medium, for solving conventional code in the prior art
The problem of audit facility is to modern frame bad adaptability.It wherein, is based on same creation applied to the method and apparatus of server
Design, since method and corresponding device are similar with the principle that equipment solves the problems, such as, because of the method and corresponding device and set
Standby implementation can be with cross-reference, and overlaps will not be repeated.
The part term in the application will be explained below, in order to those skilled in the art understand that.
Code audit: referring to a kind of static bug excavation method based on source code, and in conventional PHP static auditing work
In tool, mostly sensitivity function is matched using regular expression cooperation semantic analysis or other technologies at present, then match whether
There is filter function, whether last match parameter is controllable, if condition all meets, loophole is effective.
Tamper: being a kind of customized expansion mode, is added to by the way that input/filter function of associated frame members is arranged
In primary input/filter list, the scanning range of script can be expanded.
Sensitivity function: in PHP, there are many be related to the function of loophole generation, such as eval etc..The parameter of this class function
If it is controllable, and without will lead to loophole by reasonable filtering.
Active Server Pages (ASP, Active Server Pages) are the services of MicroSoft company, Microsoft exploitation
Device end script environment can be used to create dynamically interactive type webpage and establish powerful weblication.When server receives pair
When the request of ASP file, it, which can be handled, is included in for constructing hypertext markup language (HTML, the Hyper for being sent to browser
Text Markup Language) server side scripts code in web page files.In addition to server side scripts code, ASP text
Part also may include text, HTML (including relevant client script) and com component call.
PHP (outer literary fame: PHP:Hypertext Preprocessor, Chinese name: " HyperText Preprocessor ") is a kind of
General open source scripting language.
Entitled Java Server Pages, Chinese name are one simplified at all the java server page to JSP entirely
Servlet design, it be advocated by Sun Microsystems company, many companies participate in a kind of dynamic web page for establishing together
Technical standard.
Webpage back door (WebShell), the also known as Backdoor Tools of website, webshell be exactly with asp, php, jsp or
A kind of order performing environment existing for the web page files form such as cgi, can also be referred to as is a kind of webpage back door.Hacker is entering
After having invaded a website, it will usually mix asp or php backdoor file and web page files normal under Website server WEB catalogue
Together, the back door asp php then can be accessed using browser, obtains an order performing environment, to reach control
The purpose of Website server processed.As its name suggests, " web ", which is meant that, has clearly a need for the open web services of server, " shell's "
It is meant that acquirement to server operating right in a way.Webshell is commonly referred to as invader by website port to net
The permission of site server operated in a way.Due to webshell, it is occurred in the form of dynamic script mostly, is also had
People is referred to as the Backdoor Tools of website.
In addition, it is necessary to understand, in the description of the present application, the vocabulary such as " first ", " second " are only used for distinguishing description
Purpose, and should not be understood as instruction perhaps imply relative importance can not be interpreted as instruction or hint sequence.
With reference to the accompanying drawing, it elaborates to some embodiments of the application.In the absence of conflict, following
Feature in embodiment and embodiment can be combined with each other.
Referring to Figure 1, Fig. 1 shows server architecture schematic diagram provided by the embodiments of the present application.This application provides
A kind of server 101, comprising: processor 200 and memory 300, memory 300 are stored with the executable machine of processor 200
Readable instruction executes the method such as first embodiment when machine readable instructions are executed by processor 200.
In the specific implementation process, to convolutional neural networks (Convolutional Neural Network, CNN)
Relevant calculation can be accelerated with graphics processor (Graphics Processing Unit, GPU), therefore, the server
It can also include graphics processor.In addition, being needed when using distributed computing framework using communication interface, which may be used also
To include the components such as communication and network expansion card, sonet card or multi-serial communication card, details are not described herein.
Referring to Figure 1, this application provides a kind of storage medium 400, be stored with computer journey on the storage medium 400
Sequence executes the method such as first embodiment when the computer program is run by processor 200.
It will be understood by those skilled in the art that the structure of server shown in Fig. 1 does not constitute the restriction to the equipment,
Equipment provided by the embodiments of the present application may include than illustrating more perhaps less component or different component layouts.
First embodiment
Fig. 2 is referred to, Fig. 2 shows code audit method flow schematic diagrams provided by the embodiments of the present application.The application mentions
A kind of code audit method supplied is applied to server, comprising:
Step S110: frame mark is extracted from item code.
Wherein, item code here can be PHP source code, be also possible to other kinds of source code, such as JAVA
Source code, ASP source code etc., source code type here should not be construed as the limitation to the application.
Step S120: extracting corresponding with frame mark multiple first input functions from code audit tool, acquisition the
One input function list.
Wherein, multiple first input functions corresponding with frame mark are extracted from code audit tool, are had in PHP code
Some primary input functions, when variable trace back to $ _ GET, $ _ POST, $ _ COOKIE and newly plus Request- > param
When (), it is believed that variable is controllable.Certainly, the input function for also thering are other frames to define in other frames, for example,
In the exploitation document of thinkphp, writing developer should be obtained using Request class param method and input Assistant Function
Variable.
Step S130: multiple second input functions are extracted from item code.
Wherein, before extracting multiple second input functions in item code, it is necessary first to be carried out to target source code
Analysis, can be by scanning crucial point code.Here for two examples, first is that the code of wordpress and Thinkphp frame
Code.
Step S140: judge that each second input function whether there is in the first input function in multiple second input functions
In list.
Wherein, when executing judgement operation, such as, it can be determined that each second input function in multiple second input functions
With the presence or absence of in the first input function list, the first input function list for example be can be including esc_html function and esc_
The list of url function.Before code audit, esc_html function and esc_url function are placed in the first input letter
In ordered series of numbers table, this is because clearly writing in the developing plug official document of wordpress using esc_html, esc_url
The filter function of equal different locations filters input content, could export content, otherwise will lead to safety problem.Therefore, it is necessary to
Esc_html function and esc_url function are placed in the first input function list.
Step S150: if each second input function is present in the first input function list in multiple second input functions
In, the position of the corresponding input variable of the second input function is judged as doubtful loophole.
Wherein, be judged as here is the reason of doubtful loophole, and input function is the range for influencing scanning loophole, only sentences
Disconnected input variable be it is controllable be just considered doubtful loophole, if the range of the input variable is effectively controlled by filter function,
It is not so just loophole, if do not efficiently controlled on the contrary by filter function, then it is confirmed that being loophole.
Refer to Fig. 3, Fig. 3 shows the process after code audit method and step S150 provided by the embodiments of the present application and shows
It is intended to.Optionally, in the embodiment of the present application, the position of the corresponding input variable of the second input function is being judged as doubtful leakage
After hole, further includes:
Step S160: frame mark is extracted from item code.
Wherein, the target PHP source code obtained here can be the source code of any approach, can be tool input,
Either user submits.Here frame mark refers to the configuration file wp-config.php or wp- of wordpress
Unique identifier is had in config-sample.php, can identify the frame mark that the item code uses, such as
wordpress。
Step S170: extracting corresponding with frame mark multiple first filter functions from code audit tool, acquisition the
One filter function list.
Wherein, the code that code audit tool here is used to submit carries out Hole Detection and analysis, code audit work
Have the cobra of such as open source, closes the checkmarx etc. in source, therefore, the content and form of code audit tool here should not be managed
Solution is the limitation to the application.
Step S180: multiple second filter functions are extracted from item code.
Wherein, item code can first be committed to version control management module;It is obtained from version control management module again
Item code.It can also first be committed under file management catalogue, then obtain item code from file management catalogue.Therefore, this
In item code obtain mode and approach should not be construed as the limitation to the application.
Step S190: judge that each second filter function whether there is in the first filter function in multiple second filter functions
In list.
Wherein, the first filter function list includes but is not limited to: htmlspecialchars function, esc_html function,
Esc_url function, input function and strip_tags function.Therefore, the first specific content of filter function list here is not
It is interpreted as the limitation to the application.
Step S200: if each second filter function is not present in the first filter function list in multiple second filter functions
In, the position of the corresponding input variable of the second filter function is judged as confirmation loophole.
Wherein, the first filtering is put into a manner of Tamper by the filter function in each frame before comparison
In function list, therefore, can be derived that here the second filter function with the presence or absence of in the first filter function list as a result,
That is whether the position that can know the corresponding input variable of the second filter function is loophole.
Refer to Fig. 4, Fig. 4 shows the process after code audit method and step S200 provided by the embodiments of the present application and shows
It is intended to.Optionally, in the embodiment of the present application, the position of the corresponding input variable of the second filter function is being judged as confirmation leakage
After hole, further includes:
Step S210: loophole report is generated according to the loophole determined.
Step S220: loophole report is stored to server.
Wherein it is possible to obtain a loophole, which is generated into loophole report, it is also possible to obtain multiple loopholes, and will be more
A loophole generates loophole report;Loophole report is generated according to the loophole determined in a word, loophole will can be reported and be stored to clothes
Loophole can also will be reported and be sent to user or administrative staff by business device, and therefore, handling loophole report here is specific
Mode should not be construed as the limitation to the application.
Fig. 5 is referred to, the process before Fig. 5 shows code audit method and step S100 provided by the embodiments of the present application is shown
It is intended to.Optionally, in the embodiment of the present application, before extracting frame mark in item code, further includes:
Step S70: frame mark and at least one first input function are analyzed and extracted from the Frame Source obtained.
Step S80: establish at least one first input function and frame mark corresponding relationship, and by least one first
Input function and the corresponding relationship of frame mark, at least one first input function and frame mark are stored to code audit work
Tool.
Fig. 5 is referred to, optionally, in the embodiment of the present application, before extracting frame mark in item code, is also wrapped
It includes:
Step S90: frame mark and at least one first filter function are analyzed and extracted from the Frame Source obtained.
Step S100: establishing the corresponding relationship of at least one first filter function and frame mark, and by least one the
One filter function and the corresponding relationship of frame mark, at least one first filter function and frame mark are stored to code audit work
Tool.
It should be noted that be illustrated by taking wordpress frame and thinkphp frame as an example here,
In the developing plug official document of wordpress, the filtering letter using different locations such as esc_html, esc_url is clearly write
Number filtering input content, content could be exported, otherwise will lead to safety problem.In the exploitation document of thinkphp, write
Developer should obtain variable using Request class param method and input Assistant Function.For example, the frame these two types of in audit
When frame code, we can be directly added to new input function/filter function in the primary input/filter list of php.
Such as when variable trace back to $ _ GET, $ _ POST, $ _ COOKIE and newly plus Request- > param () when, it is believed that
Variable is controllable.Corresponding expansion tamper is write, and is added in the tool insert used.
Second embodiment
Fig. 6 is referred to, Fig. 6 shows the first viewing angle constructions signal of code audit device provided by the embodiments of the present application
Figure.This application provides a kind of code audit device 100, be applied to server, code audit device 100 includes:
Frame marker extraction module 110, for extracting frame mark from item code.
First list obtains module 120, for extracting corresponding with frame mark multiple first from code audit tool
Input function obtains the first input function list.
Input function extraction module 130, for extracting multiple second input functions from item code.
Input function judgment module 140, for judging whether each second input function is deposited in multiple second input functions
It is in the first input function list.
Doubtful loophole judgment module 150, for the position of the corresponding input variable of the second input function to be judged as doubtful
Loophole.
Fig. 7 is referred to, Fig. 7 shows the second viewing angle constructions signal of code audit device provided by the embodiments of the present application
Figure.Optionally, in the embodiment of the present application, code audit device 100 further include:
Second list obtains module 160, for extracting corresponding with frame mark multiple first from code audit tool
Filter function obtains the first filter function list.
Filter function extraction module 170, for extracting multiple second filter functions from item code.
Filter function judgment module 180, for judging whether each second filter function is deposited in multiple second filter functions
It is in the first filter function list.
Loophole judgment module 190 is confirmed, for the position of the corresponding input variable of the second filter function to be judged as confirmation
Loophole.
Fig. 8 is referred to, Fig. 8 shows the third viewing angle constructions signal of code audit device provided by the embodiments of the present application
Figure.Optionally, in the embodiment of the present application, code audit device 100 further include:
First analysis extraction module 200, for from the Frame Source obtained analyze and extract frame mark and with to
Few first input function.
First data memory module 210, for establishing the corresponding relationship of at least one first input function and frame mark,
And the corresponding relationship, at least one first input function and frame mark that at least one first input function and frame identify are deposited
It stores up to code audit tool.
Fig. 8 is referred to, optionally, in the embodiment of the present application, code audit device 100 further include:
Second analysis extraction module 220, for the analysis from the Frame Source obtained and extraction frame mark and at least
One the first filter function.
Second data memory module 230, for establishing the corresponding relationship of at least one first filter function and frame mark,
And the corresponding relationship, at least one first filter function and frame mark that at least one first filter function and frame identify are deposited
It stores up to code audit tool.
The application provides a kind of code audit method, apparatus and storage medium, passes through and extracts frame mark from item code
After knowledge, multiple first input functions corresponding with frame mark are then extracted from code audit tool as the first input function
List compares multiple first input functions with multiple second input functions extracted from item code;If multiple
Each second input function is present in the first input function list in two input functions, by the corresponding input of the second input function
The position of variable is judged as doubtful loophole, and the loophole in the item code for having used frame is identified by using frame mark,
It greatly improves to the adaptability for having used frame item code.It efficiently solves and passes in the prior art in this way
The problem of code audit tool unite to modern frame bad adaptability.
The above is only preferred embodiment of the present application, are not intended to limit this application, for those skilled in the art
For member, various changes and changes are possible in this application.Within the spirit and principles of this application, it is made it is any modification,
Equivalent replacement, improvement etc., should be included within the scope of protection of this application.
Claims (10)
1. a kind of code audit method, which is characterized in that be applied to server, comprising:
Frame mark is extracted from item code;
Multiple first input functions corresponding with frame mark are extracted from code audit tool, obtain the first input function
List;
Multiple second input functions are extracted from the item code;
Judge that each second input function whether there is in the first input function list in the multiple second input function
In;
If so, the position of the corresponding input variable of second input function is judged as doubtful loophole.
2. the method as described in claim 1, which is characterized in that described by the corresponding input variable of second input function
Position be judged as after doubtful loophole, further includes:
Multiple first filter functions corresponding with frame mark are extracted from code audit tool, obtain the first filter function
List;
Multiple second filter functions are extracted from the item code;
Judge that each second filter function whether there is in the first filter function list in the multiple second filter function
In;
If it is not, the position of the corresponding input variable of second filter function is then judged as confirmation loophole.
3. method according to claim 2, which is characterized in that described by the corresponding input variable of second filter function
Position be judged as confirmation loophole after, further includes:
Loophole report is generated according to the loophole determined;
Loophole report is stored to the server.
4. the method as described in claim 1, which is characterized in that described before extracting frame mark in item code, also
Include:
Frame mark and at least one first input function are analyzed and extracted from the Frame Source obtained;
The corresponding relationship of at least one first input function and frame mark is established, and by least one first input function and frame
Corresponding relationship, at least one first input function and the frame mark of frame mark are stored to the code audit tool.
5. the method as described in claim 1, which is characterized in that described before extracting frame mark in item code, also
Include:
Frame mark and at least one first filter function are analyzed and extracted from the Frame Source obtained;
The corresponding relationship of at least one first filter function and frame mark is established, and by least one first filter function and frame
Corresponding relationship, at least one first filter function and the frame mark of frame mark are stored to the code audit tool.
6. a kind of code audit device, which is characterized in that be applied to server, the code audit device includes:
Frame marker extraction module, for extracting frame mark from item code;
First list obtains module, for extracting multiple first inputs corresponding with frame mark from code audit tool
Function obtains the first input function list;
Input function extraction module, for extracting multiple second input functions from the item code;
Input function judgment module, for judge in the multiple second input function each second input function whether there is in
In the first input function list;
Doubtful loophole judgment module, for the position of the corresponding input variable of second input function to be judged as doubtful leakage
Hole.
7. code audit device as claimed in claim 6, which is characterized in that further include:
Second list obtains module, for extracting multiple first filterings corresponding with frame mark from code audit tool
Function obtains the first filter function list;
Filter function extraction module, for extracting multiple second filter functions from the item code;
Filter function judgment module, for judge in the multiple second filter function each second filter function whether there is in
In the first filter function list;
Loophole judgment module is confirmed, for the position of the corresponding input variable of second filter function to be judged as confirmation leakage
Hole.
8. code audit device as claimed in claim 6, which is characterized in that further include:
First analysis extraction module, for analyze and extract from the Frame Source obtained frame mark and at least one the
One input function;
First data memory module, for establishing the corresponding relationship of at least one first input function and frame mark, and it is near
Few first input function and the corresponding relationship of frame mark, at least one first input function and frame mark are stored to institute
State code audit tool.
9. code audit device as claimed in claim 6, which is characterized in that further include:
Second analysis extraction module, for from the Frame Source obtained analyze and extract frame mark and at least one first
Filter function;
Second data memory module, for establishing the corresponding relationship of at least one first filter function and frame mark, and it is near
Few first filter function and the corresponding relationship of frame mark, at least one first filter function and frame mark are stored to institute
State code audit tool.
10. a kind of storage medium, which is characterized in that be stored with computer program on the storage medium, which is located
Method a method as claimed in any one of claims 1 to 5 is executed when reason device operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811328946.5A CN109491912A (en) | 2018-11-09 | 2018-11-09 | A kind of code audit method, apparatus and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811328946.5A CN109491912A (en) | 2018-11-09 | 2018-11-09 | A kind of code audit method, apparatus and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109491912A true CN109491912A (en) | 2019-03-19 |
Family
ID=65694112
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811328946.5A Pending CN109491912A (en) | 2018-11-09 | 2018-11-09 | A kind of code audit method, apparatus and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109491912A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080209567A1 (en) * | 2007-02-16 | 2008-08-28 | Lockhart Malcolm W | Assessment and analysis of software security flaws |
US20110016356A1 (en) * | 2009-07-14 | 2011-01-20 | International Business Machines Corporation | Fault detection and localization in dynamic software applications |
CN102819710A (en) * | 2012-08-22 | 2012-12-12 | 西北工业大学 | Cross-site script vulnerability detection method based on percolation test |
CN104519007A (en) * | 2013-09-26 | 2015-04-15 | 深圳市腾讯计算机系统有限公司 | Loophole detection method and server |
CN105553917A (en) * | 2014-10-28 | 2016-05-04 | 腾讯科技(深圳)有限公司 | Detection method and system of webpage bugs |
CN108664793A (en) * | 2017-03-30 | 2018-10-16 | 腾讯科技(深圳)有限公司 | A kind of method and apparatus of detection loophole |
-
2018
- 2018-11-09 CN CN201811328946.5A patent/CN109491912A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080209567A1 (en) * | 2007-02-16 | 2008-08-28 | Lockhart Malcolm W | Assessment and analysis of software security flaws |
US20110016356A1 (en) * | 2009-07-14 | 2011-01-20 | International Business Machines Corporation | Fault detection and localization in dynamic software applications |
CN102819710A (en) * | 2012-08-22 | 2012-12-12 | 西北工业大学 | Cross-site script vulnerability detection method based on percolation test |
CN104519007A (en) * | 2013-09-26 | 2015-04-15 | 深圳市腾讯计算机系统有限公司 | Loophole detection method and server |
CN105553917A (en) * | 2014-10-28 | 2016-05-04 | 腾讯科技(深圳)有限公司 | Detection method and system of webpage bugs |
CN108664793A (en) * | 2017-03-30 | 2018-10-16 | 腾讯科技(深圳)有限公司 | A kind of method and apparatus of detection loophole |
Non-Patent Citations (1)
Title |
---|
血梦: "利用Thinkphp 5缓存漏洞实现前台Getshell", 《HTTPS://WWW.HACKSEC.CN/CODESEC/642.HTML》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10044753B2 (en) | Intercepting and supervising calls to transformed operations and objects | |
Yu et al. | JavaScript instrumentation for browser security | |
US10216488B1 (en) | Intercepting and injecting calls into operations and objects | |
Alalfi et al. | Modelling methods for web application verification and testing: state of the art | |
WO2011080062A1 (en) | Analyzing objects from a graphical interface for standards verification | |
CN103870752B (en) | A kind of method, apparatus and equipment for being used to detect Flash XSS loopholes | |
CN109492692A (en) | A kind of webpage back door detection method, device, electronic equipment and storage medium | |
WO2016019105A1 (en) | Method and system for testing page link addresses | |
KR20100100161A (en) | Method and apparatus for testing browser compatibility of web contents | |
Zhu et al. | Detecting privilege escalation attacks through instrumenting web application source code | |
CN103955466B (en) | A kind of method and device for showing document in a browser | |
CN109491912A (en) | A kind of code audit method, apparatus and storage medium | |
CN107526678A (en) | The method of testing and device of web application | |
CN116361793A (en) | Code detection method, device, electronic equipment and storage medium | |
KR100614931B1 (en) | Vulnerability analysis apparatus and method of web application | |
Ablahd et al. | Using flask for SQLIA detection and protection | |
CN111666216B (en) | Intelligent contract analysis method and device | |
CN113849817A (en) | Method and device for detecting pollution vulnerability of JavaScript prototype chain | |
CN111865977A (en) | Information processing method and system | |
JP2018120256A (en) | Setting operation input support apparatus and setting operation input support system | |
Beuster et al. | Real world verification–Experiences from the Verisoft email client | |
CN111414525A (en) | Data acquisition method and device for small program, computer equipment and storage medium | |
Hidhaya et al. | Supplementary event-listener injection attack in smart phones | |
CN111859387A (en) | Automatic construction method for Android platform software vulnerability model | |
CN116719986B (en) | Python-based data grabbing method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing Applicant after: BEIJING KNOWNSEC INFORMATION TECHNOLOGY Co.,Ltd. Address before: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing Applicant before: BEIJING KNOWNSEC INFORMATION TECHNOLOGY Co.,Ltd. |
|
CB02 | Change of applicant information | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190319 |
|
RJ01 | Rejection of invention patent application after publication |