CN109657475A - Code vulnerabilities check method, apparatus, equipment and storage medium - Google Patents
Code vulnerabilities check method, apparatus, equipment and storage medium Download PDFInfo
- Publication number
- CN109657475A CN109657475A CN201811531459.9A CN201811531459A CN109657475A CN 109657475 A CN109657475 A CN 109657475A CN 201811531459 A CN201811531459 A CN 201811531459A CN 109657475 A CN109657475 A CN 109657475A
- Authority
- CN
- China
- Prior art keywords
- code
- parameter
- request
- join
- loophole
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000003860 storage Methods 0.000 title claims abstract description 51
- 238000011835 investigation Methods 0.000 claims abstract description 56
- 238000013507 mapping Methods 0.000 claims abstract description 16
- 238000001514 detection method Methods 0.000 claims abstract description 13
- 230000006870 function Effects 0.000 claims description 86
- 230000015654 memory Effects 0.000 claims description 14
- 238000012360 testing method Methods 0.000 claims description 5
- 230000009466 transformation Effects 0.000 claims description 4
- 230000008569 process Effects 0.000 abstract description 14
- 239000000284 extract Substances 0.000 abstract description 6
- 238000005304 joining Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 9
- 241000208340 Araliaceae Species 0.000 description 5
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 5
- 235000003140 Panax quinquefolius Nutrition 0.000 description 5
- 238000004891 communication Methods 0.000 description 5
- 235000008434 ginseng Nutrition 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 238000011160 research Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 235000014510 cooky Nutrition 0.000 description 2
- 230000007257 malfunction Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
The present invention relates to safety detection, discloses a kind of code vulnerabilities investigation method, apparatus, equipment and storage medium and extract the request mark for including in instruction this method comprises: receiving loophole investigation instruction, corresponding log storage path is searched in mapping relations;Target journaling file is obtained according to log storage path and is read into joining parameter evidence out;It obtains this and enters to join parameter out and according to corresponding standard go out parameter evidence, the target that parameter out includes in will be entered to join go out parameter and go out parameter according to being compared according to standard, and obtain comparison result, by thus according to carried in instruction request mark obtain code call when journal file and wherein store enter to join parameter evidence out, going out parameter by will enter to join the target that parameter out includes in goes out parameter according to being compared according to standard again, so as to accurately be determined in code calling process according to comparison result with the presence or absence of code vulnerabilities, realize the accurate investigation to code vulnerabilities, improve loophole investigation efficiency.
Description
Technical field
The present invention relates to computer software technical field more particularly to a kind of code vulnerabilities investigation method, apparatus, equipment and
Storage medium.
Background technique
Software program in practical applications, it is possible that loophole or defect (bug), for program code under line,
Developer can be modified debugging to code according to bug, but some bug only occur on line, and the offline previous generation of certain scenes
Code cannot arbitrarily change debugging, and which results in become more hard when bug investigation and take a long time.Importantly,
Since the corresponding design pattern of some open sources scripting language frame (the laravel Development Framework of such as PHP) is more, once occur
Bug, which debugs code and tracks, will expend a large amount of manpower and material resources, therefore, how simply and effectively to code on line into
The investigation of line code loophole is a urgent problem to be solved.
Above content is only used to facilitate the understanding of the technical scheme, and is not represented and is recognized that above content is existing skill
Art.
Summary of the invention
The main purpose of the present invention is to provide a kind of code vulnerabilities investigation method, apparatus, equipment and storage medium, purports
Solving the technical issues of prior art simply and effectively can not carry out code vulnerabilities investigation to code on line.
To achieve the above object, the present invention provides a kind of code vulnerabilities to check method, the described method comprises the following steps:
Loophole investigation instruction is received, the request mark for including in the loophole investigation instruction is extracted, is reflected what is constructed in advance
It penetrates in relationship and searches the corresponding log storage path of the request mark;
Target journaling file is obtained according to the log storage path, and reads in the target journaling file and stores in advance
Enter to join parameter evidence out;
Enter to join parameter out described in acquisition and according to corresponding standard go out parameter evidence, enters to join the target that parameter includes in out by described
Parameter evidence goes out parameter evidence with the standard and is compared out, and obtains comparison result.
Preferably, the step for the request mark for including in the loophole investigation instruction is extracted in the reception loophole investigation instruction
Before rapid, the method also includes:
Code call request is received, whether is detected in the code call request comprising default call parameters;
When including the default call parameters in the code call request, preset Hook Function is called to record the generation
Function call information of the code call request in request life cycle, enters ginseng when the function call information includes function call
Parameter evidence out;
The corresponding journal file of the code call request is written into the function call information, and obtains the log text
The log storage path of part;
Generate the corresponding request mark of the code call request by preset rules, and construct the request identify with it is described
Mapping relations between log storage path.
Preferably, it is described in the code call request include the default call parameters when, call preset hook letter
Number scale records the code call request the step of requesting the function call information in life cycle, comprising:
When in the code call request comprising default call parameters, obtain carried in the code call request it is mutual
Networking protocol address;
Detect whether the Internet protocol address belongs to default Internet protocol address white list;
If belonging to, preset Hook Function is called to record function tune of the code call request in request life cycle
Use information.
It is preferably, described to generate the step of corresponding request of the code call request identifies by preset rules, comprising:
The corresponding request receiving time of the code call request is obtained, preset generating random number plug-in unit is called to generate target
Random number;
Time form transformation is carried out to the request receiving time, obtains corresponding timestamp;
The Internet protocol address, the target random number and the timestamp are combined, the generation is obtained
The corresponding request mark of code call request.
Preferably, enter to join described in the acquisition out parameter according to corresponding standard go out parameter according to the step of, comprising:
Enter to join that parameter out includes in enters parameter evidence described in acquisition, according to it is described enter parameter according in test case data library
It is middle to search corresponding target detection use-case;
The corresponding parameter evidence out of the target detection use-case is obtained, and the parameter that goes out that will acquire goes out parameter according to as standard
According to.
Preferably, it is described by it is described enter join the target that parameter out includes in go out parameter according to the standard go out parameter according into
Row compares, and after the step of obtaining comparison result, the method also includes:
The comparison result be the target go out parameter according to the standard go out parameter according to it is not identical when, determine the generation
There are codes to execute loophole in the request life cycle for code call request;
The corresponding allocating stack of the code call request is read from the function call information, and according to the calling
Storehouse determines that the code executes the corresponding object code of loophole.
It is preferably, described that the step of code executes loophole corresponding object code is determined according to the allocating stack,
Include:
It obtains the code stored in the allocating stack and executes sequence, and if according in the code execution sequence including
A dry marking code determines the corresponding calling code of the code call request;
According to it is described enter parameter according to determining the corresponding object code of code execution loophole from the callings code.
In addition, to achieve the above object, the present invention also proposes a kind of code vulnerabilities examination device, described device includes:
Respond module is instructed, for receiving loophole investigation instruction, extracts the request mark for including in the loophole investigation instruction
Know, the request is searched in the mapping relations constructed in advance and identifies corresponding log storage path;
Data acquisition module for obtaining target journaling file according to the log storage path, and reads the target
Parameter evidence out is joined in entering for storing in advance in journal file;
Data comparing module, for obtain it is described enter to join parameter out and according to corresponding standard go out parameter evidence, enter to join out by described
The target that parameter includes in goes out parameter and goes out parameter according to being compared according to the standard, and obtains comparison result.
In addition, to achieve the above object, the present invention also proposes a kind of code vulnerabilities investigation equipment, and the equipment includes: to deposit
The code vulnerabilities investigation program that reservoir, processor and being stored in can be run on the memory and on the processor, it is described
Code vulnerabilities investigation program is arranged for carrying out the step of code vulnerabilities investigation method as described above.
In addition, to achieve the above object, the present invention also proposes a kind of storage medium, code is stored on the storage medium
Loophole checks program, and the code vulnerabilities investigation program realizes code vulnerabilities investigation side as described above when being executed by processor
The step of method.
The present invention extracts the request mark for including in loophole investigation instruction, in preparatory structure by receiving loophole investigation instruction
Search request identifies corresponding log storage path in the mapping relations built;Target journaling text is obtained according to log storage path
Part, and read stored in advance in target journaling file enter to join parameter evidence out;Obtain into join out parameter according to corresponding standard go out join
Data, will enter to join the target that parameter out includes in and go out parameter and go out parameter according to being compared according to standard, and obtain comparison result,
It is the journal file identified according to the request carried in instruction obtain when code calls due to the present invention and that wherein stores enters
Join parameter evidence out, then goes out parameter by will enter to join the target that parameter includes in out and go out parameter according to being compared according to standard, from
And can accurately be determined to execute loophole with the presence or absence of code in code calling process according to comparison result, it realizes and code is held
The accurate investigation of row loophole improves loophole investigation efficiency.
Detailed description of the invention
Fig. 1 is the structural representation of the code vulnerabilities investigation equipment for the hardware running environment that the embodiment of the present invention is related to
Figure;
Fig. 2 is the flow diagram that code vulnerabilities of the present invention check method first embodiment;
Fig. 3 is the flow diagram that code vulnerabilities of the present invention check method second embodiment;
Fig. 4 is the flow diagram that code vulnerabilities of the present invention check method 3rd embodiment;
Fig. 5 is the structural block diagram of code vulnerabilities examination device first embodiment of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that described herein, specific examples are only used to explain the present invention, is not intended to limit the present invention.
Referring to Fig.1, Fig. 1 is that the code vulnerabilities for the hardware running environment that the embodiment of the present invention is related to check device structure
Schematic diagram.
As shown in Figure 1, code vulnerabilities investigation equipment may include: processor 1001, such as central processing unit
(Central Processing Unit, CPU), communication bus 1002, user interface 1003, network interface 1004, memory
1005.Wherein, communication bus 1002 is for realizing the connection communication between these components.User interface 1003 may include display
Shield (Display), input unit such as keyboard (Keyboard), optional user interface 1003 can also include that the wired of standard connects
Mouth, wireless interface.Network interface 1004 optionally may include standard wireline interface and wireless interface (such as Wireless Fidelity
(WIreless-FIdelity, WI-FI) interface).Memory 1005 can be the random access memory (Random of high speed
Access Memory, RAM) memory, be also possible to stable nonvolatile memory (Non-Volatile Memory,
), such as magnetic disk storage NVM.Memory 1005 optionally can also be the storage device independently of aforementioned processor 1001.
It will be understood by those skilled in the art that structure shown in Fig. 1 does not constitute the limit to code vulnerabilities investigation equipment
It is fixed, it may include perhaps combining certain components or different component layouts than illustrating more or fewer components.
As shown in Figure 1, as may include operating system, data storage mould in a kind of memory 1005 of storage medium
Block, network communication module, Subscriber Interface Module SIM and code vulnerabilities check program.
In code vulnerabilities investigation equipment shown in Fig. 1, network interface 1004 is mainly used for being counted with network server
According to communication;User interface 1003 is mainly used for carrying out data interaction with user;Processing in code vulnerabilities investigation equipment of the present invention
Device 1001, memory 1005 can be set in code vulnerabilities investigation equipment, and the code vulnerabilities investigation equipment passes through processor
The code vulnerabilities investigation program stored in 1001 calling memories 1005, and execute code vulnerabilities row provided in an embodiment of the present invention
Checking method.
The embodiment of the invention provides a kind of code vulnerabilities to check method, is code vulnerabilities of the present invention row referring to Fig. 2, Fig. 2
The flow diagram of checking method first embodiment.
In the present embodiment, code vulnerabilities investigation method the following steps are included:
Step S10: receiving loophole investigation instruction, the request mark for including in the loophole investigation instruction is extracted, preparatory
The request is searched in the mapping relations of building identifies corresponding log storage path;
It should be noted that the executing subject of the method for the present invention can be nginx server, nginx is a lightweight
Web server/Reverse Proxy and email proxy server;The request mark, which can be, is executing this step
Before, nginx server is that the code call request (being illustrated by taking http request as an example below) received generates, and is used for
The request identification information of uniquely tagged is carried out to the code call request.
It should be understood that nginx server would generally receive php or java application and send under certain special screnes
Http request, and multiple php codes (function) may be related in the corresponding request life cycle of these http requests
Call, thus for convenient for subsequent research staff to these http requests carry out code calling bug check, this implementation can in advance by
The log storage path that the request for the production of each http request identifies journal file corresponding with each http request in advance is associated
(constructing the mapping relations) improves bug and checks efficiency to simplify the process of bug investigation.Wherein, the request Life Cycle
The process that phase, i.e. request are terminating from initiating to responding.
In the concrete realization, nginx server carries out the instruction in the loophole investigation instruction for receiving user's input
Parsing obtains the corresponding request mark of code call request to be checked wherein included, then has in the storage constructed in advance
The request is searched in request mark and the mapping relations of log storage path corresponding relationship identifies corresponding log storage road
Diameter.
Step S20: target journaling file is obtained according to the log storage path, and is read in the target journaling file
Parameter evidence out is joined in entering for storing in advance;
It should be understood that described enter to join parameter evidence out, that is, enter parameter evidence (input parameter) and out parameter evidence (output parameter),
So-called input parameter is that the caller of function passes to the implementor of function, is that function external is imparted to function for function
The data that inside uses;So-called output parameter is that the implementor of function passes to the caller of function, is function for function
Inside returns to the data of function external.Http request when calling different php functions needs that ginseng will be inputted in the present embodiment
Number (entering ginseng) passes to function to be called, and obtains the output parameter (joining out) of function return.Certainly, the output parameter
It can be used as the input parameter of next function to be called.
It will be appreciated that so-called bug investigation, i.e. inspection http request whether there is when code (function) calls and call out
Mistake, in the present embodiment by by each code (function) it is corresponding enter join out parameter according to it is expected enter join out parameter according to comparing
It is right, the case where calling malfunctions can be determined whether there is according to comparison result.
In the concrete realization, nginx server obtains code to be checked according to the log storage path got and calls
Corresponding journal file is requested, then reads that the code call request is corresponding to be entered to join parameter evidence out from the journal file.
Step S30: entering to join parameter out and according to corresponding standard go out parameter evidence described in acquisition, enters to join parameter out and wrap in by described
The target contained goes out parameter and goes out parameter according to being compared according to the standard, and obtains comparison result.
It should be understood that the standard goes out parameter evidence, i.e. in the generation called in life cycle, is entirely requested in code call request
The corresponding accurate output parameter of code (function).
It will be appreciated that enter parameter in function call process according to generally there is no mistake, the code (letter when bug occurs
Number) execution can interrupt, and then cause function output error go out parameter evidence, therefore only need by actual code (function) call
When the parameter that goes out go out parameter according to being compared according to standard, so that it may realize that bug is checked.
In the concrete realization, nginx server can parameter out includes in enters parameter evidence, root by entering to join described in obtaining
According to it is described enter parameter according to searching corresponding target detection use-case in test case data library;Then the target detection is obtained to use
Example it is corresponding go out parameter evidence, then will acquire go out parameter according to as standard go out parameter according to it is described enter join out parameter according in include
Target go out parameter according to being compared, obtain the comparison result of bug investigation.
Further, in this embodiment research staff, which can establish one in nginx server side in advance, enters parameter evidence and survey
Incidence relation between example mark on probation, so as to nginx server get into parameter according to when, it is accurate according to the incidence relation
Ground inquires the corresponding test case mark of target detection use-case, to realize the quick determination to target detection use-case.Certainly,
In practical application research staff can also will enter between parameter evidence and enter parameter according to it is corresponding go out ginseng data correlation after be stored in electricity
In sub-table (such as Excel table), so as to nginx server get into parameter according to when, directly by inquire the electronics
Table obtains the standard and goes out parameter evidence, and specific standard goes out the acquisition of parameter evidence, and the present embodiment is without limitation.
The present embodiment extracts the request mark for including in loophole investigation instruction, preparatory by receiving loophole investigation instruction
Search request identifies corresponding log storage path in the mapping relations of building;Target journaling text is obtained according to log storage path
Part, and read stored in advance in target journaling file enter to join parameter evidence out;Obtain into join out parameter according to corresponding standard go out join
Data, will enter to join the target that parameter out includes in and go out parameter and go out parameter according to being compared according to standard, and obtain comparison result,
It is the journal file identified according to the request carried in instruction obtain when code calls due to the present embodiment and wherein stores
Enter to join parameter evidence out, then go out parameter by will enter to join the target that parameter includes in out and go out parameter according to being compared according to standard,
So as to accurately be determined to execute loophole with the presence or absence of code in code calling process according to comparison result, realize to code
The accurate investigation for executing loophole improves loophole investigation efficiency.
With reference to Fig. 3, Fig. 3 is the flow diagram that code vulnerabilities of the present invention check method second embodiment.
Based on above-mentioned first embodiment, code vulnerabilities investigation method provided in this embodiment is before the step S10, also
Include:
Whether step S01: receiving code call request, detect in the code call request comprising default call parameters;
It should be noted that code call request described in the present embodiment can be the code that php or java application is sent
(function) call request.The default call parameters include the code call request corresponding requesting method (such as GET, POST
And HEAD), carry in request URL (uniform resource locator, Uniform Resource Locator) and request
Cookie parameter etc..
It correspondingly, whether include that the step of presetting call parameters, can specifically wrap in the detection code call request
It includes: detecting whether the corresponding requesting method of the code call request is the requesting method of preset kind and request URL or takes
It whether include preset required parameter, such as the corresponding Internet protocol address of request originator in the cookie of band
(IP address) etc..
Step S02: when in the code call request comprising the default call parameters, preset Hook Function is called to remember
Function call information of the code call request in request life cycle is recorded, the function call information includes function call
When enter to join parameter evidence out;
It should be understood that hook (Hook) function, also referred to as hook program, the program of actually one processing message
Section, is called by system, it is linked into system.Whenever specific message issues, before no arrival purpose window, hook program
The message is just first captured, that is, Hook Function first obtains control.
It will be appreciated that under normal conditions, in the corresponding request life cycle of http request of php or java application transmission
It may be related to the calling of multiple php functions, therefore nginx server is needed to involved in entire php function call process
Function call situation recorded, obtain function call information.
In the concrete realization, when nginx server includes default call parameters in detecting code call request
All function call informations of the code call request in request life cycle are recorded by pre-set Hook Function;
Wherein, parameter evidence and allocating stack out are joined by the entering when function call information includes function call.
Further, in order to guarantee the information security in function call process, the present embodiment nginx server will also docking
The code call request received carries out permission detection, specifically, nginx server wraps in detecting the code call request
When containing default call parameters, the Internet protocol address carried in the code call request (or default call parameters) is obtained,
And detect whether the Internet protocol address belongs to default Internet protocol address white list;If belonging to, the code is determined
There is code to call permission and preset Hook Function is called to record the code call request in request life cycle for call request
Interior function call information;If being not belonging to, refusal carries out subsequent response to the code call request.
Step S03: the corresponding journal file of the code call request is written into the function call information, and obtains institute
State the log storage path of journal file;
It should be understood that journal file is recorded on the event occurred in operating system or other software operation or is communicating
The file of message between the different user of software.The function call information that nginx server can will be recorded in the present embodiment
It is written to corresponding journal file, and obtains the log storage path of the journal file.
Step S04: the corresponding request mark of the code call request is generated by preset rules, and constructs the request mark
Know the mapping relations between the log storage path.
It will be appreciated that nginx server may receive asking for many php or java application transmission in the same time
It asks, and the corresponding process flow of each request might not be identical, and then brings the difference of Request Log file, therefore in order to
Effectively the corresponding journal file of each request is distinguished, nginx server can be to different requests pair in the present embodiment
The journal file answered carries out subregion preservation, obtains the log storage path of journal file, then by raw by the preset rules
At request mark log storage path is marked, that is, construct the request identify between the log storage path
Mapping relations, to realize the subsequent quick obtaining to journal file.
Further, in this embodiment described generate the corresponding request mark of the code call request by preset rules
The step of, it may particularly include: obtaining the corresponding request receiving time of the code call request, preset generating random number is called to insert
Part generates target random number;Time form transformation is carried out to the request receiving time, obtains corresponding timestamp;It will be described mutual
Networking protocol address, the target random number and the timestamp are combined, and it is corresponding to obtain the code call request
Request mark.For example, being converted to if the request receiving time that nginx server is recorded is 2018-09-19 15:33:19
Unix timestamp is then 1537342399;Calling preset generating random number plug-in unit to generate target random number is 235;The IP got
Address is 58.19.23.209, can identify create-rule according to the request of " timestamp+IP+ random number " to generate the request
It identifies " 2355819232091537342399 ".
Function tune of the present embodiment by pre-set Hook Function to code call request in request life cycle
It is recorded with information, and by generating corresponding request mark come the day to the journal file for including the function call information
Will store path is marked, and has both realized the real time monitoring to code call request, also for subsequently through the function being recorded
Recalls information provides effective investigation approach to the loophole occurred in function call process.
With reference to Fig. 4, Fig. 4 is the flow diagram that code vulnerabilities of the present invention check method 3rd embodiment.
Based on the various embodiments described above, in the present embodiment, after the step S30, the method also includes:
Step S40: the comparison result be the target go out parameter according to the standard go out parameter according to it is not identical when, sentence
There are codes to execute loophole in the request life cycle for the fixed code call request;
It should be noted that judging that target goes out parameter according to whether identical parameter evidence is gone out with standard in the present embodiment is not tight
It is completely equivalent in lattice meaning, but target goes out parameter according to whether being contained in standard and go out parameter evidence, such as target goes out parameter according to being
{ A, B, C }, and standard goes out parameter according to being { A, B, C, D, E, F }, target goes out parameter and goes out parameter evidence according to being contained in standard at this time, can also
Determine that target goes out parameter and goes out parameter according to " identical " according to standard, i.e., judgement code, which executes, is not present bug.
In the concrete realization, nginx server detect target go out parameter according to standard go out parameter according to it is not identical when, table
There is bug during being called to different codes (function) in Ming Dynasty's code call request, can determine that code tune at this time
With request, there are codes to execute loophole in the request life cycle of itself.
Step S50: reading the corresponding allocating stack of the code call request from the function call information, and according to
The allocating stack determines that the code executes the corresponding object code of loophole.
It should be understood that so-called storehouse, i.e., a kind of data structure for being able to reflect data item arranged in sequence;The present embodiment
In, the allocating stack (call stack) reflects function at current breakpoint is to be called by those functions according to what sequence
's.When failure (bug) occurs, if program is interrupted, we substantially can only see the function finally to malfunction, but pass through
Using call stack it is known that malfunctioning when error functions are by which function call, to realize to bug's
It is accurate to search.
Specifically, nginx server, which can obtain the code stored in the allocating stack, executes sequence, and according to the generation
Several marking codes for including in code execution sequence determine the corresponding calling code of the code call request;According to it is described enter
Parameter executes the corresponding object code of loophole according to the code determining from the calling code.
It should be understood that the code executes sequence, i.e., the calling sequence in code (function) invoked procedure, such as generation
Code call request needs to call 4 functions " function1, function2, function3, fun tion4, and function1
Call function2, function2 that function3, function3 is called to call f unction4 ", when function4 is run
When, " the heap that calling sequence is function4-function3-function2-function1 will be just showed in allocating stack
Stack " feature, and finally called function appears in the top or the stack top of storehouse.In the present embodiment, the marking code can
To be each called function corresponding identification information, such as above-mentioned " function1, function2 " etc., implementing
In, it, can be according to marking code wherein included after the code execution sequence that nginx server is stored in getting allocating stack
Fuzzy matching is carried out in code database, obtain all calling codes of successful match, and according to saving in journal file
Enter parameter evidence, determines that code executes the corresponding object code of loophole from all calling codes of successful match.
The present embodiment by detect code call request request life cycle in there are code execute loophole when, from
The corresponding allocating stack of code call request is read in function call information, and determines that code executes loophole pair according to allocating stack
The object code answered realizes the accurate positioning to the code file to start a leak, improves code vulnerabilities for application developer
It provides convenience, effectively saves manpower and material resources.
In addition, the embodiment of the present invention also proposes a kind of storage medium, code vulnerabilities investigation is stored on the storage medium
Program, the code vulnerabilities investigation program realize the step of code vulnerabilities investigation method as described above when being executed by processor
Suddenly.
It is the structural block diagram of code vulnerabilities examination device first embodiment of the present invention referring to Fig. 5, Fig. 5.
As shown in figure 5, the code vulnerabilities examination device that the embodiment of the present invention proposes includes:
Respond module 501 is instructed, for receiving loophole investigation instruction, extracts the request for including in the loophole investigation instruction
Mark searches the request in the mapping relations constructed in advance and identifies corresponding log storage path;
Data acquisition module 502 for obtaining target journaling file according to the log storage path, and reads the mesh
That stores in advance in mark journal file enters to join parameter evidence out;
Data comparing module 503, for obtain it is described enter to join parameter out and according to corresponding standard go out parameter evidence, by it is described enter ginseng
The target that parameter includes in out goes out parameter and goes out parameter according to being compared according to the standard, and obtains comparison result.
The present embodiment extracts the request mark for including in loophole investigation instruction, preparatory by receiving loophole investigation instruction
Search request identifies corresponding log storage path in the mapping relations of building;Target journaling text is obtained according to log storage path
Part, and read stored in advance in target journaling file enter to join parameter evidence out;Obtain into join out parameter according to corresponding standard go out join
Data, will enter to join the target that parameter out includes in and go out parameter and go out parameter according to being compared according to standard, and obtain comparison result,
It is the journal file identified according to the request carried in instruction obtain when code calls due to the present embodiment and wherein stores
Enter to join parameter evidence out, then go out parameter by will enter to join the target that parameter includes in out and go out parameter according to being compared according to standard,
So as to accurately be determined to execute loophole with the presence or absence of code in code calling process according to comparison result, realize to code
The accurate investigation for executing loophole improves loophole investigation efficiency.
Based on the above-mentioned code vulnerabilities examination device first embodiment of the present invention, code vulnerabilities examination device of the present invention is proposed
Second embodiment.
Further, in this embodiment the code vulnerabilities examination device further includes logger module, the log note
Module being recorded, when for including the default call parameters in the code call request, calling preset Hook Function record institute
Function call information of the code call request in request life cycle is stated, when the function call information includes function call
Enter and joins parameter evidence out;The corresponding journal file of the code call request is written into the function call information, and described in acquisition
The log storage path of journal file;The corresponding request mark of the code call request is generated by preset rules, and constructs institute
State the mapping relations between request mark and the log storage path
Further, the logger module is also used in the code call request comprising default call parameters
When, obtain the Internet protocol address carried in the code call request;Detect whether the Internet protocol address belongs to
Default Internet protocol address white list;If belonging to, calls preset Hook Function to record the code call request and requesting
Function call information in life cycle.
Further, the logger module, when being also used to obtain the corresponding request of the code call request and receiving
Between, call preset generating random number plug-in unit to generate target random number;Time form transformation is carried out to the request receiving time, is obtained
Take corresponding timestamp;The Internet protocol address, the target random number and the timestamp are combined, obtained
The corresponding request mark of the code call request.
Further, the data comparing module 503, be also used to obtain it is described enter join that parameter out includes in enter parameter
According to, according to it is described enter parameter according to searching corresponding target detection use-case in test case data library;Obtain the target detection
The corresponding parameter evidence out of use-case, and the parameter that goes out that will acquire goes out parameter evidence according to as standard.
Further, in this embodiment the code vulnerabilities examination device further includes loophole searching module, the loophole is looked into
Look for module, for the comparison result be the target go out parameter according to the standard go out parameter according to it is not identical when, determine institute
Stating code call request, there are codes to execute loophole in the request life cycle;Institute is read from the function call information
The corresponding allocating stack of code call request is stated, and determines that the code executes the corresponding target of loophole according to the allocating stack
Code.
Further, the loophole searching module is also used to obtain the code stored in the allocating stack and executes sequence,
And the code call request corresponding calling generation is determined according to several marking codes for including in the code execution sequence
Code;According to it is described enter parameter according to determining the corresponding object code of code execution loophole from the callings code.
The other embodiments or specific implementation of code vulnerabilities examination device of the present invention can refer to above-mentioned each method and implement
Example, details are not described herein again.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or the system that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, method of element, article or system.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in a storage medium
In (such as read-only memory/random access memory, magnetic disk, CD), including some instructions are used so that a terminal device (can
To be mobile phone, computer, server, air conditioner or the network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of code vulnerabilities check method, which is characterized in that the described method includes:
Loophole investigation instruction is received, the request mark for including in the loophole investigation instruction is extracted, is closed in the mapping constructed in advance
The request is searched in system identifies corresponding log storage path;
Target journaling file is obtained according to the log storage path, and reads entering of storing in advance in the target journaling file
Join parameter evidence out;
Enter to join parameter out described in acquisition and according to corresponding standard go out parameter evidence, enters to join the target that parameter includes in out and go out to join by described
Data go out parameter evidence with the standard and are compared, and obtain comparison result.
2. the method as described in claim 1, which is characterized in that the loophole investigation is extracted in the reception loophole investigation instruction
Before the step of request mark for including in instruction, the method also includes:
Code call request is received, whether is detected in the code call request comprising default call parameters;
When including the default call parameters in the code call request, preset Hook Function is called to record the code tune
With function call information of the request in request life cycle, entering the join when function call information includes function call is joined out
Data;
The corresponding journal file of the code call request is written into the function call information, and obtains the journal file
Log storage path;
The corresponding request mark of the code call request is generated by preset rules, and constructs the request mark and the log
Mapping relations between store path.
3. method according to claim 2, which is characterized in that described includes the default tune in the code call request
When with parameter, preset Hook Function is called to record function call information of the code call request in request life cycle
Step, comprising:
When in the code call request comprising default call parameters, the internet carried in the code call request is obtained
Protocol address;
Detect whether the Internet protocol address belongs to default Internet protocol address white list;
If belonging to, preset Hook Function is called to record function call letter of the code call request in request life cycle
Breath.
4. method as claimed in claim 3, which is characterized in that described corresponding by the preset rules generation code call request
Request mark the step of, comprising:
The corresponding request receiving time of the code call request is obtained, calls preset generating random number plug-in unit to generate target random
Number;
Time form transformation is carried out to the request receiving time, obtains corresponding timestamp;
The Internet protocol address, the target random number and the timestamp are combined, the code tune is obtained
With the corresponding request mark of request.
5. method as claimed in claim 4, which is characterized in that enter to join parameter out described in the acquisition and go out to join according to corresponding standard
The step of data, comprising:
Enter to join that parameter out includes in enters parameter evidence described in acquisition, according to it is described enter parameter look into according in test case data library
Look for corresponding target detection use-case;
The corresponding parameter evidence out of the target detection use-case is obtained, and the parameter that goes out that will acquire goes out parameter evidence according to as standard.
6. such as the described in any item methods of claim 2 to 5, which is characterized in that described to enter to join parameter out and include in by described
Target go out parameter and go out parameter according to being compared according to the standard, and after the step of obtaining comparison result, the method is also
Include:
The comparison result be the target go out parameter according to the standard go out parameter according to it is not identical when, determine the code tune
With request, there are codes to execute loophole in the request life cycle;
The corresponding allocating stack of the code call request is read from the function call information, and according to the allocating stack
Determine that the code executes the corresponding object code of loophole.
7. method as claimed in claim 6, which is characterized in that described to determine that the code executes leakage according to the allocating stack
The step of corresponding object code in hole, comprising:
Obtain the code stored in the allocating stack and execute sequence, and according to include in the code execution sequence several
Marking code determines the corresponding calling code of the code call request;
According to it is described enter parameter according to determining the corresponding object code of code execution loophole from the callings code.
8. a kind of code vulnerabilities examination device, which is characterized in that described device includes:
Respond module is instructed, for receiving loophole investigation instruction, the loophole is extracted and checks the request mark for including in instruction,
The request is searched in the mapping relations constructed in advance identifies corresponding log storage path;
Data acquisition module for obtaining target journaling file according to the log storage path, and reads the target journaling
Parameter evidence out is joined in entering for storing in advance in file;
Data comparing module, for obtain it is described enter to join parameter out and according to corresponding standard go out parameter evidence, enter to join parameter out by described
The target for including in goes out parameter and goes out parameter according to being compared according to the standard, and obtains comparison result.
9. a kind of code vulnerabilities check equipment, which is characterized in that the equipment includes: memory, processor and is stored in described
On memory and the code vulnerabilities investigation program that can run on the processor, code vulnerabilities investigation program are configured to reality
Now the code vulnerabilities as described in any one of claims 1 to 7 check the step of method.
10. a kind of storage medium, which is characterized in that be stored with code vulnerabilities investigation program, the code on the storage medium
Loophole investigation program realizes the step of code vulnerabilities investigation method as described in any one of claim 1 to 7 when being executed by processor
Suddenly.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811531459.9A CN109657475A (en) | 2018-12-14 | 2018-12-14 | Code vulnerabilities check method, apparatus, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811531459.9A CN109657475A (en) | 2018-12-14 | 2018-12-14 | Code vulnerabilities check method, apparatus, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109657475A true CN109657475A (en) | 2019-04-19 |
Family
ID=66113202
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811531459.9A Pending CN109657475A (en) | 2018-12-14 | 2018-12-14 | Code vulnerabilities check method, apparatus, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109657475A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110347589A (en) * | 2019-06-11 | 2019-10-18 | 烽火通信科技股份有限公司 | A kind of software unit testing automated detection method and system |
| CN110866258A (en) * | 2019-10-12 | 2020-03-06 | 平安科技(深圳)有限公司 | Method for quickly positioning bug, electronic device and storage medium |
| CN111753330A (en) * | 2020-06-18 | 2020-10-09 | 百度在线网络技术(北京)有限公司 | Method, device and equipment for determining data leakage subject and readable storage medium |
| CN113051582A (en) * | 2021-04-28 | 2021-06-29 | 重庆电子工程职业学院 | Computer software technology development and debugging system |
| CN117076333A (en) * | 2023-10-16 | 2023-11-17 | 成都无糖信息技术有限公司 | Vulnerability verification method based on script breakpoint and browser automation |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106415507A (en) * | 2014-06-06 | 2017-02-15 | 日本电信电话株式会社 | Log analysis device, attack detection device, attack detection method and program |
| WO2017071579A1 (en) * | 2015-10-26 | 2017-05-04 | 北京奇虎科技有限公司 | Method and device for mining android system vulnerabilities |
| CN108268354A (en) * | 2016-12-30 | 2018-07-10 | 腾讯科技(深圳)有限公司 | Data safety monitoring method, background server, terminal and system |
-
2018
- 2018-12-14 CN CN201811531459.9A patent/CN109657475A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106415507A (en) * | 2014-06-06 | 2017-02-15 | 日本电信电话株式会社 | Log analysis device, attack detection device, attack detection method and program |
| US20170126724A1 (en) * | 2014-06-06 | 2017-05-04 | Nippon Telegraph And Telephone Corporation | Log analyzing device, attack detecting device, attack detection method, and program |
| WO2017071579A1 (en) * | 2015-10-26 | 2017-05-04 | 北京奇虎科技有限公司 | Method and device for mining android system vulnerabilities |
| CN108268354A (en) * | 2016-12-30 | 2018-07-10 | 腾讯科技(深圳)有限公司 | Data safety monitoring method, background server, terminal and system |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110347589A (en) * | 2019-06-11 | 2019-10-18 | 烽火通信科技股份有限公司 | A kind of software unit testing automated detection method and system |
| CN110866258A (en) * | 2019-10-12 | 2020-03-06 | 平安科技(深圳)有限公司 | Method for quickly positioning bug, electronic device and storage medium |
| CN110866258B (en) * | 2019-10-12 | 2023-11-21 | 平安科技(深圳)有限公司 | Rapid vulnerability positioning method, electronic device and storage medium |
| CN111753330A (en) * | 2020-06-18 | 2020-10-09 | 百度在线网络技术(北京)有限公司 | Method, device and equipment for determining data leakage subject and readable storage medium |
| CN111753330B (en) * | 2020-06-18 | 2023-08-29 | 百度在线网络技术(北京)有限公司 | Determination method, apparatus, device and readable storage medium for data leakage main body |
| CN113051582A (en) * | 2021-04-28 | 2021-06-29 | 重庆电子工程职业学院 | Computer software technology development and debugging system |
| CN117076333A (en) * | 2023-10-16 | 2023-11-17 | 成都无糖信息技术有限公司 | Vulnerability verification method based on script breakpoint and browser automation |
| CN117076333B (en) * | 2023-10-16 | 2024-02-23 | 成都无糖信息技术有限公司 | Vulnerability verification method based on script breakpoint and browser automation |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109657475A (en) | Code vulnerabilities check method, apparatus, equipment and storage medium | |
| CN108595329B (en) | Application testing method and device and computer storage medium | |
| US9547579B1 (en) | Method and apparatus for automatically detecting defects | |
| CN109308263B (en) | Applet testing method, device and equipment | |
| CN111897724B (en) | Automatic testing method and device suitable for cloud platform | |
| CN106991046B (en) | Application testing method and device | |
| WO2018059393A1 (en) | Test method for mobile application program, server, terminal and storage medium | |
| CN110879781B (en) | Program debugging method, device, electronic equipment and computer readable storage medium | |
| CN110119350A (en) | Software Development Kit test method, device and equipment and computer storage medium | |
| CN110554962A (en) | Regression testing process covering method, server and computer readable storage medium | |
| CN112069068A (en) | Automatic test data processing method, device, equipment and readable storage medium | |
| CN112463588A (en) | Automatic test system and method, storage medium and computing equipment | |
| CN113590454A (en) | Test method, test device, computer equipment and storage medium | |
| WO2021196674A1 (en) | System code testing method and apparatus, and computer device and storage medium | |
| CN109542763A (en) | Page monitoring method, device, computer equipment and storage medium | |
| JP4587976B2 (en) | Application vulnerability inspection method and apparatus | |
| CN112559343B (en) | Test path generation method and related equipment | |
| CN111522749B (en) | Page testing method and device, readable storage medium and electronic equipment | |
| CN109828920A (en) | A kind of log analysis method, device and computer readable storage medium | |
| CN112612706A (en) | Automated testing method, computer device and storage medium | |
| CN116166536A (en) | Test method, test device, electronic equipment and storage medium | |
| CN115454860A (en) | Automatic testing method and device, storage medium and electronic equipment | |
| CN113918373A (en) | Memory leak monitoring method, memory leak detection method and corresponding devices | |
| CN115705297A (en) | Code call detection method, device, computer equipment and storage medium | |
| CN112015648A (en) | Test method, device, computer equipment and medium based on automation script |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |