CN109684838B - Static code auditing system and method for Ether house intelligent contract - Google Patents

Abstract

The invention discloses a static code auditing system and method for an intelligent contract on an Etherhouse platform of a block chain, belonging to the technical field of information security. The invention can detect the security threat on the intelligent contract compiled by using the solid language on the Ethengfang platform, position the safety threat to a specific position, clarify the harm and provide a corresponding solution. The method comprises the following steps: firstly, a user inputs a project directory to be detected or a path of a single file into a system, the system carries out preprocessing operation on input contents, copies the whole project into a temporary working directory and deletes annotation contents in a consistency file in the temporary working directory; secondly, the system analyzes each consistency file into a form of a syntax tree through operations such as lexical analysis, syntactic analysis and the like; then, the system carries out static feature matching on the grammar tree structure and the preset logic matching features to obtain a matching result; and finally, classifying and summarizing the matched results by the system to generate a report file, namely the detection result.

Description

Static code auditing system and method for Ether house intelligent contract

Technical Field

The invention belongs to the technical field of information security, and particularly relates to a static code auditing system and method for an intelligent contract on an Ethernet workshop platform of a block chain.

Background

In a narrow sense of block chain technology, the block chain technology is a distributed account book which is a chain data structure formed by combining data blocks in a sequential connection mode according to a time sequence and is cryptographically guaranteed to be not falsifiable and counterfeitable. Broadly, the blockchain technique is a completely new distributed infrastructure and computing approach that utilizes blockchain data structures to verify and store data, utilizes distributed node consensus algorithms to generate and update data, utilizes cryptography to secure data transmission and access, and utilizes intelligent contracts composed of automated script code to program and manipulate data.

The Etherhouse is an open-source public blockchain platform with intelligent contract functions. A decentralized virtual machine is provided to process point-to-point contracts through its private cryptocurrency ethernet currency.

An intelligent contract is a computer transaction agreement that enforces the terms of the contract. It is essentially a piece of executable code that will automatically run when accessed by a user at the address. The intelligent contracts are public, and all users on the blockchain can see the intelligent contracts based on the blockchain.

At present, intelligent contracts on an Ethern platform based on block chains are applied, such as Backfeed of a social and economic platform, a decentralized forecast market Augur, a smart Grid Transactive Grid and the like, however, in the development process of a plurality of applications, a designer only pays attention to the functionality of the intelligent contracts without considering the safety problem of the intelligent contracts, so that potential safety hazards exist in the application, and as the content of the intelligent contracts is public, anyone can analyze the source codes of the intelligent contracts to find holes.

Disclosure of Invention

The invention aims to overcome the defects of the prior art and provides a static code auditing system and method for intelligent contracts on an Ethernet workshop platform of a block chain.

The technical problem proposed by the invention is solved as follows:

a static code auditing system for intelligent contracts on an Ethern platform of a block chain comprises a preprocessing module, a syntax tree generating module, a static feature matching module and a report generating module;

a preprocessing module: the system comprises a client, a client and a server, wherein the client is used for detecting the legality of user input, copying the whole project to a temporary working directory and deleting an annotation part in a identity file;

a syntax tree generation module: the grammar tree generation device is used for performing lexical analysis and grammar analysis on the preprocessed files to generate grammar trees;

a static feature matching module: the system is used for matching the grammar tree with a preset logic matching rule, checking whether the grammar tree is hit or not, and recording corresponding code information if the grammar tree is hit and matched;

a report generation module: and the code information is used for classifying and summarizing successfully matched code information to generate a report result file.

A static code auditing method for intelligent contracts on a blockchain Ethernet shop platform comprises the following steps:

step 1, system pretreatment:

the system carries out legality detection on the input of a user, then copies the whole project into a temporary working directory, and deletes the comment part in the identity file;

step 2, syntax tree generation:

for each identity code file, processing a reference file of the identity code file, copying a part of the referenced content into a current file, performing lexical analysis, extracting each legal vocabulary, performing reprocessing operation on the vocabulary, packaging variables and constants in the vocabulary into corresponding structural types, performing syntactic analysis, and converting a code expression into a form of a syntactic tree by using technologies such as a push-down automaton and the like;

step 3, static characteristic matching:

the system performs feature matching on the syntax tree corresponding to each code file, matches with a preset logic rule by traversing each branch of the syntax tree, and can be positioned on a specific expression if matching is successful;

and 4, generating a detection report:

the system firstly classifies the results obtained by matching according to files, then reclassifies the results in each file according to the type of the threat, and gives specific code positions, hazards and solving ways for each discovered threat; finally, the system aggregates all the results and generates an overall report.

The invention has the beneficial effects that:

the invention provides a static code auditing system and method for an intelligent contract on an Etherhouse platform of a block chain, which utilize the technology of a push-down automaton and the like to realize the static code auditing system for the intelligent contract written in a Solidity language on the Etherhouse platform of the block chain and can find out and analyze the security threat existing on the intelligent contract. The invention has the following characteristics: using the push down automaton technique, a conversion from a code file to a syntax tree is achieved, with a clear logical hierarchy to represent abstract code content. By using the static characteristic matching technology, the established logic rules can be added, modified or deleted at any time, so that the system is more flexible and expandable. The security problem of the intelligent contract can be detected through matching, and the security risk of the application is reduced.

Drawings

FIG. 1 is a schematic diagram of the system of the present invention.

Detailed Description

The invention is further described below with reference to the figures and examples.

The embodiment provides a static code auditing system for an intelligent contract on an ether house platform of a block chain, which has a structural schematic diagram shown in fig. 1 and comprises a preprocessing module, a syntax tree generating module, a static feature matching module and a report generating module;

a preprocessing module: the system comprises a client, a client and a server, wherein the client is used for detecting the legality of user input, copying the whole project to a temporary working directory and deleting an annotation part in a identity file;

a syntax tree generation module: the grammar tree generation device is used for performing lexical analysis and grammar analysis on the preprocessed files to generate grammar trees;

a static feature matching module: the system is used for matching the grammar tree with a preset logic matching rule, checking whether the grammar tree is hit or not, and recording corresponding code information if the grammar tree is hit and matched;

a report generation module: and the code information is used for classifying and summarizing successfully matched code information to generate a report result file.

A static code auditing method for intelligent contracts on a blockchain Ethernet shop platform comprises the following steps:

step 1, system pretreatment: the system carries out legality detection on the input of a user, then copies the whole project into a temporary working directory, and deletes the comment part in a identity file, and the method specifically comprises the following steps:

step 1-1, a user inputs an intelligent contract project directory to be audited or a PATH PATH of a single code file, a system detects whether the PATH is legal or not, if the PATH is not a rule warning prompt, the step 1-2 is entered if the PATH is a rule;

step 1-2, the system locates the position of the PATH, and copies the whole directory or file into the temporary working directory WORK;

step 1-3, traversing the working directory WORK, finding a solid code file with sol as a suffix name, and deleting all annotation parts in the file;

step 2, syntax tree generation: for each identity code file, processing a reference file of the identity code file, copying a part of the referenced content into a current file, performing lexical analysis, extracting each legal vocabulary, performing reprocessing operation on the vocabulary, packaging variables and constants in the vocabulary into corresponding structural types, performing syntactic analysis, and converting a code expression into a form of a syntactic tree by using technologies such as a push-down automaton and the like; the method specifically comprises the following steps:

step 2-1, the system maintains a List of files to be analyzed_aAnd a List of parsed files_bAll the identity code files are initially placed in the List in their entirety_aIn, List_bEmptying;

step 2-2. checking List_aIf the file exists in the file list, taking out the file in sequence and carrying out the operation of the step 2-3 on the file, otherwise, entering the step 2-8;

step 2-3, for any one solid code file, the system firstly checks whether the solid code file is in the analyzed file list, if so, the step 2-2 is carried out, otherwise, the step 2-4 is carried out;

step 2-4, checking whether the file has an import keyword, if so, determining that the identity code file has a reference file, positioning by the system through a path behind the import keyword to obtain a path of the reference file, recording a reference relation, and then performing the operation of step 2-3 aiming at the reference file; if no reference file exists, entering step 2-5;

and 2-5, carrying out lexical analysis on the code content by the system by using a finite automaton technology:

for a character C_iThe subscript i is the position of the character in the code content, and if the subscript i is a boundary word such as "(", ")", "{", "}" and the like, the character is extracted separately;

if character C_iIf it is double quotation marks or single quotation marks, the characters behind it are judged in turn until the characters are judged

Also corresponding double quotation marks or single quotation marks, k₁Is a positive integer, then will

Extracting a constant word as a character string;

if character C_iIs underlined "_" or a letter, the characters following it are judged in order until

The composed words do not satisfy the variable naming rules of Solidity, and will then

Extracted as an identifier word, k₂Is a positive integer;

if character C_iIf it is a number, the characters after it are judged in turn until

Can no longer be represented as a number, and will then

Extracted as a number word, k₃Is a positive integer;

if character C_iIs a plus sign, a minus sign, a plus sign, or a comparison signThe number, then judge the character after it in turn until

Cannot form a legal operation, assignment or comparison sign, and then

Extracted as a symbolic word, k₄Is a positive integer;

the system stores the extracted words in the form of name, and determines the line number of each word by detecting the line feed character in the judging process, and finally generates a word structure word which is formed by the name of the word_wAnd the line number n_wBinary (name) of_w，n_w) Represents;

step 2-6, the system carries out reprocessing operation on the binary structure word generated by lexical analysis:

for a two-tuple word_tThe subscript t represents the tth binary group whose word name is the first choice_wWhether the language is the basic type of the identity language or not, if so, continuing to judge the subsequent word structure so as to enable the name in the word structure_wThe arrangement of values can satisfy the variable declaration structure of the solid until word_t-word_t+jCan not form a legal variable statement, j is a positive integer, and then word is formed_t-word_t+j-1Packaged into one of basic type_vRestriction keyword restiction_vName of variable_vAnd the line number n_vA constituent quadruple variable var of the expression (type)_v，restriction_v，name_v，n_v) Simultaneously, the original word structure word_tReplace with var, and delete from word_t+1To word_t+j-1The word structure of (1); if word_tName in (1)_wIs a character string or a number constant, then directly packaging the character string or the number constant into a type of_c(character string or number), content_cAnd the line number n_cThe triplet structure constant is formed, and the expression is (type)_c，content_c，n_c) Then the original word is put in_tReplacing with constant; for other names_wThe value is kept unchanged;

step 2-7, the system carries out syntactic analysis on the generated word, var and constant structures:

the outermost layer structure of the Solidity language is mainly a contract, a library and an interface, and the system is called as a mainBlock; the system first finds the keywords "extract", "library" and "interface", and then creates the corresponding type structure:

for a two-tuple word_tIf its name is_wCreating a mainBlock structure for a contact, library or interface, and then sequentially determining the type of the contact, library or interface according to the subsequent word, var and constant structures_mbName, name_mbAnd inheritance relation base_mbUntil a word appears_kkKk is a positive integer with a name of_wIs a delimiter "{";

then, taking the delimiters "{" and "}" as boundaries, and continuously analyzing the contents in the delimiters, wherein the main structures at this stage are State Variables (variable expressions), Functions (Functions), Function Modifiers (Function Modifiers), Events (Events), Struct Types (structure Types) and Enum Types (enumeration Types);

the system adopts the technology of a push-down automaton, and variable, constant and operation, assignment or comparison symbols are reduced into variable expressions according to reduction rules formulated by a Solidity language;

for function types, the system detects the name of the function according to the function definition rule of the identity_fParameter param_fAnd a restriction word restiction_fAnd a return value return_fThen, taking the delimiters '{' and '}' as boundaries to analyze the expression content in the boundary, and analyzing the process with the variable expression to obtain an expression set expList_fAnd adding it to the function structure; if the declared content of the function is not the delimiters "{" but semicolons "; if yes, the function is an abstract function, and the function analysis is finished; after the function analysis is finished, the generation is carried outAdd the function structure of (4) to mainBlock;

for the function regulator, the system detects the name of the function regulator in turn according to the definition rule of the function regulator of identity_mAnd parameter param_mThen, taking the delimiters '{' and '}' as boundaries to analyze the expression content in the boundary, and analyzing the process with the variable expression to obtain an expression set expList_mThen added to the function adjuster structure; after the function regulator analysis is finished, adding the generated function regulator structure into the mainBlock;

for the event type, the system will detect the name names according to the event definition rule of identity in turn_eAnd parameter param_eAdding the generated event structure into the mainBlock;

for the structure type, the system will detect its name in turn according to the structure definition rule of identity_sAnd variable value therein_sAnd adding the generated structure to mainBlock;

for an enumeration structure, the system will detect its name names in turn according to the enumeration definition rule of identity_enumAnd the object value enumerated therein_enumAdding the generated enumeration structure into the mainBlock;

through the parsing operation, the system generates one or several syntax trees, and at this time, the code file is parsed and placed in the parsed file List List_bIn (2), List is simultaneously in the unresolved file List_aDeleting the identity code file and returning to the step 2-2;

step 2-8, all code files are completely analyzed into a syntax tree form, and the system enters a static feature matching stage;

step 3, static characteristic matching:

the system performs feature matching on the syntax tree corresponding to each code file, matches with a preset logic rule by traversing each branch of the syntax tree, and can be positioned on a specific expression if matching is successful;

and 4, generating a detection report:

the system firstly classifies the results obtained by matching according to files, then reclassifies the results in each file according to the type of the threat, and gives specific code positions, hazards and solving ways for each discovered threat; finally, the system aggregates all the results and generates an overall report.

Claims (1)

1. A static code auditing method for intelligent contracts on a blockchain Ethernet shop platform is characterized by comprising the following steps:

step 1, system pretreatment:

the system carries out legality detection on the input of a user, then copies the whole project into a temporary working directory, and deletes the comment part in the identity file;

step 1-1, a user inputs an intelligent contract project directory to be audited or a PATH PATH of a single code file, a system detects whether the PATH is legal or not, if the PATH is not a rule warning prompt, the step 1-2 is entered if the PATH is a rule;

step 1-2, the system locates the position of the PATH, and copies the whole directory or file into the temporary working directory WORK;

step 1-3, traversing the working directory WORK, finding a solid code file with sol as a suffix name, and deleting all annotation parts in the file;

step 2, syntax tree generation:

for each identity code file, processing a reference file of the identity code file, copying a part of the referenced content into a current file, performing lexical analysis, extracting each legal vocabulary, performing reprocessing operation on the vocabulary, packaging variables and constants in the vocabulary into corresponding structural types, performing syntactic analysis, and converting a code expression into a form of a syntactic tree by using technologies such as a push-down automaton and the like;

step 2-1, the system maintains a List of files to be analyzed_aAnd a List of parsed files_bAll the identity code files are initially placed in the List in their entirety_aIn, List_bEmptying;

step 2-2. checking List_aIf the file exists in the file list, taking out the file in sequence and carrying out the operation of the step 2-3 on the file, otherwise, entering the step 2-8;

step 2-3, for any one solid code file, the system firstly checks whether the solid code file is in the analyzed file list, if so, the step 2-2 is carried out, otherwise, the step 2-4 is carried out;

step 2-4, checking whether the file has an import keyword, if so, determining that the identity code file has a reference file, positioning by the system through a path behind the import keyword to obtain a path of the reference file, recording a reference relation, and then performing the operation of step 2-3 aiming at the reference file; if no reference file exists, entering step 2-5;

and 2-5, carrying out lexical analysis on the code content by the system by using a finite automaton technology:

for a character C_iThe subscript i is the position of the character in the code content, and if the character is a "(", ")", "{", "}" limiting word, the character is extracted separately;

if character C_iIf it is double quotation marks or single quotation marks, the characters behind it are judged in turn until the characters are judged

Also corresponding double quotation marks or single quotation marks, k₁Is a positive integer, then will

Extracting a constant word as a character string;

if character C_iIs underlined "_" or a letter, the characters following it are judged in order until

The composed words do not satisfy the variable naming rules of Solidity, and will then

Extracted as an identifier word, k₂Is a positive integer;

if character C_iIf it is a number, the characters after it are judged in turn until

Can no longer be represented as a number, and will then

Extracted as a number word, k₃Is a positive integer;

if character C_iIf the symbols are operation, assignment or comparison symbols such as "+", "-", "+" and the like, the characters behind the symbols are sequentially judged until the symbols are judged to be the same

Cannot form a legal operation, assignment or comparison sign, and then

Extracted as a symbolic word, k₄Is a positive integer;

the system stores the extracted words in the form of name, and determines the line number of each word by detecting the line feed character in the judging process, and finally generates a word structure word which is formed by the name of the word_wAnd the line number n_wBinary (name) of_w，n_w) Represents;

step 2-6, the system carries out reprocessing operation on the binary structure word generated by lexical analysis:

for a two-tuple word_tThe subscript t represents the tth binary group whose word name is the first choice_wWhether the language is the basic type of the identity language or not, if so, continuing to judge the subsequent word structure so as to enable the name in the word structure_wThe arrangement of values can satisfy the variable declaration structure of solid until wotd_t-word_t+jCan not form a legal variable statement, j is a positive integer, and then wotd is set_t-word_t+j-1Packaged into one of basic type_vRestriction keyword restiction_vName of variable_vAnd the line number n_vA constituent quadruple variable var of the expression (type)_v，restriction_v，name_v，n_v) Simultaneously, the original word structure word_tReplace with var, and delete from word_t+1To word_t+j-1The word structure of (1); if word_tName in (1)_wIs a character string or a number constant, then directly packaging the character string or the number constant into a type of_cContent_cAnd the line number n_cThe triplet structure constant is formed, and the expression is (type)_c，content_c，n_c) Then the original word is put in_tReplacing with constant; for other names_wThe value is kept unchanged;

step 2-7, the system carries out syntactic analysis on the generated word, var and constant structures:

the system first finds the keywords "extract", "library" and "interface", and then creates the corresponding type structure:

for a two-tuple word_tIf its name is_wCreating a mainBlock structure for a contact, library or interface, and then sequentially determining the type of the contact, library or interface according to the subsequent word, var and constant structures_mbName, name_mbAnd inheritance relation base_mbUntil a word appears_kkKk is a positive integer with a name of_wIs a delimiter "{";

then, taking the delimiters '{' and '}' as boundaries, and continuously analyzing the contents in the delimiters, 'and' } as main structures at the stage, namely StateVariables, Functions, Function Modifiers, Events, Struct Types and Enum Types;

the system adopts the technology of a push-down automaton, and variable, constant and operation, assignment or comparison symbols are reduced into variable expressions according to reduction rules formulated by a Solidity language;

for functionThe system detects the name of the system according to the function definition rule of the identity_fParameter param_fAnd a restriction word restiction_fAnd a return value return_fThen, taking the delimiters '{' and '}' as boundaries to analyze the expression content in the boundary, and analyzing the process with the variable expression to obtain an expression set expList_fAnd adding it to the function structure; if the declared content of the function is not the delimiters "{" but semicolons "; if yes, the function is an abstract function, and the function analysis is finished; after the function analysis is finished, adding the generated function structure into the mainBlock;

for the function regulator, the system detects the name of the function regulator in turn according to the definition rule of the function regulator of identity_mAnd parameter param_mThen, taking the delimiters '{' and '}' as boundaries to analyze the expression content in the boundary, and analyzing the process with the variable expression to obtain an expression set expList_mThen added to the function adjuster structure; after the function regulator analysis is finished, adding the generated function regulator structure into the mainBlock;

for the event type, the system will detect the name names according to the event definition rule of identity in turn_eAnd parameter param_eAdding the generated event structure into the mainBlock;

for the structure type, the system will detect its name in turn according to the structure definition rule of identity_sAnd variable value therein_sAnd adding the generated structure to mainBlock;

for an enumeration structure, the system will detect its name names in turn according to the enumeration definition rule of identity_enumAnd the object value enumerated therein_enumAdding the generated enumeration structure into the mainBlock;

through the parsing operation, the system generates one or several syntax trees, and at this time, the code file is parsed and placed in the parsed file List List_bIn (2), List is simultaneously in the unresolved file List_aDeleting the identity code file and returning to the step2-2;

step 2-8, all code files are completely analyzed into a syntax tree form, and the system enters a static feature matching stage;

step 3, static characteristic matching:

the system performs feature matching on the syntax tree corresponding to each code file, matches with a preset logic rule by traversing each branch of the syntax tree, and can be positioned on a specific expression if matching is successful;

and 4, generating a detection report:

the system firstly classifies the results obtained by matching according to files, then reclassifies the results in each file according to the type of the threat, and gives specific code positions, hazards and solving ways for each discovered threat; finally, the system aggregates all the results and generates an overall report.

Images