CN109684838B - Static code auditing system and method for Ether house intelligent contract - Google Patents
Static code auditing system and method for Ether house intelligent contract Download PDFInfo
- Publication number
- CN109684838B CN109684838B CN201811404851.7A CN201811404851A CN109684838B CN 109684838 B CN109684838 B CN 109684838B CN 201811404851 A CN201811404851 A CN 201811404851A CN 109684838 B CN109684838 B CN 109684838B
- Authority
- CN
- China
- Prior art keywords
- word
- file
- name
- code
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Machine Translation (AREA)
- Devices For Executing Special Programs (AREA)
Abstract
The invention discloses a static code auditing system and method for an intelligent contract on an Etherhouse platform of a block chain, belonging to the technical field of information security. The invention can detect the security threat on the intelligent contract compiled by using the solid language on the Ethengfang platform, position the safety threat to a specific position, clarify the harm and provide a corresponding solution. The method comprises the following steps: firstly, a user inputs a project directory to be detected or a path of a single file into a system, the system carries out preprocessing operation on input contents, copies the whole project into a temporary working directory and deletes annotation contents in a consistency file in the temporary working directory; secondly, the system analyzes each consistency file into a form of a syntax tree through operations such as lexical analysis, syntactic analysis and the like; then, the system carries out static feature matching on the grammar tree structure and the preset logic matching features to obtain a matching result; and finally, classifying and summarizing the matched results by the system to generate a report file, namely the detection result.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a static code auditing system and method for an intelligent contract on an Ethernet workshop platform of a block chain.
Background
In a narrow sense of block chain technology, the block chain technology is a distributed account book which is a chain data structure formed by combining data blocks in a sequential connection mode according to a time sequence and is cryptographically guaranteed to be not falsifiable and counterfeitable. Broadly, the blockchain technique is a completely new distributed infrastructure and computing approach that utilizes blockchain data structures to verify and store data, utilizes distributed node consensus algorithms to generate and update data, utilizes cryptography to secure data transmission and access, and utilizes intelligent contracts composed of automated script code to program and manipulate data.
The Etherhouse is an open-source public blockchain platform with intelligent contract functions. A decentralized virtual machine is provided to process point-to-point contracts through its private cryptocurrency ethernet currency.
An intelligent contract is a computer transaction agreement that enforces the terms of the contract. It is essentially a piece of executable code that will automatically run when accessed by a user at the address. The intelligent contracts are public, and all users on the blockchain can see the intelligent contracts based on the blockchain.
At present, intelligent contracts on an Ethern platform based on block chains are applied, such as Backfeed of a social and economic platform, a decentralized forecast market Augur, a smart Grid Transactive Grid and the like, however, in the development process of a plurality of applications, a designer only pays attention to the functionality of the intelligent contracts without considering the safety problem of the intelligent contracts, so that potential safety hazards exist in the application, and as the content of the intelligent contracts is public, anyone can analyze the source codes of the intelligent contracts to find holes.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a static code auditing system and method for intelligent contracts on an Ethernet workshop platform of a block chain.
The technical problem proposed by the invention is solved as follows:
a static code auditing system for intelligent contracts on an Ethern platform of a block chain comprises a preprocessing module, a syntax tree generating module, a static feature matching module and a report generating module;
a preprocessing module: the system comprises a client, a client and a server, wherein the client is used for detecting the legality of user input, copying the whole project to a temporary working directory and deleting an annotation part in a identity file;
a syntax tree generation module: the grammar tree generation device is used for performing lexical analysis and grammar analysis on the preprocessed files to generate grammar trees;
a static feature matching module: the system is used for matching the grammar tree with a preset logic matching rule, checking whether the grammar tree is hit or not, and recording corresponding code information if the grammar tree is hit and matched;
a report generation module: and the code information is used for classifying and summarizing successfully matched code information to generate a report result file.
A static code auditing method for intelligent contracts on a blockchain Ethernet shop platform comprises the following steps:
step 1, system pretreatment:
the system carries out legality detection on the input of a user, then copies the whole project into a temporary working directory, and deletes the comment part in the identity file;
step 2, syntax tree generation:
for each identity code file, processing a reference file of the identity code file, copying a part of the referenced content into a current file, performing lexical analysis, extracting each legal vocabulary, performing reprocessing operation on the vocabulary, packaging variables and constants in the vocabulary into corresponding structural types, performing syntactic analysis, and converting a code expression into a form of a syntactic tree by using technologies such as a push-down automaton and the like;
step 3, static characteristic matching:
the system performs feature matching on the syntax tree corresponding to each code file, matches with a preset logic rule by traversing each branch of the syntax tree, and can be positioned on a specific expression if matching is successful;
and 4, generating a detection report:
the system firstly classifies the results obtained by matching according to files, then reclassifies the results in each file according to the type of the threat, and gives specific code positions, hazards and solving ways for each discovered threat; finally, the system aggregates all the results and generates an overall report.
The invention has the beneficial effects that:
the invention provides a static code auditing system and method for an intelligent contract on an Etherhouse platform of a block chain, which utilize the technology of a push-down automaton and the like to realize the static code auditing system for the intelligent contract written in a Solidity language on the Etherhouse platform of the block chain and can find out and analyze the security threat existing on the intelligent contract. The invention has the following characteristics: using the push down automaton technique, a conversion from a code file to a syntax tree is achieved, with a clear logical hierarchy to represent abstract code content. By using the static characteristic matching technology, the established logic rules can be added, modified or deleted at any time, so that the system is more flexible and expandable. The security problem of the intelligent contract can be detected through matching, and the security risk of the application is reduced.
Drawings
FIG. 1 is a schematic diagram of the system of the present invention.
Detailed Description
The invention is further described below with reference to the figures and examples.
The embodiment provides a static code auditing system for an intelligent contract on an ether house platform of a block chain, which has a structural schematic diagram shown in fig. 1 and comprises a preprocessing module, a syntax tree generating module, a static feature matching module and a report generating module;
a preprocessing module: the system comprises a client, a client and a server, wherein the client is used for detecting the legality of user input, copying the whole project to a temporary working directory and deleting an annotation part in a identity file;
a syntax tree generation module: the grammar tree generation device is used for performing lexical analysis and grammar analysis on the preprocessed files to generate grammar trees;
a static feature matching module: the system is used for matching the grammar tree with a preset logic matching rule, checking whether the grammar tree is hit or not, and recording corresponding code information if the grammar tree is hit and matched;
a report generation module: and the code information is used for classifying and summarizing successfully matched code information to generate a report result file.
A static code auditing method for intelligent contracts on a blockchain Ethernet shop platform comprises the following steps:
step 1, system pretreatment: the system carries out legality detection on the input of a user, then copies the whole project into a temporary working directory, and deletes the comment part in a identity file, and the method specifically comprises the following steps:
step 1-1, a user inputs an intelligent contract project directory to be audited or a PATH PATH of a single code file, a system detects whether the PATH is legal or not, if the PATH is not a rule warning prompt, the step 1-2 is entered if the PATH is a rule;
step 1-2, the system locates the position of the PATH, and copies the whole directory or file into the temporary working directory WORK;
step 1-3, traversing the working directory WORK, finding a solid code file with sol as a suffix name, and deleting all annotation parts in the file;
step 2, syntax tree generation: for each identity code file, processing a reference file of the identity code file, copying a part of the referenced content into a current file, performing lexical analysis, extracting each legal vocabulary, performing reprocessing operation on the vocabulary, packaging variables and constants in the vocabulary into corresponding structural types, performing syntactic analysis, and converting a code expression into a form of a syntactic tree by using technologies such as a push-down automaton and the like; the method specifically comprises the following steps:
step 2-1, the system maintains a List of files to be analyzedaAnd a List of parsed filesbAll the identity code files are initially placed in the List in their entiretyaIn, ListbEmptying;
step 2-2. checking ListaIf the file exists in the file list, taking out the file in sequence and carrying out the operation of the step 2-3 on the file, otherwise, entering the step 2-8;
step 2-3, for any one solid code file, the system firstly checks whether the solid code file is in the analyzed file list, if so, the step 2-2 is carried out, otherwise, the step 2-4 is carried out;
step 2-4, checking whether the file has an import keyword, if so, determining that the identity code file has a reference file, positioning by the system through a path behind the import keyword to obtain a path of the reference file, recording a reference relation, and then performing the operation of step 2-3 aiming at the reference file; if no reference file exists, entering step 2-5;
and 2-5, carrying out lexical analysis on the code content by the system by using a finite automaton technology:
for a character CiThe subscript i is the position of the character in the code content, and if the subscript i is a boundary word such as "(", ")", "{", "}" and the like, the character is extracted separately;
if character CiIf it is double quotation marks or single quotation marks, the characters behind it are judged in turn until the characters are judgedAlso corresponding double quotation marks or single quotation marks, k1Is a positive integer, then willExtracting a constant word as a character string;
if character CiIs underlined "_" or a letter, the characters following it are judged in order untilThe composed words do not satisfy the variable naming rules of Solidity, and will thenExtracted as an identifier word, k2Is a positive integer;
if character CiIf it is a number, the characters after it are judged in turn untilCan no longer be represented as a number, and will thenExtracted as a number word, k3Is a positive integer;
if character CiIs a plus sign, a minus sign, a plus sign, or a comparison signThe number, then judge the character after it in turn untilCannot form a legal operation, assignment or comparison sign, and thenExtracted as a symbolic word, k4Is a positive integer;
the system stores the extracted words in the form of name, and determines the line number of each word by detecting the line feed character in the judging process, and finally generates a word structure word which is formed by the name of the wordwAnd the line number nwBinary (name) ofw,nw) Represents;
step 2-6, the system carries out reprocessing operation on the binary structure word generated by lexical analysis:
for a two-tuple wordtThe subscript t represents the tth binary group whose word name is the first choicewWhether the language is the basic type of the identity language or not, if so, continuing to judge the subsequent word structure so as to enable the name in the word structurewThe arrangement of values can satisfy the variable declaration structure of the solid until wordt-wordt+jCan not form a legal variable statement, j is a positive integer, and then word is formedt-wordt+j-1Packaged into one of basic typevRestriction keyword restictionvName of variablevAnd the line number nvA constituent quadruple variable var of the expression (type)v,restrictionv,namev,nv) Simultaneously, the original word structure wordtReplace with var, and delete from wordt+1To wordt+j-1The word structure of (1); if wordtName in (1)wIs a character string or a number constant, then directly packaging the character string or the number constant into a type ofc(character string or number), contentcAnd the line number ncThe triplet structure constant is formed, and the expression is (type)c,contentc,nc) Then the original word is put intReplacing with constant; for other nameswThe value is kept unchanged;
step 2-7, the system carries out syntactic analysis on the generated word, var and constant structures:
the outermost layer structure of the Solidity language is mainly a contract, a library and an interface, and the system is called as a mainBlock; the system first finds the keywords "extract", "library" and "interface", and then creates the corresponding type structure:
for a two-tuple wordtIf its name iswCreating a mainBlock structure for a contact, library or interface, and then sequentially determining the type of the contact, library or interface according to the subsequent word, var and constant structuresmbName, namembAnd inheritance relation basembUntil a word appearskkKk is a positive integer with a name ofwIs a delimiter "{";
then, taking the delimiters "{" and "}" as boundaries, and continuously analyzing the contents in the delimiters, wherein the main structures at this stage are State Variables (variable expressions), Functions (Functions), Function Modifiers (Function Modifiers), Events (Events), Struct Types (structure Types) and Enum Types (enumeration Types);
the system adopts the technology of a push-down automaton, and variable, constant and operation, assignment or comparison symbols are reduced into variable expressions according to reduction rules formulated by a Solidity language;
for function types, the system detects the name of the function according to the function definition rule of the identityfParameter paramfAnd a restriction word restictionfAnd a return value returnfThen, taking the delimiters '{' and '}' as boundaries to analyze the expression content in the boundary, and analyzing the process with the variable expression to obtain an expression set expListfAnd adding it to the function structure; if the declared content of the function is not the delimiters "{" but semicolons "; if yes, the function is an abstract function, and the function analysis is finished; after the function analysis is finished, the generation is carried outAdd the function structure of (4) to mainBlock;
for the function regulator, the system detects the name of the function regulator in turn according to the definition rule of the function regulator of identitymAnd parameter parammThen, taking the delimiters '{' and '}' as boundaries to analyze the expression content in the boundary, and analyzing the process with the variable expression to obtain an expression set expListmThen added to the function adjuster structure; after the function regulator analysis is finished, adding the generated function regulator structure into the mainBlock;
for the event type, the system will detect the name names according to the event definition rule of identity in turneAnd parameter parameAdding the generated event structure into the mainBlock;
for the structure type, the system will detect its name in turn according to the structure definition rule of identitysAnd variable value thereinsAnd adding the generated structure to mainBlock;
for an enumeration structure, the system will detect its name names in turn according to the enumeration definition rule of identityenumAnd the object value enumerated thereinenumAdding the generated enumeration structure into the mainBlock;
through the parsing operation, the system generates one or several syntax trees, and at this time, the code file is parsed and placed in the parsed file List ListbIn (2), List is simultaneously in the unresolved file ListaDeleting the identity code file and returning to the step 2-2;
step 2-8, all code files are completely analyzed into a syntax tree form, and the system enters a static feature matching stage;
step 3, static characteristic matching:
the system performs feature matching on the syntax tree corresponding to each code file, matches with a preset logic rule by traversing each branch of the syntax tree, and can be positioned on a specific expression if matching is successful;
and 4, generating a detection report:
the system firstly classifies the results obtained by matching according to files, then reclassifies the results in each file according to the type of the threat, and gives specific code positions, hazards and solving ways for each discovered threat; finally, the system aggregates all the results and generates an overall report.
Claims (1)
1. A static code auditing method for intelligent contracts on a blockchain Ethernet shop platform is characterized by comprising the following steps:
step 1, system pretreatment:
the system carries out legality detection on the input of a user, then copies the whole project into a temporary working directory, and deletes the comment part in the identity file;
step 1-1, a user inputs an intelligent contract project directory to be audited or a PATH PATH of a single code file, a system detects whether the PATH is legal or not, if the PATH is not a rule warning prompt, the step 1-2 is entered if the PATH is a rule;
step 1-2, the system locates the position of the PATH, and copies the whole directory or file into the temporary working directory WORK;
step 1-3, traversing the working directory WORK, finding a solid code file with sol as a suffix name, and deleting all annotation parts in the file;
step 2, syntax tree generation:
for each identity code file, processing a reference file of the identity code file, copying a part of the referenced content into a current file, performing lexical analysis, extracting each legal vocabulary, performing reprocessing operation on the vocabulary, packaging variables and constants in the vocabulary into corresponding structural types, performing syntactic analysis, and converting a code expression into a form of a syntactic tree by using technologies such as a push-down automaton and the like;
step 2-1, the system maintains a List of files to be analyzedaAnd a List of parsed filesbAll the identity code files are initially placed in the List in their entiretyaIn, ListbEmptying;
step 2-2. checking ListaIf the file exists in the file list, taking out the file in sequence and carrying out the operation of the step 2-3 on the file, otherwise, entering the step 2-8;
step 2-3, for any one solid code file, the system firstly checks whether the solid code file is in the analyzed file list, if so, the step 2-2 is carried out, otherwise, the step 2-4 is carried out;
step 2-4, checking whether the file has an import keyword, if so, determining that the identity code file has a reference file, positioning by the system through a path behind the import keyword to obtain a path of the reference file, recording a reference relation, and then performing the operation of step 2-3 aiming at the reference file; if no reference file exists, entering step 2-5;
and 2-5, carrying out lexical analysis on the code content by the system by using a finite automaton technology:
for a character CiThe subscript i is the position of the character in the code content, and if the character is a "(", ")", "{", "}" limiting word, the character is extracted separately;
if character CiIf it is double quotation marks or single quotation marks, the characters behind it are judged in turn until the characters are judgedAlso corresponding double quotation marks or single quotation marks, k1Is a positive integer, then willExtracting a constant word as a character string;
if character CiIs underlined "_" or a letter, the characters following it are judged in order untilThe composed words do not satisfy the variable naming rules of Solidity, and will thenExtracted as an identifier word, k2Is a positive integer;
if character CiIf it is a number, the characters after it are judged in turn untilCan no longer be represented as a number, and will thenExtracted as a number word, k3Is a positive integer;
if character CiIf the symbols are operation, assignment or comparison symbols such as "+", "-", "+" and the like, the characters behind the symbols are sequentially judged until the symbols are judged to be the sameCannot form a legal operation, assignment or comparison sign, and thenExtracted as a symbolic word, k4Is a positive integer;
the system stores the extracted words in the form of name, and determines the line number of each word by detecting the line feed character in the judging process, and finally generates a word structure word which is formed by the name of the wordwAnd the line number nwBinary (name) ofw,nw) Represents;
step 2-6, the system carries out reprocessing operation on the binary structure word generated by lexical analysis:
for a two-tuple wordtThe subscript t represents the tth binary group whose word name is the first choicewWhether the language is the basic type of the identity language or not, if so, continuing to judge the subsequent word structure so as to enable the name in the word structurewThe arrangement of values can satisfy the variable declaration structure of solid until wotdt-wordt+jCan not form a legal variable statement, j is a positive integer, and then wotd is sett-wordt+j-1Packaged into one of basic typevRestriction keyword restictionvName of variablevAnd the line number nvA constituent quadruple variable var of the expression (type)v,restrictionv,namev,nv) Simultaneously, the original word structure wordtReplace with var, and delete from wordt+1To wordt+j-1The word structure of (1); if wordtName in (1)wIs a character string or a number constant, then directly packaging the character string or the number constant into a type ofcContentcAnd the line number ncThe triplet structure constant is formed, and the expression is (type)c,contentc,nc) Then the original word is put intReplacing with constant; for other nameswThe value is kept unchanged;
step 2-7, the system carries out syntactic analysis on the generated word, var and constant structures:
the system first finds the keywords "extract", "library" and "interface", and then creates the corresponding type structure:
for a two-tuple wordtIf its name iswCreating a mainBlock structure for a contact, library or interface, and then sequentially determining the type of the contact, library or interface according to the subsequent word, var and constant structuresmbName, namembAnd inheritance relation basembUntil a word appearskkKk is a positive integer with a name ofwIs a delimiter "{";
then, taking the delimiters '{' and '}' as boundaries, and continuously analyzing the contents in the delimiters, 'and' } as main structures at the stage, namely StateVariables, Functions, Function Modifiers, Events, Struct Types and Enum Types;
the system adopts the technology of a push-down automaton, and variable, constant and operation, assignment or comparison symbols are reduced into variable expressions according to reduction rules formulated by a Solidity language;
for functionThe system detects the name of the system according to the function definition rule of the identityfParameter paramfAnd a restriction word restictionfAnd a return value returnfThen, taking the delimiters '{' and '}' as boundaries to analyze the expression content in the boundary, and analyzing the process with the variable expression to obtain an expression set expListfAnd adding it to the function structure; if the declared content of the function is not the delimiters "{" but semicolons "; if yes, the function is an abstract function, and the function analysis is finished; after the function analysis is finished, adding the generated function structure into the mainBlock;
for the function regulator, the system detects the name of the function regulator in turn according to the definition rule of the function regulator of identitymAnd parameter parammThen, taking the delimiters '{' and '}' as boundaries to analyze the expression content in the boundary, and analyzing the process with the variable expression to obtain an expression set expListmThen added to the function adjuster structure; after the function regulator analysis is finished, adding the generated function regulator structure into the mainBlock;
for the event type, the system will detect the name names according to the event definition rule of identity in turneAnd parameter parameAdding the generated event structure into the mainBlock;
for the structure type, the system will detect its name in turn according to the structure definition rule of identitysAnd variable value thereinsAnd adding the generated structure to mainBlock;
for an enumeration structure, the system will detect its name names in turn according to the enumeration definition rule of identityenumAnd the object value enumerated thereinenumAdding the generated enumeration structure into the mainBlock;
through the parsing operation, the system generates one or several syntax trees, and at this time, the code file is parsed and placed in the parsed file List ListbIn (2), List is simultaneously in the unresolved file ListaDeleting the identity code file and returning to the step2-2;
step 2-8, all code files are completely analyzed into a syntax tree form, and the system enters a static feature matching stage;
step 3, static characteristic matching:
the system performs feature matching on the syntax tree corresponding to each code file, matches with a preset logic rule by traversing each branch of the syntax tree, and can be positioned on a specific expression if matching is successful;
and 4, generating a detection report:
the system firstly classifies the results obtained by matching according to files, then reclassifies the results in each file according to the type of the threat, and gives specific code positions, hazards and solving ways for each discovered threat; finally, the system aggregates all the results and generates an overall report.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811404851.7A CN109684838B (en) | 2018-11-23 | 2018-11-23 | Static code auditing system and method for Ether house intelligent contract |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811404851.7A CN109684838B (en) | 2018-11-23 | 2018-11-23 | Static code auditing system and method for Ether house intelligent contract |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109684838A CN109684838A (en) | 2019-04-26 |
CN109684838B true CN109684838B (en) | 2020-03-27 |
Family
ID=66185579
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811404851.7A Active CN109684838B (en) | 2018-11-23 | 2018-11-23 | Static code auditing system and method for Ether house intelligent contract |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109684838B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110309660A (en) * | 2019-07-09 | 2019-10-08 | 佛山市伏宸区块链科技有限公司 | A kind of the automation auditing system and method for intelligence contract code |
CN110688151B (en) * | 2019-09-24 | 2022-03-29 | 暨南大学 | Safety translation and analysis method for Ether house identity intelligent contract |
CN110727948B (en) * | 2019-10-11 | 2021-10-29 | 腾讯科技(深圳)有限公司 | Intelligent contract auditing method and device, computer equipment and storage medium |
CN111125697B (en) * | 2019-11-14 | 2022-03-04 | 北京理工大学 | Intelligent contract defect triggerability detection method and system based on defect abstract |
CN111666216B (en) * | 2020-06-05 | 2024-01-23 | 中国银行股份有限公司 | Intelligent contract analysis method and device |
CN112256271B (en) * | 2020-10-19 | 2022-11-29 | 中国科学院信息工程研究所 | Block chain intelligent contract safety detection system based on static analysis |
CN113190234B (en) * | 2021-05-21 | 2023-04-07 | 电子科技大学 | Method and system for automatically recovering intelligent contract function signature of block chain |
CN113190330B (en) * | 2021-05-26 | 2022-06-24 | 电子科技大学 | Block chain threat sensing system and method |
CN117688564B (en) * | 2024-02-01 | 2024-05-03 | 山东大学 | Detection method, device and storage medium for intelligent contract event log |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101266550A (en) * | 2007-12-21 | 2008-09-17 | 北京大学 | Malicious code detection method |
CN101976319A (en) * | 2010-11-22 | 2011-02-16 | 张平 | BIOS firmware Rootkit detection method based on behaviour characteristic |
CN102799524A (en) * | 2012-07-03 | 2012-11-28 | 天津大学 | Defect detection method of browser extension |
CN105303109A (en) * | 2015-09-22 | 2016-02-03 | 电子科技大学 | Malicious code information analysis method and system |
CN107643984A (en) * | 2017-10-18 | 2018-01-30 | 百度在线网络技术(北京)有限公司 | Method and apparatus for output information |
CN108595185A (en) * | 2018-04-11 | 2018-09-28 | 暨南大学 | A method of ether mill intelligence contract is converted into super account book intelligence contract |
-
2018
- 2018-11-23 CN CN201811404851.7A patent/CN109684838B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101266550A (en) * | 2007-12-21 | 2008-09-17 | 北京大学 | Malicious code detection method |
CN101976319A (en) * | 2010-11-22 | 2011-02-16 | 张平 | BIOS firmware Rootkit detection method based on behaviour characteristic |
CN102799524A (en) * | 2012-07-03 | 2012-11-28 | 天津大学 | Defect detection method of browser extension |
CN105303109A (en) * | 2015-09-22 | 2016-02-03 | 电子科技大学 | Malicious code information analysis method and system |
CN107643984A (en) * | 2017-10-18 | 2018-01-30 | 百度在线网络技术(北京)有限公司 | Method and apparatus for output information |
CN108595185A (en) * | 2018-04-11 | 2018-09-28 | 暨南大学 | A method of ether mill intelligence contract is converted into super account book intelligence contract |
Also Published As
Publication number | Publication date |
---|---|
CN109684838A (en) | 2019-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109684838B (en) | Static code auditing system and method for Ether house intelligent contract | |
US20220091827A1 (en) | Pruning Engine | |
Schäfer et al. | Mining framework usage changes from instantiation code | |
Hidaka et al. | Bidirectionalizing graph transformations | |
CN111459799B (en) | Software defect detection model establishing and detecting method and system based on Github | |
CN107203468B (en) | AST-based software version evolution comparative analysis method | |
CN106843840B (en) | Source code version evolution annotation multiplexing method based on similarity analysis | |
Nichols et al. | Syntax-based improvements to plagiarism detectors and their evaluations | |
Ren et al. | Making smart contract development more secure and easier | |
Solanki et al. | Comparative study of software clone detection techniques | |
Meng et al. | [Retracted] A Deep Learning Approach for a Source Code Detection Model Using Self‐Attention | |
Chen et al. | Clone detection in Matlab Stateflow models | |
Nasirloo et al. | Semantic code clone detection using abstract memory states and program dependency graphs | |
Ren et al. | Scstudio: a secure and efficient integrated development environment for smart contracts | |
CN117940894A (en) | System and method for detecting code clones | |
CN110989991B (en) | Method and system for detecting source code clone open source software in application program | |
Zou et al. | SCVD: A new semantics-based approach for cloned vulnerable code detection | |
CN115391785A (en) | Method, device and equipment for detecting risks of software bugs | |
Yang et al. | Pruning the ast with hunks to speed up tree differencing | |
Nguyen et al. | Using topic model to suggest fine-grained source code changes | |
CN102681830B (en) | A kind of method and apparatus of comparison program text | |
Ul Ain et al. | A model-driven approach for token based code clone detection techniques-an introduction to UMLCCD | |
Kaur et al. | Review on Software Cloning and Clone Detection | |
US10997056B1 (en) | Generation of explanatory and executable repair examples | |
Mattis et al. | Ambiguous, informal, and unsound: metaprogramming for naturalness |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |