CN109829312B - JAVA vulnerability detection method and detection system based on call chain - Google Patents
JAVA vulnerability detection method and detection system based on call chain Download PDFInfo
- Publication number
- CN109829312B CN109829312B CN201910085114.3A CN201910085114A CN109829312B CN 109829312 B CN109829312 B CN 109829312B CN 201910085114 A CN201910085114 A CN 201910085114A CN 109829312 B CN109829312 B CN 109829312B
- Authority
- CN
- China
- Prior art keywords
- calling
- call
- vulnerability
- chain
- java
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The application provides a JAVA vulnerability detection method and a JAVA vulnerability detection system based on a call chain, wherein the detection method comprises the following steps: setting a target JAR packet to be detected; processing the JAR packet to generate a function call relation graph; collecting known software sensitive call point Sink methods, classifying the software sensitive call point Sink methods according to the types of vulnerabilities, and configuring various software sensitive call point Sink methods in corresponding vulnerability auditing modules; the vulnerability auditing execution module creates a calling chain by using a depth-first search algorithm on the basis of the function calling relation graph; and screening the obtained call chain to obtain the call chain which can be accessed and analyzed by the outside and output the top-layer method. According to the method and the system, the call chain is created by using a depth-first search algorithm, the security loopholes existing in the software system are deeply and completely excavated, and the security loopholes are displayed to the auditors in the form of the call chain, so that the auditors can conveniently analyze and reproduce the loopholes.
Description
Technical Field
The application belongs to the technical field of information security, and particularly relates to a JAVA vulnerability detection method and system based on a call chain.
Background
The information security problem is changed newly all the time, new attack methods are developed endlessly, and the direction of hacking increasingly focuses on utilizing the security vulnerabilities of software, such as deserialization vulnerabilities, code execution vulnerabilities, command execution and the like, which are mainly generated by poor software architecture and unsafe codes. However, because the bugs are hidden among the program codes, the bugs are difficult to find through a manual auditing mode and are easy to omit, the source codes need to be audited and analyzed, unknown bugs are found, the safety of the application system is guaranteed from the bottom layer, and the development cost of the application system is reduced from the early stage.
Disclosure of Invention
In order to overcome the problems in the related art at least to a certain extent, the application provides a JAVA vulnerability detection method and a JAVA vulnerability detection system based on a call chain.
According to a first aspect of an embodiment of the present application, the present application provides a JAVA vulnerability detection method based on a call chain, which includes the following steps:
setting a target JAR packet to be detected;
processing the JAR packet to generate a function call relation graph;
collecting known software sensitive call point Sink methods, classifying the software sensitive call point Sink methods according to the types of vulnerabilities, and configuring various software sensitive call point Sink methods in corresponding vulnerability auditing modules;
the vulnerability auditing execution module creates a calling chain by using a depth-first search algorithm on the basis of the function calling relation graph;
and screening the obtained call chain to obtain the call chain which can be accessed and analyzed by the outside and output the top-layer method.
According to the JAVA vulnerability detection method based on the call chain, in the step of processing the JAR packet, the JAR packet is processed by adopting the open source framework Soot.
According to the JAVA vulnerability detection method based on the call chain, the function call relation graph comprises a plurality of edges, and each edge stores a current method and an upper layer call method of the current method.
According to the JAVA vulnerability detection method based on the call chain, when the vulnerability type is deserialization, software sensitive call point Sink methods related to deserialization are configured in a deserialization vulnerability audit module in a static list mode.
According to the JAVA vulnerability detection method based on the call chain, when the vulnerability type is the vulnerability injected by the XML external entity, the software sensitive call point Sink method related to XXE is configured in the XXE vulnerability audit module.
The JAVA vulnerability detection method based on the call chain comprises the following specific steps of establishing the call chain by using a depth-first search algorithm on the basis of the function call relation diagram:
executing a vulnerability auditing module, and sequentially taking out software sensitive calling point Sink methods in a software sensitive calling point Sink method static list configured in the vulnerability auditing module in a traversal mode;
searching whether a method exists in a target lib library file and calls the software sensitive calling point Sink method or not in a retrieval mode;
if the calling relationship exists, traversing the upper-layer calling method of the software sensitive calling point Sink method in the edges by taking the current software sensitive calling point Sink method as a starting point on the basis of the function calling relationship diagram;
and (4) recursively calling by taking an upper-layer calling method of the current method as a target, and tracing the calling method layer by layer forward to obtain a complete calling chain.
In the JAVA vulnerability detection method based on a call chain, the specific process of screening the obtained call chain in the step is as follows:
acquiring a top-level method of each calling chain, and analyzing the acquired top-level method by using an open source framework (Soot) to obtain all parent information of a class to which the top-level method belongs;
judging whether the top-level method of the calling chain corresponding to the parent class information has the possibility of being called by the outside according to the characteristics of the class existing in the parent class information;
the screening results in a call chain where the top-level methods can be called externally.
According to a second aspect of the embodiments of the present application, there is also provided a JAVA vulnerability detection system based on a call chain, including:
the setting module is used for setting a target JAR packet to be detected;
the generating module is used for processing the JAR packet and generating a function call relation graph;
the classification configuration module is used for classifying the collected software sensitive calling point Sink methods according to the vulnerability types and configuring the various software sensitive calling point Sink methods in the corresponding vulnerability auditing modules;
the creating module is used for taking out the software sensitive calling point Sink method from the vulnerability auditing module in a traversal mode and creating a calling chain by using a depth-first search algorithm;
the screening module is used for screening the obtained calling chains to obtain the calling chains of which the top-layer method can be accessed and analyzed by the outside;
and the output module is used for outputting a call chain of which the top-level method can be analyzed by external access.
According to the JAVA vulnerability detection system based on the call chain, the call chain takes the software sensitive call point Sink method as the bottom layer method, takes the program entry method as the top layer method, and an intermediate method is arranged between the bottom layer method and the top layer method.
According to a third aspect of the embodiments of the present application, there is also provided a JAVA vulnerability detection apparatus based on a call chain, including:
a processor for processing the received data, wherein the processor is used for processing the received data,
a memory for storing a computer program operable on the processor;
the processor is configured to execute the following steps when running the computer program:
setting a target JAR packet to be detected;
processing the JAR packet to generate a function call relation graph;
collecting known software sensitive call point Sink methods, classifying the software sensitive call point Sink methods according to the types of vulnerabilities, and configuring various software sensitive call point Sink methods in corresponding vulnerability auditing modules;
the vulnerability auditing execution module creates a calling chain by using a depth-first search algorithm on the basis of the function calling relation graph;
and screening the obtained call chain to obtain the call chain of which the top-layer method can be called by the outside and outputting the call chain.
According to the above embodiments of the present application, at least the following advantages are obtained: processing a target JAR packet to be detected to generate a function call relation graph; classifying and configuring the software sensitive call point Sink method according to the vulnerability type; recursively calling by taking an upper calling method of the current method as a target by using a depth-first search algorithm on the basis of a function calling relation graph, and tracing the calling method layer by layer forward to obtain a complete calling chain; the method and the system can deeply and completely mine the security loopholes existing in the software system, and display the security loopholes for the auditors in a calling chain mode, so that the auditors can analyze and reproduce the loopholes conveniently. By adopting the scheme, high-risk vulnerabilities such as deserialization, code execution, command execution and the like hidden in the JAVA framework can be mined, the safety of the JAVA application system is guaranteed from the bottom layer, the development cost of the application system is reduced from the early stage, and the safety of the JAVA application system is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the scope of the invention, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of the specification of the application, illustrate embodiments of the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a flowchart of a JAVA vulnerability detection method based on a call chain according to an embodiment of the present application.
Fig. 2 is a flowchart illustrating an example of creating a call chain by using an deserialization vulnerability audit module in a JAVA vulnerability detection system method based on a call chain according to an embodiment of the present application.
Fig. 3 is a block diagram of a JAVA vulnerability detection system based on a call chain according to an embodiment of the present application.
Detailed Description
For the purpose of promoting a clear understanding of the objects, aspects and advantages of the embodiments of the present application, reference will now be made to the accompanying drawings and detailed description, wherein like reference numerals refer to like elements throughout.
The illustrative embodiments and descriptions of the present application are provided to explain the present application and not to limit the present application. Additionally, the same or similar numbered elements/components used in the drawings and the embodiments are used to represent the same or similar parts.
As used herein, "first," "second," …, etc., are not specifically intended to mean in a sequential or chronological order, nor are they intended to limit the application, but merely to distinguish between elements or operations described in the same technical language.
With respect to directional terminology used herein, for example: up, down, left, right, front or rear, etc., are simply directions with reference to the drawings. Accordingly, the directional terminology used is intended to be illustrative and is not intended to be limiting of the present teachings.
As used herein, the terms "comprising," "including," "having," "containing," and the like are open-ended terms that mean including, but not limited to.
As used herein, "and/or" includes any and all combinations of the described items.
References to "plurality" herein include "two" and "more than two"; reference to "multiple sets" herein includes "two sets" and "more than two sets".
As used herein, the terms "substantially", "about" and the like are used to modify any slight variation in quantity or error that does not alter the nature of the variation. In general, the range of slight variations or errors that such terms modify may be 20% in some embodiments, 10% in some embodiments, 5% in some embodiments, or other values. It should be understood by those skilled in the art that the aforementioned values can be adjusted according to actual needs, and are not limited thereto.
Certain words used to describe the present application are discussed below or elsewhere in this specification to provide additional guidance to those skilled in the art in describing the present application.
Fig. 1 is a flowchart of a JAVA vulnerability detection method based on a call chain according to an embodiment of the present application. As shown in fig. 1, the JAVA vulnerability detection method based on a call chain includes the following steps:
and S1, setting a target JAR packet to be detected.
And S2, processing the JAR package to generate a function call relation graph CallGragh. Specifically, the JAR package may be processed using an open source framework, root. The function call relation graph CallGragh comprises a plurality of edge edges, and each edge stores a current method tgt and an upper-layer call method src of the current method.
S3, collecting known software sensitive call point Sink methods, classifying the software sensitive call point Sink methods according to the types of the vulnerabilities, and configuring the various software sensitive call point Sink methods in corresponding vulnerability auditing modules.
For example, the software sensitive call point Sink method related to deserialization may be configured in the deserialization vulnerability audit module in a static list manner, and the software sensitive call point Sink method related to XXE may be configured in the XXE vulnerability audit module.
Specifically, a readObject () method of a JAVA. io. object inputstream class in a JAVA jdjdk core lib packet and a from XML method of a com.thurightworks.xstream.xstream class in a JAVA open source entry XStream can may be classified into a deserialized software sensitive call point Sink method, and a part method of a java.xml.xml.parser.saxparer class in a JAVA JDK core lib packet and a method of a java.xml.xml.xml.xml.d.umarshalller.unarshal class in a JAVA JDK core lib packet may be classified into a software sensitive call point Sink method of XXE (XML External Entity) type.
S4, executing a vulnerability auditing module, and creating a calling chain by using a depth-first search algorithm on the basis of the function calling relationship diagram, wherein the specific process is as follows:
and executing the vulnerability auditing module, and sequentially taking out the software sensitive calling point Sink methods in the software sensitive calling point Sink method static list configured in the vulnerability auditing module in a traversal mode.
And searching whether a method exists in the target lib library file or not in a retrieval mode to call the software sensitive call point Sink method.
And if the calling relationship exists, traversing an upper layer calling method src of the software sensitive calling point Sink method in the edge on the basis of the function calling relationship diagram by taking the current software sensitive calling point Sink method as a starting point.
And (4) recursively calling by taking an upper-layer calling method of the current method as a target, and tracing the calling method layer by layer forward to obtain a complete calling chain.
The calling chain takes a software sensitive calling point Sink method as a bottom-layer method, a program entry method import as a top-layer method, and an intermediate method is arranged between the bottom-layer method and the top-layer method.
And sequentially executing an deserialization vulnerability audit module and an XXE vulnerability audit module. The following takes an deserialization vulnerability audit module as an example, and as shown in fig. 2, the creation process of the call chain is described in detail:
firstly, software sensitive call point Sink methods in a static list of the software sensitive call point Sink method configured in an anti-serialization vulnerability audit module are sequentially taken out in a traversal mode.
Secondly, whether a method exists in the target lib library file and the software sensitive call point Sink method is called or not is searched in a retrieval mode.
If the calling relationship exists, traversing an upper layer calling method src of the software sensitive calling point Sink method in the edge (X) by taking the current software sensitive calling point Sink method as a starting point on the basis of the function calling relationship diagram CallGragh. If the tgt method of an edge (Y) is the same as the src method of the edge (X), it indicates that the edge (Y) has a call relationship with the edge (X).
And searching whether a tgt method of a certain edge (Z) is the same as an src method of the edge (Y) in the function call relational graph CallGragh again, and tracing the call method layer by layer until the call method of the edge cannot be found, namely, the tgt method of the edge and the src method of the current edge cannot be found, so as to obtain a complete call chain.
S5, screening the obtained call chain, wherein the specific process is as follows:
and acquiring a top-level method of each calling chain, and analyzing the acquired top-level method by using the open source framework Soot to obtain all parent information of the class to which the top-level method belongs.
And judging whether the top-level method of the call chain corresponding to the parent class information is possible to be called externally or not according to the characteristics of the class existing in the parent class information.
The screening results in a call chain where the top-level methods can be called externally.
The following example explains that the step determines whether the top-level method of the call chain corresponding to the parent class information has the possibility of being called externally according to the characteristics of the class existing in the parent class information:
for example, the top-level method import of the call chain is the public void service (HTTP Servlet req, HTTP Servlet res) method of the flash gateway controller gateway Servlet class, and since the gateway Servlet class inherits from the javax server HTTP server class, the public void service (HTTP Servlet req, HTTP Servlet res) method of the flash gateway controller gateway Servlet class can be externally accessed by means of the HTTP protocol according to the characteristics of the Java Servlet, and there is a possibility of being externally called.
The Java Servlet refers to a server-side program written in Java, and has a main function of interactively browsing and modifying data to generate dynamic Web content. Servlets run in Java-enabled application servers. In implementation, servlets can respond to any type of request, but in most cases servlets are used only to extend Web servers based on the HTTP protocol.
S6, outputting a call chain of which the top-level method can be analyzed by external access.
The JAVA vulnerability detection method based on the call chain utilizes a depth-first search algorithm to create the call chain, carries out detailed analysis on JAR packets related to JAVA engineering projects, collects called channels of all Sink methods, automatically outputs the call chain with possible vulnerabilities after screening and filtering, and provides detailed analysis for analysts.
By using the JAVA vulnerability detection method based on the call chain, high-risk vulnerabilities such as deserialization, code execution, command execution and the like hidden in a JAVA framework can be mined, the safety of the JAVA application system is guaranteed from the bottom layer, the development cost of the application system is further reduced from the early stage, and the safety of the JAVA application system is improved.
The method can find an available path between the software sensitive call point Sink and the program entry method encrypt, is different from the existing data flow analysis method, finds an upper-layer method of the software sensitive call point Sink method on the basis of a depth-first search algorithm, and finally finds all call chains possibly with bugs by traversing and tracing back to the entry method, and the tracing object is a call process between methods.
And the data flow analysis method generally uses a variable tracking backtracking method to judge whether the software sensitive calling point Sink is polluted by taint data, and a tracking object is an assignment process of a variable. By adopting the method, the security loopholes existing in the software system can be deeply and completely excavated and displayed to the auditors in the form of the call chain, so that the auditors can conveniently analyze and reproduce the loopholes.
Fig. 3 is a schematic structural diagram of a JAVA vulnerability detection system based on a call chain according to an embodiment of the present application. As shown in fig. 3, the JAVA vulnerability detection system based on the call chain includes a setting module 1, a generating module 2, a classification configuration module 3, a creating module 4, a screening module 5 and an output module 6.
The setting module 1 is configured to set a target JAR packet to be detected, and use the set target JAR packet as a detection object. It is understood that the JAR package represents a JAR file in Java, i.e., a Java archive file. The JAR file is typically a compressed file, compatible with the usual ZIP compressed files, and contains the class file.
The generation module 2 processes the JAR packet by using the open source framework Soot to generate a function call relation diagram CallGragh. It can be understood that the open source framework root is a code optimization framework capable of receiving java source code, byte code and android apk, and the code analysis is more convenient because the open source framework root provides four intermediate expression forms including baf, jimple, simple and grimpl. The function call relation graph CallGragh includes a plurality of edge edges, and each edge stores the current method tgt and the upper-layer call method src of the current method.
The classification configuration module 3 is used for classifying the collected software sensitive call point Sink methods according to the vulnerability types and configuring the various software sensitive call point Sink methods in the corresponding vulnerability auditing modules.
The creating module 4 takes out the software sensitive call point Sink method from the vulnerability auditing module in a traversal mode and creates a call chain by using a depth-first search algorithm.
And the screening module 5 is used for screening the obtained calling chains to obtain the calling chains of which the top-layer method can be accessed and analyzed by the outside.
The output module 6 is used for outputting a calling chain of which the top-level method can be resolved by external access.
It should be noted that: the JAVA vulnerability detection system based on the call chain provided in the foregoing embodiment is only exemplified by the division of the program modules, and in practical applications, the processing distribution may be completed by different program modules according to needs, that is, the internal structure of the JAVA vulnerability detection system is divided into different program modules to complete all or part of the processing described above. In addition, the JAVA vulnerability detection system and the JAVA vulnerability detection method provided by the above embodiments belong to the same concept, and the specific implementation process thereof is detailed in the method embodiments and will not be described herein again.
According to the method, a generation module 2 is arranged to process a target JAR packet to be detected, a function call relation graph CallGragh is generated, a classification configuration module 3 is arranged to classify and configure a software sensitive call point Sink method according to the types of vulnerabilities, a creation module 4 is arranged to conduct recursive call by taking an upper layer call method of a current method as a target on the basis of the function call relation graph through a depth-first search algorithm, the call method is traced forward layer by layer, and a complete call chain is obtained. The method and the system can deeply and completely mine the security loopholes existing in the software system, and display the security loopholes for the auditors in a calling chain mode, so that the auditors can analyze and reproduce the loopholes conveniently. By adopting the scheme, high-risk vulnerabilities such as deserialization, code execution, command execution and the like hidden in the JAVA framework can be mined, the safety of the JAVA application system is guaranteed from the bottom layer, the development cost of the application system is reduced from the early stage, and the safety of the JAVA application system is improved.
Based on the hardware implementation of each module in the JAVA vulnerability detection system, in order to implement the JAVA vulnerability detection method provided in the embodiment of the present application, an embodiment of the present application further provides a JAVA vulnerability detection apparatus based on a call chain, which includes: a processor and a memory for storing a computer program capable of running on the processor. Wherein the processor, when executing the computer program, performs the steps of:
and setting a target JAR packet to be detected.
And processing the JAR packet to generate a function call relation graph.
The method comprises the steps of collecting known software sensitive call point Sink methods, classifying the software sensitive call point Sink methods according to the types of vulnerabilities, and configuring the various software sensitive call point Sink methods in corresponding vulnerability auditing modules.
And executing the vulnerability auditing module, and establishing a calling chain by using a depth-first search algorithm on the basis of the function calling relation graph.
And screening the obtained call chain to obtain the call chain of which the top-layer method can be called by the outside and outputting the call chain.
In the above embodiment, the call chain uses the software sensitive call point Sink method as the bottom method, uses the program entry method import as the top method, and has an intermediate method between the bottom method and the top method.
In an exemplary embodiment, the present application further provides a computer storage medium, which is a computer readable storage medium, for example, a memory including a computer program, which is executable by a processor in the consensus system to perform the steps of the incentive method. The computer-readable storage medium may be a Memory such as a magnetic random access Memory (FRAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a flash Memory (FlashMemory), a magnetic surface Memory, an optical disk, or a Compact Disc Read-Only Memory (CD-ROM).
The foregoing is merely an illustrative embodiment of the present application, and any equivalent changes and modifications made by those skilled in the art without departing from the spirit and principles of the present application shall fall within the protection scope of the present application.
Claims (9)
1. A JAVA vulnerability detection method based on a call chain is characterized by comprising the following steps:
setting a target JAR packet to be detected;
processing the JAR packet to generate a function call relation graph;
collecting known software sensitive call point Sink methods, classifying the software sensitive call point Sink methods according to the types of vulnerabilities, and configuring various software sensitive call point Sink methods in corresponding vulnerability auditing modules;
the method comprises the following steps of executing a vulnerability auditing module, and establishing a calling chain by using a depth-first search algorithm on the basis of a function calling relation graph, wherein the specific process is as follows:
executing a vulnerability auditing module, and sequentially taking out software sensitive calling point Sink methods in a software sensitive calling point Sink method static list configured in the vulnerability auditing module in a traversal mode;
searching whether a method exists in a target lib library file and calls the software sensitive calling point Sink method or not in a retrieval mode;
if the calling relationship exists, traversing the upper-layer calling method of the software sensitive calling point Sink method in the edges by taking the current software sensitive calling point Sink method as a starting point on the basis of the function calling relationship diagram;
taking an upper-layer calling method of the current method as a target for recursive calling, and tracing the calling method layer by layer forward to obtain a complete calling chain;
and screening the obtained call chain to obtain the call chain which can be accessed and analyzed by the outside and output the top-layer method.
2. The JAVA vulnerability detection method based on the call chain of claim 1, wherein in the step of processing the JAR package, the JAR package is processed by adopting an open source framework (Soot).
3. The JAVA vulnerability detection method according to claim 1, wherein the function call relation graph comprises a plurality of edges, each edge storing a current method and an upper-layer calling method of the current method.
4. The JAVA vulnerability detection method based on the call chain of claim 1, 2 or 3, wherein when the vulnerability type is deserialization, software sensitive call point Sink methods related to deserialization are configured in a deserialization vulnerability audit module in a static list manner.
5. The JAVA vulnerability detection method based on the call chain of claim 1, 2 or 3, wherein when the vulnerability type is the vulnerability injected by an XML external entity, XXE-related software sensitive call point Sink method is configured in a XXE vulnerability auditing module.
6. The JAVA vulnerability detection method based on the call chain according to claim 1, 2 or 3, wherein the specific process of screening the obtained call chain in the step is as follows:
acquiring a top-level method of each calling chain, and analyzing the acquired top-level method by using an open source framework (Soot) to obtain all parent information of a class to which the top-level method belongs;
judging whether the top-level method of the calling chain corresponding to the parent class information has the possibility of being called by the outside according to the characteristics of the class existing in the parent class information;
the screening results in a call chain where the top-level methods can be called externally.
7. A JAVA vulnerability detection system based on a call chain, comprising:
the setting module is used for setting a target JAR packet to be detected;
the generating module is used for processing the JAR packet and generating a function call relation graph;
the classification configuration module is used for classifying the collected software sensitive calling point Sink methods according to the vulnerability types and configuring the various software sensitive calling point Sink methods in the corresponding vulnerability auditing modules;
the creating module is used for taking out the software sensitive call point Sink method from the vulnerability auditing module in a traversal mode and creating a call chain by using a depth-first search algorithm, and the specific process is as follows:
executing a vulnerability auditing module, and sequentially taking out software sensitive calling point Sink methods in a software sensitive calling point Sink method static list configured in the vulnerability auditing module in a traversal mode;
searching whether a method exists in a target lib library file and calls the software sensitive calling point Sink method or not in a retrieval mode;
if the calling relationship exists, traversing the upper-layer calling method of the software sensitive calling point Sink method in the edges by taking the current software sensitive calling point Sink method as a starting point on the basis of the function calling relationship diagram;
taking an upper-layer calling method of the current method as a target for recursive calling, and tracing the calling method layer by layer forward to obtain a complete calling chain; the screening module is used for screening the obtained calling chains to obtain the calling chains of which the top-layer method can be accessed and analyzed by the outside;
and the output module is used for outputting a call chain of which the top-level method can be analyzed by external access.
8. The JAVA vulnerability detection system of claim 7, wherein the call chain uses a software sensitive call point Sink method as a bottom method, a program entry method as a top method, and intermediate methods between the bottom method and the top method.
9. A JAVA vulnerability detection apparatus based on a call chain, comprising:
a processor for processing the received data, wherein the processor is used for processing the received data,
a memory for storing a computer program operable on the processor;
the processor is configured to execute the steps of the JAVA vulnerability detection method based on the call chain according to claim 1 when running the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910085114.3A CN109829312B (en) | 2019-01-29 | 2019-01-29 | JAVA vulnerability detection method and detection system based on call chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910085114.3A CN109829312B (en) | 2019-01-29 | 2019-01-29 | JAVA vulnerability detection method and detection system based on call chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109829312A CN109829312A (en) | 2019-05-31 |
| CN109829312B true CN109829312B (en) | 2021-01-01 |
Family
ID=66862819
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910085114.3A Active CN109829312B (en) | 2019-01-29 | 2019-01-29 | JAVA vulnerability detection method and detection system based on call chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109829312B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110298179B (en) * | 2019-07-10 | 2021-11-16 | 中国民航信息网络股份有限公司 | Open source framework security vulnerability detection method and device |
| CN111290950B (en) * | 2020-01-22 | 2022-03-01 | 腾讯科技(深圳)有限公司 | Test point obtaining method and device in program test, storage medium and equipment |
| CN111931184B (en) * | 2020-08-11 | 2023-06-30 | 中国工商银行股份有限公司 | Anti-serialization vulnerability detection method and device |
| CN113392404B (en) * | 2021-06-15 | 2023-04-07 | 浙江网商银行股份有限公司 | Vulnerability detection method and device and electronic equipment |
| CN113722721B (en) * | 2021-11-03 | 2022-03-11 | 北京鸿渐科技有限公司 | Value dependency graph-based source library mode Java security vulnerability detection method |
| CN114968826B (en) * | 2022-07-28 | 2022-11-22 | 深圳开源互联网安全技术有限公司 | Application program bug fixing verification method and system |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106845234A (en) * | 2017-01-05 | 2017-06-13 | 中国电子科技网络信息安全有限公司 | A kind of Android malware detection method based on the monitoring of function flow key point |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102521117B (en) * | 2011-10-27 | 2014-03-19 | 北京航空航天大学 | Java exception propagation static structure extraction method |
| CN103473509A (en) * | 2013-09-30 | 2013-12-25 | 清华大学 | Android platform malware automatic detecting method |
| CN105989294B (en) * | 2015-02-17 | 2019-02-26 | 华为技术有限公司 | Android installation kit detection method and device |
| CN104766016B (en) * | 2015-04-14 | 2018-01-09 | 北京理工大学 | A kind of software vulnerability detection method that short sequence is called based on system |
| KR101886203B1 (en) * | 2016-07-19 | 2018-09-06 | 주식회사 스패로우 | Apparatus and method for analyzing programs |
| CN107103240B (en) * | 2017-04-20 | 2020-02-11 | 中国科学院信息工程研究所 | Method and system for identifying privacy disclosure behaviors among Android components based on context information |
-
2019
- 2019-01-29 CN CN201910085114.3A patent/CN109829312B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106845234A (en) * | 2017-01-05 | 2017-06-13 | 中国电子科技网络信息安全有限公司 | A kind of Android malware detection method based on the monitoring of function flow key point |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109829312A (en) | 2019-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109829312B (en) | JAVA vulnerability detection method and detection system based on call chain | |
| Bao et al. | {BYTEWEIGHT}: Learning to recognize functions in binary code | |
| US9720798B2 (en) | Simulating black box test results using information from white box testing | |
| US20060005177A1 (en) | Method, system and program product for optimizing java application performance through data mining | |
| Brucker et al. | On the static analysis of hybrid mobile apps: A report on the state of apache cordova nation | |
| Liang et al. | Deepfuzzer: Accelerated deep greybox fuzzing | |
| CN109101815B (en) | Malicious software detection method and related equipment | |
| RU2427890C2 (en) | System and method to compare files based on functionality templates | |
| Tsutano et al. | An efficient, robust, and scalable approach for analyzing interacting android apps | |
| US11888885B1 (en) | Automated security analysis of software libraries | |
| CN111240991B (en) | Dynamic stain detection method and system for resisting implicit stain propagation | |
| CN113139192B (en) | Third party library security risk analysis method and system based on knowledge graph | |
| Kim et al. | DAPP: automatic detection and analysis of prototype pollution vulnerability in Node. js modules | |
| JP2006268118A (en) | Application environment checking device and method and program thereof | |
| CN114021142A (en) | Android application program vulnerability detection method | |
| Liao et al. | Smartdagger: a bytecode-based static analysis approach for detecting cross-contract vulnerability | |
| CN111414402A (en) | Log threat analysis rule generation method and device | |
| Li et al. | Androct: ten years of app call traces in android | |
| CN112506564B (en) | Method, system and medium for establishing control flow graph | |
| CN108897678B (en) | Static code detection method, static code detection system and storage device | |
| Mitropoulos et al. | Dismal code: Studying the evolution of security bugs | |
| US7539975B2 (en) | Method, system and product for determining standard Java objects | |
| US7647581B2 (en) | Evaluating java objects across different virtual machine vendors | |
| Borzykh et al. | Detecting Code Security Breaches by Means of Dataflow Analysis | |
| CN115544518A (en) | Vulnerability scanning engine implementation method and device, vulnerability scanning method and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |