CN110110523A - A method of it promoting rule code and scans accuracy rate - Google Patents
A method of it promoting rule code and scans accuracy rate Download PDFInfo
- Publication number
- CN110110523A CN110110523A CN201910390622.2A CN201910390622A CN110110523A CN 110110523 A CN110110523 A CN 110110523A CN 201910390622 A CN201910390622 A CN 201910390622A CN 110110523 A CN110110523 A CN 110110523A
- Authority
- CN
- China
- Prior art keywords
- variable
- code
- execution process
- accuracy rate
- loophole
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a kind of methods of promotion rule code scanning accuracy rate, belong to computer field.Method includes the following steps: S1: there may be the code lines of loophole for acquisition;S2: variable in bug code row is identified;S3: by the execution process identification record of variable;S4: noise reduction is carried out to the execution process of variable;S5: judge that loophole whether there is according to the execution process of variable.The beneficial effects of the present invention are: the present invention improves the accuracy rate of rule code scanning, reduces rate of false alarm.
Description
Technical field
The present invention relates to computer fields, are related to a kind of method of promotion rule code scanning accuracy rate.
Background technique
It is scanned using the static code of rule match, the security breaches wrong report scanned is more, accurate low, this is caused to ask
The main reason for topic is that parametric variable have passed through complicated flow processing during transmitting, and rule-based matched quiet
State code scans have only simply been matched to the point there may be loophole, and there is no test the implementation procedure of parametric variable
Card, so that wrong report is higher.Rule-based matched static code scanning in industry at present, there is no effective for this problem
Solution.
Summary of the invention
For the defects in the prior art, an object of the present invention is to provide a kind of promotion rule code scanning accuracy rate
Method, solve the problems, such as that the wrong report of rule-based code scans is more, accurately low.
An object of the present invention is achieved through the following technical solutions: a kind of to promote rule code scanning accuracy rate
Method, comprising the following steps:
S1: there may be the code lines of loophole for acquisition;
S2: variable in bug code row is identified;
S3: by the execution process identification record of variable;
S4: noise reduction is carried out to the execution process of variable;
S5: judge that loophole whether there is according to the execution process of variable.
Further, there may be the code lines of loophole for the acquisition, identify variable in bug code row specifically:
Being matched to a line in PHP project by rule, there may be the code of problem " select*from user
Where id={ $ id } and type={ $ type };", the variable got is exactly $ id, $ type.
Further, the execution process of the identification and record variable specifically: obtain the affiliated of identification current problem code
Method reads out all codes in this method, and the execution process of variable is analyzed from code.
Further, the execution process of the identification and record variable specifically:
The execution process of $ id is (1) $ uid=$ _ GET [' uid '], (2) $ id=intval ($ uid), (3) $ sql=
Select*from user where id={ $ id } and type={ $ type }.
Further, the execution process is one or more, is determined by variable quantity.
Further, the noise reduction includes: controllable judgement,
Wherein, controllable judgement is to get rid of uncontrollable variable process, is left controlled variable and executes process.
Further, the foundation that the judgement loophole whether there is are as follows:
It executes and whether variable is filtered in process;
Code is not filtered in process if executed, loophole exists.
Further, the judgement loophole whether there is specifically:
In the execution process of $ id, variable is filtered using intval function, security breaches are not present, then herein
For wrong report.
The second object of the present invention is to provide a kind of computer installation, including memory, processor and it is stored in memory
Computer program that is upper and can running on a processor, the processor realize the side when executing the computer program
Method.
The third object of the present invention is to provide a kind of computer readable storage medium, stores computer program thereon, institute
It states and realizes the method when computer program is executed by processor.
The beneficial effects of the present invention are embodied in: the present invention improves the accuracy rate of rule code scanning, reduces rate of false alarm.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art are briefly described.In all the appended drawings, similar element
Or part is generally identified by similar appended drawing reference.In attached drawing, each element or part might not be drawn according to actual ratio.
Fig. 1 is flow chart of the present invention.
Specific embodiment
It is described in detail below in conjunction with embodiment of the attached drawing to technical solution of the present invention.Following embodiment is only used for
Clearly illustrate technical solution of the present invention, therefore be only used as example, and cannot be used as a limitation and limit protection model of the invention
It encloses.
It should be noted that unless otherwise indicated, technical term or scientific term used in this application should be this hair
The ordinary meaning that bright one of ordinary skill in the art are understood.
As shown in Figure 1, for a kind of method that promotion rule code scans accuracy rate, method includes the following steps:
S1: there may be the code lines of loophole for acquisition;
S2: variable in bug code row is identified;
S3: by the execution process identification record of variable;
S4: noise reduction is carried out to the execution process of variable;
S5: judge that loophole whether there is according to the execution process of variable.
In specific application scenarios, the code line there may be loophole is found out by rule, obtains and becomes from code line
Amount.
For example, being matched to code " select*from of a line there may be problem in PHP project by rule
User where id={ $ id } and type={ $ type };", then the variable got is exactly $ id, $ type.
The accompanying method for obtaining identification current problem code, all codes in this method is read out, from code
In analyze the execution process of variable.
For example, the execution process of $ id is (1) $ uid=$ _ GET [' uid '], (2) $ id=intval ($ uid), (3) $
Sql=select*from user where id={ $ id } and type={ $ type }
After getting the execution process of variable, need to carry out noise reduction process to code execution flow journey, executing process can
There are one or more for energy, is mainly determined by variable quantity.
Noise reduction process is divided into: the clear and controllable judgement of annotation.Annotation may will affect leakage if there is in executing in process
The judgement in hole.Controllable judgement mainly gets rid of uncontrollable variable process, is left controlled variable and executes process.
The specific formula of noise reduction process are as follows:
Loophole judgement is carried out to the execution process after noise reduction, whether the foundation judged carries out variable to execute in process
Filtering is not filtered code in process if executed, and loophole exists.As $ id execution process in, use
Intval function filters variable, is herein wrong report so security breaches are not present.
It should be appreciated that the embodiment of the present invention can be by computer hardware, the combination of hardware and software or by depositing
The computer instruction in non-transitory computer-readable memory is stored up to be effected or carried out.Standard volume can be used in the method
Journey technology-includes that the non-transitory computer-readable storage media configured with computer program is realized in computer program,
In configured in this way storage medium computer is operated in a manner of specific and is predefined --- according in a particular embodiment
The method and attached drawing of description.Each program can with the programming language of level process or object-oriented come realize with department of computer science
System communication.However, if desired, the program can be realized with compilation or machine language.Under any circumstance, which can be volume
The language translated or explained.In addition, the program can be run on the specific integrated circuit of programming for this purpose.
In addition, the operation of process described herein can be performed in any suitable order, unless herein in addition instruction or
Otherwise significantly with contradicted by context.Process described herein (or modification and/or combination thereof) can be held being configured with
It executes, and is can be used as jointly on the one or more processors under the control of one or more computer systems of row instruction
The code (for example, executable instruction, one or more computer program or one or more application) of execution, by hardware or its group
It closes to realize.The computer program includes the multiple instruction that can be performed by one or more processors.
Further, the method can be realized in being operably coupled to suitable any kind of computing platform, wrap
Include but be not limited to PC, mini-computer, main frame, work station, network or distributed computing environment, individual or integrated
Computer platform or communicated with charged particle tool or other imaging devices etc..Each aspect of the present invention can be to deposit
The machine readable code on non-transitory storage medium or equipment is stored up to realize no matter be moveable or be integrated to calculating
Platform, such as hard disk, optical reading and/or write-in storage medium, RAM, ROM, so that it can be read by programmable calculator, when
Storage medium or equipment can be used for configuration and operation computer to execute process described herein when being read by computer.This
Outside, machine readable code, or part thereof can be transmitted by wired or wireless network.When such media include combining microprocessor
Or other data processors realize steps described above instruction or program when, invention as described herein including these and other not
The non-transitory computer-readable storage media of same type.When promotion rule code scanning accuracy rate according to the present invention
When methods and techniques program, the invention also includes computers itself.
Computer program can be applied to input data to execute function as described herein, to convert input data with life
At storing to the output data of nonvolatile memory.Output information can also be applied to one or more output equipments as shown
Device.In the preferred embodiment of the invention, the data of conversion indicate physics and tangible object, including the object generated on display
Reason and the particular visual of physical objects are described.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to
So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into
Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme should all cover within the scope of the claims and the description of the invention.
Claims (10)
1. a kind of method for promoting rule code scanning accuracy rate, it is characterised in that: method includes the following steps:
There may be the code lines of loophole for acquisition;
Identify variable in bug code row;
Identify and record the execution process of the variable;
Noise reduction is carried out to the execution process of variable;
Judge that loophole whether there is according to the execution process of variable.
2. a kind of method for promoting rule code scanning accuracy rate according to claim 1, it is characterised in that: the acquisition
There may be the code lines of loophole, identify variable in bug code row specifically:
Being matched to a line in PHP project by rule, there may be the code of problem " select*from user where id
={ $ id } and type={ $ type };", the variable got is exactly $ id, $ type.
3. a kind of method for promoting rule code scanning accuracy rate according to claim 1, it is characterised in that: the identification
With the execution process of record variable specifically:
The accompanying method for obtaining identification current problem code, all codes in the method are read out, are analyzed from code
The execution process of variable out.
4. a kind of method for promoting rule code scanning accuracy rate according to claim 3, it is characterised in that: the identification
With the execution process of record variable specifically:
The execution process of $ id is (1) $ uid=$ _ GET [' uid '], (2) $ id=intval ($ uid), (3) $ sql=
Select*from user where id={ $ id } and type={ $ type }.
5. a kind of method for promoting rule code scanning accuracy rate according to claim 1, it is characterised in that: the execution
Process is one or more, is determined by variable quantity.
6. a kind of method for promoting rule code scanning accuracy rate according to claim 1, it is characterised in that: the noise reduction
It include: the controllable judgement of annotation,
Wherein, controllable judgement is to get rid of uncontrollable variable process, is left controlled variable and executes process.
7. a kind of method for promoting rule code scanning accuracy rate according to claim 1, it is characterised in that: the judgement
The foundation that loophole whether there is are as follows:
It executes and whether variable is filtered in process;
Code is not filtered in process if executed, loophole exists.
8. a kind of method for promoting rule code scanning accuracy rate according to claim 1, it is characterised in that: the judgement
Loophole whether there is specifically:
In the execution process of $ id, intval function is used to filter variable, security breaches are not present, then are herein
Wrong report.
9. a kind of computer installation, can run on a memory and on a processor including memory, processor and storage
Computer program, it is characterised in that: the processor is realized when executing the computer program such as any one of claim 1-8 institute
The method stated.
10. a kind of computer readable storage medium, stores computer program thereon, it is characterised in that: the computer program
The method according to claim 1 is realized when being executed by processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910390622.2A CN110110523A (en) | 2019-05-10 | 2019-05-10 | A method of it promoting rule code and scans accuracy rate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910390622.2A CN110110523A (en) | 2019-05-10 | 2019-05-10 | A method of it promoting rule code and scans accuracy rate |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110110523A true CN110110523A (en) | 2019-08-09 |
Family
ID=67489476
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910390622.2A Pending CN110110523A (en) | 2019-05-10 | 2019-05-10 | A method of it promoting rule code and scans accuracy rate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110110523A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111367819A (en) * | 2020-03-30 | 2020-07-03 | 中国建设银行股份有限公司 | Code scanning and filtering method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106227812A (en) * | 2016-07-21 | 2016-12-14 | 杭州安恒信息技术有限公司 | A kind of auditing method of database object script security risk |
| CN108459954A (en) * | 2017-02-22 | 2018-08-28 | 腾讯科技(深圳)有限公司 | Vulnerability of application program detection method and device |
| EP3373552A1 (en) * | 2017-03-09 | 2018-09-12 | General Electric Company | Multi-modal, multi-disciplinary feature discovery to detect cyber threats in electric power grid |
-
2019
- 2019-05-10 CN CN201910390622.2A patent/CN110110523A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106227812A (en) * | 2016-07-21 | 2016-12-14 | 杭州安恒信息技术有限公司 | A kind of auditing method of database object script security risk |
| CN108459954A (en) * | 2017-02-22 | 2018-08-28 | 腾讯科技(深圳)有限公司 | Vulnerability of application program detection method and device |
| EP3373552A1 (en) * | 2017-03-09 | 2018-09-12 | General Electric Company | Multi-modal, multi-disciplinary feature discovery to detect cyber threats in electric power grid |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111367819A (en) * | 2020-03-30 | 2020-07-03 | 中国建设银行股份有限公司 | Code scanning and filtering method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108764674B (en) | Risk control method and device based on rule engine | |
| EP3021225B1 (en) | Automated configuration code based selection of test cases for payment terminals | |
| US20130117855A1 (en) | Apparatus for automatically inspecting security of applications and method thereof | |
| CN103347009B (en) | A kind of information filtering method and device | |
| CN105913088A (en) | Lag identification method, lag identification device and computing equipment | |
| CN110764993A (en) | Automatic testing method and terminal equipment | |
| US20180046934A1 (en) | Warning filter based on machine learning | |
| CN108170425B (en) | Program code modification method and device and terminal equipment | |
| CN109857631A (en) | Code coverage statistical method, device, equipment and storage medium based on artificial intelligence | |
| EP3723030A1 (en) | Technical fee automatic calculation system, technical fee automatic calculation method, and program | |
| CN110110523A (en) | A method of it promoting rule code and scans accuracy rate | |
| CN110457902A (en) | The static source scan method, apparatus and computer storage medium of banking system | |
| CN108491213A (en) | Software continuous integrated approach, software continuous integrating device and electronic equipment | |
| CN110520806A (en) | Identification to the deviation engineering modification of programmable logic controller (PLC) | |
| CN116168403A (en) | Medical data classification model training method, classification method, device and related medium | |
| CN116719579A (en) | AI model observability realization method and device, electronic equipment and storage medium | |
| CN110764745A (en) | Variable transmission and collection method, device and computer readable storage medium | |
| CN115757075A (en) | Task abnormity detection method and device, computer equipment and storage medium | |
| CN107291614B (en) | File abnormity detection method and electronic equipment | |
| CN113010177B (en) | Software-defined instrument, information acquisition method, computer, and storage medium | |
| CN111859370B (en) | Method, apparatus, electronic device and computer readable storage medium for identifying service | |
| CN111666216B (en) | Intelligent contract analysis method and device | |
| CN110659501A (en) | Vulnerability processing tracking method and device, computer system and readable storage medium | |
| CN106169158A (en) | A kind of finance account assets information analysis and Control system and method | |
| CN117349734B (en) | Water meter equipment identification method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190809 |