CN110532782B - Method and device for detecting task execution program and storage medium - Google Patents
Method and device for detecting task execution program and storage medium Download PDFInfo
- Publication number
- CN110532782B CN110532782B CN201910694843.9A CN201910694843A CN110532782B CN 110532782 B CN110532782 B CN 110532782B CN 201910694843 A CN201910694843 A CN 201910694843A CN 110532782 B CN110532782 B CN 110532782B
- Authority
- CN
- China
- Prior art keywords
- task execution
- execution program
- block chain
- rechecking
- issued
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention relates to a method, a device and a storage medium for detecting a task execution program, wherein the method comprises the following steps: acquiring a source code of a task execution program in a block chain network, and formatting the source code to obtain an abstract syntax tree AST of an intermediate language; extracting node information in the AST, optimizing, and converting the node information into a detection target file; then, detecting the target file for the vulnerability, and when detecting that the target file has the vulnerability, if the task execution program is in a state to be issued, temporarily not issuing the task execution program to the block chain network, and outputting notification information of detection failure; if the state is a published state, generating a detection report, and sending early warning information and the detection report to an early warning server; and when the vulnerability is not detected, if the task executive program is in a to-be-issued state, the task executive program is issued to the block chain network, and if the task executive program is in an issued state, processing logic corresponding to the task executive program is executed. The method improves the safety of the block chain network.
Description
Technical Field
The invention belongs to the technical field of computers, and particularly relates to a method and a device for detecting a task execution program and a storage medium.
Background
A Smart Contract (Smart Contract) is a computer protocol that aims to propagate, verify or execute contracts in an informative manner. Smart contracts allow trusted transactions to be conducted without third parties, which transactions are traceable and irreversible. Security considerations require the detection of source code of a task execution program such as an intelligent contract. At present, source codes are mainly detected by methods such as keyword matching, regular matching and the like, and the two methods mainly perform keyword matching on full texts of the source codes according to preset keywords.
In the aspect of positioning methods and variables, when a mechanism for inheriting a parent class or an interface exists in a task execution program, positioning is carried out by only depending on keywords of a source code, and all method and variable information owned by one task execution program cannot be accurately identified. Therefore, for a task execution program and a logic bug with an inheritance parent class or an interface mechanism, the detection effects of the two methods are poor. The security of the blockchain network cannot be guaranteed.
Disclosure of Invention
The invention provides a method and a device for detecting a task execution program and a storage medium, which are used for solving the technical problems that the detection effect is poor and the safety of a block chain network cannot be ensured due to the fact that detection methods such as keyword matching, regular matching and the like are adopted for the task execution program of an intelligent contract class in the prior art.
In one aspect, the present invention provides a method for detecting a task execution program, including:
acquiring a source code of a task execution program to be published in a blockchain network or published in the blockchain network, and formatting the acquired source code to obtain an Abstract Syntax Tree (AST) of an intermediate language;
extracting node information of each node in the abstract syntax tree;
optimizing the extracted node information according to different types, and converting the node information after the optimization into a target file corresponding to a task execution program;
detecting the vulnerability of the target file;
when detecting that the target file has a bug, if the task executive program is a task executive program to be issued, temporarily not issuing the task executive program to the block chain network, and outputting notification information of detection failure; if the task execution program is a task execution program published in the block chain, generating a detection report, and sending early warning information and the detection report to an early warning server;
and when the target file is not detected to have the bug, if the task execution program is the task execution program to be issued, the task execution program is issued to the block chain network, and if the task execution program is the task execution program issued in the block chain, the processing logic corresponding to the task execution program is executed.
In a second aspect, the present invention provides a task execution program detection device, including:
the acquisition module is used for acquiring a source code of a task execution program to be issued in the block chain network or issued in the block chain network, and formatting the acquired source code to obtain an abstract syntax tree of an intermediate language;
the extraction module is used for extracting node information of each node in the abstract syntax tree;
the optimization module is used for optimizing the extracted node information according to different types and converting the node information after optimization into a target file corresponding to the task execution program;
the vulnerability detection module is used for detecting the vulnerability of the target file;
the execution module is used for temporarily not issuing the task executive program to the block chain network and outputting notification information of detection failure if the task executive program is the task executive program to be issued when the target file is detected to have a bug; if the task execution program is a task execution program published in the block chain, generating a detection report, and sending early warning information and the detection report to an early warning server;
and when the target file is not detected to have the bug, if the task execution program is the task execution program to be issued, the task execution program is issued to the block chain network, and if the task execution program is the task execution program issued in the block chain, the processing logic corresponding to the task execution program is executed.
In a third aspect, the present invention provides a readable storage medium having stored thereon a computer program comprising: the computer program, when executed by the processor, performs the steps of the method for detecting task performance of the first aspect.
As can be seen from the foregoing embodiments of the present invention, in the embodiments of the present invention, vulnerability detection before issuing a task execution program to be issued and vulnerability detection after issuing a task execution program that has already been issued in a blockchain network can avoid the task execution program having a vulnerability being issued, and implement early warning of a issued program having a vulnerability, thereby improving security of the blockchain network.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without inventive labor.
Fig. 1 is a schematic structural diagram of a blockchain network according to an embodiment of the present application;
FIG. 2 is a schematic flow chart of a task execution program detection method according to an embodiment of the present application;
fig. 3 is a schematic diagram of a node information optimization process in the embodiment of the present application;
FIG. 4 is a flow chart illustrating an optimization of the task execution program detection method according to the embodiment of the present application;
FIG. 5 is a flow chart illustrating another optimization of the task execution program detection method according to the embodiment of the present application;
fig. 6 is a schematic block diagram of a task execution program detection apparatus according to an embodiment of the present application.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic structural diagram of a blockchain network according to the present invention, in which the blockchain network 100 includes a computer device 110, a review server 120, an early warning server 130, and other terminals 141, 142, and 143 in the blockchain network.
It is understood that the blockchain network is a P2P network, and in the blockchain network architecture, each node is a peer, and the nodes provide network services together, which are a client and a server. In this embodiment, the computer device 110 may be a computer terminal in a blockchain network, and may also be a management server with respect to a terminal submitting a task execution program.
To better understand the technical solution of the present invention, please refer to fig. 2, which is a schematic flow chart of a method for detecting a task execution program in an embodiment of the present application, including:
in this embodiment of the application, in fig. 1, the computer device 110 receives a task execution program that is submitted by the terminal 141 and is already published in the blockchain network 100 or is to be published in the blockchain network 100, and acquires a source code of the task execution program. The task execution program can be an intelligent contract program, for example, the programming language is security, the source code of the task execution program is formatted, syntax semantics in the source code are analyzed, and then AST containing metadata information in the source code of the task execution program is generated according to the analyzed syntax semantics, wherein the AST exists in a node form and is nested layer by layer. AST may include, but is not limited to, attributes, children, id, name, and src mapsrc. Wherein attributes contains information attributes specific to the node; child is a child node list; the id is a node identifier, each node has unique identification information, and the original node can be positioned for the reference node according to the node attribute and the like; name is the node name; src mapsrc is used to locate source code. Specifically, the source code of the task execution program can be compiled by using the solc compiling, and the AST is obtained.
in embodiments of the present invention, the information extracted by computer device 110 from the abstract syntax tree includes, but is not limited to: the attribute, the specific type and the corresponding code source information of each node; and acquiring the connection relation among the nodes from the abstract syntax tree.
in the embodiment of the present invention, the computer device 110 optimizes the acquired node information, optimizes the extracted node information according to different types using a python program, optimizes the extracted node information mainly by the methods of similar information combination, redundant information deletion, formation of a calling track, source code supplement, and stain tracking, and converts the node information into a target file in a Json format. The optimization process will be described in detail in the following embodiments, which are not described herein again.
204, detecting the vulnerability of the target file;
in the embodiment of the present invention, based on the obtained target file, the computer device 110 performs vulnerability detection on the task execution program. The method comprises the steps of obtaining information of a target to be detected in an object corresponding to a task to be detected from a target file, and analyzing consistency of the obtained information and information of a preset task detection program to judge whether a bug exists.
in the embodiment of the present invention, when the computer device 110 detects that the task execution program has a bug, if the task execution program is a task execution program to be issued, the task execution program is not issued to the blockchain network 100 for the moment, so that the task execution program does not take effect, and meanwhile, notification information of detection failure is output; if the task execution program is a task execution program published in the block chain, a detection report is generated, and the early warning information and the detection report are sent to the early warning server 130 for early warning.
in the embodiment of the present invention, when the computer device 110 does not detect that the task execution program has a bug, if the task execution program is a task execution program to be issued, the task execution program is issued to the blockchain network 100, so that the task execution program becomes effective; and if the task executive program is a task executive program published in the block chain, executing the processing logic corresponding to the task executive program.
In the embodiment of the invention, by detecting the vulnerability of the task executive program to be issued before issuing and detecting the vulnerability of the task executive program already issued in the block chain network after issuing, the task executive program with the vulnerability can be prevented from being issued, the early warning of the issued program with the vulnerability is realized, and the safety of the block chain network is improved.
Based on the embodiment shown in fig. 2, please refer to fig. 3, which is a schematic flow chart of node information optimization in the task execution program detection method in the embodiment of the present application, including the following steps:
in the embodiment of the present invention, the computer device 110 merges and associates similar methods or variables in the task execution program, so as to avoid repeated detection of the same problem; similar methods or variables are labeled, and in the subsequent vulnerability detection process, the labeled non-first-appearing methods or variables are not detected.
in the embodiment of the present invention, the computer device 110 performs redundant deletion on the method of inheriting from the parent class or implementing the interface in the task execution program, so as to improve the detection efficiency.
303, generating a calling track of each node by using the reference and referenced relation among the nodes for each node after the redundant deletion;
in the embodiment of the present invention, the computer device 110 extracts the calling information specifying the sensitive method or the variable in the task execution program, and generates the calling track of the sensitive method or the variable according to the extracted calling information, where the calling track is used to determine whether the sensitive method or the variable causes actual damage and influence range, so that when detecting a bug, the calling track can be used to further reduce misjudgment on the bug.
in the embodiment of the present invention, the computer device 110 completes the source code supplementation of the referenced node, so as to avoid the occurrence of false judgment and false judgment due to the occurrence of incomplete code in the next vulnerability detection.
305, utilizing a taint tracking technology to mark and track each node, and storing mark and track information into node information;
in the embodiment of the present invention, the computer device 110 performs tag tracking on storage type variables and preset critical operations in the task execution program by using a taint tracking technology, so as to determine whether all variables and methods with tags have been detected and perform supplementary detection on undetected variables and methods with tags when the task execution program completes vulnerability detection based on the target file in the next step. And by combining the taint tracking technology and the calling track, the misjudgment of the vulnerability can be further reduced.
Preferably, referring to the flowchart of fig. 4 based on the embodiment of fig. 2, a flowchart of an additional step of the embodiment shown in fig. 2 is shown, which includes:
in this embodiment of the present application, when it is detected that the task execution program has a bug, a detection report is generated, and the detection report and the task execution program are sent to the review server 120, so as to perform a review on the task execution program. The computer equipment can be used for retesting, and the retesting can also be performed manually.
receiving a reinspection result returned by the reinspection server, and judging whether the reinspection result is qualified: if the task execution program is in a state to be issued, issuing the task execution program to a network, and outputting issued notification information; if the state is the published state, the processing logic corresponding to the task execution program is executed.
Step 403, when the received retest result returned by the retest server is that the retest is not qualified, if the task execution program is the task execution program to be issued, the task execution program is not issued to the block chain network for the moment, and notification information of detection failure is output; if the task execution program is a task execution program published in the block chain, generating a recheck detection report, and sending early warning information and the recheck detection report to an early warning server;
in the embodiment of the present application, when the retest result returned by the retest server received by the computer device 110 is that the retest is not qualified, if the task execution program is in a to-be-issued state, the task execution program is not issued to the network for the moment, and notification information of the failure of the detection is output; and if the block chain is in a published state, generating a recheck detection report, and sending early warning information and the recheck detection report to an early warning server.
By using the reinspection server to perform reinspection, the misjudgment caused by the incomplete preset reinspection rule can be avoided, and the accuracy of the judgment result is further improved.
Further, referring to fig. 5 based on the embodiment of fig. 2, a schematic flow chart of another additional step of the embodiment shown in fig. 2 is shown, which includes:
step 501, when detecting that a target file has a bug, generating a detection report, generating a rechecking task execution program for the task execution program, issuing the target file, the detection report and the rechecking task execution program to each terminal in a block chain network for rechecking, sending the detection report and the task execution program to a rechecking server, and receiving rechecking results returned by each terminal and the rechecking server in the block chain network within preset time;
in the embodiment of the present application, when the computer device 110 detects that the task execution program has a bug, in addition to sending the detection report and the task execution program to the review server for review, the computer device may also generate the review task execution program at the same time, and issue the target file, the generated detection report, and the review task execution program into the blockchain network, so that other terminals 141, 142, 143, and the like in the blockchain network review the task execution program based on the detection report and the target file. And then, receiving the reinspection results returned by the reinspection server and other terminals within the preset time, and determining whether the reinspection is qualified according to the reinspection results returned by the other terminals and the reinspection server.
in the embodiment of the present application, each terminal and the review server in the block chain network may return the review result, and for better understanding, the following description is respectively given:
if the rechecking server and the terminal in the block chain network both return the rechecking result, determining the rechecking qualification rate according to the received multiple rechecking results; if the qualification rate of the re-inspection is greater than or equal to the preset qualification rate, judging that the re-inspection is qualified; if the retest qualification rate is less than the preset qualification rate, judging that the retest is unqualified;
if any party in the terminal or the reinspection server in the block chain network returns the reinspection result, determining whether the reinspection is qualified according to the received reinspection result, and sending notification information for terminating the reinspection to the other party;
if the rechecking result returned by any party is not received within the preset time, the rechecking is judged to be unqualified.
In the embodiment of the present application, if the rechecking server 130 and other terminals in the blockchain network both return the rechecking results within the preset time, the rechecking task in the computer device executes the program, determines the rechecking qualification rate according to the multiple rechecking results received within the preset time and the rechecking results returned by the rechecking server, and if the rechecking qualification rate is greater than the preset qualification rate, determines that the rechecking is qualified; if the retest qualification rate is not greater than the preset qualification rate, judging that the retest is unqualified; if any one of the terminal or the reinspection server in the block chain network returns the reinspection result within the preset time, determining whether the reinspection is qualified according to the received reinspection result, and sending a notification message for terminating the reinspection to the other party; if the rechecking result returned by any party is not received within the preset time, the rechecking is judged to be unqualified.
Specifically, when the rechecking server and the terminals in the block chain both return rechecking results, determining a first number qualified in the rechecking results returned by each terminal in the rechecking server and the block chain network and a first total number of the rechecking results;
calculating a first quotient value of the first number qualified by the reinspection and the first total number, and taking the first quotient value as the reinspection qualified rate;
when any one of the reinspection server or the terminal in the block chain returns the reinspection result, and when the reinspection result returned by the reinspection server is received, if the reinspection result returned by the server is qualified, the reinspection result is determined to be qualified; and if the rechecking result returned by the server is unqualified, determining that the rechecking is unqualified.
When receiving the reinspection results returned by each terminal in the block chain, determining a second number qualified for the reinspection returned by each terminal in the block chain and a second total number of the returned reinspection results, calculating a second quotient of the second number qualified for the reinspection and the second total number of the reinspection results, taking the second quotient as the reinspection qualification rate, and judging that the reinspection is qualified when the reinspection qualification rate is greater than or equal to a preset qualification rate; if the retest qualification rate is less than the preset qualification rate, the retest is determined to be unqualified.
In the embodiment of the application, when the preset rechecking qualification rate is determined to be X, and the rechecking server 130 and other terminals in the block chain both return rechecking results, determining a first number a of rechecking eligibility and a first total number b of rechecking results in the rechecking results returned by the rechecking server and the terminals in the block chain network, and when a/b is greater than or equal to X, determining that the rechecking is qualified; and when a/b is less than X, judging that the retest is unqualified.
When only the reinspection server 130 returns the reinspection result, the reinspection server returns a qualified result, and the reinspection is judged to be qualified; and if the return result of the rechecking server is unqualified, judging that the rechecking is unqualified.
When only the network terminals in the block chain return the reinspection results, determining a second number A of the reinspections qualified returned by each terminal in the block chain and a second total number B of the reinspection results returned, and when A/B is larger than or equal to X, judging that the reinspections are qualified; and when A/B is less than X, judging that the retest is unqualified.
if the re-inspection is qualified, when the task execution program is in a to-be-issued state, issuing the task execution program to a network, and outputting an issuing result; when the state is the issued state, the processing logic corresponding to the task execution program is executed.
in the embodiment of the application, if the retest is unqualified, when the task execution program is in a state to be issued, the task execution program is temporarily not issued to the network, and meanwhile, notification information of detection failure is output; and when the state is released, generating a combined reinspection detection report, and sending the early warning information and the combined reinspection detection report to the early warning server.
By using other terminals in the block chain network to perform retest on the task execution program to be issued, the waiting time for retest through the retest server can be reduced, so that the timeliness of data processing and program issuing is improved, and the accuracy of a data processing result is further improved.
Referring to fig. 6, a schematic structural diagram of a task execution program detection device according to the present invention includes:
an obtaining module 601, configured to obtain a source code of a task execution program to be published in a blockchain network or published in the blockchain network, and format the obtained source code to obtain an abstract syntax tree of an intermediate language;
an extracting module 602, configured to extract node information of each node in the abstract syntax tree;
the method comprises the following steps: extracting the attribute, the specific type and the corresponding code source information of each node from the abstract syntax tree;
and acquiring the connection relation among the nodes from the abstract syntax tree.
The optimization module 603 is configured to perform optimization processing on the extracted node information according to different types, and convert the node information after the optimization processing into an object file corresponding to a task execution program;
the vulnerability detection module 604 is used for detecting vulnerabilities of the target file;
an executing module 605, configured to, when it is detected that a target file has a vulnerability, if the task execution program is a task execution program to be issued, temporarily not issue the task execution program to the block chain network, and output notification information of detection failure; if the task execution program is a task execution program published in the block chain, generating a detection report, and sending early warning information and the detection report to an early warning server; and when the target file is not detected to have the bug, if the task execution program is the task execution program to be issued, the task execution program is issued to the block chain network, and if the task execution program is the task execution program issued in the block chain, the processing logic corresponding to the task execution program is executed.
It should be noted that the content of the detection apparatus described in the embodiment shown in fig. 6 is similar to the content of the detection method described in the embodiment shown in fig. 2, and specifically, the content described in the embodiment shown in fig. 2 may be referred to, and is not repeated herein.
In the embodiment of the invention, by detecting the vulnerability of the task executive program to be issued before issuing and detecting the vulnerability of the task executive program already issued in the block chain network after issuing, the task executive program with the vulnerability can be prevented from being issued, the early warning of the issued program with the vulnerability is realized, and the safety of the block chain network is improved.
It should be noted that, on the basis of the embodiment in fig. 6, the task execution program detection device may further include the following structure:
the optimization module 603 includes:
the merging association module is used for merging or associating each node in the abstract syntax tree based on the attribute, the specific type and the connection relation of the node;
the redundancy deletion module is used for carrying out redundancy deletion on each node after combination or association based on a method of inheriting a self-parent class or realizing an interface in the code source information;
the generation module is used for extracting the calling information of each node and generating the calling track of each node information according to the extracted calling information;
the source code supplement module is used for performing code source supplement processing on each node subjected to redundancy deletion to obtain each node with a complete code source;
and the marking module is used for performing code source supplementary processing on each node subjected to redundancy deletion to obtain each node with a complete code source.
The execution module 605 includes:
the first sending module is used for generating a detection report when detecting that the target file has a bug, and sending the detection report and the task execution program to the reinspection server;
the first receiving module is used for receiving the reinspection result returned by the reinspection server;
the first processing module is used for issuing the task execution program to the block chain network and outputting notification information issued by the task execution program if the task execution program is the task execution program to be issued when the received retest result returned by the retest server is qualified for retest; if the task execution program is a published task execution program, executing a processing logic corresponding to the task execution program;
when the received retest result returned by the retest server is that the retest is unqualified, if the task execution program is the task execution program to be issued, the task execution program is not issued to the block chain network for the moment, and notification information of detection failure is output; and if the task execution program is a task execution program published in the block chain, generating a reinspection detection report, and sending early warning information and the reinspection detection report to the early warning server.
The execution module 605 further comprises:
the second sending module is used for generating a detection report when detecting that the target file has a bug, generating a rechecking task execution program for the task execution program, issuing the target file, the detection report and the rechecking task execution program to each terminal in the block chain network for rechecking, and sending the detection report and the task execution program to the rechecking server;
the second receiving module is used for receiving the reinspection results returned by each terminal and the reinspection server in the block chain network within the preset time;
the judging module is used for determining whether the reinspection is qualified or not according to the reinspection results returned by each terminal and the reinspection server in the block chain network;
the second processing module is used for issuing the task execution program to the block chain network and outputting an issuing result if the task execution program is qualified after the rechecking and is the task execution program to be issued; when the task execution program is a published task execution program, executing processing logic corresponding to the task execution program;
if the rechecking is not qualified, when the task execution program is the task execution program to be issued, the task execution program is not issued to the block chain network for the moment, and meanwhile, notification information of detection failure is output; and when the task execution program is a published task execution program, generating a combined reinspection detection report, and sending the early warning information and the combined reinspection detection report to the early warning server.
It can be understood that, the contents described in the foregoing embodiments are similar to the contents described in the optimization method in the embodiments shown in fig. 3 to fig. 5, and specifically refer to the contents in the methods described in the embodiments shown in fig. 3 to fig. 5, which are not repeated herein.
According to the invention, by detecting the vulnerability of the task executive program to be issued before issuing and detecting the vulnerability of the task executive program issued in the block chain network after issuing, the task executive program with the vulnerability can be prevented from being issued, the early warning of the issued program with the vulnerability can be realized, and the safety of the block chain network can be improved.
The invention also provides a storage medium on which a computer program is stored, which when executed by a processor implements the steps of the method for detecting a task execution program provided by the method embodiments.
In the above description, for the detection method, the detection device and the storage medium of the task execution program provided by the present invention, for those skilled in the art, there are variations in the specific implementation manners and the application ranges according to the concepts of the embodiments of the present invention, and in summary, the contents of the present specification should not be construed as limiting the present invention.
Claims (10)
1. A detection method of a task execution program is applied to computer equipment, and is characterized in that the detection method comprises the following steps:
acquiring a source code of a task execution program to be issued in a block chain network or already issued in the block chain network, and formatting the acquired source code to obtain an abstract syntax tree of an intermediate language;
extracting node information of each node in the abstract syntax tree;
optimizing the extracted node information according to different types, and converting the optimized node information into a target file corresponding to the task execution program; the optimization process comprises the following steps: merging similar information, deleting redundant information, forming a calling track, supplementing source codes and tracking stains;
detecting the vulnerability of the target file;
when detecting that the target file has a bug, if the task executive program is a task executive program to be issued, temporarily not issuing the task executive program to a block chain network, and outputting notification information of detection failure; if the task execution program is a task execution program published in a block chain, generating a detection report, and sending early warning information and the detection report to an early warning server;
when the target file is not detected to have a bug, if the task execution program is a task execution program to be issued, the task execution program is issued to a block chain network, and if the task execution program is a task execution program issued in a block chain, processing logic corresponding to the task execution program is executed.
2. The detection method according to claim 1, wherein the extracting node information of each node in the abstract syntax tree comprises:
extracting the attribute, the specific type and the corresponding code source information of each node from the abstract syntax tree;
and acquiring the connection relation among the nodes from the abstract syntax tree.
3. The detection method according to claim 2, wherein the optimizing the extracted node information according to different types and converting the optimized node information into an object file corresponding to the task execution program includes:
merging or associating each node in the abstract syntax tree based on the attribute, the specific type and the connection relation of the node;
carrying out redundancy deletion on each node after combination or association based on a method of inheriting a self-parent class or realizing an interface in code source information;
for each node after redundant deletion, generating a calling track of each node by utilizing the reference and referenced relation among the nodes;
performing code source supplementary processing on each node to obtain each node with a complete code source;
utilizing a stain tracking technology to mark and track each node, and storing mark and track information into node information;
and carrying out file format conversion on the node information of each node and the calling track of each node to obtain a target file.
4. The detection method according to any one of claims 1 to 3, characterized in that the method further comprises:
when detecting that the target file has a bug, generating a detection report, and sending the detection report and the task execution program to a rechecking server;
when the retest result returned by the retest server is received and is qualified, if the task execution program is the task execution program to be issued, the task execution program is issued to the block chain network, and notification information that the task execution program has been issued is output; if the task execution program is a published task execution program, executing processing logic corresponding to the task execution program;
when receiving that the retest result returned by the retest server is that the retest is unqualified, if the task execution program is the task execution program to be issued, temporarily not issuing the task execution program to the block chain network, and outputting notification information of detection failure; and if the task execution program is a task execution program published in the block chain, generating a reinspection detection report, and sending early warning information and the reinspection detection report to an early warning server.
5. The detection method according to any one of claims 1 to 3, characterized in that the detection method further comprises:
when detecting that the target file has a bug, generating a detection report, generating a rechecking task execution program for the task execution program, issuing the target file, the detection report and the rechecking task execution program to each terminal in a block chain network for rechecking, sending the detection report and the task execution program to a rechecking server, and receiving rechecking results returned by each terminal in the block chain network and the rechecking server within preset time;
according to the rechecking results returned by each terminal and the rechecking server in the block chain network, whether the rechecking is qualified or not is determined;
if the rechecking is qualified, when the task execution program is the task execution program to be issued, issuing the task execution program to a block chain network, and outputting an issuing result; when the task execution program is a published task execution program, executing a processing logic corresponding to the task execution program;
if the rechecking is not qualified, when the task execution program is the task execution program to be issued, temporarily not issuing the task execution program to the block chain network, and simultaneously outputting notification information of detection failure; and when the task execution program is a published task execution program, generating a combined reinspection detection report, and sending early warning information and the combined reinspection detection report to an early warning server.
6. The detecting method according to claim 5, wherein the determining whether the review is qualified according to the review results returned by each terminal and the review server in the blockchain network includes:
if the rechecking server and the terminal in the block chain network both return rechecking results, determining the rechecking qualification rate according to the received multiple rechecking results; if the retest yield is greater than or equal to the preset yield, judging that the retest is qualified; if the retest qualification rate is less than the preset qualification rate, judging that the retest is unqualified;
if any one of the terminal or the reinspection server in the block chain network returns the reinspection result, whether the reinspection is qualified or not is determined according to the received reinspection result, and notification information for stopping the reinspection is sent to the other party;
if the rechecking result returned by any party is not received, the rechecking is judged to be unqualified.
7. The detecting method according to claim 6, wherein the determining the review qualification rate according to the received multiple review results comprises:
determining a first number of qualified reinspections in the reinspection results returned by the reinspection server and each terminal in the block chain network, and a first total number of the reinspections results;
and calculating a first quotient value of the first number qualified by the reinspection and the first total number, and taking the first quotient value as the reinspection qualified rate.
8. The detecting method according to claim 6, wherein determining whether the retest is qualified according to the received retest result if any one of the terminal or the retest server in the blockchain network returns the retest result comprises:
when a reinspection result returned by the reinspection server is received, if the reinspection result returned by the server is qualified, determining that the reinspection result is qualified; if the retest result returned by the server is unqualified, determining that the retest is unqualified;
when a rechecking result returned by each terminal in a block chain is received, determining a second number of rechecking eligibility returned by each terminal in the block chain and a second total number of the rechecking results returned, calculating a second quotient value of the second number of the rechecking eligibility and the second total number of the rechecking results, taking the second quotient value as a rechecking qualification rate, and judging that the rechecking is qualified when the rechecking qualification rate is greater than or equal to the preset qualification rate; and if the retest qualification rate is less than the preset qualification rate, judging that the retest is unqualified.
9. A task execution program detection apparatus, characterized in that the detection apparatus comprises:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a source code of a task execution program to be issued in a block chain network or issued in the block chain network, and formatting the acquired source code to obtain an abstract syntax tree of an intermediate language;
the extraction module is used for extracting node information of each node in the abstract syntax tree;
the optimization module is used for optimizing the extracted node information according to different types and converting the node information after optimization into a target file corresponding to the task execution program; the optimization process comprises the following steps: merging the similar information, deleting the redundant information, forming a calling track, supplementing source codes and tracking stains;
the vulnerability detection module is used for carrying out vulnerability detection on the target file;
the execution module is used for temporarily not issuing the task executive program to the block chain network and outputting notification information of detection failure if the task executive program is the task executive program to be issued when the target file is detected to have a bug; if the task execution program is a task execution program published in a block chain, generating a detection report, and sending early warning information and the detection report to an early warning server; when the target file is not detected to have a bug, if the task execution program is a task execution program to be issued, the task execution program is issued to a block chain network, and if the task execution program is a task execution program issued in a block chain, processing logic corresponding to the task execution program is executed.
10. A readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, performs the steps of the task execution detection method according to any one of claims 1 to 8.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910694843.9A CN110532782B (en) | 2019-07-30 | 2019-07-30 | Method and device for detecting task execution program and storage medium |
| PCT/CN2019/117235 WO2021017278A1 (en) | 2019-07-30 | 2019-11-11 | Task execution program detection method and apparatus, and computer device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910694843.9A CN110532782B (en) | 2019-07-30 | 2019-07-30 | Method and device for detecting task execution program and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110532782A CN110532782A (en) | 2019-12-03 |
| CN110532782B true CN110532782B (en) | 2023-02-21 |
Family
ID=68662038
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910694843.9A Active CN110532782B (en) | 2019-07-30 | 2019-07-30 | Method and device for detecting task execution program and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110532782B (en) |
| WO (1) | WO2021017278A1 (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113051069B (en) * | 2019-12-28 | 2023-12-08 | 华为技术有限公司 | Data analysis method and device based on multitasking and terminal equipment |
| CN113254931B (en) * | 2021-05-28 | 2024-02-06 | 深圳点链科技有限公司 | Block chain-based code system updating method, device, equipment and storage medium |
| CN113467919B (en) * | 2021-07-19 | 2024-02-02 | 中国银行股份有限公司 | Block chain-based flow management method, system and storage medium |
| CN114501501B (en) * | 2022-02-09 | 2024-03-29 | 北京恒安嘉新安全技术有限公司 | Configuration management method, device, equipment and medium for mobile communication network target range |
| CN115987673B (en) * | 2022-12-30 | 2023-12-08 | 北京天融信网络安全技术有限公司 | Vulnerability penetration test system, method, device, medium and equipment based on event driving |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104462981A (en) * | 2013-09-12 | 2015-03-25 | 深圳市腾讯计算机系统有限公司 | Detecting method and device for vulnerabilities |
| CN109063477A (en) * | 2018-07-18 | 2018-12-21 | 成都链安科技有限公司 | A kind of intelligent contract aacode defect detection system and method for automation |
| CN109948345A (en) * | 2019-03-20 | 2019-06-28 | 杭州拜思科技有限公司 | A kind of method, the system of intelligence contract Hole Detection |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103455759B (en) * | 2012-06-05 | 2017-03-15 | 深圳市腾讯计算机系统有限公司 | A kind of page Hole Detection device and detection method |
| US9405915B2 (en) * | 2013-03-14 | 2016-08-02 | Whitehat Security, Inc. | Techniques for correlating vulnerabilities across an evolving codebase |
| CN104657267A (en) * | 2015-02-10 | 2015-05-27 | 上海创景计算机系统有限公司 | Elastic source code syntax tree resolving system and method |
| EP3593305A4 (en) * | 2017-03-08 | 2020-10-21 | IP Oversight Corporation | System and method for creating commodity asset-secured tokens from reserves |
| US11151018B2 (en) * | 2018-04-13 | 2021-10-19 | Baidu Usa Llc | Method and apparatus for testing a code file |
| CN109241484B (en) * | 2018-09-06 | 2023-06-16 | 平安科技(深圳)有限公司 | Method and equipment for sending webpage data based on encryption technology |
| CN109635569B (en) * | 2018-12-10 | 2020-11-03 | 国家电网有限公司信息通信分公司 | Vulnerability detection method and device |
| CN109933991A (en) * | 2019-03-20 | 2019-06-25 | 杭州拜思科技有限公司 | A kind of method, apparatus of intelligence contract Hole Detection |
-
2019
- 2019-07-30 CN CN201910694843.9A patent/CN110532782B/en active Active
- 2019-11-11 WO PCT/CN2019/117235 patent/WO2021017278A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104462981A (en) * | 2013-09-12 | 2015-03-25 | 深圳市腾讯计算机系统有限公司 | Detecting method and device for vulnerabilities |
| CN109063477A (en) * | 2018-07-18 | 2018-12-21 | 成都链安科技有限公司 | A kind of intelligent contract aacode defect detection system and method for automation |
| CN109948345A (en) * | 2019-03-20 | 2019-06-28 | 杭州拜思科技有限公司 | A kind of method, the system of intelligence contract Hole Detection |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110532782A (en) | 2019-12-03 |
| WO2021017278A1 (en) | 2021-02-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110532782B (en) | Method and device for detecting task execution program and storage medium | |
| US11716349B2 (en) | Machine learning detection of database injection attacks | |
| US20180322200A1 (en) | Analytics based on pipes programming model | |
| CN112181804B (en) | Parameter verification method, device and storage medium | |
| CN109871319A (en) | Item code scan method, device, computer equipment and storage medium | |
| US11860950B2 (en) | Document matching and data extraction | |
| US8875013B2 (en) | Multi-pass validation of extensible markup language (XML) documents | |
| US20170109697A1 (en) | Document verification | |
| CN116541855B (en) | Cross-coroutine runtime vulnerability analysis method and device, electronic equipment and storage medium | |
| KR101696694B1 (en) | Method And Apparatus For Analysing Source Code Vulnerability By Using TraceBack | |
| CN114201756A (en) | Vulnerability detection method and related device for intelligent contract code segment | |
| CN113282606A (en) | Data processing method, data processing device, storage medium and computing equipment | |
| US20140283080A1 (en) | Identifying stored vulnerabilities in a web service | |
| CN116340172A (en) | Data collection method and device based on test scene and test case detection method | |
| US11556444B1 (en) | Electronic system for static program code analysis and detection of architectural flaws | |
| CN115858345A (en) | Application service module verification method and device, electronic equipment and storage medium | |
| CN112181816B (en) | Scene-based interface testing method and device, computer equipment and medium | |
| CN114492324A (en) | Component data statistical method and device | |
| CN107943483B (en) | Data forward analysis method in iOS | |
| US9330115B2 (en) | Automatically reviewing information mappings across different information models | |
| CN113778880B (en) | Intelligent contract function verification method and device based on formal verification | |
| US11909858B1 (en) | System and method for generating and performing a smart contract | |
| CN115062308A (en) | Intelligent contract reentry vulnerability detection method based on semantic analysis | |
| CN117453661A (en) | Resource allocation method, device, computer equipment and storage medium | |
| Chen et al. | A Source Code Cross-site Scripting Vulnerability Detection Method. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |