CN111506900B - Vulnerability detection method and device, electronic equipment and computer storage medium - Google Patents

Vulnerability detection method and device, electronic equipment and computer storage medium Download PDF

Info

Publication number
CN111506900B
CN111506900B CN202010295600.0A CN202010295600A CN111506900B CN 111506900 B CN111506900 B CN 111506900B CN 202010295600 A CN202010295600 A CN 202010295600A CN 111506900 B CN111506900 B CN 111506900B
Authority
CN
China
Prior art keywords
code
vulnerability
detected
stain
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010295600.0A
Other languages
Chinese (zh)
Other versions
CN111506900A (en
Inventor
王鹏飞
樊英杰
李东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Douyin Vision Co Ltd
Original Assignee
Douyin Vision Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Douyin Vision Co Ltd filed Critical Douyin Vision Co Ltd
Priority to CN202010295600.0A priority Critical patent/CN111506900B/en
Publication of CN111506900A publication Critical patent/CN111506900A/en
Application granted granted Critical
Publication of CN111506900B publication Critical patent/CN111506900B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • G06F8/42Syntactic analysis
    • G06F8/427Parsing

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computing Systems (AREA)
  • Stored Programmes (AREA)

Abstract

The disclosure provides a vulnerability detection method, a vulnerability detection device, electronic equipment and a computer readable storage medium, and relates to the technical field of computer programming. The method comprises the following steps: extracting key information of a code to be detected by adopting a grammar tree, and constructing a key information structure body; determining a routing function in the key information structure body based on a preset routing rule corresponding to the development framework type; and determining whether vulnerability information exists in the code to be detected based on a preset vulnerability rule of the development framework type. According to the method, the grammar tree is adopted to analyze the code to be detected, the key information structure body of the code to be detected is extracted, the development framework of the code to be detected is identified, any development framework can be remotely adapted under the condition that the code is not modified, the vulnerability rule is dynamically configured, timely misinformation and optimization are facilitated, all reachable paths of a stain are found, paths which possibly generate a vulnerability are comprehensively analyzed, the judgment of the vulnerability is more accurate, misinformation is reduced, full-automatic vulnerability detection is realized, and manpower is saved.

Description

Vulnerability detection method and device, electronic equipment and computer storage medium
Technical Field
The disclosure relates to the technical field of computer programming, in particular to a vulnerability detection method, a vulnerability detection device, electronic equipment and a computer storage medium.
Background
With the development of computer languages and the improvement of security consciousness of human computer networks, the detection of code vulnerabilities is increasingly important in the writing of computer codes.
The occurrence of code loopholes is generally because developers have insufficient security consciousness when developing projects, so that the security loopholes exist in codes, and the security loopholes can bring extremely serious influence to projects or enterprises, but in many cases, the increase of the code quantity is doubled due to the increase of the project quantity, and the audit of the existing code loopholes is basically manually audited, so that the heat consumption is extremely huge, and the manual audit has fatigue, so that the audit is inaccurate, and the code security is reduced.
Therefore, the existing code security vulnerability audit is basically manual audit, the manpower consumption is high, and the code security vulnerability is easy to come out of the point and is manually tired, so that the audit is inaccurate, the code security is reduced, and the problem is urgently solved.
Disclosure of Invention
The purpose of the present disclosure is to solve at least one of the above technical drawbacks, and in particular, the existing code security vulnerability audits are all basically manual audits, and have large manpower consumption, and are easy to get out of the point and have manual fatigue, which results in inaccurate audits and reduces the technical drawbacks of code security.
In a first aspect, a vulnerability detection method is provided, the method including:
analyzing a code to be detected by adopting a grammar tree, extracting key information of the code to be detected, and constructing a key information structure body;
identifying the development framework type of the code to be detected;
determining a routing function in the key information structure body based on a preset routing rule corresponding to the development framework type;
determining the positions of the stains in the code to be detected based on a preset stain rule corresponding to the development framework type and the routing function, and generating a stain data flow diagram;
and traversing the taint data flow graph based on a preset vulnerability rule corresponding to the development framework type, and determining whether vulnerability information exists in the code to be detected.
In a second aspect, a vulnerability detection apparatus is provided, including:
the analysis module is used for analyzing the code to be detected by adopting a grammar tree, extracting key information of the code to be detected and constructing a key information structure body;
the frame identification module is used for identifying the development frame of the code to be detected by adopting preset development frame identification characteristics;
a routing function identification module for determining a routing function in the key information structure based on a routing rule of the development framework;
The stain data flow diagram generating module is used for determining the positions of stains in the codes based on the stain rules of the development framework and the routing functions and generating stain data flow diagrams;
and the vulnerability information determining module is used for traversing the taint data flow graph based on a preset vulnerability rule corresponding to the development framework type and determining whether vulnerability information exists in the code to be detected.
In a third aspect, an electronic device is provided, comprising:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to: the vulnerability detection method described above is performed.
In a fourth aspect, a computer storage medium is provided, where at least one instruction, at least one program, a set of codes, or a set of instructions is stored, where the at least one instruction, the at least one program, the set of codes, or the set of instructions are loaded and executed by the processor to implement the above-described vulnerability detection method.
According to the embodiment of the disclosure, the code to be detected is analyzed by adopting the grammar tree, the key information structure body of the code to be detected is extracted, the development framework of the code to be detected is identified, the development framework can be remotely adapted to any development framework under the condition that the code is not modified, the routing searching rule, the stain positioning rule and the loophole judging rule in the development framework are adopted, the loophole rule is dynamically configured, timely misinformation and optimization are facilitated, a complete data flow diagram of the stain is generated according to the routing searching and the stain positioning, all reachable paths of the stain are found, paths which possibly generate the loophole are comprehensively analyzed, the existence of the loophole is comprehensively judged according to the index position of the parameter and the loophole rule, the judgment on the loophole is more accurate, the misinformation is reduced, the full-automatic loophole detection is realized, and the manpower is saved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present disclosure, the drawings that are required to be used in the description of the embodiments of the present disclosure will be briefly introduced below.
Fig. 1 is a schematic flow chart of a vulnerability detection method according to an embodiment of the disclosure;
fig. 2 is a flow chart of a routing function determining method according to an embodiment of the present disclosure;
fig. 3 is a flow chart of a data flow diagram generating method according to an embodiment of the present disclosure;
FIG. 4 is a schematic diagram of a stain transfer in a function provided by an embodiment of the present disclosure;
FIG. 5 is a schematic diagram of a stain transfer in multiple functions provided by embodiments of the present disclosure;
fig. 6 is a schematic structural diagram of a leak detection apparatus according to an embodiment of the disclosure;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
The above and other features, advantages, and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. The same or similar reference numbers will be used throughout the drawings to refer to the same or like elements. It should be understood that the figures are schematic and that elements and components are not necessarily drawn to scale.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure have been shown in the accompanying drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but are provided to provide a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the present disclosure are for illustration purposes only and are not intended to limit the scope of the present disclosure.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
The term "including" and variations thereof as used herein are intended to be open-ended, i.e., including, but not limited to. The term "based on" is based at least in part on. The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments. Related definitions of other terms will be given in the description below.
It should be noted that the terms "first," "second," and the like in this disclosure are used merely to distinguish one device, module, or unit from another device, module, or unit, and are not intended to limit the order or interdependence of the functions performed by the devices, modules, or units.
It should be noted that references to "one", "a plurality" and "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those of ordinary skill in the art will appreciate that "one or more" is intended to be understood as "one or more" unless the context clearly indicates otherwise.
The names of messages or information interacted between the various devices in the embodiments of the present disclosure are for illustrative purposes only and are not intended to limit the scope of such messages or information.
An embodiment of the present disclosure provides a vulnerability detection method, as shown in fig. 1, including:
in step S101, the code to be detected is parsed by using a syntax tree, key information of the code to be detected is extracted, and a key information structure is constructed.
For the disclosed embodiments, the abstract syntax tree (abstract syntax code, AST) is a tree representation of the abstract syntax structure of the source code, each node on the tree representing a structure in the source code, which is abstract because the abstract syntax tree does not represent every detail of the actual syntax appearance, for example, nested brackets are implicit in the tree structure and not presented in the form of nodes. The abstract syntax tree does not depend on the grammar of the source language, that is, the context used in the grammar analysis stage is free of grammar, because when grammar is written, equivalent conversion (elimination of left recursion, backtracking, ambiguity, etc.) is often performed on the grammar, so that some redundant components are introduced into grammar analysis, which adversely affects the subsequent stage and even causes confusion of the stage. Therefore, many compilers often independently construct parse trees to create a clear interface for the front-end and the back-end.
In the embodiment of the disclosure, when a syntax tree is adopted to analyze a code to be detected, key information of the code to be detected is extracted, and a key information structure body is constructed, wherein for an item to be detected, all Python files of the item are subjected to analysis based on the AST syntax of the Python, the key information in the code to be Python is extracted, wherein the key information comprises almost all information of Python code fragments, such as what is on the left side of an expression, what is on the right side of the expression, what function calls are contained on the right side of the expression, what parameters of the function are included, including position index information of the parameters in the function, and what information is specifically needed, which can be determined by a person skilled in the art according to a specific embodiment, and the disclosure is not limited. Based on the extracted key information, a structure body is constructed, and a data set formed by a series of data with the same type or different types, called a structure body, can be declared as a variable, a pointer, an array or the like, so as to realize a more complex data structure.
In step S102, a development framework type of the code to be detected is identified.
In the embodiment of the disclosure, the development framework refers to a middleware basic platform developed for improving the development efficiency of the WEB program, a developer does not need to write codes from 0, the framework does something like templates, the developer develops the program by calling the framework to save time and cost, and the front-end WEB framework is more famous, such as Bootstrap, extjs, easyui, flex, miniUI, jQuery UI and the like.
For the embodiment of the disclosure, frame identification is performed on a structural body constructed in a project through development frame features in a remotely loaded server rule, frames used by Python are identified, specifically, frame type features preset in the server are loaded, the features in the structural body are obtained, the features of the structural body are compared with the preset frame type features, and the frame type corresponding to the structural body is determined.
In step S103, a routing function in the key information structure is determined based on a preset routing rule corresponding to the development framework type.
In the embodiment of the disclosure, the routing rules refer to some routing methods in a development framework, and different routing rules are identified according to some specific methods.
In an embodiment of the present disclosure, routing functions in the key information structures are identified based on routing rules in the development framework identified in the previous step. The method comprises the steps of acquiring a code command before identifying a routing function, identifying a code of a routing writing part of the code command, matching the code command with the routing function in a preset routing function library, and determining the routing function of the code when the same code segment is matched. Specifically, the authbp. Route in this pseudo code is a classical route writing method as follows:
in step S104, the location of the stain in the code to be detected is determined based on the preset stain rule and the routing function corresponding to the development framework type, and a stain data flow graph is generated.
In the disclosed embodiment, the taint rule refers to how the routing function accepts user input, e.g., aaa = request. Get [ 'aaa' ], corresponding to a web site link is http:// hahhahahahha/? aaa=xxxxrequest. Get is used to receive user input, and all the rules that can receive user input are sorted, i.e. the taint rules.
For the embodiment of the disclosure, the stain rule is set in advance by a person skilled in the art, possible stain rules are collected manually, then all stain positions are identified by combining a routing function, specifically, a code segment of the routing function is obtained, a code field in the code segment is identified, the code field is matched with a preset stain rule, when the same field as the code segment is matched in the preset stain rule, the routing function is judged according to the stain rule, whether the stain exists in the code segment is judged, if the stain exists in the code segment, the position of the stain is recorded, and a stain data flow chart is formed.
In step S105, based on the preset vulnerability rule corresponding to the development framework type, traversing the taint data flow graph, and determining whether vulnerability information exists in the code to be detected.
In the embodiment of the present disclosure, the preset vulnerability rule refers to a vulnerability rule preset by a person skilled in the art, and the vulnerability rule refers to a rule capable of judging whether a vulnerability exists in a data flow graph, which is generally a combination of a plurality of rules.
For the embodiment of the disclosure, after a stain data flow graph is constructed, traversing the data flow graph through a preset vulnerability rule, judging whether a vulnerability exists in the data flow graph according to the rule, and specifically, determining that a certain path in the data flow graph meets the following conditions to confirm that the vulnerability exists, wherein the judging conditions comprise: index position is correct, there is high risk function, keyword matching is successful, and there is no filter function. And when a certain path in a certain taint data flow graph simultaneously meets the conditions, judging that the loophole exists in the data flow graph.
According to the embodiment of the disclosure, the code to be detected is analyzed by adopting the grammar tree, the key information structure body of the code to be detected is extracted, the development framework of the code to be detected is identified, the development framework can be remotely adapted to any development framework under the condition that the code is not modified, the routing searching rule, the stain positioning rule and the loophole judging rule in the development framework are adopted, the loophole rule is dynamically configured, timely misinformation and optimization are facilitated, a complete data flow diagram of the stain is generated according to the routing searching and the stain positioning, all reachable paths of the stain are found, paths which possibly generate the loophole are comprehensively analyzed, the existence of the loophole is comprehensively judged according to the index position of the parameter and the loophole rule, the judgment on the loophole is more accurate, the misinformation is reduced, the full-automatic loophole detection is realized, and the manpower is saved.
In an embodiment of the present disclosure, a possible implementation manner is provided, where identifying a development framework type of a code to be detected includes:
acquiring development framework characteristics of codes to be detected; and identifying the development frame type corresponding to the development frame characteristics of the code to be detected according to the preset development frame identification characteristics.
In the embodiment of the disclosure, a development frame feature is acquired, a frame feature part field is identified by acquiring a code field and is matched with a preset frame feature, the matched frame feature is used as the frame feature of the code to be detected, the frame type corresponding to the frame feature is determined as the frame type of the code to be detected, specifically, the frame type is marked for the code to be detected, and a routing rule, a vulnerability rule and the like corresponding to the frame type are acquired.
According to the embodiment of the disclosure, the frame characteristics of the code to be detected are acquired, the corresponding frame types are matched, and the code is analyzed and processed with the follow-up acquisition rules, so that the vulnerability determination accuracy is improved.
One possible implementation manner is provided in the embodiments of the present disclosure, as shown in fig. 2, where determining a routing function in a key information structure based on a routing rule of a development framework includes:
In step S201, the syntax of the key information structure route is identified.
In the disclosed embodiment, the syntax of the route refers to the writing of the code segment routing function, such as authbp. Route in this pseudo code below, which is a classical route writing method:
for the embodiment of the disclosure, the grammar of obtaining the route of the key information structure body is mainly by obtaining a code segment, identifying the code in the code segment, determining the writing method of the route function, and when the authbp.
In step S202, the grammar of the route is matched with the routing rule of the development framework to determine the routing function, and the routing rule includes the correspondence between the grammar of the route and the corresponding routing rule.
For the embodiment of the disclosure, after determining the routing grammar of the code to be detected, the routing grammar is matched with a preset routing rule, wherein the preset routing rule is determined according to the frame type identified in the previous step, specifically, after determining the frame type, the routing rule corresponding to the frame type is loaded, and the routing grammar determined in the previous step is matched with the routing rule to determine the routing function of the code to be detected. Specifically, when the routing syntax is determined to be authbp.
According to the embodiment of the disclosure, the routing grammar of the code to be detected is identified, and the routing grammar is matched with the preset routing rule, so that the routing rule of the code to be detected is determined, and the routing rule judging accuracy is high.
One possible implementation manner is provided in the embodiment of the present disclosure, as shown in fig. 3, where generating a stain data flow graph includes:
in step S301, when the artifact is transferred in a function, an artifact marking node is generated according to the location of the artifact, and the artifact marking node is used as a node in the artifact data flow graph.
In the embodiment of the disclosure, the stain may be continuously transferred in the current function, or may be transferred in a different file, and different data flow diagram determining flows exist for different transfer modes.
For the embodiment of the present disclosure, as shown in fig. 4, when a blob is transferred in a function, a blob mark node is generated according to the position of the blob, and the blob is used as a node of a blob flow graph, specifically, as shown in fig. 4, the blob flows to a node B at a node a and then to a node C, and the data flow graph of the blob is a-B-C, where a node A, B, C is a node in a function. Of course, the particular number of nodes needs to be determined in particular embodiments.
In step S302, when the artifact is transferred in a plurality of functions, a plurality of artifact marking nodes of the artifact in the plurality of functions are generated according to index positions of transfer functions of the artifact, and the plurality of artifact marking nodes are used as nodes in the artifact data flow graph.
In the embodiment of the disclosure, as shown in fig. 5, when a data flow graph of a dirty is generated, an index position of a current function where the dirty is located needs to be obtained, then a dirty mark node of the dirty data flow graph is generated according to the index position, specifically, when the dirty is transferred from a1 node of a function a to a b1 node of a function b, the index position of the dirty of the function at the node a1 is firstly obtained, a first dirty mark node a.a1 is generated, when the dirty is transferred to the b1 node of the function b, a second dirty mark node b.b1 is generated, and then the data flow graph of the dirty is a.a1-b.b1, wherein the nodes a1 and b1 are data nodes in the function a and the function b respectively.
According to the embodiment of the disclosure, the data flow diagrams of the stains are determined by different stain transmission modes, so that the integrity of the data flow diagram determination is ensured, and the accuracy of the subsequent vulnerability determination is improved.
The embodiment of the disclosure provides a possible implementation manner, based on a preset vulnerability rule corresponding to a development framework type, traversing a stain data flow graph, determining vulnerability information in a code to be detected, including:
traversing the taint data flow graph based on a preset vulnerability rule corresponding to the development framework type, and determining vulnerability information in the code to be detected when at least one path in the taint data flow graph meets the preset vulnerability rule.
In the embodiment of the disclosure, after a stained data flow graph is determined, traversing the data flow graph based on a preset vulnerability rule, and determining vulnerability information in a code to be detected when at least one path in the stained data flow graph meets the preset vulnerability rule, wherein the preset vulnerability rule comprises an index position of a transfer parameter of a stain as a preset position; the path has a preset high-risk function; and the keywords in the stain are matched with preset keywords; and no preset filtering function exists in the path. Specifically, each node in the data flow graph is judged through the vulnerability rule, whether the node meets the vulnerability rule is judged, and when the vulnerability rule is met, the existence of a vulnerability in the data flow graph of the node is judged.
In the embodiment of the disclosure, the data flow graph of the stain is judged through the preset loophole rule, whether the loophole exists or not is determined, and the loophole judgment is accurate.
The embodiment of the disclosure provides a possible implementation manner, and after determining the vulnerability information in the code to be detected, the method further comprises:
and determining a key row of the vulnerability information in the code to be detected according to the vulnerability information, generating vulnerability reporting information based on the codes of the upper preset row and the lower preset row of the key row and the key row codes, and reporting the vulnerability reporting information.
In the embodiment of the disclosure, when the existence of the vulnerability information of the code to be detected is determined, vulnerability reporting information is generated based on a key row in the code where the vulnerability information is located, and specifically, the vulnerability reporting information is generated based on an upper preset row and a lower preset row of the key row.
For the embodiment of the disclosure, after the vulnerability information is determined, the upper two lines of codes and the lower two lines of codes of the code line where the vulnerability information is located are determined to be reported as vulnerability reporting information, and of course, how many lines of codes are specifically needed can be determined by a person skilled in the art at his own discretion, which is not limited by the disclosure.
According to the embodiment of the disclosure, the code to be detected is analyzed by adopting the grammar tree, the key information structure body of the code to be detected is extracted, the development framework of the code to be detected is identified, the development framework can be remotely adapted to any development framework under the condition that the code is not modified, the routing searching rule, the stain positioning rule and the loophole judging rule in the development framework are adopted, the loophole rule is dynamically configured, timely misinformation and optimization are facilitated, a complete data flow diagram of the stain is generated according to the routing searching and the stain positioning, all reachable paths of the stain are found, paths which possibly generate the loophole are comprehensively analyzed, the existence of the loophole is comprehensively judged according to the index position of the parameter and the loophole rule, the judgment on the loophole is more accurate, the misinformation is reduced, the full-automatic loophole detection is realized, and the manpower is saved.
An embodiment of the present disclosure provides a vulnerability detection apparatus, as shown in fig. 6, the vulnerability detection apparatus 60 may include:
the parsing module 601 is configured to parse the code to be detected using a syntax tree, extract key information of the code to be detected, and construct a key information structure;
the frame identification module 602 is configured to identify a development frame of the code to be detected using a preset development frame identification feature;
a routing function identification module 603, configured to determine a routing function in the key information structure based on a routing rule of the development framework;
a stain data flow graph generating module 604, configured to determine a location of a stain in the code based on a stain rule and a routing function of the development framework, and generate a stain data flow graph;
the vulnerability information determining module 605 is configured to determine whether vulnerability information exists in the code to be detected based on the vulnerability rule of the development framework and traversing the taint data flow graph.
The vulnerability detection device of the present embodiment may execute the vulnerability detection method shown in the foregoing embodiment of the present disclosure, and its implementation principle is similar, and will not be described here again.
According to the embodiment of the disclosure, the logic of frame adaptation, route searching, stain positioning and loophole judgment is generalized, so that a random development frame can be remotely adapted under the condition that codes are not modified, the loophole rule can be dynamically configured, timely misinformation and optimization are facilitated, upward backtracking is conducted when functions in objects with the class of executing functions are aimed, discrimination analysis is conducted, the judgment of the loopholes is more refined, misinformation is reduced, data among multiple modules are subjected to association analysis, a complete data flow diagram is generated, all reachable paths of the stain are found, paths of the loopholes possibly generated are comprehensively analyzed, the existence of the loopholes is comprehensively judged according to index positions of the parameters in combination with the loophole rule, the misinformation is reduced, and the full-automatic loophole detection is realized, so that manpower is saved.
Referring now to fig. 7, a schematic diagram of an electronic device 700 suitable for use in implementing embodiments of the present disclosure is shown. The terminal devices in the embodiments of the present disclosure may include, but are not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., in-vehicle navigation terminals), and the like, and stationary terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 6 is merely an example and should not be construed to limit the functionality and scope of use of the disclosed embodiments.
An electronic device includes: a memory and a processor, where the processor may be referred to as a processing device 701 hereinafter, the memory may include at least one of a Read Only Memory (ROM) 702, a Random Access Memory (RAM) 703, and a storage device 708 hereinafter, as specifically shown below:
as shown in fig. 7, the electronic device 700 may include a processing means (e.g., a central processor, a graphics processor, etc.) 701, which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage means 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data required for the operation of the electronic device 700 are also stored. The processing device 701, the ROM 702, and the RAM 703 are connected to each other through a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
In general, the following devices may be connected to the I/O interface 705: input devices 706 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, and the like; an output device 707 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 708 including, for example, magnetic tape, hard disk, etc.; and a communication device 709. The communication means 709 may allow the electronic device 700 to communicate wirelessly or by wire with other devices to exchange data. While fig. 7 shows an electronic device 700 having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a non-transitory computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via communication device 709, or installed from storage 708, or installed from ROM 702. The above-described functions defined in the methods of the embodiments of the present disclosure are performed when the computer program is executed by the processing device 701.
It should be noted that the computer readable medium described in the present disclosure may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present disclosure, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, fiber optic cables, RF (radio frequency), and the like, or any suitable combination of the foregoing.
In some implementations, the clients, servers may communicate using any currently known or future developed network protocol, such as HTTP (HyperText Transfer Protocol ), and may be interconnected with any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the internet (e.g., the internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed networks.
The computer readable medium may be contained in the electronic device; or may exist alone without being incorporated into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: analyzing the code to be detected by adopting a grammar tree, extracting key information of the code to be detected, and constructing a key information structure body; identifying the development framework type of the code to be detected; determining a routing function in the key information structure body based on a preset routing rule corresponding to the development framework type; determining the positions of the stains in the code to be detected based on a preset stain rule and a routing function corresponding to the development framework type, and generating a stain data flow diagram; and traversing the taint data flow graph based on a preset vulnerability rule corresponding to the development framework type, and determining whether vulnerability information exists in the code to be detected.
Computer program code for carrying out operations of the present disclosure may be written in one or more programming languages, including, but not limited to, an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer can be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or can be connected to the flowchart and block diagrams in the external computer drawings, illustrating the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules or units involved in the embodiments of the present disclosure may be implemented by means of software, or may be implemented by means of hardware. Where the name of a module or unit does not in some cases constitute a limitation of the unit itself.
The functions described above herein may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), an Application Specific Standard Product (ASSP), a system on a chip (SOC), a Complex Programmable Logic Device (CPLD), and the like.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
According to one or more embodiments of the present disclosure, there is provided a vulnerability detection method including:
analyzing the code to be detected by adopting a grammar tree, extracting key information of the code to be detected, and constructing a key information structure body;
identifying the development framework type of the code to be detected;
determining a routing function in the key information structure body based on a preset routing rule corresponding to the development framework type;
determining the positions of the stains in the code to be detected based on a preset stain rule and a routing function corresponding to the development framework type, and generating a stain data flow diagram;
and traversing the taint data flow graph based on a preset vulnerability rule corresponding to the development framework type, and determining whether vulnerability information exists in the code to be detected.
Further, identifying a development framework type of the code to be detected includes:
acquiring development framework characteristics of codes to be detected;
and identifying the development frame type corresponding to the development frame characteristics of the code to be detected according to the preset development frame identification characteristics.
Further, determining routing functions in the critical information structure based on the routing rules of the development framework includes:
identifying a syntax of the key information structure routing;
And matching the grammar of the route with the route rule of the development framework to determine a route function, wherein the route rule comprises the corresponding relation between the grammar of the route and the corresponding route rule.
Further, generating the dirty data flow graph includes:
when the stain is transferred in a function, generating a stain mark node according to the position of the stain, and taking the stain mark node as a node in the stain data flow graph;
when the stain is transferred in a plurality of functions, generating a plurality of stain mark nodes of the stain in the functions according to index positions of transfer functions of the stain, and taking the stain mark nodes as nodes in the stain data flow graph.
Further, based on a preset vulnerability rule corresponding to a development framework type, traversing a stain data flow graph, determining vulnerability information in a code to be detected, including:
traversing the taint data flow graph based on a preset vulnerability rule corresponding to the development framework type, and determining vulnerability information in the code to be detected when at least one path in the taint data flow graph meets the preset vulnerability rule.
Further, the preset vulnerability rule includes:
the index position of the transfer parameter of the stain is a preset position; and is also provided with
The path has a preset high-risk function; and is also provided with
The keywords in the stain are matched with preset keywords; and is also provided with
There is no preset filter function in the path.
Further, after determining the vulnerability information in the code to be detected, the method further comprises:
and determining a key row of the vulnerability information in the code to be detected according to the vulnerability information, generating vulnerability reporting information based on the codes of the upper preset row and the lower preset row of the key row and the key row codes, and reporting the vulnerability reporting information.
According to one or more embodiments of the present disclosure, there is provided a vulnerability detection apparatus including:
the analysis module is used for analyzing the code to be detected by adopting a grammar tree, extracting key information of the code to be detected and constructing a key information structure body;
the frame identification module is used for identifying the development frame of the code to be detected by adopting preset development frame identification characteristics;
the routing function identification module is used for determining a routing function in the key information structure body based on the routing rule of the development framework;
the stain data flow diagram generating module is used for determining the positions of stains in the codes based on the stain rules and the routing functions of the development framework and generating stain data flow diagrams;
And the vulnerability information determining module is used for traversing the taint data flow graph based on a preset vulnerability rule corresponding to the development framework type and determining whether vulnerability information exists in the code to be detected.
According to one or more embodiments of the present disclosure, there is provided an electronic device including:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to: the vulnerability detection method according to the foregoing is performed.
According to one or more embodiments of the present disclosure, there is provided a computer storage medium, wherein the storage medium stores at least one instruction, at least one program, a set of codes, or a set of instructions, the at least one instruction, the at least one program, the set of codes, or the set of instructions being loaded and executed by a processor to implement the aforementioned vulnerability detection method.
The foregoing description is only of the preferred embodiments of the present disclosure and description of the principles of the technology being employed. It will be appreciated by persons skilled in the art that the scope of the disclosure referred to in this disclosure is not limited to the specific combinations of features described above, but also covers other embodiments which may be formed by any combination of features described above or equivalents thereof without departing from the spirit of the disclosure. Such as those described above, are mutually substituted with the technical features having similar functions disclosed in the present disclosure (but not limited thereto).
Moreover, although operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. In certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limiting the scope of the present disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are example forms of implementing the claims.

Claims (10)

1. A vulnerability detection method, comprising:
analyzing a code to be detected by adopting a grammar tree, extracting key information of the code to be detected, and constructing a key information structure body;
Identifying the development framework type of the code to be detected; the development framework type is obtained by identifying development framework features of the code to be detected according to preset open framework identification features; the development framework features are acquired based on the code to be detected;
determining a routing function in the key information structure body based on a preset routing rule corresponding to the development framework type;
determining the positions of the stains in the code to be detected based on a preset stain rule corresponding to the development framework type and the routing function, and generating a stain data flow diagram;
traversing the taint data flow graph based on a preset vulnerability rule corresponding to the development framework type, and determining whether vulnerability information exists in the code to be detected.
2. The vulnerability detection method of claim 1, wherein the identifying the development framework type of the code to be detected comprises:
acquiring development framework characteristics of the code to be detected;
and identifying the development frame type corresponding to the development frame characteristics of the code to be detected according to the preset development frame identification characteristics.
3. The vulnerability detection method of claim 1, wherein the determining a routing function in the critical information structure based on the routing rules of the development framework comprises:
Identifying a syntax of the critical information structure routing;
and matching the grammar of the route with the route rules of the development framework to determine the route function, wherein the route rules comprise the corresponding relation between the grammar of the route and the corresponding route rules.
4. The vulnerability detection method of claim 1, wherein generating a dirty data flow graph comprises:
when the stain is transferred in a function, generating a stain mark node according to the position of the stain, and taking the stain mark node as a node in the stain data flow graph;
when the stain is transferred in a plurality of functions, generating a plurality of stain mark nodes of the stain in the functions according to index positions of transfer functions of the stain, and taking the stain mark nodes as nodes in the stain data flow graph.
5. The vulnerability detection method of claim 1, wherein traversing the taint dataflow graph based on the preset vulnerability rule corresponding to the development framework type, determining whether vulnerability information exists in the code to be detected, comprises:
traversing the taint data flow graph based on a preset vulnerability rule corresponding to the development framework type, and determining that vulnerability information exists in the code to be detected when at least one path exists in the taint data flow graph to meet the preset vulnerability rule.
6. The vulnerability detection method of claim 1, wherein the preset vulnerability rule comprises:
the index position of the transfer parameter of the stain is a preset position; and is also provided with
A path in the stain data flow graph has a preset high-risk function; and is also provided with
The keywords in the stain are matched with preset keywords; and is also provided with
And a preset filtering function does not exist in the path.
7. The vulnerability detection method of claim 1, wherein after determining vulnerability information in the code to be detected, further comprising:
and determining a key row of the vulnerability information in the code to be detected according to the vulnerability information, generating vulnerability reporting information based on the code of the preset row number up and down of the key row and the key row code, and reporting the vulnerability reporting information.
8. A vulnerability detection apparatus, comprising:
the analysis module is used for analyzing the code to be detected by adopting a grammar tree, extracting key information of the code to be detected and constructing a key information structure body;
the frame identification module is used for identifying the development frame of the code to be detected by adopting preset development frame identification characteristics; the development framework type is obtained by identifying development framework features of the code to be detected according to preset open framework identification features; the development framework features are acquired based on the code to be detected;
A routing function identification module for determining a routing function in the key information structure based on a routing rule of the development framework;
the stain data flow diagram generating module is used for determining the positions of stains in the codes based on the stain rules of the development framework and the routing functions and generating stain data flow diagrams;
and the vulnerability information determining module is used for traversing the taint data flow graph based on a preset vulnerability rule corresponding to the development framework type and determining whether vulnerability information exists in the code to be detected.
9. An electronic device, comprising:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to: the vulnerability detection method according to any one of claims 1 to 7 is performed.
10. A computer storage medium storing at least one instruction, at least one program, code set, or instruction set, the at least one instruction, the at least one program, the code set, or instruction set being loaded and executed by a processor to implement the vulnerability detection method of any one of claims 1 to 7.
CN202010295600.0A 2020-04-15 2020-04-15 Vulnerability detection method and device, electronic equipment and computer storage medium Active CN111506900B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010295600.0A CN111506900B (en) 2020-04-15 2020-04-15 Vulnerability detection method and device, electronic equipment and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010295600.0A CN111506900B (en) 2020-04-15 2020-04-15 Vulnerability detection method and device, electronic equipment and computer storage medium

Publications (2)

Publication Number Publication Date
CN111506900A CN111506900A (en) 2020-08-07
CN111506900B true CN111506900B (en) 2023-07-18

Family

ID=71874310

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010295600.0A Active CN111506900B (en) 2020-04-15 2020-04-15 Vulnerability detection method and device, electronic equipment and computer storage medium

Country Status (1)

Country Link
CN (1) CN111506900B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112131573A (en) * 2020-09-14 2020-12-25 深信服科技股份有限公司 Method and device for detecting security vulnerability and storage medium
CN112347486A (en) * 2020-11-30 2021-02-09 山东浪潮商用系统有限公司 Code vulnerability examination method and device for realizing privacy protection and readable medium
CN112632561A (en) * 2020-12-28 2021-04-09 北京安全共识科技有限公司 Web application vulnerability detection method and related device
CN113010890B (en) * 2021-02-26 2023-02-07 中科天齐(山西)软件安全技术研究院有限公司 Application program safety detection method and device, electronic equipment and storage medium
CN113220306A (en) * 2021-05-31 2021-08-06 支付宝(杭州)信息技术有限公司 Operation execution method and device and electronic equipment
CN117806971A (en) * 2024-01-03 2024-04-02 北京北大软件工程股份有限公司 Self-adaptive analysis configuration method and system
CN118094569A (en) * 2024-04-24 2024-05-28 腾讯科技(深圳)有限公司 Vulnerability detection method, vulnerability detection device, computer equipment and storage medium
CN118094255A (en) * 2024-04-29 2024-05-28 杭州默安科技有限公司 Method, device, equipment and storage medium for identifying filter function

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102129538A (en) * 2011-03-04 2011-07-20 北京邮电大学 System and method for detecting buffer overflow vulnerability of source code of sensor network
CN104298921A (en) * 2013-07-15 2015-01-21 深圳市腾讯计算机系统有限公司 Animation source file security vulnerability checking method and animation source file security vulnerability checking device
CN105204985A (en) * 2014-06-23 2015-12-30 腾讯科技(深圳)有限公司 Vulnerability detection method and device
CN107688748A (en) * 2017-09-05 2018-02-13 中国人民解放军信息工程大学 Fragility Code Clones detection method and its device based on leak fingerprint
WO2018086294A1 (en) * 2016-11-14 2018-05-17 平安科技(深圳)有限公司 Method and system for detecting security hole of application software, device, and storage medium
WO2018086292A1 (en) * 2016-11-14 2018-05-17 平安科技(深圳)有限公司 Method and system for detecting security hole of application software, device, and storage medium
CN109002721A (en) * 2018-07-12 2018-12-14 南方电网科学研究院有限责任公司 A kind of mining analysis method of information security loophole
CN109462583A (en) * 2018-10-31 2019-03-12 南京邮电大学 A kind of reflection-type leak detection method combined based on static and dynamic
CN109460641A (en) * 2018-11-15 2019-03-12 成都网域复兴科技有限公司 A kind of loophole positioning excavation system and method for binary file
CN109710307A (en) * 2018-12-29 2019-05-03 深圳点猫科技有限公司 Method, the electronic equipment of abstract syntax tree are rebuild based on Python code
WO2019104312A1 (en) * 2017-11-27 2019-05-31 Fractal Industries, Inc. Meta-indexing, search, compliance, and test framework for software development
CN110197072A (en) * 2018-06-04 2019-09-03 腾讯科技(深圳)有限公司 The method of excavation and system of software security flaw, storage medium and computer equipment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9158922B2 (en) * 2013-05-29 2015-10-13 Lucent Sky Corporation Method, system, and computer-readable medium for automatically mitigating vulnerabilities in source code
US10805316B2 (en) * 2016-05-31 2020-10-13 University Of South Florida Systems and methods for detecting attacks in big data systems
US20200074084A1 (en) * 2018-08-29 2020-03-05 Microsoft Technology Licensing, Llc Privacy-preserving component vulnerability detection and handling

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102129538A (en) * 2011-03-04 2011-07-20 北京邮电大学 System and method for detecting buffer overflow vulnerability of source code of sensor network
CN104298921A (en) * 2013-07-15 2015-01-21 深圳市腾讯计算机系统有限公司 Animation source file security vulnerability checking method and animation source file security vulnerability checking device
CN105204985A (en) * 2014-06-23 2015-12-30 腾讯科技(深圳)有限公司 Vulnerability detection method and device
WO2018086294A1 (en) * 2016-11-14 2018-05-17 平安科技(深圳)有限公司 Method and system for detecting security hole of application software, device, and storage medium
WO2018086292A1 (en) * 2016-11-14 2018-05-17 平安科技(深圳)有限公司 Method and system for detecting security hole of application software, device, and storage medium
CN107688748A (en) * 2017-09-05 2018-02-13 中国人民解放军信息工程大学 Fragility Code Clones detection method and its device based on leak fingerprint
WO2019104312A1 (en) * 2017-11-27 2019-05-31 Fractal Industries, Inc. Meta-indexing, search, compliance, and test framework for software development
CN110197072A (en) * 2018-06-04 2019-09-03 腾讯科技(深圳)有限公司 The method of excavation and system of software security flaw, storage medium and computer equipment
CN109002721A (en) * 2018-07-12 2018-12-14 南方电网科学研究院有限责任公司 A kind of mining analysis method of information security loophole
CN109462583A (en) * 2018-10-31 2019-03-12 南京邮电大学 A kind of reflection-type leak detection method combined based on static and dynamic
CN109460641A (en) * 2018-11-15 2019-03-12 成都网域复兴科技有限公司 A kind of loophole positioning excavation system and method for binary file
CN109710307A (en) * 2018-12-29 2019-05-03 深圳点猫科技有限公司 Method, the electronic equipment of abstract syntax tree are rebuild based on Python code

Also Published As

Publication number Publication date
CN111506900A (en) 2020-08-07

Similar Documents

Publication Publication Date Title
CN111506900B (en) Vulnerability detection method and device, electronic equipment and computer storage medium
CN110489345B (en) Crash aggregation method, device, medium and equipment
CN114328208A (en) Code detection method and device, electronic equipment and storage medium
CN111338813B (en) Method, device, medium and electronic equipment for dynamically generating middleware
CN111241823A (en) Dependency configuration management method and device, electronic equipment and storage medium
CN111666218B (en) Code auditing method, device, electronic equipment and medium
US10929265B2 (en) Optimizing automated interactions with web applications
CN111124541B (en) Configuration file generation method, device, equipment and medium
CN111045926A (en) Application program jamming detection method, device, medium and electronic equipment
CN112527302A (en) Error detection method and device, terminal and storage medium
CN111382017A (en) Fault query method, device, server and storage medium
CN112379967B (en) Simulator detection method, device, equipment and medium
CN111367791B (en) Method, device, medium and electronic equipment for generating test case
CN115421831A (en) Method, device, equipment and storage medium for generating calling relation of activity component
CN111309323B (en) Parameter initialization method and device and electronic equipment
CN110297639B (en) Method and apparatus for detecting code
CN115729797A (en) Code similarity function detection method and device, electronic equipment and storage medium
CN113138767A (en) Code language conversion method, device, electronic equipment and storage medium
CN111797009A (en) Method and device for detecting code compatibility and electronic equipment
CN117235744B (en) Source file online method, device, electronic equipment and computer readable medium
CN117172249B (en) Contract checking method, device, equipment and computer readable storage medium
CN117435276A (en) Browser page display method, device, equipment, storage medium and program product
CN116954618A (en) Function compiling method, device, medium and electronic equipment
CN116401156A (en) Method, device, equipment and medium for determining compiler version of intelligent contract
CN116414683A (en) Regression testing method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 100041 B-0035, 2 floor, 3 building, 30 Shixing street, Shijingshan District, Beijing.

Applicant after: Douyin Vision Co.,Ltd.

Address before: 100041 B-0035, 2 floor, 3 building, 30 Shixing street, Shijingshan District, Beijing.

Applicant before: Tiktok vision (Beijing) Co.,Ltd.

Address after: 100041 B-0035, 2 floor, 3 building, 30 Shixing street, Shijingshan District, Beijing.

Applicant after: Tiktok vision (Beijing) Co.,Ltd.

Address before: 100041 B-0035, 2 floor, 3 building, 30 Shixing street, Shijingshan District, Beijing.

Applicant before: BEIJING BYTEDANCE NETWORK TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant