CN112015826A - Intelligent contract security detection method based on block chain and related equipment - Google Patents

Intelligent contract security detection method based on block chain and related equipment Download PDF

Info

Publication number
CN112015826A
CN112015826A CN202011161073.0A CN202011161073A CN112015826A CN 112015826 A CN112015826 A CN 112015826A CN 202011161073 A CN202011161073 A CN 202011161073A CN 112015826 A CN112015826 A CN 112015826A
Authority
CN
China
Prior art keywords
parameter
target
chain
initial
intelligent contract
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011161073.0A
Other languages
Chinese (zh)
Other versions
CN112015826B (en
Inventor
梁广鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202011161073.0A priority Critical patent/CN112015826B/en
Publication of CN112015826A publication Critical patent/CN112015826A/en
Application granted granted Critical
Publication of CN112015826B publication Critical patent/CN112015826B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating
    • G06F16/2365Ensuring data consistency and integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Finance (AREA)
  • Data Mining & Analysis (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The disclosure provides a block chain-based intelligent contract security detection method and device, a computer-readable storage medium and an electronic device. The method comprises the following steps: acquiring a target intelligent contract and the file size thereof; obtaining functions from the target intelligent contract; acquiring and recording the initial parameter change relation of each function; generating a primary parameter change chain according to the change relation between at least two parameters in the primary parameter change relation of each function; acquiring a target parameter name in a target intelligent contract according to the file size; and traversing the target parameter name in the initial parameter change chain, and determining the tracking correctness of the initial parameter change chain according to the target parameter name so as to obtain the security detection result of the target intelligent contract. The technical scheme provided by the embodiment of the disclosure can correctly track the parameter change process of the target intelligent contract to be uploaded to the target block chain, and ensure the security of the target intelligent contract finally uploaded to the target block chain.

Description

Intelligent contract security detection method based on block chain and related equipment
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a block chain-based intelligent contract security detection method and apparatus, a computer-readable storage medium, and an electronic device.
Background
With the development of the blockchain technology, the blockchain technology is applied to more and more fields. For example, the method is widely applied to the fields of finance, information security, computing resource sharing, entertainment, social contact, supply chain management or medical treatment.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. As a programmable block chain, its main feature is to allow the user to write a delicate and intelligent protocol, the so-called intelligent contract.
The intelligent contract is a contract program automatically executed according to specific conditions, and is an important way for a user to interact with the block chain and realize business logic by utilizing the block chain. For example, each organization may store and share information through an intelligent contract on the block chain, and may trigger the intelligent contract to execute a corresponding step when a certain condition is reached based on a received request, acquired information, or pre-stored information, so as to implement a service processing function corresponding to the request. Smart contracts allow trusted transactions to be conducted without third parties, which transactions are traceable and irreversible. Compared with the traditional contract, the intelligent contract can automatically execute the predetermined agreement, and reduces other transaction costs.
However, since the smart contracts on the blockchain are visible to all users and cannot be tampered with once deployed, they may be discovered and attacked if there is a vulnerability in the smart contracts themselves. Clearly, how to detect the security of smart contracts has become a concern for blockchain application developers.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure.
Disclosure of Invention
The embodiment of the disclosure provides a method and a device for detecting security of an intelligent contract based on a block chain, a computer-readable storage medium, and an electronic device, which can solve the technical problem of how to detect security of an intelligent contract to be deployed on the block chain in the related art.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
The embodiment of the disclosure provides an intelligent contract security detection method based on a block chain, which comprises the following steps: acquiring a target intelligent contract to be uploaded to a target block chain and the file size of the target intelligent contract; carrying out contract analysis and function extraction processing on the target intelligent contract to obtain each function analyzed and extracted from the target intelligent contract; analyzing and processing parameters and analyzing and processing parameter change relations of each function analyzed and extracted from the target intelligent contract to obtain and record initial parameter change relations of each function in the target intelligent contract, wherein the initial parameter change relations of each function comprise change relations between at least two parameters; generating a primary parameter change chain of the target intelligent contract according to the change relationship between at least two parameters in the primary parameter change relationship of each function in the target intelligent contract; acquiring a target parameter name in the target intelligent contract according to the file size of the target intelligent contract; and traversing the target parameter name in the target intelligent contract in the initial parameter change chain, and determining the tracking correctness of the initial parameter change chain according to the target parameter name so as to obtain the security detection result of the target intelligent contract.
The embodiment of the present disclosure provides an intelligent contract security detection device based on a block chain, the device includes: the target intelligent contract information acquisition unit is used for acquiring a target intelligent contract to be uploaded to a target block chain and the file size of the target intelligent contract; the target intelligent contract analyzing and extracting unit is used for carrying out contract analysis and function extraction processing on the target intelligent contract so as to obtain each function analyzed and extracted from the target intelligent contract; a primary parameter change relationship obtaining unit, configured to perform parameter analysis processing and parameter change relationship analysis processing on each function analyzed and extracted from the target intelligent contract, so as to obtain and record a primary parameter change relationship of each function in the target intelligent contract, where the primary parameter change relationship of each function includes a change relationship between at least two parameters; a primary parameter change chain generation unit, configured to generate a primary parameter change chain of the target intelligent contract according to a change relationship between at least two parameters in the primary parameter change relationship of each function in the target intelligent contract; the target parameter name acquisition unit is used for acquiring a target parameter name in the target intelligent contract according to the file size of the target intelligent contract; and the intelligent contract detection result obtaining unit is used for traversing the target parameter name in the target intelligent contract in the primary parameter change chain, and determining the tracking correctness of the primary parameter change chain according to the target parameter name so as to obtain the security detection result of the target intelligent contract.
The disclosed embodiments provide a computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the block chain-based intelligent contract security detection method as described in the above embodiments.
An embodiment of the present disclosure provides an electronic device, including: at least one processor; a storage device configured to store at least one program that, when executed by the at least one processor, causes the at least one processor to implement the blockchain-based intelligent contract security detection method as described in the above embodiments.
According to an aspect of the application, a computer program product or computer program is provided, comprising computer instructions, the computer instructions being stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the method provided in the various alternative implementations of the embodiments described above.
In the technical solutions provided in some embodiments of the present disclosure, on one hand, before deploying a target intelligent contract to a target block chain, a target intelligent contract and a file size of the target intelligent contract are obtained, and then contract parsing and function extraction processing are performed on the target intelligent contract to obtain each function parsed and extracted from the target intelligent contract; then, parameter analysis processing and parameter change relation analysis processing are carried out on each function analyzed and extracted from the target intelligent contract, and the primary parameter change relation of each function in the target intelligent contract is obtained and recorded, wherein each primary parameter change relation comprises the change relation between at least two parameters, so that when the parameters in the target intelligent contract are tracked, a fine-grained data change process (parameter level) can be provided, and the later inquiry and use are facilitated by recording the parameter change information (the primary parameter change relation) of the functions in the target intelligent contract; on the other hand, a primary parameter change chain of the target intelligent contract can be generated according to the change relationship between at least two parameters in the primary parameter change relationship of each function in the target intelligent contract, and further a target parameter name in the target intelligent contract can be obtained through the file size of the target intelligent contract, so that the target parameter name can be traversed in the primary parameter change chain, the tracking correctness of the primary parameter change chain is determined according to the target parameter name, and the security detection result of the target intelligent contract is finally obtained, thereby achieving the purpose of verifying the security of the target intelligent contract, ensuring that the target intelligent contract finally deployed on the target block chain is safe and is not easy to attack, and improving the security of the application using the target block chain.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty. In the drawings:
fig. 1 schematically shows a flowchart of a block chain-based intelligent contract security detection method according to an embodiment of the present disclosure.
Fig. 2 is an optional structural schematic diagram of the block chain-based intelligent contract security detection method applied to a block chain system according to the embodiment of the present disclosure.
Fig. 3 is an alternative schematic diagram of a block structure provided in the embodiments of the present disclosure.
FIG. 4 schematically shows a flowchart of a blockchain-based intelligent contract security detection method according to another embodiment of the present disclosure.
FIG. 5 schematically shows a version information diagram of a first-level target programming language, according to an embodiment of the disclosure.
Fig. 6 schematically illustrates a schematic diagram of determining an associated parameter variation relationship and an unrelated parameter variation relationship according to an embodiment of the present disclosure.
Fig. 7 schematically shows a schematic diagram of determining a correlation parameter variation relationship according to an embodiment of the present disclosure.
Fig. 8 schematically shows a block diagram of a block chain-based intelligent contract security detection apparatus according to an embodiment of the present disclosure.
FIG. 9 shows a schematic structural diagram of an electronic device suitable for use in implementing embodiments of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
The described features, structures, or characteristics of the disclosure may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and the like. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the disclosure.
The drawings are merely schematic illustrations of the present disclosure, in which the same reference numerals denote the same or similar parts, and thus, a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in at least one hardware module or integrated circuit, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and steps, nor do they necessarily have to be performed in the order described. For example, some steps may be decomposed, and some steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
In this specification, the terms "a", "an", "the", "said" and "at least one" are used to indicate the presence of at least one element/component/etc.; the terms "comprising," "including," and "having" are intended to be inclusive and mean that there may be additional elements/components/etc. other than the listed elements/components/etc.; the terms "first," "second," and "third," etc. are used merely as labels, and are not limiting on the number of their objects.
The following detailed description of exemplary embodiments of the disclosure refers to the accompanying drawings.
Fig. 1 schematically shows a flowchart of a block chain-based intelligent contract security detection method according to an embodiment of the present disclosure. As shown in fig. 1, the method provided by the embodiment of the present disclosure may include the following steps.
In step S110, a target intelligent contract to be uploaded to the target block chain and a file size thereof are obtained.
In the embodiment of the present disclosure, the target blockchain may be any type of blockchain used after the open source code or the open source code is secondarily developed, and for example, the target blockchain may be any one of a public chain, a private chain, or a federation chain. The corresponding block chain can be selected as the target block chain according to the actual application scene.
Any node in the public chain is open to anyone, and each person can participate in the blockchain to perform calculation, and anyone can download and obtain the data (all accounts) of the complete blockchain. The greatest advantages of the public chain are decentralization and safety. However, it is difficult to achieve consensus among such many casual nodes, because some nodes may be down at any time and hackers may forge many false nodes. Therefore, the public chain has a very strict consensus mechanism, so the biggest problem of the public chain is the consensus problem, and the consensus problem directly causes the speed problem of the public chain in processing data.
In some application scenarios of the blockchain, it is not desirable that anyone can participate in the system, and can view all data, and only permitted nodes can participate in and view all data, and such a blockchain structure is called a private chain. The private chain can customize the policy completely by itself and is therefore extremely fast. In contrast, private chains do not have decentralization.
Private chains can prevent a single node within an organization from intentionally concealing or tampering with data, and can quickly discover the source even if an error occurs. Many large financial institutions are more inclined to use private chain technology. Such as user access and transactions within only one financial, auditing institution.
Since the industry and application needing to be kept secret do not need the public chain to be publicly transparent, the alliance chain is produced, the alliance chain is limited to alliance members, and all or part of functions are opened for the members, so that the read-write authority and the accounting rule on the alliance chain are 'privately customized' according to the alliance rule.
The alliance chain only aims at members of a specific certain group and limited third parties, a plurality of preselected nodes are internally designated as bookkeepers, the generation of each block is determined by all the preselected nodes, access nodes of other third parties can participate in transactions, but the billing process is not asked, and other third parties can carry out limited query through an Application Programming Interface (API) opened by the alliance chain. Generally, a federation chain is applicable to a Business-to-Business scenario such as B2B (Business-to-Business) for inter-enterprise transactions, settlement, or clearing. For example, multiple financial institutions may connect together their respective blockchain networks to form a federated network, thereby facilitating data interfacing and collaboration with one another.
To achieve better performance, the federation chain places certain requirements on the configuration and network environment of the consensus or authentication node. With the admission mechanism, the transaction performance can be improved more easily, and problems caused by the participants with uneven participation can be avoided. The processing speed of the alliance chain is higher than that of the public chain, because the number and the identity of the nodes are well defined, a relatively loose consensus mechanism can be used, and therefore the processing speed of data is greatly improved compared with that of the public chain.
In the embodiment of the present disclosure, the target blockchain is taken as a target federation chain, and an open-source federation chain application proposed by a hyper-ridger Fabric (an open-source blockchain distributed ledger) is taken as an example for illustration, but the present disclosure is not limited thereto. The target federation chain may also be, for example, FISCO BCOS (a financial Block chain partnership).
Based on the above description, the embodiment of the present disclosure provides a block chain-based intelligent contract security detection method, which may be implemented based on a federation chain technology, and a federation chain bottom platform may include processing modules such as user management, basic service, an intelligent contract, and operation monitoring. The user management module is responsible for identity information management of all blockchain participants, and the identity information management comprises public and private key generation maintenance (account management), key management, user real identity and alliance chain address corresponding relation maintenance (authority management) and the like.
The target intelligent contract in the embodiment of the disclosure describes contract terms, transaction conditions, transaction business logic and the like in a computer language, and realizes automatic execution of transactions and operation of account book data by calling the target intelligent contract. It can be understood that: the associated transaction logic is implemented and saved as a specific file in a programming language, such as the first-level target programming language or the updated target programming language described below.
When the target blockchain is a target federation chain, the target intelligent contract may also be referred to as a target federation chain contract. In one scenario, the target federation chain may include terminals of multiple users, where the terminals may be any electronic device such as a mobile phone, a computer, a tablet computer, and so on. The terminal of each user serves as a node in the target federation chain, the terminal of each user can collect federation link contracts, and any one of the collected federation link contracts can serve as the target federation link contract. Before deploying the target federation chain contract to the target federation chain, the program source code of the target federation chain contract needs to be checked to find whether a security risk or a security vulnerability problem exists, which may also be referred to as code auditing. Since a parameter (e.g., variable) in a function in the program source code has a constantly changing process (e.g., changing from variable a to variable B), the process of changing the variable in the function in the program source code can be recorded through parameter tracking, such as variable tracking, to implement the code auditing function.
In step S120, contract parsing and function extraction processing is performed on the target intelligent contract to obtain each function parsed and extracted from the target intelligent contract.
In the embodiment of the present disclosure, contract analysis processing is performed on the target intelligent contract to be uploaded and deployed to the target block chain, which is obtained in step S110, to identify each function in the target intelligent contract, and then function extraction processing is performed on each identified function in the target intelligent contract, so as to obtain each function in the target intelligent contract.
In step S130, performing parameter analysis processing and parameter variation relationship analysis processing on each function analyzed and extracted from the target intelligent contract to obtain and record a primary parameter variation relationship of each function in the target intelligent contract, where the primary parameter variation relationship of each function includes a variation relationship between at least two parameters.
In the embodiment of the present disclosure, parameter analysis processing is performed on each function analyzed and extracted in step S120 to obtain parameters in each function of the target intelligent contract, then parameter change relationship analysis processing is performed on the parameters in each function to obtain and record a primary parameter change relationship of each function in the target intelligent contract, and by recording the primary parameter change relationship of each function in the target intelligent contract, a change relationship between at least two parameters in each function in the target intelligent contract can be recorded, that is, the method provided in the embodiment of the present disclosure can record parameter changes of functions in the target intelligent contract instead of recording function changes, so that, compared to functions, audit information of the target intelligent contract can be provided under the condition of granularity.
For example, two parameters of each function in the target intelligent contract, such as the change relationship between two variables, can be recorded for each step of variable change, so that the auditing information of the target intelligent contract can be provided under the condition of the finest granularity.
In an exemplary embodiment, the preliminary parameter variation relationship may include an associated parameter variation relationship.
Obtaining and recording the initial parameter variation relationship of each function in the target intelligent contract may include: determining initial chain code version information of the target block chain from different chain code versions of the target block chain; acquiring an initial-order target open-source code of the target block chain corresponding to the initial-order chain code version information according to the initial-order chain code version information; performing code analysis and function extraction processing on the initial-order target open source code to obtain each function analyzed and extracted from the initial-order target open source code; analyzing and processing function names and corresponding parameters of each function analyzed and extracted from the initial-order target open source code to obtain the function names and the parameters of each function in the initial-order target open source code; establishing and recording an initial order function name parameter relation chain of each function in the initial order target open source code according to the corresponding relation between the function name of each function in the initial order target open source code and each parameter of the function; and comparing the initial order function name parameter relation chain with the initial order parameter change relation, and determining the relation parameter change relation related to the initial order function name parameter relation chain. In the embodiment of the disclosure, the initial-order function name parameter relation chain is constructed by using the initial-order target open source code of the target federation chain, so that the initial-order function name parameter relation chain can be used for performing parameter, such as variable tracking, on the target federation chain contract.
In the embodiment of the present disclosure, a target block chain, for example, a target federation chain, may have a plurality of different chain code versions, and by obtaining initial-order chain code version information of the target federation chain, an initial-order target open source code of the target federation chain corresponding to the initial-order chain code version information may be accurately obtained, so that an initial-order function name parameter relationship chain of each function in the initial-order target open source code may be constructed based on the initial-order target open source code. The initial-order function name parameter relation chain is generated according to the corresponding relation between the function name of each function in the initial-order target open source code and each parameter of the function name. If the initial-order parameter variation relation is related to the initial-order function name parameter relation chain, the initial-order parameter variation relation is called as an associated parameter variation relation.
In an exemplary embodiment, the initial order function name parameter relationship chain may include a target function name of the target function and its target input parameters. Wherein, comparing the primary function name parameter relationship chain with the primary parameter variation relationship, and determining the relationship parameter variation relationship related to the primary function name parameter relationship chain may include: and if the target input parameters are changed into initial internal parameters in the target function, determining the initial-order parameter change relationship of the target input parameters into the initial internal parameters as the associated parameter change relationship related to the initial-order function name parameter relationship chain.
For example, if the target function func (a) exists in the initial-order open source target code, the target function name is func, and the target input parameter a exists, the initial-order function name parameter relation chain that can be generated may include the target function name func and the target input parameter a, and if the target function func (a) also exists in the target smart contract, and the target input parameter a is changed into the initial internal parameter B inside the target function func (a), the initial-order parameter change relation in which the target input parameter a is changed into the initial internal parameter B may be determined as the related parameter change relation related to the initial-order function name parameter relation chain, that is, the initial-order parameter change relation is related to the target function name and the target input parameter thereof in the initial-order function name parameter relation chain.
In an exemplary embodiment, comparing the primary function name parameter relationship chain with the primary parameter variation relationship, and determining the associated parameter variation relationship related to the primary function name parameter relationship chain, may further include: and if the initial internal parameters are changed into the transformation internal parameters in the target function, determining the initial parameter change relationship of the initial internal parameters into the transformation internal parameters as the associated parameter change relationship related to the initial function name parameter relationship chain.
For example, also taking the objective function func (a) as an example, assuming that the target input parameter a is changed to the initial internal parameter B within the objective function func (a) in the target smart contract, and then assuming that the initial internal parameter B is further changed to the conversion internal parameter C, the initial parameter change relationship in which the initial internal parameter B is changed to the conversion internal parameter C may also be determined as the associated parameter change relationship related to the initial function name parameter relationship chain, that is, the initial parameter change relationship is related to the target function name and the target input parameter thereof in the initial function name parameter chain relationship.
In an exemplary embodiment, comparing the primary function name parameter relationship chain with the primary parameter variation relationship, and determining the associated parameter variation relationship related to the primary function name parameter relationship chain, may further include: and if a set internal parameter is newly added in the target function and an operation internal parameter is generated according to the initial internal parameter and the set internal parameter, determining an initial parameter variation relation in which the initial internal parameter is changed into the operation internal parameter and the set internal parameter is changed into the operation internal parameter as the associated parameter variation relation related to the initial function name parameter relation chain.
For example, taking the target function func (a) as an example, assuming that the target input parameter a is changed to the initial internal parameter B within the target function func (a) in the target smart contract, and assuming that a set internal parameter X is further added within the target function func (a), and the computed internal parameter D is generated by computing (for example, any one or combination of a plurality of operations such as addition, subtraction, multiplication, division, and the like) the initial internal parameter B and the set internal parameter X, the initial parameter change relationship in which the initial internal parameter B is changed to the computed internal parameter D and the initial parameter change relationship in which the set internal parameter X is changed to the computed internal parameter D may be determined as the associated parameter change relationship related to the initial-order function name parameter relationship chain.
It should be noted that, the scenario of determining whether a first-order parameter change relationship is related to a first-order function name parameter relationship chain is not limited to the above example.
For another example, also taking the objective function func (a) as an example, assuming that the set internal parameter X is added in the objective function func (a) in the target intelligent contract, and a new parameter E is generated through the operation (for example, any operation operations such as addition, subtraction, multiplication, division, and the like) of the target input parameter a and the set internal parameter X, the initial parameter change relationship in which the target input parameter a is changed to the new parameter E and the initial parameter change relationship in which the set internal parameter X is changed to the new parameter E may be determined as the associated parameter change relationship related to the initial-order function name parameter relationship chain.
In an exemplary embodiment, the preliminary parameter variation relationship may include an unrelated parameter variation relationship. If the initial-order parameter variation relation is irrelevant to the initial-order function name parameter relation chain, the initial-order parameter variation relation is called irrelevant parameter variation relation.
Wherein the method may further comprise: comparing the primary order function name parameter relation chain with the primary order parameter variation relation, and determining the irrelevant parameter variation relation irrelevant to the primary order function name parameter relation chain; and dividing the associated parameter variation relation and the irrelevant parameter variation relation into a first part and a second part, and storing the first part and the second part into a part parameter variation relation database or a part parameter variation relation data set.
In the embodiment of the present disclosure, the partial parameter variation relation database is a database for storing the related parameter variation relation and the unrelated parameter variation relation at the same time, and the related parameter variation relation and the unrelated parameter variation relation are divided into a first part and a second part which are independent from each other in the database and are stored in the first part and the second part respectively. Similarly, the partial parameter variation relation data set is a data set for storing the related parameter variation relation and the unrelated parameter variation relation at the same time, and the related parameter variation relation and the unrelated parameter variation relation are divided into a first part and a second part which are independent and stored respectively in the data set.
In the embodiment of the disclosure, on one hand, because the initial parameter variation relationship in the actual target intelligent contract is more, the initial function name parameter relationship chain and the initial parameter variation relationship can be stored in two different function name parameter relationship chain databases and parameter variation relationship databases or function name parameter relationship chain data sets and parameter variation relationship data sets, so that the migration can be performed very conveniently, and the query speed of the initial function name parameter relationship chain and the initial parameter variation relationship can be improved. On the other hand, since function names and parameters are used for tracking parameters, the essence of parameter tracking is to check which function the parameters go from, wherein what parameter changes, because the code time for analyzing the primary target intelligent contract is not short, and errors may occur in the analysis process, which may affect the classification of the associated parameter change relationship and the irrelevant parameter change relationship. In this case, in order to improve efficiency and accuracy, the irrelevant parameter variation relationship in the initial parameter variation relationship may be extracted, so that the subsequent analysis does not need to consume time again. In addition, the associated parameter variation relation and the irrelevant parameter variation relation in the initial-order parameter variation relation are stored in two parts, so that subsequent query or retrieval can be facilitated.
Similarly, the storage manner of the initial-order parameter variation relationship is not limited in the present disclosure.
In an exemplary embodiment, the initial order function name parameter relationship chain may include an objective function.
Wherein, comparing the primary function name parameter relationship chain with the primary parameter variation relationship, and determining the unrelated parameter variation relationship unrelated to the primary function name parameter relationship chain may include: and if an added internal parameter is newly added in the target function and the added internal parameter is changed into an internal conversion internal parameter, determining an initial parameter change relation of the added internal parameter changed into the internal conversion internal parameter as the irrelevant parameter change relation irrelevant to the initial function name parameter relation chain.
For example, also taking the above-mentioned objective function func (a) as an example, assuming that an adding internal parameter X ' is added inside the objective function func (a) in the target intelligent contract, and the adding internal parameter X ' is changed into the internal conversion internal parameter Y, the initial parameter change relationship in which the adding internal parameter X ' is changed into the internal conversion internal parameter Y may be determined as an unrelated parameter change relationship unrelated to the initial function name parameter relation chain.
In the embodiments of the present disclosure, the determination of the associated parameter variation relationship and the irrelevant parameter variation relationship in the initial-order parameter variation relationship is not limited to the above-mentioned several cases, and is only used for illustration here.
In an exemplary embodiment, the target blockchain may include encapsulated interfaces provided for use by at least one programming language.
Taking the target federation chain as an example, the target federation chain in the embodiment of the present disclosure may include not only the code for controlling itself, but also an already packaged interface for providing to different programming languages. In the target federation chain, the same target federation chain contract can be written in different programming languages (e.g., Java (an object-oriented programming language), JS (abbreviation for JavaScript, a lightweight, interpreted, or just-in-time compilation-type high-level programming language with function precedence), Python (a cross-platform computer programming language), Go (also known as Golang, a strong static type, a compiled language), etc.) (actually calling an API of the corresponding programming language that the target federation chain has packaged). The target alliance chain can have different versions, so that the operating environment of the target alliance chain contract has different versions, which is called as the operating environment version information of the target alliance chain contract and corresponds to the version adopted by the target alliance chain.
According to the method provided by the embodiment of the disclosure, because the target alliance chain comprises the packaged interfaces for providing different programming languages for use, the same target alliance chain contract can be written by adopting a plurality of different programming languages, such as Java, JS, Python, Go and the like, so that the method provided by the embodiment of the disclosure can support detection and code audit on the target alliance chain contracts developed by different types of programming languages, namely the method provided by the embodiment of the disclosure has good applicability and strong portability.
The constructing and recording a primary function name parameter relation chain of each function in the primary target open source code according to the corresponding relation between the function name of each function in the primary target open source code and each parameter thereof may include: determining a first-level target programming language adopted by the target intelligent contract and a first-level target language version thereof from the at least one programming language supported by the target blockchain, wherein the at least one programming language can comprise the first-level target programming language; constructing the primary function name parameter relation chain according to the corresponding relation between the function name and each parameter of each function in the primary target open source code and the primary target language version; each initial order function name parameter relation chain comprises a function name and a parameter of a function in the initial order target open source code and the initial order target language version; and storing the initial-order function name parameter relation chain to a function name parameter relation chain database or a function name parameter relation chain data set.
In the embodiment of the present disclosure, the function name parameter relationship chain database is a database for storing the initial-order function name parameter relationship chain. Similarly, the function name parameter relationship chain data set is a data set for storing the above-described initial order function name parameter relationship chain.
In an exemplary embodiment, determining the initial target programming language and the initial target language version thereof adopted by the target intelligent contract from the at least one programming language supported by the target blockchain may include: determining the initial target programming language adopted by the target intelligent contract from the at least one programming language supported by the target block chain according to the characteristic field and the grammatical characteristic of each programming language; and determining the primary target language version of the primary target programming language from different versions of the primary target programming language according to the function in the target intelligent contract and the function in each version of the primary target programming language.
In the embodiment of the disclosure, the initial target programming language adopted by the target alliance link contract is determined from at least one programming language supported by the target alliance link. The first-level target programming language may also include different versions, and thus, the first-level target language version of the first-level target programming language used by the target intelligent contract may be further determined. When the initial-order function name parameter relation chain is generated, not only the function names and the parameters of the functions in the initial-order target open source code can be added in each initial-order function name parameter relation chain, but also the corresponding initial-order target language versions can be further added, and the initial-order target language versions of the initial-order target programming languages adopted by the target alliance chain contract are strongly associated with the running environment version information by adding the initial-order target language versions in the initial-order function name parameter relation chain, so that the initial-order function name parameter relation chain cannot be obtained or the accurate initial-order function name parameter relation chain cannot be obtained due to the change of the initial-order target language versions and the running environment version information.
In the embodiment of the disclosure, the generated initial order function name parameter relation chain is stored, so that the relation analysis and generation of the initial order function name parameter relation chain of the initial order target open source code are not required to be performed again in each analysis, and the analysis speed and the reusability are improved.
In the embodiment of the present disclosure, the initial order function name parameter relation chain may be stored in the function name parameter relation chain database, or may be stored in the function name parameter relation chain data set.
The databases (including function name parameter relation chain databases, parameter change relation databases and distribution parameter change relation databases) used in the embodiments of the present disclosure are all databases formed by using a database technology, the databases are warehouses that organize, store and manage data according to data structures, the storage of data in the databases has certain rules, the related structures and methods of the databases are public, and a user can use the databases after determining the types of the databases.
The data sets (including the function name parameter relationship chain data set, the parameter change relationship data set and the distribution parameter change relationship data set) adopted in the embodiment of the present disclosure all refer to the format and the storage position of the data determined according to the convention. For example, storing data in a data structure in a row-column form, such as EXCEL (office software), the meaning of the corresponding field in each column is predefined, and the meaning of the coordinate value of the corresponding abscissa and ordinate is indicated, and then importing one row and one column is just the simplest data set.
The data set can be used to save data in a database-free environment because there are various reasons that the data set cannot be connected to the database in practice.
In step S140, a primary parameter variation chain of the target intelligent contract is generated according to a variation relationship between at least two parameters in the primary parameter variation relationship of each function in the target intelligent contract.
Wherein each initial-order parameter variation chain may include a variation relationship between at least three parameters.
In step S150, a target parameter name in the target intelligent contract is obtained according to the file size of the target intelligent contract.
In an exemplary embodiment, obtaining the target parameter name in the target intelligent contract according to the file size of the target intelligent contract may include: if the file size of the target intelligent contract is smaller than a preset threshold value, performing full-quantity extraction on parameter names of the target intelligent contract to take the parameter names appearing in the target intelligent contract as the target parameter names; and if the file size of the target intelligent contract is larger than or equal to the preset threshold value, sampling and extracting parameter names of the target intelligent contract to extract the parameter names of sensitive functions in the target intelligent contract as the target parameter names.
In the embodiment of the disclosure, whether a full-scale mode or a sampling mode is adopted to detect the parameter name of the parameter of the function in the target intelligent contract can be determined according to the file size of the target intelligent contract.
The full-quantity mode is that all parameter names appearing in the target intelligent contract are used as target parameter names for tracking, so that the integrity and comprehensiveness of parameter tracking can be ensured, and the accuracy of parameter tracking is improved. The sampling mode is to extract part of parameter names in all parameter names appearing in the target intelligent contract as target parameter names, for example, to extract parameter names of important sensitive functions in the target intelligent contract as target parameter names. In code security audit, parameter names in sensitive functions are tracked, so that the sensitive functions can be located quickly, and vulnerability discovery is facilitated quickly.
The sensitive function is an important function in the target intelligent contract, and if the function has a problem, a security vulnerability is easily caused.
In step S160, a target parameter name in the target intelligent contract is traversed in the primary parameter change chain, and the tracking correctness of the primary parameter change chain is determined according to the target parameter name, so as to obtain a security detection result of the target intelligent contract.
In an exemplary embodiment, traversing a target parameter name in the target intelligent contract in the primary parameter variation chain, and determining the tracking correctness of the primary parameter variation chain according to the target parameter name to obtain a security detection result of the target intelligent contract, may include: traversing target parameter names in the target intelligent contract, and judging whether each target parameter name exists in the initial parameter change chain; if each target parameter name exists in the initial parameter change chain, acquiring a reference parameter change chain corresponding to each target parameter name in the target intelligent contract; comparing the reference parameter variation chain with the corresponding initial-order parameter variation chain; if the reference parameter change chain is consistent with the corresponding initial-stage parameter change chain, determining the tracking correctness of the initial-stage parameter change chain to obtain the safety detection result which passes the detection; when the safety detection result is that the detection is passed, storing the primary function name parameter relation chain and the primary parameter change relation to a parameter change relation database or a parameter change relation data set; if the reference parameter variation chain is inconsistent with the corresponding initial-stage parameter variation chain, obtaining the security detection result of which the detection fails; and when the safety detection result is that the detection fails, acquiring a correction parameter change relation, wherein the correction parameter change relation is generated by modifying the initial-order parameter change relation according to the corresponding initial-order parameter change chain.
In the embodiment of the present disclosure, if each target parameter name in the target intelligent contract exists in one or more initial parameter change chains, it is determined that all target parameter names in the target intelligent contract can be tracked. At this time, it may be further checked whether the determined initial parameter variation chain is correctly tracked.
Specifically, a different tool or manner from the above may be used to generate a reference parameter variation chain corresponding to each target parameter name in the target intelligent contract, and if the initial parameter variation chain is consistent with the corresponding reference parameter variation chain, it may be determined that the initial parameter variation chain tracking is correct. If the initial parameter change chain is correctly tracked, the initial function name parameter relation chain and the initial parameter change relation can be uniformly stored in the parameter change relation database or the parameter change relation data set, and the use detail information of the parameters used in the target intelligent contract can be conveniently and uniformly output in a subsequent mode of uniform storage. Similarly, the present disclosure does not limit the unified storage manner of the primary function name parameter relation chain and the primary parameter variation relation.
If the initial parameter change chain is inconsistent with the corresponding reference parameter change chain, the tracking error of the initial parameter change chain can be determined, prompt information can be sent to a user submitting the target intelligent contract, and the user can modify the corresponding initial parameter change relationship to generate a modified parameter change relationship, so that the initial parameter change chain is consistent with the corresponding reference parameter change chain.
In the embodiment of the present disclosure, when the initial parameter change chain is checked to be tracked wrongly, the initial parameter change relationship in the parameter change relationship database or the parameter change relationship data set may be updated by using the corrected parameter change relationship. There are various updating modes, one of which is to directly replace the initial parameter variation relationship corresponding to the parameter variation relationship database or the parameter variation relationship data set with the modified parameter variation relationship. The other mode can be called as a patch adding mode, namely, in the updating process, the modified corrected parameter change relation is used for replacing the corresponding initial-order parameter change relation in the parameter change relation database or the parameter change relation data set, and a corresponding field is additionally established to keep the original initial-order parameter change relation, so that the subsequent updating process is conveniently checked, and the problem is conveniently positioned.
In an exemplary embodiment, traversing a target parameter name in the target intelligent contract in the primary parameter variation chain, and determining the tracking correctness of the primary parameter variation chain according to the target parameter name to obtain a security detection result of the target intelligent contract, may further include: if at least one target parameter name does not exist in the initial parameter change chain, re-determining an updated target programming language adopted by the target intelligent contract from the at least one programming language supported by the target block chain according to the characteristic field and the syntactic characteristic of each programming language, wherein the at least one programming language comprises the updated target programming language; determining an updated target language version of the updated target programming language from different versions of the updated target programming language according to a function in the target intelligent contract and a function in each version of the updated target programming language; determining updated chain code version information of the target block chain different from the initial chain code version information from different chain code versions of the target block chain; pulling an updated target open source code of the target block chain corresponding to the updated chain code version information according to the updated chain code version information; adopting an interpreter different from the interpreter for analyzing the initial-order target open source code to analyze the updated target open source code, and constructing an updated function name parameter relation chain, different from the initial-order function name parameter relation chain, of each function in the updated target open source code according to the updated target language version and the analyzed updated target open source code; and updating the initial order function name parameter relation chain in the function name parameter relation chain database or the function name parameter relation chain data set by using the updated function name parameter relation chain.
In the embodiment of the present disclosure, if one or more (more than two) target parameter names do not appear in any initial parameter change chain, it may be determined that all target parameter names in the target intelligent contract cannot be tracked. At this time, the programming language used by the target intelligent contract may be reconfirmed as the updated target programming language, the updated target language version used by the updated target programming language may be reconfirmed, and the version information used by the target block chain may be reconfirmed, which is referred to as updated chain code version information. And pulling the latest updated target open source code according to the version information of the updated chain code, and analyzing the updated target open source code by using an interpreter which is different from the interpreter used for analyzing the initial-order target open source code, so that an updated function name parameter relation chain different from the original initial-order function name parameter relation chain can be obtained, and the updated function name parameter relation chain is updated to the function name parameter relation chain database or the function name parameter relation chain data set.
In the embodiment of the disclosure, the updated function name parameter relation chain can be directly used for replacing the initial-order function name parameter relation chain corresponding to the function name parameter relation chain database or the function name parameter relation chain data set, or the modified updated function name parameter relation chain can be used for replacing the initial-order function name parameter relation chain corresponding to the function name parameter relation chain database or the function name parameter relation chain data set, and the corresponding field is additionally established to keep the original initial-order function name parameter relation chain, so that the subsequent updating process is convenient to view, and the positioning problem is convenient.
And if the security detection result of the target intelligent contract is that the detection is passed, the terminal submitting the target intelligent contract broadcasts the target intelligent contract, packages the target intelligent contract into blocks, and links the blocks into a target block chain.
On one hand, before a target intelligent contract is deployed to a target block chain, the target intelligent contract and the file size of the target intelligent contract are obtained, and then contract analysis and function extraction processing are carried out on the target intelligent contract so as to obtain each function analyzed and extracted from the target intelligent contract; then, parameter analysis processing and parameter change relation analysis processing are carried out on each function analyzed and extracted from the target intelligent contract, and the primary parameter change relation of each function in the target intelligent contract is obtained and recorded, wherein each primary parameter change relation comprises the change relation between at least two parameters, so that when the parameters in the target intelligent contract are tracked, a fine-grained data change process (parameter level) can be provided, and the later inquiry and use are facilitated by recording the parameter change information (the primary parameter change relation) of the functions in the target intelligent contract; on the other hand, a primary parameter change chain of the target intelligent contract can be generated according to the change relationship between at least two parameters in the primary parameter change relationship of each function in the target intelligent contract, and further a target parameter name in the target intelligent contract can be obtained through the file size of the target intelligent contract, so that the target parameter name can be traversed in the primary parameter change chain, the tracking correctness of the primary parameter change chain is determined according to the target parameter name, and the security detection result of the target intelligent contract is finally obtained, thereby achieving the purpose of verifying the security of the target intelligent contract, ensuring that the target intelligent contract finally deployed on the target block chain is safe and is not easy to attack, and improving the security of the application using the target block chain.
The system related to the embodiment of the present disclosure may be a blockchain system formed by connecting a client, a plurality of nodes (any form of computing devices in an access network, such as a server and a user terminal) through a network communication form.
Referring To fig. 2, fig. 2 is an optional structural schematic diagram of the block chain-based intelligent contract security detection method applied To a block chain system, and the block chain-based intelligent contract security detection method is formed by a plurality of nodes (any type of computing devices in an access network, such as a server and a user terminal) and a client, a Peer-To-Peer (P2P) network is formed between the nodes, and the P2P Protocol is an application layer Protocol operating on a Transmission Control Protocol (TCP). In the intelligent contract detection system, any machine such as a server and a terminal can be added to form a node, and the node comprises a hardware layer, a middle layer, an operating system layer and an application layer.
Referring to the functions of each node in the blockchain system shown in fig. 2, the functions involved include:
1) routing, a basic function that a node has, is used to support communication between nodes.
Besides the routing function, the node may also have the following functions:
2) the application is used for being deployed in a target block chain, realizing specific services according to actual service requirements, recording data related to the realization function to form recording data, carrying a digital signature in the recording data to represent a source of task data, and sending the recording data to other nodes in the block chain system, so that the other nodes add the recording data to a temporary block when the source and integrity of the recording data are verified successfully.
For example, the services implemented by the application include:
2.1) wallet, for providing the function of transaction of electronic money, including initiating transaction (i.e. sending the transaction record of current transaction to other nodes in the blockchain system, after the other nodes are successfully verified, storing the record data of transaction in the temporary blocks of the blockchain as the response of confirming the transaction is valid; of course, the wallet also supports the querying of the remaining electronic money in the electronic money address;
and 2.2) sharing the account book, wherein the shared account book is used for providing functions of operations such as storage, query and modification of account data, record data of the operations on the account data are sent to other nodes in the block chain system, and after the other nodes verify the validity, the record data are stored in a temporary block as a response for acknowledging that the account data are valid, and confirmation can be sent to the node initiating the operations.
2.3) target intelligent contracts, computerized agreements, which can execute the terms of a certain contract, are realized by codes deployed on a shared ledger for execution when certain conditions are met, are used to complete automated transactions according to actual business requirement codes, such as querying the logistics status of goods purchased by a buyer, transferring the buyer's electronic money to the merchant's address after the buyer signs for the goods; of course, the target intelligent contract is not limited to executing contracts for trading, but may execute contracts that process received information.
3) The target Block chain comprises a series of blocks (blocks) which are mutually connected according to the generated chronological order, once a new Block is added into the target Block chain, the new Block cannot be removed any more, and the blocks record the record data submitted by the nodes in the Block chain system.
Referring to fig. 3, fig. 3 is an optional schematic diagram of a Block Structure (Block Structure) provided in the embodiment of the present disclosure, where each Block includes a hash value of a transaction record stored in the Block (hash value of the Block) and a hash value of a previous Block, and the blocks are connected by the hash values to form a Block chain. The block may include information such as a time stamp at the time of block generation. The target block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains related information for verifying the validity (anti-counterfeiting) of the information and generating a next block.
The method provided by the above embodiment is exemplified by the embodiment of fig. 4 taking the target block chain as the target federation chain and the target intelligent contract as the target federation chain.
As shown in fig. 4, the method provided by the embodiment of the present disclosure may include the following steps.
In step S401, a target federation chain contract for a target federation chain is obtained.
The user can upload the target federation contract through a client installed on the terminal of the user to acquire a code of the target federation contract needing auditing, wherein the code can be a single file or a folder containing a plurality of files.
In step S402, SDK version information of the target federation link contract is extracted.
In this step, version information of an SDK (Software Development Kit) used in a target federation link contract to be audited at present is determined, which is referred to as SDK version information and includes a first-level target programming language corresponding to the SDK and a first-level target language version of the SDK using the first-level target programming language.
It is assumed here that SDKs in four programming languages are provided, including but not limited to: go, Java, JS, node. JS in JS, and Python, and the SDK for each programming language may also have a different version.
Fig. 5 illustrates an example of the initial target programming language being JAVA, where the corresponding SDK includes 6 versions, which are: v2.1, V2.0, V1.4, V1.3, V1.2 and V1.1. Other programming languages are similar.
The SDK version information for determining the target alliance link contract can be obtained in a mode that a page is configured by a user with relevant information, and can also be obtained in a mode of scanning the version information of the target alliance link contract. Taking the version information scanning manner as an example, the first-order target programming language used by the target federation link contract may be determined first, and then the first-order target language version of the SDK of the first-order target programming language may be determined.
When determining the initial target programming language used by the target federation link contract, a determination may be made regarding the characteristic fields, grammatical properties, etc. of each programming language itself.
For example, in the supported Java, Go and JS languages, first, the suffix of the file name of each programming language is different, for example, Java generally has a class suffix, Go has a suffix, and JS has a JS suffix. As another example, some functions are specific to a certain programming language, and none of the other programming languages, such as system. Log function is JS specific; printxxx function is characteristic of Go. "xxx" as used herein refers to a function having a different beginning and suffix name.
When determining the initial target language version of the SDK of the initial target programming language, a determination may be made regarding the SDK function used in the target federation link contract, and then a determination may be made based on the differences between the different versions (e.g., version 1.1 may have function a, while version 1.2 does not have the function).
In step S403, the execution environment version information of the target federation link contract is extracted.
The current step is used to determine the running environment version information of the target federation chain contract, which is actually to determine the version adopted by the target federation chain, for example, assuming the initial-stage chain code version information.
Similarly, the target federation chain may have a different version, with a different version number. For example, the target federation chain is assumed to include V2.1, V2.0, V1.4, V1.3, V1.2, V1.1, and V1.0 versions.
Similarly, the running environment version information of the target federation link contract can be configured by the user through a page, and the version determination can be carried out through scanning the target federation link contract. Taking the scanning manner as an example, the SDK function in the target federation link contract may be obtained for judgment, and then judgment may be performed according to the difference between different versions (for example, version 1.1 may have function a, and version 1.2 does not have the function).
In step S404, the code-variable relational database is initialized according to the SDK version information and the operating environment version information acquired in the above steps.
Here, the first-order function name parameter relation chain generated is stored in a function name parameter relation chain database, and the parameter is exemplified by a variable, so the function name parameter relation chain database may be referred to as a code-variable relation database.
In this step the code-variable relational database is initialized: and skipping if a certain initial order function name parameter relation chain exists in the code-variable relation database, and inserting if the initial order function name parameter relation chain does not exist.
Specifically, all functions provided in the initial-stage target open source code of the target alliance chain pulled according to the version information of the initial-stage chain code are obtained, and the common operation functions are packaged in the initial-stage target open source code.
Then, the function name and parameter relationship of each function obtained above are clarified, and a relationship chain of the function name and each input parameter used by the function name is generated, which is called as an initial order function name parameter relationship chain.
For example, a function (value1, value2) with a function name of function and two input parameters, value1 and value2, respectively, may generate two chains of relationships, "function-value 1" for the function name and input parameter 1, and "function-value 2" for the function name and input parameter 2.
Then, the initial target language version in the SDK version information may be added to the initial function name parameter relation chain, and if the initial target language version is 1.1, the two initial function name parameter relation chains generated after being added to the two initial function name parameter relation chains are "function-value 1-1.1" and "function-value 2-1.1"
In step S405, the variables in the target federation link contract are tracked according to the code-variable relationship database and the target federation link contract.
The step combines the code-variable relation database with the data in the actual target federation link contract, and may specifically further include the following steps:
1. and carrying out code analysis on the actual target alliance contract to obtain a relation chain of the function name and the parameter, wherein the concept of the relation chain of the function name and the parameter in the actual target alliance contract is the same as that of the first-order relation chain of the function name and the parameter in the step.
2. Obtaining the variation relationship of the internal parameters of each function in the target alliance link contract, for example, introducing parameters x and y into the function func1, and defining a parameter z internally, changing the parameter x into a parameter m and changing the parameter y into a parameter n through internal operation in the function, at this time, generating the initial parameter variation relationship "x- > m" and "y-n", because the parameter z is not changed, the initial parameter variation relationship is not generated.
In the embodiment of the present disclosure, only the change relationship from one parameter to another parameter is recorded at a time, and a plurality of change relationships are not recorded, and if it is assumed that the parameter x in the above function is changed into the parameter y and then into the parameter z, two initial-order parameter change relationships are recorded, one is "x- > y", and the other is "y- > z", instead of "x- > y- > z". Because the form of "x- > y" and "y- > z" is the data form of the minimum dimension, the user can conveniently do more detailed analysis according to the actual needs of the user.
3. And comparing the initial-order function name parameter relation chain with the initial-order parameter change relation to obtain the associated parameter change relation related to the initial-order function name parameter relation chain.
In one case, there is a primary parameter variation relationship that is independent of the primary function name parameter relationship chain.
For example, as shown in fig. 6, assuming that there is an objective function func (a), in which the target input parameter a changes to an initial internal parameter B, then the initial internal parameter B changes to a transformed internal parameter C, a set internal parameter X is added in the objective function, and the set internal parameter X changes to an internal transformed internal parameter Y, both "a- > B" and "B- > C" are associated parameter change relations, but neither X nor A, B nor C is associated, so "X- > Y" is referred to as an unrelated parameter change relation.
In another case, the first-order parameter change relations are related to the first-order function name parameter relation chain.
For example, as shown in fig. 7, also taking the objective function func (a) as an example, in the objective function, the target input parameter a changes to the initial internal parameter B, the set internal parameter X is added in the objective function, and assuming that B + X generates the parameter C, "a- > B", "B- > C", and "X- > C" are all related to the initial-order function name parameter relationship chain, where B and X operate together to generate C.
The above-mentioned X in fig. 6 and 7 can be used to refer to some data that is fixed or can be directly obtained, for example, a variable that is fixed in the code, or a variable that can be obtained by calling an existing function, such as obtaining the host name/current time, which must be the result, and at most, the result is null. In practice, the input function (e.g. the first input function) that is introduced into the function is often operated on with these directly acquired data.
In the embodiment of the present disclosure, the initial parameter variation relationship may be stored in a sub-parameter variation relationship database, and is divided into two parts, where the first part is an associated parameter variation relationship related to an initial function name parameter relationship chain, and the second part is an unrelated parameter variation relationship unrelated to the initial function name parameter relationship chain.
In step S406, it is determined whether all variables in the target federation link contract can be tracked, and if not, the process proceeds to step S407; if so, step S409 is performed.
In this step, the existing variables in the target intelligent contract can be checked to determine whether there are missing variables.
Specifically, by way of example in a full scale manner, the plurality of initial-order parameter variation relationships may be changed into a chain form, which is referred to as an initial-order parameter variation chain, where two initial-order parameter variation relationships, such as "a- > b", "b- > c", are changed into an initial-order parameter variation chain of "a- > b- > c", and similarly, transmissibility of at least two parameters in the initial-order parameter variation relationships may be obtained according to "a- > b" and "b- > c". And then acquiring all parameter names such as variable names appearing in the target alliance chain contract, judging whether all the variable names appear in one or more initial parameter change chains, and if all the variable names appear in one or more initial parameter change chains, judging that all the variables in the target alliance chain contract can be tracked. And if at least one variable name does not appear in at least one initial parameter change chain, judging that all variables in the target alliance chain contract cannot be tracked.
In step S407, in the case where it is determined that the entire trace cannot be performed, the SDK version information and the running environment version information may be reconfirmed, for example, determined as the update target language version and the update chain code version information, and the latest update target open source code may be pulled for learning to obtain a learning result, for example, an update function name parameter relation chain.
In step S408, the learning result may be put in storage, for example, the updated function name parameter relationship chain may be updated into the code-variable relationship database in step S404, and then the variable in the target federation link contract may be tracked based on the updated function name parameter relationship chain.
In step S409, in the case that it is determined that all tracking is possible, further reviewing whether the result of the initial-order parameter change chain of tracking is correct, and if the result of reviewing tracking is correct, performing step S411; if the result of the review trace is not correct, step S410 is performed.
In this step, the full-scale or sample-scale comparison can be performed according to the file size of the target federation link contract. The file size of the target federation link contract as a whole can be used for judgment, and the full-scale comparison is carried out when the file size is smaller than a preset threshold value, such as 100MB (megabyte), and the sampling comparison is carried out when the file size is larger than or equal to 100 MB. The preset threshold may be set according to actual requirements, which is not limited in this disclosure.
When the full-scale comparison is adopted, as described above, it is determined whether each variable in the target federation link contract appears in the initial-order parameter variation chain (for example, "a- > b- > c" as exemplified above), and it is determined whether the variable variation relationship in the target federation link contract matches the result in the initial-order parameter variation chain. Different tools can be used to generate the reference parameter variation chain because if both the previous and next steps are generated using the same tool, it is not possible to effectively distinguish whether there are missing parameters, such as variables.
The tool for generating the reference parameter variation chain may adopt, for example, syntax tree tools in the acquisition code, which are mainly classified into two types, one type is a syntax tree generating tool provided in the programming language, and the other type is a syntax tree generating tool written by a third party, such as AST (abstract syntax tree) explorer, and the disclosure is not limited thereto.
And if the reference parameter variation chain generated in the step is 'a- > b- > c' and the initial-order parameter variation chain generated in the previous step is 'a- > b- > d', the reference parameter variation chain is not consistent, and the tracking is determined to be incorrect.
And if the reference parameter variation chain generated in the step is 'a- > b- > c' and the initial-order parameter variation chain generated in the previous step is 'a- > b- > c', the reference parameter variation chains are consistent, and the tracking is determined to be correct.
When the sampling mode is adopted for comparison, the variables of the more important sensitive functions are checked, and whether the variable change relation is consistent with the result in the initial-order parameter change chain or not is judged.
In step S410, if the review relationship is incorrect, a correction result, such as a correction parameter variation relationship, may be obtained, and then step S405 is executed again.
In step S411, if the tracking result is correct, the confirmed correct initial-order parameter change relationship and the initial-order function name parameter relationship chain are saved in the parameter change relationship database, and the use detail information of the variables used in the target federation link contract may be output in a formatted manner.
The step is executed under the condition that all target parameter names can be tracked and the parameter change relation is correct, the detail information is uniformly stored in the parameter change relation database, and the step can comprise the following information:
1. the first order function name parameter relation chain, such as "function-value 1-1.1".
2. The initial-order parameter variation relation comprises initial-order parameter variation relations which are related to and unrelated to the initial-order function name parameter relation chain, such as 'a- > b' and 'b- > c'.
According to the intelligent contract security detection method based on the block chain, on one hand, a fine-granularity data change process (variable level) can be provided, and change information of each variable is recorded, so that the information of the finest granularity can be provided when the variable is tracked, the information is convenient to inquire and use later, and a user can inquire the change process information of the corresponding variable from a corresponding database only according to a function name to be tracked and a parameter name. On the other hand, the change information of the variable is strongly associated with the SDK of the programming language and the running environment version information of the intelligent contract, so that the influence of different versions on the code can be quickly judged, and the situation that the relevant information cannot be acquired or an error result cannot be acquired because the SDK and the running environment version information of the intelligent contract are changed is avoided. In addition, the variable relation of the actual intelligent contract and the error information in the analysis are stored, and therefore the related original information is provided conveniently in the future in order to improve the analysis quality and reduce the security holes.
Fig. 8 schematically shows a block diagram of a block chain-based intelligent contract security detection apparatus according to an embodiment of the present disclosure. As shown in fig. 8, the block chain-based intelligent contract security detection apparatus 800 provided in the embodiment of the present disclosure may include a target intelligent contract obtaining unit 810, a target intelligent contract parsing and extracting unit 820, a preliminary parameter change relationship obtaining unit 830, a preliminary parameter change chain generating unit 840, a target parameter name obtaining unit 850, and an intelligent contract detection result obtaining unit 860.
In this embodiment of the present disclosure, the target intelligent contract information obtaining unit 810 may be configured to obtain a target intelligent contract to be uploaded to the target block chain and a file size thereof. The target intelligent contract parsing and extracting unit 820 may be configured to perform contract parsing and function extraction processing on the target intelligent contract to obtain each function parsed and extracted from the target intelligent contract. The initial parameter variation relationship obtaining unit 830 may be configured to perform parameter analysis processing and parameter variation relationship analysis processing on each function analyzed and extracted from the target intelligent contract, so as to obtain and record an initial parameter variation relationship of each function in the target intelligent contract, where the initial parameter variation relationship of each function includes a variation relationship between at least two parameters. The primary parameter variation chain generating unit 840 may be configured to generate a primary parameter variation chain of the target intelligent contract according to a variation relationship between at least two parameters in the primary parameter variation relationships of each function in the target intelligent contract. The target parameter name obtaining unit 850 may be configured to obtain a target parameter name in the target intelligent contract according to the file size of the target intelligent contract. The intelligent contract detection result obtaining unit 860 may be configured to traverse the target parameter name in the target intelligent contract in the primary parameter change chain, and determine the tracking correctness of the primary parameter change chain according to the target parameter name, so as to obtain the security detection result of the target intelligent contract.
On one hand, before a target intelligent contract is deployed to a target block chain, the target intelligent contract and the file size of the target intelligent contract are obtained, and then contract analysis and function extraction processing are performed on the target intelligent contract to obtain each function analyzed and extracted from the target intelligent contract; then, parameter analysis processing and parameter change relation analysis processing are carried out on each function analyzed and extracted from the target intelligent contract, and the primary parameter change relation of each function in the target intelligent contract is obtained and recorded, wherein each primary parameter change relation comprises the change relation between at least two parameters, so that when the parameters in the target intelligent contract are tracked, a fine-grained data change process (parameter level) can be provided, and the later inquiry and use are facilitated by recording the parameter change information (the primary parameter change relation) of the functions in the target intelligent contract; on the other hand, a primary parameter change chain of the target intelligent contract can be generated according to the change relationship between at least two parameters in the primary parameter change relationship of each function in the target intelligent contract, and further a target parameter name in the target intelligent contract can be obtained through the file size of the target intelligent contract, so that the target parameter name can be traversed in the primary parameter change chain, the tracking correctness of the primary parameter change chain is determined according to the target parameter name, and the security detection result of the target intelligent contract is finally obtained, thereby achieving the purpose of verifying the security of the target intelligent contract, ensuring that the target intelligent contract finally deployed on the target block chain is safe and is not easy to attack, and improving the security of the application using the target block chain.
In an exemplary embodiment, the preliminary parameter variation relationship may include an associated parameter variation relationship. The initial parameter variation relationship obtaining unit 830 may include: an initial-order chain code version information determining unit, configured to determine initial-order chain code version information of the target block chain from different chain code versions of the target block chain; the initial-stage target open-source code obtaining unit may be configured to pull an initial-stage target open-source code of the target block chain corresponding to the initial-stage chain code version information according to the initial-stage chain code version information; the initial-order target open-source code analyzing unit may be configured to perform code analysis and function extraction processing on the initial-order target open-source code to obtain each function analyzed and extracted from the initial-order target open-source code; the initial-order target open-source code function analysis unit may be configured to perform analysis processing on a function name and a corresponding parameter of each function analyzed and extracted from the initial-order target open-source code, and acquire the function name and each parameter of each function in the initial-order target open-source code; the initial order function name parameter relation chain construction unit may be configured to construct and record an initial order function name parameter relation chain of each function in the initial order target open source code according to a correspondence between a function name of each function in the initial order target open source code and each parameter thereof; the association parameter variation relation determining unit may be configured to compare the initial order function name parameter relationship chain with the initial order parameter variation relation, and determine the association parameter variation relation related to the initial order function name parameter relationship chain.
In an exemplary embodiment, the target blockchain may include encapsulated interfaces provided for use by at least one programming language. Wherein, the initial order function name parameter relation chain constructing unit may include: a preliminary target programming language version determining unit, configured to determine, from the at least one programming language supported by the target block chain, a preliminary target programming language adopted by the target intelligent contract and a preliminary target language version thereof, where the at least one programming language includes the preliminary target programming language; the initial order function name parameter relation chain generating unit may be configured to construct the initial order function name parameter relation chain according to a correspondence between the function name of each function in the initial order target open source code and each parameter thereof and the initial order target language version; each initial order function name parameter relation chain comprises a function name and a parameter of a function in the initial order target open source code and the initial order target language version; and the initial-order function name parameter relation chain storage unit can be used for storing the initial-order function name parameter relation chain to a function name parameter relation chain database or a function name parameter relation chain data set.
In an exemplary embodiment, the target parameter name acquisition unit 850 may include: the full parameter name extraction unit may be configured to, if the file size of the target intelligent contract is smaller than a preset threshold, perform full parameter name extraction on the target intelligent contract, so as to use a parameter name appearing in the target intelligent contract as the target parameter name; the sample parameter name extraction unit may be configured to, if the file size of the target intelligent contract is greater than or equal to the preset threshold, perform sampling extraction of parameter names for the target intelligent contract, so as to extract a parameter name of a sensitive function in the target intelligent contract as the target parameter name.
In an exemplary embodiment, the intelligent contract detection result obtaining unit 860 may include: the target parameter name traversing unit can be used for traversing the target parameter names in the target intelligent contract and judging whether each target parameter name exists in the initial parameter change chain; the reference parameter change chain acquiring unit may be configured to acquire a reference parameter change chain corresponding to each target parameter name in the target intelligent contract if each target parameter name exists in the initial parameter change chain; a primary parameter change chain determining unit, configured to determine, if the reference parameter change chain is consistent with the corresponding primary parameter change chain, a tracking correctness of the primary parameter change chain, so as to obtain the security detection result that the detection is passed; the parameter detailed information storage unit may be configured to store the primary function name parameter relation chain and the primary parameter change relation to a parameter change relation database or a parameter change relation data set when the security detection result indicates that the detection passes; a detection failure result obtaining unit, configured to obtain the security detection result indicating that the detection failure occurs if the reference parameter variation chain is inconsistent with the initial-order parameter variation chain; and the parameter change relationship correcting unit may be configured to obtain a corrected parameter change relationship when the security detection result indicates that the detection fails, where the corrected parameter change relationship is generated by modifying the initial parameter change relationship according to the corresponding initial parameter change chain.
In an exemplary embodiment, the intelligent contract detection result obtaining unit 860 may further include: an updated target programming language obtaining unit, configured to, if at least one target parameter name does not exist in the initial parameter change chain, re-determine an updated target programming language adopted by the target intelligent contract from the at least one programming language supported by the target block chain according to a feature field and a syntactic characteristic of each programming language, where the at least one programming language includes the updated target programming language; an update target language version determination unit, configured to determine an update target language version of the update target programming language from different versions of the update target programming language according to a function in the target intelligent contract and a function in each version of the update target programming language; an updated chain code version information determining unit, configured to determine updated chain code version information of the target block chain different from the initial-order chain code version information from different chain code versions of the target block chain; an update target open source code obtaining unit, configured to pull an update target open source code of the target block chain corresponding to the update chain code version information according to the update chain code version information; the update function name parameter relationship chain construction unit may be configured to analyze the update target open source code by using an interpreter that is different from that for analyzing the initial-order target open source code, and construct an update function name parameter relationship chain, which is different from the initial-order function name parameter relationship chain, of each function in the update target open source code according to the update target language version and the analyzed update target open source code; and the function name parameter relation chain updating unit can be used for updating the initial-order function name parameter relation chain in the function name parameter relation chain database or the function name parameter relation chain data set by utilizing the updated function name parameter relation chain.
In an exemplary embodiment, the primary target programming language version determination unit may include: a first-level target programming language determining unit, configured to determine, according to a feature field and a syntactic characteristic of each programming language, the first-level target programming language adopted by the target intelligent contract from the at least one programming language supported by the target block chain; the primary target language version determining unit may be configured to determine, according to a function in the target intelligent contract and a function in each version of the primary target programming language, a primary target language version of the primary target programming language from different versions of the primary target programming language.
In an exemplary embodiment, the initial order function name parameter relationship chain may include a target function name of the target function and its target input parameters. Wherein, the association parameter variation relation determining unit may include: the direct conversion associated parameter change relationship determining unit may be configured to determine, if the target input parameter is changed to an initial internal parameter inside the target function, an initial-order parameter change relationship in which the target input parameter is changed to the initial internal parameter, as the associated parameter change relationship related to the initial-order function name parameter relationship chain.
In an exemplary embodiment, the association parameter variation relation determination unit may further include: the correlation-transformation correlation parameter change relationship determining unit may be configured to determine, if the initial internal parameter is changed into a transformation internal parameter within the objective function, an initial-order parameter change relationship in which the initial internal parameter is changed into the transformation internal parameter as the correlation parameter change relationship related to the initial-order function name parameter relationship chain.
In an exemplary embodiment, the association parameter variation relation determination unit may further include: the correlation operation correlation parameter change relationship determination unit may be configured to, if a set internal parameter is newly added in the objective function and an operation internal parameter is generated according to the initial internal parameter and the set internal parameter, determine an initial order parameter change relationship in which the initial internal parameter is changed into the operation internal parameter and the set internal parameter is changed into the operation internal parameter as the correlation parameter change relationship related to the initial order function name parameter relationship chain.
In an exemplary embodiment, the initial-order parameter variation relationship may further include an irrelevant parameter variation relationship. The block chain-based intelligent contract security detection apparatus 800 may further include: an irrelevant parameter variation relation determining unit, configured to compare the primary function name parameter relation chain with the primary parameter variation relation, and determine an irrelevant parameter variation relation irrelevant to the primary function name parameter relation chain; the parameter change relation part storage unit can be used for dividing the related parameter change relation and the unrelated parameter change relation into a first part and a second part to be stored in a part parameter change relation database or a part parameter change relation data set.
In an exemplary embodiment, the initial order function name parameter relationship chain may include an objective function. Wherein, the irrelevant parameter variation relation determining unit may include: the internal conversion irrelevant parameter variation relationship determining unit may be configured to determine, if an additional internal parameter is added in the target function and the additional internal parameter is changed into an internal conversion internal parameter, an initial parameter variation relationship in which the additional internal parameter is changed into the internal conversion internal parameter as the irrelevant parameter variation relationship irrelevant to the initial function name parameter relationship chain.
Other contents of the block chain-based intelligent contract security detection apparatus according to the embodiment of the present disclosure may refer to the above-described embodiments.
It should be noted that although in the above detailed description several units of the device for action execution are mentioned, this division is not mandatory. Indeed, the features and functions of two or more units described above may be embodied in one unit, in accordance with embodiments of the present disclosure. Conversely, the features and functions of one unit described above may be further divided into embodiments by a plurality of units.
Reference is now made to fig. 9, which illustrates a schematic diagram of an electronic device suitable for use in implementing embodiments of the present application. The electronic device shown in fig. 9 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
Referring to fig. 9, an electronic device provided in an embodiment of the present disclosure may include: a processor 901, a communication interface 902, a memory 903, and a communication bus 904.
Wherein the processor 901, the communication interface 902 and the memory 903 are in communication with each other via a communication bus 904.
Alternatively, the communication interface 902 may be an interface of a communication module, such as an interface of a GSM (Global System for Mobile communications) module. The processor 901 is used to execute programs. The memory 903 is used for storing programs. The program may comprise a computer program comprising computer operating instructions. Wherein, can include in the procedure: and (5) a program of the video client.
The processor 901 may be a central processing unit CPU, or an application Specific Integrated circuit asic, or one or more Integrated circuits configured to implement embodiments of the present disclosure.
The memory 903 may include a Random Access Memory (RAM) memory, and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory.
Among them, the procedure can be specifically used for: acquiring a target intelligent contract to be uploaded to a target block chain and the file size of the target intelligent contract; carrying out contract analysis and function extraction processing on the target intelligent contract to obtain each function analyzed and extracted from the target intelligent contract; analyzing and processing parameters and analyzing and processing parameter change relations of each function analyzed and extracted from the target intelligent contract to obtain and record initial parameter change relations of each function in the target intelligent contract, wherein the initial parameter change relations of each function comprise change relations between at least two parameters; generating a primary parameter change chain of the target intelligent contract according to the change relationship between at least two parameters in the primary parameter change relationship of each function in the target intelligent contract; acquiring a target parameter name in the target intelligent contract according to the file size of the target intelligent contract; and traversing the target parameter name in the target intelligent contract in the initial parameter change chain, and determining the tracking correctness of the initial parameter change chain according to the target parameter name so as to obtain the security detection result of the target intelligent contract.
It is to be understood that any number of elements in the drawings of the present disclosure are by way of example and not by way of limitation, and any nomenclature is used for differentiation only and not by way of limitation.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (15)

1. An intelligent contract security detection method based on a block chain is characterized by comprising the following steps:
acquiring a target intelligent contract to be uploaded to a target block chain and the file size of the target intelligent contract;
carrying out contract analysis and function extraction processing on the target intelligent contract to obtain each function analyzed and extracted from the target intelligent contract;
analyzing and processing parameters and analyzing and processing parameter change relations of each function analyzed and extracted from the target intelligent contract to obtain and record initial parameter change relations of each function in the target intelligent contract, wherein the initial parameter change relations of each function comprise change relations between at least two parameters;
generating a primary parameter change chain of the target intelligent contract according to the change relationship between at least two parameters in the primary parameter change relationship of each function in the target intelligent contract;
acquiring a target parameter name in the target intelligent contract according to the file size of the target intelligent contract;
and traversing the target parameter name in the target intelligent contract in the initial parameter change chain, and determining the tracking correctness of the initial parameter change chain according to the target parameter name so as to obtain the security detection result of the target intelligent contract.
2. The method of claim 1, wherein the preliminary parameter variation relationship comprises an associated parameter variation relationship; the method for acquiring and recording the initial parameter change relationship of each function in the target intelligent contract comprises the following steps:
determining initial chain code version information of the target block chain from different chain code versions of the target block chain;
pulling an initial-order target open-source code of the target block chain corresponding to the initial-order chain code version information according to the initial-order chain code version information;
performing code analysis and function extraction processing on the initial-order target open source code to obtain each function analyzed and extracted from the initial-order target open source code;
analyzing and processing function names and corresponding parameters of each function analyzed and extracted from the initial-order target open source code to obtain the function names and the parameters of each function in the initial-order target open source code;
establishing and recording an initial order function name parameter relation chain of each function in the initial order target open source code according to the corresponding relation between the function name of each function in the initial order target open source code and each parameter of the function;
and comparing the initial order function name parameter relation chain with the initial order parameter change relation, and determining the relation parameter change relation related to the initial order function name parameter relation chain.
3. The method of claim 2, wherein the target blockchain includes encapsulated interfaces for use by at least one programming language; according to the corresponding relation between the function name of each function in the initial-order target open source code and each parameter thereof, constructing and recording an initial-order function name parameter relation chain of each function in the initial-order target open source code, comprising:
determining a primary target programming language adopted by the target intelligent contract and a primary target language version thereof from the at least one programming language supported by the target blockchain, wherein the at least one programming language comprises the primary target programming language;
constructing the primary function name parameter relation chain according to the corresponding relation between the function name and each parameter of each function in the primary target open source code and the primary target language version; each initial order function name parameter relation chain comprises a function name and a parameter of a function in the initial order target open source code and the initial order target language version;
and storing the initial-order function name parameter relation chain to a function name parameter relation chain database or a function name parameter relation chain data set.
4. The method of claim 3, wherein obtaining the target parameter name in the target intelligent contract according to the file size of the target intelligent contract comprises:
if the file size of the target intelligent contract is smaller than a preset threshold value, performing full-quantity extraction on parameter names of the target intelligent contract to take the parameter names appearing in the target intelligent contract as the target parameter names;
and if the file size of the target intelligent contract is larger than or equal to the preset threshold value, sampling and extracting parameter names of the target intelligent contract to extract the parameter names of sensitive functions in the target intelligent contract as the target parameter names.
5. The method of claim 4, wherein traversing the target parameter name in the target intelligent contract in the primary parameter variation chain, and determining the tracking correctness of the primary parameter variation chain according to the target parameter name to obtain the security detection result of the target intelligent contract, comprises:
traversing target parameter names in the target intelligent contract, and judging whether each target parameter name exists in the initial parameter change chain;
if each target parameter name exists in the initial parameter change chain, acquiring a reference parameter change chain corresponding to each target parameter name in the target intelligent contract;
comparing the reference parameter variation chain with the corresponding initial-order parameter variation chain;
if the reference parameter change chain is consistent with the corresponding initial-stage parameter change chain, determining the tracking correctness of the initial-stage parameter change chain to obtain the safety detection result which passes the detection;
when the safety detection result is that the detection is passed, storing the primary function name parameter relation chain and the primary parameter change relation to a parameter change relation database or a parameter change relation data set;
if the reference parameter variation chain is inconsistent with the corresponding initial-stage parameter variation chain, obtaining the security detection result of which the detection fails;
and when the safety detection result is that the detection fails, acquiring a correction parameter change relation, wherein the correction parameter change relation is generated by modifying the initial-order parameter change relation according to the corresponding initial-order parameter change chain.
6. The method of claim 5, wherein traversing a target parameter name in the target intelligent contract in the primary parameter variation chain, and determining the tracking correctness of the primary parameter variation chain according to the target parameter name to obtain the security detection result of the target intelligent contract, further comprises:
if at least one target parameter name does not exist in the initial parameter change chain, re-determining an updated target programming language adopted by the target intelligent contract from the at least one programming language supported by the target block chain according to the characteristic field and the syntactic characteristic of each programming language, wherein the at least one programming language comprises the updated target programming language;
determining an updated target language version of the updated target programming language from different versions of the updated target programming language according to a function in the target intelligent contract and a function in each version of the updated target programming language;
determining updated chain code version information of the target block chain different from the initial chain code version information from different chain code versions of the target block chain;
pulling an updated target open source code of the target block chain corresponding to the updated chain code version information according to the updated chain code version information;
adopting an interpreter different from the interpreter for analyzing the initial-order target open source code to analyze the updated target open source code, and constructing an updated function name parameter relation chain, different from the initial-order function name parameter relation chain, of each function in the updated target open source code according to the updated target language version and the analyzed updated target open source code;
and updating the initial order function name parameter relation chain in the function name parameter relation chain database or the function name parameter relation chain data set by using the updated function name parameter relation chain.
7. The method of claim 3, wherein determining the first-level target programming language and the first-level target language version thereof used by the target intelligent contract from the at least one programming language supported by the target blockchain comprises:
determining the initial target programming language adopted by the target intelligent contract from the at least one programming language supported by the target block chain according to the characteristic field and the grammatical characteristic of each programming language;
and determining the primary target language version of the primary target programming language from different versions of the primary target programming language according to the function in the target intelligent contract and the function in each version of the primary target programming language.
8. The method of claim 2, wherein the initial order function name parameter relationship chain comprises an object function name of an object function and its object input parameters; wherein, comparing the initial order function name parameter relation chain with the initial order parameter variation relation, and determining the relation parameter variation relation related to the initial order function name parameter relation chain, comprises:
and if the target input parameters are changed into initial internal parameters in the target function, determining the initial-order parameter change relationship of the target input parameters into the initial internal parameters as the associated parameter change relationship related to the initial-order function name parameter relationship chain.
9. The method of claim 8, wherein comparing the primary function name parameter relationship chain to the primary parameter variation relationship to determine the associated parameter variation relationship associated with the primary function name parameter relationship chain, further comprises:
and if the initial internal parameters are changed into the transformation internal parameters in the target function, determining the initial parameter change relationship of the initial internal parameters into the transformation internal parameters as the associated parameter change relationship related to the initial function name parameter relationship chain.
10. The method of claim 8, wherein comparing the primary function name parameter relationship chain to the primary parameter variation relationship to determine the associated parameter variation relationship associated with the primary function name parameter relationship chain, further comprises:
and if a set internal parameter is newly added in the target function and an operation internal parameter is generated according to the initial internal parameter and the set internal parameter, determining an initial parameter variation relation in which the initial internal parameter is changed into the operation internal parameter and the set internal parameter is changed into the operation internal parameter as the associated parameter variation relation related to the initial function name parameter relation chain.
11. The method of claim 2, wherein the preliminary parameter variation relationship further comprises an independent parameter variation relationship; wherein the method further comprises:
comparing the primary order function name parameter relation chain with the primary order parameter variation relation, and determining the irrelevant parameter variation relation irrelevant to the primary order function name parameter relation chain;
and dividing the associated parameter variation relation and the irrelevant parameter variation relation into a first part and a second part, and storing the first part and the second part into a part parameter variation relation database or a part parameter variation relation data set.
12. The method of claim 11, wherein the initial order function name parameter relationship chain comprises an objective function; wherein, compare the initial order function name parameter relation chain with the initial order parameter variation relation, confirm with the initial order function name parameter relation chain is irrelevant the irrelevant parameter variation relation, include:
and if an added internal parameter is newly added in the target function and the added internal parameter is changed into an internal conversion internal parameter, determining an initial parameter change relation of the added internal parameter changed into the internal conversion internal parameter as the irrelevant parameter change relation irrelevant to the initial function name parameter relation chain.
13. An intelligent contract security detection device based on a block chain, comprising:
the target intelligent contract information acquisition unit is used for acquiring a target intelligent contract to be uploaded to a target block chain and the file size of the target intelligent contract;
the target intelligent contract analyzing and extracting unit is used for carrying out contract analysis and function extraction processing on the target intelligent contract so as to obtain each function analyzed and extracted from the target intelligent contract;
a primary parameter change relationship obtaining unit, configured to perform parameter analysis processing and parameter change relationship analysis processing on each function analyzed and extracted from the target intelligent contract, so as to obtain and record a primary parameter change relationship of each function in the target intelligent contract, where the primary parameter change relationship of each function includes a change relationship between at least two parameters;
a primary parameter change chain generation unit, configured to generate a primary parameter change chain of the target intelligent contract according to a change relationship between at least two parameters in the primary parameter change relationship of each function in the target intelligent contract;
the target parameter name acquisition unit is used for acquiring a target parameter name in the target intelligent contract according to the file size of the target intelligent contract;
and the intelligent contract detection result obtaining unit is used for traversing the target parameter name in the target intelligent contract in the primary parameter change chain, and determining the tracking correctness of the primary parameter change chain according to the target parameter name so as to obtain the security detection result of the target intelligent contract.
14. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 12.
15. An electronic device, comprising:
at least one processor;
a storage device configured to store at least one program that, when executed by the at least one processor, causes the at least one processor to implement the method of any one of claims 1 to 12.
CN202011161073.0A 2020-10-27 2020-10-27 Intelligent contract security detection method based on block chain and related equipment Active CN112015826B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011161073.0A CN112015826B (en) 2020-10-27 2020-10-27 Intelligent contract security detection method based on block chain and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011161073.0A CN112015826B (en) 2020-10-27 2020-10-27 Intelligent contract security detection method based on block chain and related equipment

Publications (2)

Publication Number Publication Date
CN112015826A true CN112015826A (en) 2020-12-01
CN112015826B CN112015826B (en) 2021-01-29

Family

ID=73528183

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011161073.0A Active CN112015826B (en) 2020-10-27 2020-10-27 Intelligent contract security detection method based on block chain and related equipment

Country Status (1)

Country Link
CN (1) CN112015826B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115643102A (en) * 2022-10-31 2023-01-24 西安优光谱信息科技有限公司 Data processing method and system based on platform communication flow
CN117834258A (en) * 2023-12-29 2024-04-05 蚂蚁智安安全技术(上海)有限公司 Reentrant attack detection method and device for blockchain contracts

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160218879A1 (en) * 2015-01-23 2016-07-28 Daniel Robert Ferrin Method and apparatus for the limitation of the mining of blocks on a block chain
CN109766722A (en) * 2019-01-22 2019-05-17 苏州同济区块链研究院有限公司 The method and its system of intelligent contract are constructed in a kind of block chain
CN110197285A (en) * 2019-05-07 2019-09-03 清华大学 Security cooperation deep learning method and device based on block chain
CN110705974A (en) * 2019-09-03 2020-01-17 杭州趣链科技有限公司 Complete intelligent contract form specification implementation method
CN111179084A (en) * 2019-12-31 2020-05-19 北京明略软件系统有限公司 Method and device for predicting futures market trading index
CN111176944A (en) * 2019-12-27 2020-05-19 杭州趣链科技有限公司 Block chain intelligent contract calling record analysis method, device, terminal and storage medium
CN111242470A (en) * 2020-01-09 2020-06-05 广东工业大学 Manufacturing resource modeling and calling method based on intelligent contract
CN111381879A (en) * 2018-12-31 2020-07-07 华为技术有限公司 Data processing method and device
CN111523784A (en) * 2020-04-16 2020-08-11 广州拉卡拉信息技术有限公司 Monitoring method and device for automatic execution path

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160218879A1 (en) * 2015-01-23 2016-07-28 Daniel Robert Ferrin Method and apparatus for the limitation of the mining of blocks on a block chain
CN111381879A (en) * 2018-12-31 2020-07-07 华为技术有限公司 Data processing method and device
CN109766722A (en) * 2019-01-22 2019-05-17 苏州同济区块链研究院有限公司 The method and its system of intelligent contract are constructed in a kind of block chain
CN110197285A (en) * 2019-05-07 2019-09-03 清华大学 Security cooperation deep learning method and device based on block chain
CN110705974A (en) * 2019-09-03 2020-01-17 杭州趣链科技有限公司 Complete intelligent contract form specification implementation method
CN111176944A (en) * 2019-12-27 2020-05-19 杭州趣链科技有限公司 Block chain intelligent contract calling record analysis method, device, terminal and storage medium
CN111179084A (en) * 2019-12-31 2020-05-19 北京明略软件系统有限公司 Method and device for predicting futures market trading index
CN111242470A (en) * 2020-01-09 2020-06-05 广东工业大学 Manufacturing resource modeling and calling method based on intelligent contract
CN111523784A (en) * 2020-04-16 2020-08-11 广州拉卡拉信息技术有限公司 Monitoring method and device for automatic execution path

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115643102A (en) * 2022-10-31 2023-01-24 西安优光谱信息科技有限公司 Data processing method and system based on platform communication flow
CN117834258A (en) * 2023-12-29 2024-04-05 蚂蚁智安安全技术(上海)有限公司 Reentrant attack detection method and device for blockchain contracts

Also Published As

Publication number Publication date
CN112015826B (en) 2021-01-29

Similar Documents

Publication Publication Date Title
US11783024B2 (en) Systems, methods, and apparatuses for protecting consumer data privacy using solid, blockchain and IPFS integration
US11875400B2 (en) Systems, methods, and apparatuses for dynamically assigning nodes to a group within blockchains based on transaction type and node intelligence using distributed ledger technology (DLT)
US20200250176A1 (en) Systems, methods, and apparatuses for distributing a metadata driven application to customers and non-customers of a host organization using distributed ledger technology (dlt)
US11811769B2 (en) Systems, methods, and apparatuses for implementing a declarative, metadata driven, cryptographically verifiable multi-network (multi-tenant) shared ledger
US11824864B2 (en) Systems, methods, and apparatuses for implementing a declarative and metadata driven blockchain platform using distributed ledger technology (DLT)
US10896195B2 (en) Automatic generation of smart contracts
US10769228B2 (en) Systems and methods for web analytics testing and web development
US20190236559A1 (en) Systems, methods, and apparatuses for implementing smart flow contracts using distributed ledger technologies in a cloud based computing environment
US20190236562A1 (en) Systems, methods, and apparatuses for implementing document interface and collaboration using quipchain in a cloud based computing environment
US20190073646A1 (en) Consolidated blockchain-based data transfer control method and system
US20200034448A1 (en) Composition operators for smart contract
WO2019152750A1 (en) Systems, methods, and apparatuses for implementing super community and community sidechains with consent management for distributed ledger technologies in a cloud based computing environment
CN114679282A (en) Counting system and method for secure voting and distribution implemented with blockchain
CN112506747B (en) Business process monitoring method and device, electronic equipment and storage medium
Demir et al. Security smells in smart contracts
WO2021113369A1 (en) Cross-partition calls in partitioned, tamper-evident data stores
US20210304191A1 (en) System and method for integration and validation
CN112015826B (en) Intelligent contract security detection method based on block chain and related equipment
CN116155771A (en) Network anomaly test method, device, equipment, storage medium and program
CN114971827A (en) Account checking method and device based on block chain, electronic equipment and storage medium
CN115114372A (en) Data processing method, device and equipment based on block chain and readable storage medium
CN111917729B (en) Dynamic injection test method and device and related equipment
CN113177232A (en) Block chain and big data based security detection method and big data AI system
Bagchi Using blockchain technology and smart contracts for access management in IoT devices
CN116596551A (en) Supply chain product tracing method based on block chain, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant