CN112099802A - Component identification method and device of application program - Google Patents

Component identification method and device of application program Download PDF

Info

Publication number
CN112099802A
CN112099802A CN202010984489.6A CN202010984489A CN112099802A CN 112099802 A CN112099802 A CN 112099802A CN 202010984489 A CN202010984489 A CN 202010984489A CN 112099802 A CN112099802 A CN 112099802A
Authority
CN
China
Prior art keywords
component
file
application program
application
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010984489.6A
Other languages
Chinese (zh)
Other versions
CN112099802B (en
Inventor
陈红妃
章平
张蓓
周洪斌
严明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202010984489.6A priority Critical patent/CN112099802B/en
Publication of CN112099802A publication Critical patent/CN112099802A/en
Application granted granted Critical
Publication of CN112099802B publication Critical patent/CN112099802B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/53Decompilation; Disassembly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Stored Programmes (AREA)

Abstract

The application provides a method, a device, equipment and a storage medium for identifying components of an application program; the method comprises the following steps: analyzing an installation file of an application program to obtain an executable file of the application program; decompiling the executable file to obtain a source code file of the executable file; performing Application Programming Interface (API) function extraction on the source code file to obtain at least one API function; identifying a component in the application based on the at least one API function. By the method and the device, the components of the application program can be stably and effectively identified.

Description

Component identification method and device of application program
Technical Field
The present application relates to computer technologies, and in particular, to a method and an apparatus for identifying a component of an application.
Background
With the development of internet technology, the development of application programs has become componentized gradually, and the efficient development of the application programs can be realized by utilizing the reusability of the components. An application often has multiple components accessed to implement different functions of the application. And because the components are packaged separately, users often have difficulty understanding their component information from the surface of the application. There is therefore a need for identifying components of an application by some means.
In the related art, when a component of an application needs to be identified, a manner of obtaining information of the component directly based on a compiled file of the component is generally adopted. However, some compiled files of components may not contain basic information of the components, and this method cannot ensure that the components of the obtained application program can be identified.
Disclosure of Invention
The embodiment of the application provides a method, a device and equipment for identifying components of an application program and a computer readable storage medium, and the components of the application program can be stably and effectively identified.
The technical scheme of the embodiment of the application is realized as follows:
the embodiment of the application provides a component identification method of an application program, which comprises the following steps: analyzing an installation file of an application program to obtain an executable file of the application program; decompiling the executable file to obtain a source code file of the executable file; performing API function extraction on the source code file to obtain at least one API function; identifying a component in the application based on the at least one API function.
An embodiment of the present application further provides an apparatus for identifying a component of an application, including: the analysis module is used for analyzing the installation file of the application program to obtain an executable file of the application program; the decompiling module is used for decompiling the executable file to obtain a source code file of the executable file; the extraction module is used for extracting Application Program Interface (API) functions from the source code file to obtain at least one API function; an identification module to identify a component in the application based on the at least one API function.
In the above scheme, the parsing module is further configured to parse the installation file of the application program to obtain at least two subfiles; and respectively matching the file names of the at least two subfiles with the keywords of the executable file to obtain a target subfile of which the file name is matched with the keywords of the executable file, and taking the target subfile as the executable file of the application program.
In the above scheme, the identifying module is further configured to match the at least one API function with the corresponding component identifier keyword, and obtain a component version number obtaining function matched with the corresponding component identifier keyword from the at least one API function; and acquiring a return value of the component version number acquisition function corresponding to the at least one API function, and taking the acquired return value as the version number of the component in the application program to finish the identification of the component in the application program.
In the above scheme, the parsing module is further configured to parse an installation file of an application program to obtain an executable file of the application program and at least one dynamic link library file; the component recognition device of the application program further comprises: the component change identification module is used for respectively acquiring the current information abstract algorithm MD5 codes of the dynamic link library files; inquiring prestored MD5 codes of each dynamic link library file; respectively comparing the current MD5 code and the pre-stored MD5 code of each dynamic link library file; when a target dynamic link library file with inconsistent current MD5 code and pre-stored MD5 code exists, acquiring component information corresponding to the target dynamic link library file; the component information is used for indicating that the components with data change exist in the application program.
In the foregoing solution, the device for identifying a component of an application further includes: the presentation module is used for presenting a component identification interface of an application program and presenting a file selection function item in the component identification interface; and responding to a file selection operation triggered by the file selection function item based on a user interface, and acquiring the selected installation file of the application program.
In the foregoing solution, the device for identifying a component of an application further includes: the risk detection module is used for crawling white papers related to the components in the application program from a webpage; and respectively carrying out risk assessment on each component of the application program based on the white paper to obtain a risk assessment result of the corresponding component.
In the above scheme, the risk detection module is further configured to obtain configuration information corresponding to each component of the application program; acquiring a mapping relation between configuration information and a risk component; and determining a risk component in each component of the application program based on the configuration information corresponding to each component of the application program and the mapping relation between the configuration information and the risk component.
In the foregoing solution, the device for identifying a component of an application further includes: the information acquisition module is used for acquiring the mapping relation between the application program and the component; and determining information of other application programs with at least one same component accessed with the application program based on the mapping relation between the application program and the component.
In the foregoing solution, the device for identifying a component of an application further includes: a reporting module for obtaining component information of the component, the component information including at least one of: the method comprises the steps of obtaining component names, component types, component version numbers, component risk information and component privacy authority information; generating a component information report of the component according to the component information; and outputting the component information report.
The embodiment of the present application further provides a method for identifying a component of an application program, including: presenting a component identification interface of an application program, and presenting a file selection function item in the component identification interface; in response to a file selection operation triggered based on the file selection function item, taking the selected installation file as an installation file of an application program; presenting the identified components in the application program in response to the component identification instruction for the installation file; and the identified component in the application program is obtained by performing decompiling on the executable file of the installation file, performing application program interface API function extraction on the source code file obtained by decompiling, and identifying based on the extracted API function.
In the foregoing solution, after the response to the file selection operation triggered based on the file selection function item, and using the selected installation file as an installation file of an application program, the method further includes: and presenting the uploading progress information of the installation files in the component identification interface based on the uploading progress of the selected installation files.
In the above solution, the presenting the identified component in the application program in response to the component identification instruction for the installation file includes: and responding to a component identification instruction aiming at the installation file, presenting component identification progress information of the installation file in a component identification interface based on the component identification progress of the selected installation file, and presenting the identified components in the application program after the component identification is finished.
An embodiment of the present application further provides an apparatus for identifying a component of an application, including: the interface presentation module is used for presenting a component identification interface of an application program and presenting a file selection function item in the component identification interface; the response module is used for responding to the file selection operation triggered based on the file selection function item and taking the selected installation file as the installation file of the application program; the component presenting module is used for responding to a component identification instruction aiming at the installation file and presenting the identified components in the application program; and the identified component in the application program is obtained by performing decompiling on the executable file of the installation file, performing application program interface API function extraction on the source code file obtained by decompiling, and identifying based on the extracted API function.
In the foregoing solution, the device for identifying a component of an application further includes: and the uploading progress presenting module is used for presenting the uploading progress information of the installation files in the component identification interface based on the uploading progress of the selected installation files.
In the above scheme, the component presenting module is further configured to present, in response to a component identification instruction for the installation file, component identification progress information of the installation file in a component identification interface based on the component identification progress of the selected installation file, and present the identified component in the application program after the component identification is completed.
An embodiment of the present application further provides an apparatus for identifying a component of an application, including: a memory for storing executable instructions; and the processor is used for realizing the component identification method of the application program provided by the embodiment of the application program when executing the executable instructions stored in the memory.
The embodiment of the present application further provides a computer-readable storage medium, which stores executable instructions for causing a processor to implement the component identification method of the application program provided in the embodiment of the present application when the processor executes the executable instructions.
The embodiment of the application has the following beneficial effects: according to the application program, the installation file of the application program is analyzed, the executable file obtained through analysis is decompiled, the API function extraction is carried out on the source code file obtained through decompiling, finally, the component in the application program is identified based on at least one API function obtained through extraction, the API function in the application program is obtained from the source code layer of the application program, and the component identification is carried out based on the obtained API function, so that the component of the application program can be stably and effectively identified.
Drawings
FIG. 1 is an alternative structural diagram of a component identification system of an application provided in an embodiment of the present application;
fig. 2 is an alternative structural diagram of a terminal provided in an embodiment of the present application;
FIG. 3 is an alternative flow chart of a component identification method for an application provided by an embodiment of the present application;
FIG. 4 is an alternative flow chart of a component identification method for an application provided by an embodiment of the present application;
FIG. 5A is an alternative schematic diagram of a component identification interface provided by embodiments of the present application;
FIG. 5B is an alternative diagram of a component identification interface presented with upload progress information provided by an embodiment of the present application;
FIG. 5C is an alternative diagram of a component identification interface presenting component identification progress information provided by an embodiment of the application;
FIG. 5D is an alternative diagram of a component identification interface presented with functional items to view component information reports as provided by embodiments of the present application;
FIG. 6 is an alternative diagram of a selection interface for installing files provided by an embodiment of the present application;
FIG. 7 is an alternative flow chart of a component identification method for an application provided by an embodiment of the present application;
FIG. 8 is an alternative flow chart of a component identification method for an application provided by an embodiment of the present application;
FIG. 9 is an alternative flow chart of a component identification method for an application provided by an embodiment of the present application;
FIG. 10 is an alternative flow chart of a component identification method for an application provided by an embodiment of the present application;
FIG. 11 is an alternative flow chart of a component identification method for an application provided by an embodiment of the present application;
FIG. 12 is an alternative flow chart of a component identification method for an application provided by an embodiment of the present application;
FIG. 13 is an alternative flow chart diagram of a component identification method for an application provided by an embodiment of the present application;
FIG. 14A is an alternative diagram of an access component detail list for component information reporting as provided by an embodiment of the present application;
FIG. 14B is an alternative diagram of a component risk detail list for a component information report provided by an embodiment of the present application;
FIG. 14C is an alternative diagram of a detailed list of privacy permissions of components of a component information report, provided by an embodiment of the present application;
FIG. 15 is an alternative flow chart of a component identification method for an application provided by an embodiment of the present application;
FIG. 16 is an alternative flow chart of a component identification method for an application provided by an embodiment of the present application;
FIG. 17 is an alternative flow chart diagram of a component identification method for an application provided by an embodiment of the present application;
fig. 18 is an alternative schematic diagram of the structure of a component recognition device of an application program according to an embodiment of the present application.
Detailed Description
In order to make the objectives, technical solutions and advantages of the present application clearer, the present application will be described in further detail with reference to the attached drawings, the described embodiments should not be considered as limiting the present application, and all other embodiments obtained by a person of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is understood that "some embodiments" may be the same subset or different subsets of all possible embodiments, and may be combined with each other without conflict.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of the present application only and is not intended to be limiting of the application.
Before further detailed description of the embodiments of the present application, terms and expressions referred to in the embodiments of the present application will be described, and the terms and expressions referred to in the embodiments of the present application will be used for the following explanation.
1) Decompiling: the Reverse engineering of computer software is also called computer software restoration engineering, and refers to the work of performing "Reverse analysis and research" on a target program (such as an executable program) of software of another person to derive design elements such as ideas, principles, structures, algorithms, processing procedures, operation methods and the like used by a software product of another person, and source codes may be derived under certain specific conditions. The high-level language source program is compiled into an executable file, and decompilation is the reverse process.
2) API (Application Programming Interface): are predefined functions or conventions that refer to the joining of different components of a software system. To provide a set of routines that applications and developers can access based on certain software or hardware without having to access native code or understand the details of the internal workings.
3) Component (Component): is a simple encapsulation of data and methods, is a building block with a well-defined canonical interface, and is clearly context dependent. The components may have their own properties and methods. An attribute is a simple visitor to component data. The method is some simple and visible function of the component. The use of components can enable drag-and-drop programming, fast property handling, and true object-oriented design. The components may be deployed independently and assembled by third parties.
4) An executable file: the file refers to a file that can be loaded and executed by an operating system, and the executable file corresponding to the application program contains all operating instructions and runtime data of the application program. For example, under a windows operating system, an executable program may be an exe file, sys file, com, or other type of file; under the Android system, the executable file may be a dex (Dalvik VM executions) file; under the iOS (iPhone Operation System) system, the executable file can be a Mach-O (Mach object) file or the like.
5) Dynamic link library file: is a non-executable binary program file that allows programs to share code and other resources necessary to perform a particular task, providing code, data, or functions to programs running under an operating system. The dynamic Link library file under the Windows system may be a dll (dynamic Link library) file, the dynamic Link library file under the Debian system or the Android system may be a so file, and the dynamic Link library file under the iOS system may be a dynamic b file.
6) md5(Message-Digest Algorithm) code: the file signature is a set of verification system designed for ensuring the correctness of files, preventing some people from stealing programs, adding trojans or tampering copyrights. Each file can be verified by MD5 to calculate a fixed MD5 code.
The embodiment of the application provides a method, a device and equipment for identifying components of an application program and a computer readable storage medium, and the components of the application program can be stably and effectively identified.
First, a component identification system of an application provided in an embodiment of the present application is described, referring to fig. 1, where fig. 1 is an optional architecture diagram of the component identification system 100 of the application provided in the embodiment of the present application, and in order to implement supporting an exemplary application, a terminal 400 is connected to a server 200 through a network 300. In some embodiments, the terminal 400 may be, but is not limited to, a laptop, a tablet, a desktop computer, a smart phone, a dedicated messaging device, a portable gaming device, a smart speaker, a smart watch, and the like. The server 200 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a network service, cloud communication, middleware service, a domain name service, a security service, a CDN, a big data and artificial intelligence platform, and the like. The network 300 may be a wide area network or a local area network, or a combination of both. The terminal 400 and the server 200 may be directly or indirectly connected through wired or wireless communication, and the embodiment of the present application is not limited thereto.
The terminal 400 is used for presenting a component identification interface of the application program and presenting a file selection function item in the component identification interface; after a terminal user triggers a file selection operation based on a file selection function item displayed in an identification interface, responding to the file selection operation triggered based on the file selection function item, and taking a selected installation file as an installation file of an application program; after the end user issues a component identification instruction for the installation file based on the component identification interface, an identification request for performing component identification on the installation file of the application program is sent to the server 200 in response to the component identification instruction for the installation file.
The server 200 is configured to parse an installation file of the application program after receiving the identification request sent by the terminal 400, so as to obtain an executable file of the application program; performing decompiling on the executable file to obtain a source code file of the executable file; extracting an Application Program Interface (API) function from the source code file to obtain at least one API function; identifying a component in the application based on the at least one API function; and acquiring the component information of the identified component, generating a component information report of the component according to the component information, and sending the component information report to the terminal 400.
The terminal 400 is further configured to present the component information report after receiving the component information report sent by the server 200.
Referring to fig. 2 and fig. 2 are schematic structural diagrams of an optional electronic device 500 provided in the embodiment of the present application, in practical applications, the electronic device 500 may be implemented as the terminal 400 or the server 200 in fig. 1, and the electronic device implementing the component identification method of the application program in the embodiment of the present application is described by taking the electronic device as the terminal 400 shown in fig. 1 as an example. The electronic device 500 shown in fig. 2 includes: at least one processor 510, memory 550, at least one network interface 520, and a user interface 530. The various components in the electronic device 500 are coupled together by a bus system 540. It is understood that the bus system 540 is used to enable communications among the components. The bus system 540 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 540 in fig. 2.
The Processor 510 may be an integrated circuit chip having Signal processing capabilities, such as a general purpose Processor, a Digital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like, wherein the general purpose Processor may be a microprocessor or any conventional Processor, or the like.
The user interface 530 includes one or more output devices 531 enabling presentation of media content, including one or more speakers and/or one or more visual display screens. The user interface 530 also includes one or more input devices 532, including user interface components to facilitate user input, such as a keyboard, mouse, microphone, touch screen display, camera, other input buttons and controls.
The memory 550 may be removable, non-removable, or a combination thereof. Exemplary hardware devices include solid state memory, hard disk drives, optical disk drives, and the like. Memory 550 optionally includes one or more storage devices physically located remote from processor 510.
The memory 550 may comprise volatile memory or nonvolatile memory, and may also comprise both volatile and nonvolatile memory. The nonvolatile Memory may be a Read Only Memory (ROM), and the volatile Memory may be a Random Access Memory (RAM). The memory 550 described in embodiments herein is intended to comprise any suitable type of memory.
In some embodiments, memory 550 can store data to support various operations, examples of which include programs, modules, and data structures, or subsets or supersets thereof, as exemplified below.
An operating system 551 including system programs for processing various basic system services and performing hardware-related tasks, such as a framework layer, a core library layer, a driver layer, etc., for implementing various basic services and processing hardware-based tasks;
a network communication module 552 for communicating to other computing devices via one or more (wired or wireless) network interfaces 520, exemplary network interfaces 520 including: bluetooth, wireless compatibility authentication (WiFi), and Universal Serial Bus (USB), etc.;
a presentation module 553 for enabling presentation of information (e.g., a user interface for operating peripherals and displaying content and information) via one or more output devices 531 (e.g., a display screen, speakers, etc.) associated with the user interface 530;
an input processing module 554 to detect one or more user inputs or interactions from one of the one or more input devices 532 and to translate the detected inputs or interactions.
In some embodiments, the component identification device of the application provided by the embodiment of the present application may be implemented in software, and fig. 2 illustrates the component identification device 555 of the application stored in the memory 550, which may be software in the form of programs and plug-ins, and includes the following software modules: parsing module 5551, decompilation module 5552, extraction module 5553 and identification module 5554, which are logical and thus can be arbitrarily combined or further split depending on the functionality implemented. The functions of the respective modules will be explained below.
In other embodiments, the component recognition Device of the Application program provided in this embodiment may be implemented in hardware, and as an example, the component recognition Device of the Application program provided in this embodiment may be a processor in the form of a hardware decoding processor, which is programmed to execute the component recognition method of the Application program provided in this embodiment, for example, the processor in the form of the hardware decoding processor may be implemented by one or more Application Specific Integrated Circuits (ASICs), DSPs, Programmable Logic Devices (PLDs), Complex Programmable Logic Devices (CPLDs), Field Programmable Gate Arrays (FPGAs), or other electronic components.
Based on the above description of the component recognition system and the electronic device of the application program according to the embodiment of the present application, a component recognition method of the application program according to the embodiment of the present application will be described below. In some embodiments, the component identification method of the application provided by the embodiments of the present application may be implemented by a terminal alone, or implemented by a server and a terminal in cooperation.
The following describes a component identification method of an application program provided in the embodiment of the present application, by taking a terminal embodiment as an example, and combining an exemplary application and an implementation of the terminal provided in the embodiment of the present application. Referring to fig. 3, fig. 3 is an alternative flowchart of a component identification method of an application program according to an embodiment of the present application, which will be described with reference to the steps shown in fig. 3.
Step 101, a terminal analyzes an installation file of an application program to obtain an executable file of the application program;
it should be understood that before parsing the installation file of the application program, the installation file of the application program needs to be acquired, and the following description is provided for the acquisition process of the installation file of the application program.
Referring to fig. 4, fig. 4 is an optional flowchart of a component identification method of an application program according to an embodiment of the present application, and based on fig. 3, before step 101, the following may also be performed:
step 201, a terminal presents a component identification interface of an application program and presents a file selection function item in the component identification interface;
in actual implementation, a component identification client of the application program is arranged in the terminal, and the terminal responds to a starting instruction of the client and presents a component identification interface of the application program in the display. The starting instruction of the client may be generated by a user through a triggering operation based on a user interface of the terminal, for example, a user interface of a terminal operating system is presented in a terminal display screen, an icon of the client is presented in the user interface, the user may start the client by clicking the icon of the client, and after the client is started, the terminal presents a component identification interface of the client in the user interface. In practical applications, the component identification interface may be presented in a floating window manner, or may be presented in other manners, and this embodiment is not particularly limited.
In practical applications, the component recognition interface generally consists of a plurality of interface elements, as shown in fig. 5A, fig. 5A is an optional schematic diagram of the component recognition interface provided in the embodiment of the present application, and the component recognition interface shown includes a picture element, a text box element, and the like. The file selection function item is composed of a text box element and a text element displayed on the text box element, wherein the content of the text element is 'click selection file'.
Step 202, in response to the file selection operation triggered based on the file selection function item, obtaining the installation file of the selected application program.
Specifically, after receiving a triggering operation for a file selection function item, the terminal presents a selection interface comprising at least one installation file, and responds to a file selection operation triggered based on the selection interface, and takes the selected installation file as an installation file of an application program. The selection interface can be presented in a floating window mode, and can also be presented in other modes.
For example, based on the component identification interface shown in fig. 5A, the user issues a trigger operation of selecting an installation file by clicking a file selection function item of "click to select a file" shown in the figure, and after receiving the trigger operation, the terminal presents a selection interface including at least one installation file in the user interface, for example, fig. 6, where fig. 6 is an optional schematic diagram of the selection interface of installation files provided in the embodiment of the present application. Based on the selection interface, the user selects at least one installation file presented in the selection interface, and a file selection operation is triggered by clicking on a function item displayed with a text element of 'q 5_1.0.243_ tag _ release.apk', wherein the selected installation file is q5_1.0.243_ tag _ release.apk.
In some embodiments, at least one installation file may be stored in the same folder, and after receiving the trigger operation for the file selection function item, the terminal presents a selection interface presenting all installation files for opening the folder. In other embodiments, the at least one installation file may also be stored in any folder, and after the terminal receives the trigger operation for the file selection function item, the presented selection interface is a selection interface presented by a folder opened at random, or a selection interface presented by a default folder opened.
In the above manner for acquiring the installation file of the application program, by presenting the component identification interface of the application program and presenting the file selection function item in the component identification interface, the user can trigger the file selection function based on the file selection function item, and after the user sends a trigger file selection operation for the file selection function item, the installation file of the selected application program is acquired in response to the file selection operation, so that an effective way can be provided for the user to select the installation file to be analyzed.
In some embodiments, the installation file of the application program can also be acquired by the terminal from a third-party platform through detecting the third-party platform. Before step 101, it may also be performed: receiving a component identification instruction for an application program; and responding to the component identification instruction, and acquiring the installation file of the application program from the target platform through an API (application programming interface) interface of the target platform.
The target platform is a third party platform other than the terminal and the server in the embodiment of the present application, and may be, for example, an application store platform provided for the user to download, or an application program testing platform storing an installation file.
In actual implementation, the component identification instruction may be triggered by a user, or may be triggered based on a certain condition, for example, after the terminal runs a client of an installation file of the application program based on the triggering of the user, the client periodically monitors the target platform, and when a monitoring period comes, the installation file of the application program is pulled from the target platform based on an API interface with the target platform.
In the above manner for acquiring the installation file of the application program, the terminal acquires the installation file of the application program from the target platform, and can perform component identification on more application programs, thereby acquiring component information of more application programs and saving local storage space.
In actual implementation, after acquiring the installation file of the application program, the terminal may automatically perform step 101 to analyze the installation file, and may further perform step 101 in response to the component identification instruction after receiving the component identification instruction. The component identification instruction may be a user trigger, for example, the terminal may present a component identification interface of the application program and present a component identification function item in the component identification interface, and the user may trigger the component identification function item to issue the component identification instruction. The component identification function item can be a graphic button or a sliding icon, and the terminal can send out a component identification instruction by clicking the graphic button or dragging the sliding icon. The component identification instruction may also be triggered conditionally, that is, after a certain condition is met, the terminal triggers itself, for example, after the terminal detects an installation file of an unresolved application program, the component identification instruction is generated immediately to identify the component of the application program, or after a preset clock cycle arrives, the component identification instruction is generated.
In step 101, the terminal decompresses the installation file of the application to obtain a plurality of decompressed files, and then identifies an executable file of the application from the plurality of decompressed files. The terminal may determine a file type of an executable file corresponding to the installation file based on the type of the installation file, and then find a file having a file type consistent with the file type of the executable file from the plurality of decompressed files as the executable file of the application program based on the file type of the executable file. The decompressed file may include an executable file, a dynamic link library file, a resource file, an xml (Extensible Markup Language) file, and the like, but is not limited thereto, and may also include a txt file, and the like.
For example, if the application is an application of the Android system, the installation file of the application may be an apk file, and the corresponding executable file may be a dex file. The apk file may be in a compressed file format such as zip or rar. The implementation process of step 101 is that the terminal decompresses the apk file of one application program to obtain a plurality of decompressed files, where the decompressed files may include, but are not limited to, a dex file, a so file, an arsc file, an xml file, and the like. And the terminal determines that the type of the executable file corresponding to the apk file is a dex file based on the type of the apk file of the application program, and further identifies the dex file corresponding to the application program from the plurality of decompressed files obtained by decompression to obtain the executable file of the application program. For example, an Android system application named example, may have an installation file corresponding to the application as example.apk, and the terminal decompresses the example.apk to obtain a plurality of decompressed files, and based on the type of example.apk, the terminal may know that the corresponding executable file is a dex file, and then identifies the dex file from the plurality of decompressed files, for example, if the dex file corresponding to example, the example.
The method for analyzing the installation file of the application program to obtain the executable file of the application program can quickly and effectively obtain the executable file of the application program, and the executable file is obtained from the installation file by analyzing the installation file of the application program to provide a basis for subsequently identifying the components of the application program, so that the corresponding components can be identified deeply in the code layer of the application program, and the identification is more accurate, strong in universality and wide in application range.
In some embodiments, the terminal may implement parsing of the installation file to obtain the executable file of the application program in the following manner, referring to fig. 7, fig. 7 is an optional flowchart of a component identification method of the application program provided in this embodiment, and step 101 shown in fig. 3 may be implemented through steps 1011 to 1012, which will be described with reference to the steps.
Step 1011, analyzing the installation file of the application program to obtain at least two subfiles;
in practical implementation, the subfile obtained by parsing may be the above-mentioned decompressed file, and the terminal decompresses the installation file of the application program to obtain at least two subfiles. The subfiles may include, but are not limited to, executable files, dynamic link library files, resource files, xml files, and the like.
For example, if the application is a Windows system application, the installation file may be a msi (microsoft install tool) file, and the at least two subfiles obtained by the terminal parsing the msi file may include, but are not limited to, an exe file and a DLL file. If the application program is an Android system application program, the installation file may be an apk file, and the at least two subfiles obtained by analyzing the apk file by the terminal may include, but are not limited to, a dex file, a so file, and the like. If the application is an iOS system application, the installation file may be an IPA (iPhone application) file, and the at least two subfiles obtained by the terminal parsing the IPA file may include, but are not limited to, a Mach-O file and a dylib file.
Step 1012, matching the file names of the at least two subfiles with the executable file keywords respectively to obtain a target subfile with the file name matched with the executable file keywords, and using the target subfile as the executable file of the application program.
In actual implementation, the executable file key may be a file suffix string of an executable file corresponding to the installation file. For example, for an apk file, its corresponding executable key may then be set to "dex". The terminal may first determine the type of the executable file corresponding to the application program based on the type of the installation file of the application program. And then acquiring corresponding executable file keywords based on the type of the executable file, performing text matching on the file names of at least two subfiles and the executable file keywords to obtain a target subfile with the file name matched with the executable file keywords, and taking the target subfile as the executable file of the application program. Specifically, the terminal performs text matching of a filename suffix of the subfile with an executable file keyword. Wherein, the text matching can be performed in a regular matching mode.
For example, if the installation file of the application is an apk file, that is, the application is an Android system application, and the terminal determines that the corresponding executable file is a dex file based on the apk file, the key of the executable file is determined as a character string "dex", and then text matching is performed on the filename suffixes of at least two subfiles and the character string "dex" in sequence to obtain a target subfile with the filename suffix matched with the "dex", and the target subfile is determined as the executable file of the application. The process of identifying executable files of application programs in other operating systems such as a Windows system or an iOS system is not described herein again.
In the analysis and identification process of the executable file of the application program, the executable file of the application program is identified by matching the subfiles obtained by analyzing the installation file of the application program with the corresponding keywords of the executable file, the matching process is simple and efficient, and the executable file of the application program can be effectively and accurately identified.
102, performing decompiling on the executable file to obtain a source code file of the executable file;
in actual implementation, the terminal may utilize a decompilation tool to decompilate the executable file. In this embodiment, the decompilation tool is a decompilation tool corresponding to a programming language used by the executable file. For example, for the VB (visual basic) language, the corresponding decompiler has VBExplorer, VB decompilation sprite, VBRezQ, and the like; for Java language, the corresponding decompiler has JAD (Joint Application development) and JD (Java Decompiler), etc.; for the C + + language, the corresponding decompilation tool is eXeSCope; for the Delphi language, a corresponding decompilation tool has DEDE; for C # language, the corresponding decompilation tool has a Reflector.
For example, if the executable file is a dex file of an Android system and the programming language adopted by the dex file is a Java language, the terminal may decompile the dex file by using a decompiling tool corresponding to the Java language, decompile the dex file into a smali file, and then decompile the smali file into a jar file. The jar file is a source code file corresponding to the dex file, and the content of the source code file is Java language source code.
It should be noted that the component is compiled by an SDK (Software Development Kit) to obtain a dynamic link library file. The terminal can obtain the component name of the access application by obtaining the file name of the dynamic link library file. In actual implementation, when the terminal analyzes the installation file of the application program to obtain the executable file of the application program, at least one dynamic link library file can be obtained. Specifically, the terminal may identify the dynamic link library file from a decompressed file obtained by decompressing the installation file according to a filename suffix of the dynamic link library file. For example, for an Android application, the terminal may obtain the so file by identifying a file with a suffix name ". so" from the decompressed file, and then get the component name of the access application based on the file name of the so file. So for example for a so file of libgcloud.
In order to accurately obtain more information of the component, such as configuration information and version number of the component, the embodiment of the application obtains more component information from the API function by extracting the API function of the component.
103, extracting an API function from the source code file to obtain at least one API function;
in actual implementation, the terminal may perform text matching on the source code file according to an API (Application Programming Interface) function keyword, extract a function name matched with the API function keyword from the source code file, and determine a function corresponding to the matched function name as an API function. And the terminal determines the function with the API function keyword in the function name as the API function. For example, the API function key may be a character string "API", and the terminal may match the character string "API" with a function name in the source code file to obtain a function name having the character string "API" in the name, and determine a corresponding function as the API function.
For example, if the function names corresponding to the functions described in the source code file include a1API, a2API, a3, and a4, the terminal matches the character string "API" with the corresponding function names in the source code file in sequence, and then obtains two functions, i.e., a1API and a2API, and the terminal determines the obtained a1API and a2API as API functions.
Due to the randomness of the naming of the API function, there may be some components whose API functions are not named with the character string "API", and therefore, the terminal needs to know the exact API function name of the component to extract the corresponding API function.
Based on this, the embodiment of the present application provides a mapping relationship between a component name and an API function name, and after obtaining the component name of an access application, the terminal obtains the API function name corresponding to the component name of the access application based on the mapping relationship between the component name and the API function name, and then extracts the corresponding API function from the source code file based on the obtained API function name. The mapping relationship between the component name and the API function name may be stored in a database form, a chart form, or other storage forms, and this embodiment is not limited in particular. In addition, the mapping relationship between the component name and the API function name may be stored locally in the terminal and managed by the terminal, or may be stored in an external device communicatively connected to the terminal and managed by the external device, which is not specifically limited in this embodiment. It should be noted that the mapping relationship between the component name and the API function name is generated in advance based on the monitored big data about the component, and is maintained and updated regularly.
At step 104, components in the application are identified based on the at least one API function.
The API function includes information such as configuration information of the component and a version number of the component. The configuration information of the component may include, for example, a method function for reading the configuration information, connection information of a database, a version number of the component, and the like. The terminal may obtain the version number of the component from within the API function to identify the component in the application.
In some embodiments, the terminal may identify the components in the application based on the API function in the following manner. Referring to fig. 8, fig. 8 is an optional flowchart of a component identification method of an application program according to an embodiment of the present application, and step 104 shown in fig. 3 may be implemented by steps 1041 to 1042, which will be described with reference to the steps.
Step 1041, matching at least one API function with the corresponding component identifier key, respectively, and obtaining a component version number obtaining function matched with the corresponding component identifier key from the at least one API function;
wherein, the component identification key may be a character string for representing the version number of the acquired component. The component identification key may be set as a character string or a combination of a plurality of character strings representing "component version number", for example, a character string "PluginVersion"; a character string or a combination of a plurality of character strings which can also be set to represent the "get component version number", for example, a character string "getPluginVersion" or a combination of a character string "get" and a character string "PluginVersion"; it may also be set as a character string or a combination of a plurality of character strings that characterize "version number of component". For example, for a component with a component name of Midas, the corresponding component identification key may be set to the string "midespluginversion" or a combination of the string "Midas" and the string "Pluginversion". In addition, the component identification keyword may also be set in one or a combination of multiple manners, or may also be set in another manner, or a combination of multiple manners, and the form of the component identification keyword is not specifically limited in this embodiment. And the terminal acquires the function containing the component identification key words from the API function and determines the function as a component version number acquisition function. For example, for a Midas component, the terminal may obtain its component version number obtaining function getMidas PluginVersion in the above-described manner.
Step 1042, obtaining a return value of the component version number obtaining function corresponding to at least one API function, and using the obtained return value as the version number of the component in the application program to complete the identification of the component in the application program.
In actual implementation, after acquiring the component version number acquisition functions respectively corresponding to the at least one API function corresponding to the application program, the terminal acquires the return values of the component version number acquisition functions corresponding to the at least one API function, and takes the acquired return values as the version numbers of the components accessed to the application program.
For example, for a component of an application with a component name of Midas, the terminal may obtain its return (return) value after obtaining its component version number obtaining function getmidaslugingversion, and determine the return value as the version number of the Midas component, which may be "1.6.9 f", for example.
According to the method and the device, the installation file of the application program is analyzed, the executable file obtained through analysis is decompiled, the API function extraction of the application program interface is carried out on the source code file obtained through decompilation, finally, the component in the application program is identified based on at least one API function obtained through extraction, and the component of the application program can be stably and effectively identified through component identification from the source code level of the application program and based on the API function obtained through the source code of the application program.
In practical situations, there may be a case where the version number of the component is not changed and the component is changed, for example, the configuration information of the component is changed, for example, the graphical interface parameter of the component is changed, and the accurate component information accessed by the application program still cannot be identified by identifying the version number of the component of the application program. Based on this, the embodiments of the present application provide the following methods to solve the above problems.
In some embodiments, after identifying the component of the installation file of the application program, the terminal further stores component information corresponding to the component, so that a user can conveniently check historically stored component information to compare the component information front and back, and support and convenience are provided for lateral comparison among different application programs. Specifically, the terminal stores the name of the application program and component information corresponding to the application program in a mapping manner so as to form a mapping relation between the application program and the component. The mapping relationship between the application program and the component may be stored in the form of a table, or may be stored in the form of a database, and the like. The terminal may store the component information locally, or may store the component information in an external device communicatively connected to the terminal, such as in a server communicatively connected to the terminal via a network. It should be understood that, for any time node, there is a unique MD5 code corresponding to the component information stored, and if there is a change in the component information corresponding to a certain component at a certain time node, the MD5 code corresponding to the component information is also changed at the same time as the change in the component information. The terminal stores the component information and also stores the corresponding MD5 code.
In some embodiments, referring to fig. 9, fig. 9 is an optional flowchart of a component identification method of an application program provided in an embodiment of the present application, and based on fig. 3, step 101 shown in fig. 3 includes: and analyzing the installation file of the application program to obtain an executable file of the application program and at least one dynamic link library file. After step 101, it may also be performed:
301, the terminal respectively obtains the current information abstract algorithm MD5 codes of each dynamic link library file;
in actual implementation, after the terminal parses the installation file of the application program and obtains at least one dynamic link library file, whether the component is changed or not can be determined based on the dynamic link library file. Specifically, the terminal may determine whether the dynamic link library file has been changed according to whether the MD5 code of the dynamic link library file has changed, thereby identifying the changed component.
It should be noted that the terminal can acquire the current MD5 code of each dynamic link library file using the MD5 verification tool. The MD5 validation tool may be hash-hz, hash, etc. The terminal may calculate the current MD5 code for each dynamic link library file by calling the MD5 validation tool.
Step 302, inquiring prestored MD5 codes of each dynamic link library file;
it should be noted that each dynamic link library file also corresponds to a pre-stored MD5 code, i.e. MD5 code stored in a local or other external device communicatively connected to the terminal, prior to step 301. The pre-stored MD5 codes of each dynamic link library file may be mapped and stored respectively corresponding to the dynamic link library file, or the MD5 codes corresponding to each dynamic link library file may be stored together in the same storage file, for example, a database, a table, or the like. And the terminal queries the pre-stored MD5 code of the corresponding dynamic link library file according to the component name of each component.
Step 303, comparing the current MD5 code and the pre-stored MD5 code of each dynamic link library file respectively;
in practical implementation, after acquiring the current MD5 codes of all dynamic link library files, the terminal may sequentially acquire the pre-stored MD5 codes of each dynamic link library file, and compare the current MD5 code with the pre-stored MD5 code. The terminal can also be used for immediately acquiring the pre-stored MD5 code of one dynamic link library file after acquiring the current MD5 code of the dynamic link library file, comparing the pre-stored MD5 code with the pre-stored MD5 code of the next dynamic link library file, and continuously acquiring and comparing the current MD5 code and the pre-stored MD5 code of the next dynamic link library file after the comparison is finished.
And step 304, when a target dynamic link library file with inconsistent current MD5 code and pre-stored MD5 code exists, acquiring component information corresponding to the target dynamic link library file. The component information is used for indicating the components with data change in the application program.
It should be understood that a file is associated with a unique MD5 code at any time, and if the file is changed, the MD5 code is changed accordingly. That is, if the current MD5 code of a file does not match the MD5 code that existed before the file, it indicates that the file has been changed. Therefore, in the embodiment of the present application, in order to obtain a component with data change, the current MD5 code and the pre-stored MD5 code of the corresponding dynamic link library file may be compared to identify whether the component has data change.
In practical implementation, the terminal determines all dynamic link library files with inconsistent current MD5 codes and prestored MD5 codes in at least one dynamic link library file as changed target dynamic link library files, and then acquires component information of the target dynamic link library files to indicate that data changed components exist in the application program. The component information may be a component name of the component, a version number, or the like. The data change of the component may be a change of configuration information, for example, a change of a graphical interface parameter of the component, such as a height of the component, or a change of another functional parameter of the component, such as database information of a component connection, such as a database name or a database address.
Of course, the execution sequence of steps 301 and 304 is not limited to that shown in fig. 9, and may be executed after step 304, for example.
By the above-mentioned current information summarization algorithm MD5 code for obtaining each dynamic link library file, the pre-stored MD5 code of each dynamic link library file is inquired, the current MD5 code and the pre-stored MD5 code of each dynamic link library file are respectively compared, when a target dynamic link library file with inconsistent current MD5 code and pre-stored MD5 code is obtained, component information corresponding to the target dynamic link library file is obtained, components with unchanged version numbers and changed other data can be identified to prompt a user of the components with changed data, and the components with changed data are subjected to functionality test and the like based on the components.
In some embodiments, referring to fig. 10, fig. 10 is an optional flowchart of a component identification method of an application program provided in an embodiment of the present application, and based on fig. 3, after step 104, the following may also be performed:
step 401, a terminal crawls a white paper related to a component in an application program from a webpage;
in actual implementation, after acquiring a component of an application program, for example, after acquiring a component name or a version number of the component, the terminal may crawl a white paper corresponding to the component or the version component from a webpage publishing the component based on the component name or the version number. Wherein, the white paper is a specification report which is formulated by a component publisher to publish, clarify basic functions or configuration information of the component and explain a method for operating the component.
It should be noted that the terminal may use a crawler tool to crawl a white paper of the component from the web page. Specifically, the terminal searches and obtains a webpage corresponding to the component by using a search engine according to the component name, then crawls webpage content by using a crawler tool, and obtains a white paper corresponding to the component from the webpage content through text recognition. For the components with multiple versions, the terminal can further obtain a white paper of the components with the corresponding versions according to the version numbers of the components.
For example, for a component named Midas and having a version number of "1.6.9 f," the terminal searches through the World Wide Web (WWW) by using a search engine to obtain a Web site for publishing the Midas component, then accesses a corresponding Web page by using the Web site, crawls Web page content from the Web page by using a crawler tool, and then obtains a white paper of the component from the crawled Web page content by text matching, for example, the Web page content can be matched according to a keyword related to the white paper of the component to obtain the white paper. If the Midas component has multiple versions published in the web page, the terminal needs to match the content of the web page according to the version number of the Midas component, namely "1.6.9 f", so as to obtain a white paper of the component of the corresponding version.
And step 402, respectively performing risk assessment on each component of the application program based on the white paper to obtain a risk assessment result of the corresponding component.
In actual implementation, the terminal performs risk assessment on the components based on the content recorded in the white paper. The content recorded in the white paper may include, but is not limited to, rights information of the component, access configuration information of the component, horizontal and vertical screen adaptation information of the component, whether the component supports large file downloading, an operating system adapted to the component, and compatibility information of the component. Based on the content recorded in the white paper, the terminal can acquire a plurality of risk information corresponding to the component, and perform risk assessment on the component by combining the operating system corresponding to the application program accessed by the component and the programming language of the application program to obtain a risk assessment result. The risk assessment result comprises risk information of multiple dimensions of the component, such as authority information of the component, compatibility of the component and an operating system, horizontal and vertical screen adaptability of the component and the like.
The risk assessment mode is very convenient and efficient, and can effectively carry out multi-dimensional risk assessment on the component to obtain the risk assessment result of the component. In addition, after the components of the application program are identified, risk assessment is carried out on the components, so that a user can be helped to better and more comprehensively master the information of the components, and the safety of the application program is improved.
In some embodiments, risk assessment may also be performed on the component by analyzing configuration information of the component. For example, if a configuration parameter of a component is set to a, which may cause an exception, the risk of the component may be detected by detecting whether the configuration parameter is set to a in the configuration information of the component.
The following examples are given to illustrate the present invention. Referring to fig. 11, fig. 11 is an optional flowchart of a component identification method of an application program according to an embodiment of the present application, and based on fig. 3, after step 104, the following may be further performed:
501, a terminal respectively acquires configuration information corresponding to each component of an application program;
the terminal acquires configuration information corresponding to each component based on a source code file obtained by decompiling an installation file of the application program. Specifically, the terminal obtains corresponding configuration information from the API function according to the API function of each component. For example, the terminal may obtain a method function of the component from the API function, obtain function information of the component according to the function of the method function, and obtain corresponding configuration information according to a value of a variable in the API function.
Step 502, obtaining a mapping relation between configuration information and a risk component;
the mapping relationship between the configuration information and the risk component may be pre-stored, may be stored locally in the terminal, may be stored in the server, may be stored in an external device communicatively connected to the terminal, and may be stored in a database form, a table form, or the like. In actual implementation, the terminal acquires the mapping relation between the configuration information and the risk component from the corresponding storage address. The mapping relationship between the configuration information and the risk component is specifically a mapping relationship between the configuration information and a component name of the risk component. For example, for a component X, when a certain item of configuration information is configured as a, the component X is abnormal, and the mapping relationship between the configuration information and the risk component includes the mapping relationship between a and the component X.
Step 503, determining a risk component in each component of the application program based on the configuration information corresponding to each component of the application program and the mapping relationship between the configuration information and the risk component.
In actual implementation, the terminal searches the mapping relation between the configuration information and the risk component based on the acquired configuration information of each component of the application program. If the configuration information of one or more components of the application program is found in the mapping relationship between the configuration information and the risk components, the terminal obtains the risk components corresponding to the found configuration information according to the mapping relationship, and therefore the risk components in the application program are determined. If the configuration information corresponding to all the components of the application program is not found in the mapping relationship between the configuration information and the risk components, it indicates that all the components of the application program are security components, and it is determined that no risk component exists in the application program. By acquiring the configuration information of the component and carrying out risk assessment on the component based on the configuration information, the risk assessment can be more accurate and comprehensive.
In some embodiments, referring to fig. 12, fig. 12 is an optional flowchart of a component identification method of an application program provided in an embodiment of the present application, and based on fig. 3, after step 104, the following may also be performed:
601, the terminal acquires a mapping relation between an application program and a component;
it should be noted that the mapping relationship between the application program and the component includes the mapping relationship between a plurality of application programs and one or more corresponding components. The mapping relation between the application program and the component is pre-stored, can be stored in the local terminal, can also be stored in the server, and can also be stored in an external device which is in communication connection with the terminal, and the storage form can be a database form, a data table form and the like. In this embodiment, after the installation file of the application program is identified to obtain the component, the application program is also stored in a mapping manner with the identified component.
In actual implementation, the terminal acquires the mapping relation between the configuration information and the risk component from the corresponding storage address. The mapping relationship between the application program and the components is specifically a mapping relationship between the name of the application program and the names of the components of all the components corresponding to the application program. For example, for an application P1, its corresponding component includes X1, for an application P2, its corresponding component includes X1 and X2, for an application P3, its corresponding component includes X1, X2 and X3, then the mapping relationship between the application and the component includes the mapping relationship between P1 and X1, the mapping relationship between P2 and X1, X2, the mapping relationship between P3 and X1, X2, X3, and so on.
Step 602, determining information of other applications having at least one same component with the application access based on the mapping relationship between the application and the component.
In actual implementation, the terminal determines, based on the mapping relationship between the application and the component, information of other applications having at least one same component as the application of the embodiment, according to the application and the corresponding component of the embodiment. The information of the other application programs includes the name of the application program and the component name of the same component as the application program of the embodiment. Specifically, the terminal sequentially obtains information of other application programs accessed with the component corresponding to each component of the application program.
For example, if the application of this embodiment is P and the corresponding components include X1, X2, X3, and X4, the terminal sequentially obtains information of other applications accessing X1, X2, X3, and X4, including other applications P1, P2, and P3 accessing X1; accessing other application programs P2 and P3 with X2; other applications P3 with X3 are accessed.
By determining that information is accessed from other applications that have the same components as the application, the different applications can be compared laterally to provide clearer instructional information for analytical testing of the applications.
In some embodiments, referring to fig. 13, fig. 13 is an optional flowchart of a component identification method of an application program provided in an embodiment of the present application, and based on fig. 3, after step 104, the following may also be performed:
step 701, the terminal acquires component information of the component, wherein the component information includes at least one of the following: the method comprises the steps of obtaining component name, component type, component version number, component risk information and component privacy authority information;
it should be noted that, in this embodiment, after the dynamic link library file of the component is obtained by parsing the installation file, the component name of the component may be determined according to the file name of the dynamic link library file. In this embodiment, a white paper may be crawled from a corresponding web page to obtain corresponding component type and component privacy authority information based on the component name, and the component type and the component privacy authority information may also be obtained based on an API function of the component.
Step 702, generating a component information report of the component according to the component information;
in practical implementation, the component information report may be in the form of a list, a text, a graph, and the like. The component information report may also include a combination of one or more of the above. In this embodiment, taking a list form as an example, the component information report may be composed of a plurality of lists containing different component information, or may be composed of a total list containing all component information, and this embodiment is not limited to this specifically.
For example, referring to fig. 14A-14C, fig. 14A is an optional schematic diagram of an access component detail list of a component information report provided in an embodiment of the present application, fig. 14B is an optional schematic diagram of a component risk detail list of a component information report provided in an embodiment of the present application, and fig. 14C is an optional schematic diagram of a component privacy authority detail list of a component information report provided in an embodiment of the present application. FIGS. 14A-14C collectively constitute a component information report. And the access component detail list also comprises texts for representing the detection conclusion of the component. The component detection conclusion can be that, for example, the application q5_1.0.243_ tag _ Release has 14 components in total, the component of the current version is not changed, the component risk detection result is passed, and the problem of leaving is avoided. The "component access details list includes" component type "," component name "," component version number ", and" other games accessing components of the same version number ". The component risk detail list comprises detection items of different risks, applicable components corresponding to the detection items and corresponding check conclusions. The detail list of the privacy authority of the component comprises several items of privacy authority applied in the game, privacy authority explanation, component which must apply for the authority, component which may apply for the authority, and the like.
Step 703, outputting a component information report.
In actual implementation, the terminal renders in the user interface according to the page elements forming the component information report to obtain and display the visual component information report for the user to browse. The display form of the component information report may be static chart display, or may be a mode of playing animation, for example, a sliding or page-turning playing mode may be adopted to dynamically display the component information report. In addition, the component information report can be made into a video, displayed in a video playing mode and the like. The present embodiment does not specifically limit the display form of the component information report.
In some embodiments, it may also be that the server performs component identification on the application and generates a component information report. When the component information report needs to be displayed, the server sends the generated component information report to the terminal, so that the terminal outputs and displays the component information report.
By generating and outputting the component information report based on the component information, the components accessed to the application program can be comprehensively analyzed and provided for the user to indicate, so that the user can more comprehensively test the application program based on the component information report, and the reliability, stability and safety of the application program are guaranteed.
Next, continuing to introduce the component identification method of the application program provided in the embodiment of the present application, fig. 15 is an optional flowchart illustration of the component identification method of the application program provided in the embodiment of the present application, and referring to fig. 15, the component identification method of the application program provided in the embodiment of the present application is cooperatively implemented by a client and a server.
Step 801, a client presents a component identification interface of an application program and presents a file selection function item in the component identification interface;
step 802, the client responds to the file selection operation triggered based on the file selection function item, and takes the selected installation file as the installation file of the application program;
step 803, the client sends an identification request for identifying the component of the installation file of the application program to the server;
step 804, the server uploads the selected installation file based on the identification request so as to upload the installation file to the local, and generates uploading progress information of the installation file based on the uploading progress of the installation file;
step 805, the server sends uploading progress information of the installation file to the client;
step 806, the client displays the uploading progress information of the installation file in the component identification interface;
step 807, after detecting that the installation file is uploaded successfully, the server identifies the components of the installation file, and generates component identification progress information based on the component identification progress of the installation file;
wherein, carry out the subassembly discernment to the installation file, include: analyzing the installation file of the application program to obtain an executable file of the application program; performing decompiling on the executable file to obtain a source code file of the executable file; extracting an Application Program Interface (API) function from the source code file to obtain at least one API function; based on the at least one API function, a component in the application is identified.
Specifically, analyzing the installation file of the application program to obtain an executable file of the application program includes: and analyzing the installation file of the application program to obtain an executable file of the application program and at least one dynamic link library file. Carrying out component identification on the installation file, and further comprising: respectively acquiring a current information abstract algorithm MD5 code of each dynamic link library file; inquiring prestored MD5 codes of each dynamic link library file; respectively comparing the current MD5 code and the pre-stored MD5 code of each dynamic link library file; when a target dynamic link library file with inconsistent current MD5 code and pre-stored MD5 code exists, acquiring component information corresponding to the target dynamic link library file; the component information is used for indicating that the components with data change exist in the application program.
Step 808, the server sends the component identification progress information to the client;
step 809, the client presents the component identification progress information in the component identification interface;
step 810, after the server identifies the components of the installation files, acquiring component information of the identified components;
step 811, the server generates a component information report of the component according to the component information;
step 812, the server sends the component information report to the client;
step 813, the client presents the view function item of the view report in the user interface;
in step 814, the client presents the component information report in response to the viewing operation directed to the viewing function item.
In the embodiment, the client selects the function item by presenting the component identification interface of the application program and presenting the file in the component identification interface, the file selection function item can be triggered by the user to select the installation file of the application program needing component identification, and after the user selects, the installation file selected by the user is used as the installation file of the application program and sends an identification request to the server, identifying the components of the installation file to obtain the components in the application program, acquiring the component information of the components to generate a component information report, sending the component information report to a client, presenting the component information report by the client for a user to browse, therefore, the method for identifying the components of the application program and viewing the components obtained by identifying the components is provided, and a user can conveniently master the component information of the application program.
Next, an exemplary application of the embodiment of the present application in a practical application scenario will be described.
Referring to fig. 16, fig. 16 is an alternative flowchart illustrating a component identification method of an application according to an embodiment of the present invention. The component identification method of the application program provided by the embodiment of the application program is cooperatively implemented by the terminal, the server and the third-party platform. It should be noted that the third party platform may be an application store platform, such as an application store server, provided for the user to download the application installation package, and may also be an application test platform, such as an application test server. In this embodiment, a game application is taken as an example, and a plurality of uploaded game installation packages are stored in the third party platform. The following is explained with reference to the steps shown in fig. 16.
Step 921, the server monitors the task;
step 922, the server judges whether a game installation package waiting for analysis exists in a task list of the terminal;
step 923, the server judges whether an unresolved game installation package exists in the uploaded game installation packages in the third-party platform, and executes step 924 when a target game installation package waiting for resolution exists in a task list of the terminal or an unresolved target game installation package exists in the uploaded game installation packages in the third-party platform; when the target game installation package waiting for analysis does not exist in the task list of the terminal and the game installation package uploaded in the third-party platform does not have the target game installation package which is not analyzed, returning to the step 921;
step 924: the server identifies the components of the target game installation package to obtain a component identification result;
the server monitors the component identification task for the terminal and the third-party platform at the same time, and executes the component identification scheme when the situation that the unresolved installation package task exists in the terminal or the third-party platform is monitored. Specifically, the server monitors a task list of the terminal, and when a game installation package exists in the task list of the terminal, the server indicates that an unresolved installation package task exists in the terminal. In addition, the server monitors a plurality of game installation packages stored in the third-party platform, judges whether unresolved game installation packages exist, and if yes, indicates that unresolved installation package tasks exist. Wherein the installation package task of the terminal is generated in the following manner.
Step 911, the terminal uploads a game installation package selected by the user;
step 912, the terminal judges whether the game installation package is uploaded successfully, if so, step 913 is executed, otherwise, step 911 is returned;
step 913, the terminal adds the game installation package to a task list to be analyzed by the installation package;
in actual implementation, referring to fig. 5A to 5D, after the terminal starts the client identified by the component of the application program, a game installation package uploading page is presented in the user interface, and a file selection function item, that is, a function item corresponding to "click to select a file" shown in fig. 5A is also presented in the game installation package uploading page. The user can select the function item based on the file and click. After the user clicks the file selection function item and selects the game installation package to be analyzed, the terminal automatically uploads the selected game installation package in the client, and the uploading progress of the game installation package is also presented in the uploading process, for example, as shown in fig. 5B. After the game installation package is uploaded successfully, the terminal adds the game installation package to a task list to be analyzed of the installation package, so that the server monitors an unresolved installation package task of the terminal by monitoring the task list. It should be understood that, if a game installation package exists in the task list, it indicates that the game installation package is a game installation package to be analyzed, and an unresolved installation package task exists in the terminal.
And when monitoring that a target game installation package waiting for analysis or an unresolved target game installation package exists in the terminal or the third-party platform, the server acquires the target game installation package and performs component identification on the target game installation package. The process of identifying the components of the target game installation package specifically comprises the following steps: the server analyzes the target game installation package to obtain a dex file and a plurality of so files; decompiling the dex file to obtain a smali file, further decompiling the smali file to a jar file containing Java source codes, and checking the Java source codes recorded in the jar file based on the jar file; after the jar file is obtained, an API function of the component is obtained in the jar file based on the context information, the function for obtaining the version number of the component is found in the API function in a text matching mode, then the return value of the function for obtaining the version number of the component is obtained, and the return value is determined as the version number of the component. For example, taking a midas component of a game as an example, after obtaining a jar file, a com.tencent.midas.api package name can be found in the jar file, an apmida payapi.java source code file is obtained under the package name, and finally a "getmida palgin version" function is found in a text matching manner to obtain a return value of the function, wherein the return value is an accurate version number of the midas component. While the target game installation package is subjected to component recognition, progress information of the component recognition, such as a progress bar representing the progress information of the component recognition shown in fig. 5C, is also presented in the client. And after the server identifies the component information of the target game installation package, returning the identified component information. If the server identifies the components of the target game installation package in the terminal, the server returns the identified component information to the terminal. And if the server identifies the components of the target game installation package of the third-party platform, the server returns the identified component information to the third-party platform.
Step 925, the server puts the component identification result in storage.
The component identification result is component information of the target game installation package, such as a component version number and a component name of the target game installation package. After the server identifies the component information of the target game installation package, the server stores the component information in the database, so that a user can check the historically stored component information based on the database to compare the component information front and back, and support and convenience are provided for transverse comparison of game component information among different games.
Step 914, the terminal obtains the component identification result;
step 915, displaying the component identification result by the terminal;
step 931, the third-party platform obtains a component identification result;
step 932, the third-party platform presents the component identification result;
and after receiving the component identification result returned by the server, the terminal or the third-party platform also acquires the md5 code of the so file by using an md5 verification tool, and requests the server to query a database storing component information of a historical game installation package so as to acquire and return the previous md5 code of the game installation package. The terminal or the third-party platform further compares whether the two md5 codes are consistent, if the two md5 codes are inconsistent, the component is changed, and the information of the component, such as the component name and the like, is acquired, so that the component with the change is identified, the problems that the component without the identification characteristic and with the exposed version number cannot be identified are solved, and the identification result of the component is more comprehensive.
Because the characteristics of different versions of the same component are different, changes such as bug repair, characteristic increase or decrease and the like may exist in version iteration, and therefore after component identification is carried out on the game installation package, risk assessment is further carried out on the identified component. Specifically, the terminal or the third-party platform crawls a white paper related to the component in an official website corresponding to the component according to the version number of the component, and obtains some characteristic information of the component based on the white paper of the component so as to perform risk assessment.
In addition to risk assessment of the component, privacy privilege risks involved with the component are also assessed. Specifically, the terminal or the third-party platform acquires a privacy authority list required by the component based on the identified component, and carries out risk assessment on the privacy authority risk of the component based on the privacy authority list of the component. In addition, for the components of the identified game installation package, other games accessed with the components are also identified, and other games accessed with the same components as the game installation package are identified in a centralized manner, so that the component information of the game installation package is displayed more comprehensively.
After obtaining the component name, the component category, the component version number, other games accessed to components with the same version number, the risk assessment result of the component, and the privacy authority assessment result of the component of the game installation package, the terminal or the third-party platform generates a component information report based on the component information, and presents a viewing function item of the viewing report in the user interface, for example, a function item whose text content is "click to view report" shown in fig. 5D. After the user triggers an instruction to view the component information report based on the function item, the component information report is presented as a result of component recognition, for example, as shown in fig. 14A to 14C, within the display interface.
In addition, the third-party platform also monitors the component identification itself, so that the user can be prompted to deal with the problem in time when the problem occurs in the component identification process, which is specifically described below.
Step 933, the third-party platform judges whether the component has a change;
step 934, the third-party platform judges whether the component identification process has an error report;
and step 935, if the component is changed or the component identification process has an error, the third-party platform generates an alarm mail.
In actual implementation, the third-party platform monitors the component identification process, and determines whether the component identification process normally operates, for example, by monitoring the execution time of the component identification, if the component identification process has a duration threshold and a component identification result is not generated yet, the third-party platform determines that an operation error occurs in the component identification process. In addition, the monitoring of the component identification process can be monitored by the server, and when the server monitors that the component identification process has errors, error reporting information is generated and fed back to the third-party platform. And after the third-party platform obtains the information of error report in the component identification process, generating and outputting an alarm mail. In addition, the third-party platform generates and outputs an alarm mail when identifying that the components of the target game installation package are changed. It should be understood that the terminal or server may also implement the self-monitoring process for component identification as implemented by the third party platform described above.
Continuing with the exemplary structure of the application component identification device 555 implemented as a software module provided in the embodiments of the present application, in some embodiments, as shown in fig. 2, the software module stored in the application component identification device 555 in the memory 550 may include:
the parsing module 5551 is configured to parse the installation file of the application program to obtain an executable file of the application program;
the decompilation module 5552 is configured to decompilate the executable file to obtain a source code file of the executable file;
the extracting module 5553 is configured to perform application program interface API function extraction on the source code file to obtain at least one API function;
an identifying module 5554 for identifying a component in the application based on the at least one API function.
In some embodiments, the parsing module 5551 is further configured to parse the installation file of the application to obtain at least two subfiles; and respectively matching the file names of at least two subfiles with the keywords of the executable file to obtain a target subfile of which the file name is matched with the keywords of the executable file, and taking the target subfile as the executable file of the application program.
In some embodiments, the identifying module 5554 is further configured to match at least one API function with the corresponding component identifier key, and obtain, from the at least one API function, a component version number obtaining function that matches the corresponding component identifier key; and acquiring a return value of the component version number acquisition function corresponding to at least one API function, and taking the acquired return value as the version number of the component in the application program to finish the identification of the component in the application program.
In some embodiments, the parsing module 5551 is further configured to parse the installation file of the application to obtain an executable file of the application and at least one dynamic link library file; the software modules stored in the component recognition device 555 of the application program of the memory 550 may further include: the component change identification module is used for respectively acquiring the current information abstract algorithm MD5 codes of the dynamic link library files; inquiring prestored MD5 codes of each dynamic link library file; respectively comparing the current MD5 code and the pre-stored MD5 code of each dynamic link library file; when a target dynamic link library file with inconsistent current MD5 code and pre-stored MD5 code exists, acquiring component information corresponding to the target dynamic link library file; and the component information is used for indicating the components with data change in the application program.
In some embodiments, the software modules stored in the component identification device 555 of the application program in the memory 550 may further include: the presentation module is used for presenting a component identification interface of the application program and presenting a file selection function item in the component identification interface; and acquiring the installation file of the selected application program in response to the file selection operation triggered based on the user interface file selection function item.
In some embodiments, the software modules stored in the component identification device 555 of the application program in the memory 550 may further include: the risk detection module is used for crawling white papers related to the components in the application program from the webpage; and respectively carrying out risk assessment on each component of the application program based on the white paper to obtain a risk assessment result of the corresponding component.
In some embodiments, the risk detection module is further configured to obtain configuration information corresponding to each component of the application program; acquiring a mapping relation between configuration information and a risk component; and determining a risk component in each component of the application program based on the configuration information corresponding to each component of the application program and the mapping relation between the configuration information and the risk component.
In some embodiments, the software modules stored in the component identification device 555 of the application program in the memory 550 may further include: the information acquisition module is used for acquiring the mapping relation between the application program and the component; and determining information of other application programs with at least one same component accessed by the application program based on the mapping relation between the application program and the component.
In some embodiments, the software modules stored in the component identification device 555 of the application program in the memory 550 may further include: a reporting module for obtaining component information of the component, the component information including at least one of: the method comprises the steps of obtaining component names, component types, component version numbers, component risk information and component privacy authority information; generating a component information report of the component according to the component information; and outputting a component information report.
It should be noted that the description of the apparatus in the embodiment of the present application is similar to the description of the method embodiment, and has similar beneficial effects to the method embodiment, and therefore, the description is not repeated.
In some embodiments, referring to fig. 17, fig. 17 is an alternative flowchart of a component identification method of an application program provided in the embodiments of the present application, and will be described with reference to the steps shown in fig. 17.
1001, a terminal presents a component identification interface of an application program and presents a file selection function item in the component identification interface;
in actual implementation, the terminal presents a component identification interface of the application program in a user interface of the terminal. The component identification interface can be presented through a floating window, and can also be presented in other ways. And simultaneously presenting the file selection function item in the component identification interface by the terminal. The file selection function item can be a button, and can also be an icon, such as a sliding icon, and the like, and can be operated by a user to send out a trigger operation.
Referring to fig. 5A, fig. 5A illustrates a component recognition interface of an application, which includes a picture element, a text box element, and the like. The file selection function item is composed of a text box element and a text element displayed on the text box element, wherein the content of the text element is 'click selection file'.
Step 1002, in response to a file selection operation triggered based on a file selection function item, taking the selected installation file as an installation file of an application program;
in actual implementation, after the terminal presents the component identification interface, a user can perform operation based on the file selection function item in the component identification interface, and after the user triggers the file selection operation of the file selection function item, the terminal responds to the file selection operation and takes the selected installation file as the installation file of the application program.
In some embodiments, the terminal presents a selection interface including at least one installation file within the user interface after receiving the trigger operation. Referring to fig. 6, fig. 6 is an alternative schematic diagram of a selection interface for installing a file according to an embodiment of the present application. Based on the selection interface, the user selects at least one installation file presented in the selection interface, and a file selection operation is triggered by clicking on a function item displayed with a text element of 'q 5_1.0.243_ tag _ release.apk', wherein the selected installation file is q5_1.0.243_ tag _ release.apk.
And after the user triggers the file selection operation, the terminal uploads the selected installation file so as to identify the uploaded installation file.
In some embodiments, after step 1002, it may further be performed: and presenting the uploading progress information of the installation files in the component identification interface based on the uploading progress of the selected installation files.
In actual implementation, the terminal divides the size of the uploaded part of the file and the size of the installed file based on the size of the installed file and the size of the uploaded part of the file, calculates the uploading progress of the installed file, namely the percentage of the size of the uploaded part of the file in the size of the installed file, and presents the uploading progress information of the installed file in the component identification interface based on the uploading progress of the installed file. The uploading progress information can be presented in real time or updated at preset intervals. The uploading progress information may be text information, for example, a percentage value of the uploading progress, and may also be progress bar information, and the progress bar may also include a percentage value of the uploading progress.
Referring to fig. 5B, fig. 5B is an alternative schematic diagram of a component identification interface presenting upload progress information according to an embodiment of the present application. The uploading progress information is presented in the form of a progress bar, and the progress bar further contains a percentage value of the uploading progress of the installation file, such as 51%.
And step 1003, responding to the component identification instruction aiming at the installation file, and presenting the identified components in the application program.
The identified components in the application program are obtained by performing decompilation on an executable file of the installation file, performing application program interface API function extraction on a source code file obtained by the decompilation, and identifying based on the extracted API function.
In actual implementation, after the installation file is uploaded successfully, the terminal can automatically perform component identification on the installation file, and can also perform component identification in response to the component identification instruction after receiving the component identification instruction. The component identification instruction may be a determination operation after the user selects the installation file, that is, determining to perform component identification on the selected installation file.
In some embodiments, the terminal may also present progress information of component recognition in the component recognition interface while performing component recognition on the installation file. Specifically, step 1003 includes: and responding to a component identification instruction aiming at the installation file, presenting component identification progress information of the installation file in a component identification interface based on the component identification progress of the selected installation file, and presenting the identified components in the application program after the component identification is finished.
In actual implementation, the terminal may determine the component recognition progress based on the time taken for component recognition of the installation file. For example, the time required for completion of component recognition may be preset as a fixed time, and then when component recognition is performed on the installation file, the time for which component recognition has been performed is divided by the fixed time to obtain a percentage of time, which is performed as component recognition. The component identification progress information is information for characterizing the component identification progress, and may be percentage information, progress bar information, or the like, for example. And if the component identification is finished within the fixed time, directly updating the component identification progress information into a percentage or fully dragging the progress bar. If the component recognition is not finished after the fixed time, the component recognition progress information is stopped at 99%, and when the component recognition is finished, the component recognition progress information is updated to 100%. The embodiment is not particularly limited to the acquisition of the component identification progress.
Referring to fig. 5C, fig. 5C is an alternative schematic diagram of a component recognition interface presenting component recognition progress information according to an embodiment of the present application. The component identification progress information is presented in the form of a progress bar, and the progress bar further contains a percentage value of the component identification progress of the installation file, such as 5%.
And when the identification of the components of the installation files is finished, presenting the identified components in the application program. In some embodiments, a component information report is generated based on information of the identified components, and the identified components are presented in the form of a report, such as the component information reports shown in FIGS. 14A-14C.
In some embodiments, after the component identification of the installation file is completed, a viewing function item for viewing the component information report is also presented in the component identification interface, and the terminal presents the component information report in response to a trigger operation for the viewing function item. For example, fig. 5D is an alternative schematic diagram of a component identification interface presented with functional items for viewing component information reports, provided by an embodiment of the present application. The function item of viewing the component information report is composed of a rectangular text box element and a text element with the content of 'clicking to view the report'. The user can trigger an instruction for viewing the component information report by clicking the function item, and the component information report is presented after the terminal receives the instruction.
According to the component identification method of the application program, the terminal presents the file selection function item in the component identification interface through presenting the component identification interface of the application program, so that a user can trigger the file selection function item to select the installation file of the application program needing component identification, and after the user selects the installation file, the identified component in the application program is presented in response to the component identification instruction aiming at the installation file, a method for identifying the component of the application program and checking the component obtained through component identification is provided, and the user can conveniently master the component information of the application program.
Continuing with the exemplary structure of the application component recognition apparatus implemented as a software module according to the embodiment of the present application, referring to fig. 18, fig. 18 is an alternative schematic diagram of the structure of the application component recognition apparatus according to the embodiment of the present application, and as shown in fig. 18, the application component recognition apparatus 18 according to the embodiment of the present application includes:
the interface presentation module 181 is configured to present a component identification interface of the application program, and present a file selection function item in the component identification interface;
a response module 182, configured to, in response to a file selection operation triggered based on the file selection function item, take the selected installation file as an installation file of the application program;
a component presenting module 183 configured to present the identified component in the application program in response to the component identifying instruction for the installation file;
the identified components in the application program are obtained by performing decompilation on an executable file of the installation file, performing API function extraction on a source code file obtained by decompilation, and identifying based on the extracted API function.
It should be noted that the description of the apparatus in the embodiment of the present application is similar to the description of the method embodiment, and has similar beneficial effects to the method embodiment, and therefore, the description is not repeated.
Embodiments of the present application provide a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device executes the component identification method of the application program according to the embodiment of the present application.
Embodiments of the present application provide a computer-readable storage medium storing executable instructions, which when executed by a processor, will cause the processor to perform a method provided by embodiments of the present application, such as a component identification method of an application program illustrated in fig. 3.
In some embodiments, the computer-readable storage medium may be memory such as FRAM, ROM, PROM, EPROM, EEPROM, flash, magnetic surface memory, optical disk, or CD-ROM; or may be various devices including one or any combination of the above memories.
In some embodiments, executable instructions may be written in any form of programming language (including compiled or interpreted languages), in the form of programs, software modules, scripts or code, and may be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment.
By way of example, executable instructions may correspond, but do not necessarily have to correspond, to files in a file system, and may be stored in a portion of a file that holds other programs or data, such as in one or more scripts in a hypertext Markup Language (HTML) document, in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub-programs, or portions of code).
By way of example, executable instructions may be deployed to be executed on one computing device or on multiple computing devices at one site or distributed across multiple sites and interconnected by a communication network.
In summary, the components of the application program can be stably and effectively identified through the embodiment of the application program.
The above description is only an example of the present application, and is not intended to limit the scope of the present application. Any modification, equivalent replacement, and improvement made within the spirit and scope of the present application are included in the protection scope of the present application.

Claims (10)

1. A method for component identification of an application, the method comprising:
analyzing an installation file of an application program to obtain an executable file of the application program;
decompiling the executable file to obtain a source code file of the executable file;
extracting an Application Program Interface (API) function from the source code file to obtain at least one API function;
identifying a component in the application based on the at least one API function.
2. The method of claim 1, wherein parsing the installation file of the application to obtain the executable file of the application comprises:
analyzing the installation file of the application program to obtain at least two subfiles;
and respectively matching the file names of the at least two subfiles with the keywords of the executable file to obtain a target subfile of which the file name is matched with the keywords of the executable file, and taking the target subfile as the executable file of the application program.
3. The method of claim 1, wherein identifying the component in the application based on the at least one API function comprises:
respectively matching the at least one API function with the corresponding component identification keywords, and obtaining a component version number obtaining function matched with the corresponding component identification keywords from the at least one API function;
and acquiring a return value of the component version number acquisition function corresponding to the at least one API function, and taking the acquired return value as the version number of the component in the application program to finish the identification of the component in the application program.
4. The method of claim 1, wherein parsing the installation file of the application to obtain the executable file of the application comprises:
analyzing an installation file of an application program to obtain an executable file and at least one dynamic link library file of the application program;
the method further comprises the following steps:
respectively acquiring a current information abstract algorithm MD5 code of each dynamic link library file;
inquiring prestored MD5 codes of each dynamic link library file;
respectively comparing the current MD5 code and the pre-stored MD5 code of each dynamic link library file;
when a target dynamic link library file with inconsistent current MD5 code and pre-stored MD5 code exists, acquiring component information corresponding to the target dynamic link library file;
the component information is used for indicating that the components with data change exist in the application program.
5. The method of claim 1, wherein prior to parsing the installation file of the application, the method further comprises:
presenting a component identification interface of an application program, and presenting a file selection function item in the component identification interface;
and responding to a file selection operation triggered by the file selection function item based on a user interface, and acquiring the selected installation file of the application program.
6. The method of claim 1, wherein after identifying the component in the application, the method further comprises:
crawling a white paper related to a component in the application program from a webpage;
and respectively carrying out risk assessment on each component of the application program based on the white paper to obtain a risk assessment result of the corresponding component.
7. The method of claim 1, wherein after the identifying the component information of the application program, further comprising:
respectively acquiring configuration information corresponding to each component of the application program;
acquiring a mapping relation between configuration information and a risk component;
and determining a risk component in each component of the application program based on the configuration information corresponding to each component of the application program and the mapping relation between the configuration information and the risk component.
8. The method of claim 1, wherein after identifying the component in the application, the method further comprises:
obtaining component information of the component, the component information including at least one of: the method comprises the steps of obtaining component names, component types, component version numbers, component risk information and component privacy authority information;
generating a component information report of the component according to the component information;
and outputting the component information report.
9. An apparatus for identifying a component of an application, the apparatus comprising:
the analysis module is used for analyzing the installation file of the application program to obtain an executable file of the application program;
the decompiling module is used for decompiling the executable file to obtain a source code file of the executable file;
the extraction module is used for extracting Application Program Interface (API) functions from the source code file to obtain at least one API function;
an identification module to identify a component in the application based on the at least one API function.
10. A method for component identification of an application, the method comprising:
presenting a component identification interface of an application program, and presenting a file selection function item in the component identification interface;
in response to a file selection operation triggered based on the file selection function item, taking the selected installation file as an installation file of an application program;
presenting the identified components in the application program in response to the component identification instruction for the installation file;
and the identified component in the application program is obtained by performing decompiling on the executable file of the installation file, performing application program interface API function extraction on the source code file obtained by decompiling, and identifying based on the extracted API function.
CN202010984489.6A 2020-09-18 2020-09-18 Component identification method and device of application program Active CN112099802B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010984489.6A CN112099802B (en) 2020-09-18 2020-09-18 Component identification method and device of application program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010984489.6A CN112099802B (en) 2020-09-18 2020-09-18 Component identification method and device of application program

Publications (2)

Publication Number Publication Date
CN112099802A true CN112099802A (en) 2020-12-18
CN112099802B CN112099802B (en) 2022-03-11

Family

ID=73758920

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010984489.6A Active CN112099802B (en) 2020-09-18 2020-09-18 Component identification method and device of application program

Country Status (1)

Country Link
CN (1) CN112099802B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112732314A (en) * 2020-12-30 2021-04-30 北京一亩田新农网络科技有限公司 Plug-in differential packaging method and device based on android, electronic equipment and computer readable medium
CN112953721A (en) * 2021-01-28 2021-06-11 山东浪潮通软信息科技有限公司 IPA file analysis method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082802A (en) * 2011-03-01 2011-06-01 陈彪 Behavior-based mobile terminal security protection system and method
CN103970514A (en) * 2013-01-28 2014-08-06 腾讯科技(深圳)有限公司 Information acquisition method and device for Android application program installation package
CN104462356A (en) * 2014-12-08 2015-03-25 中山大学 Intelligent mobile application interface searching method and device based on running information
CN104951324A (en) * 2014-03-28 2015-09-30 腾讯科技(深圳)有限公司 Method and device for acquiring application calling relation table
CN105989294A (en) * 2015-02-17 2016-10-05 华为技术有限公司 Detection method and apparatus for Android package

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082802A (en) * 2011-03-01 2011-06-01 陈彪 Behavior-based mobile terminal security protection system and method
CN103970514A (en) * 2013-01-28 2014-08-06 腾讯科技(深圳)有限公司 Information acquisition method and device for Android application program installation package
CN104951324A (en) * 2014-03-28 2015-09-30 腾讯科技(深圳)有限公司 Method and device for acquiring application calling relation table
CN104462356A (en) * 2014-12-08 2015-03-25 中山大学 Intelligent mobile application interface searching method and device based on running information
CN105989294A (en) * 2015-02-17 2016-10-05 华为技术有限公司 Detection method and apparatus for Android package

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LTYANDY: "Android逆向之Android逆向工具介绍", 《博客园 HTTPS://WWW.CNBLOGS.COM/LTYANDY/P/11573215.HTML》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112732314A (en) * 2020-12-30 2021-04-30 北京一亩田新农网络科技有限公司 Plug-in differential packaging method and device based on android, electronic equipment and computer readable medium
CN112953721A (en) * 2021-01-28 2021-06-11 山东浪潮通软信息科技有限公司 IPA file analysis method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN112099802B (en) 2022-03-11

Similar Documents

Publication Publication Date Title
US9098636B2 (en) White-box testing systems and/or methods in web applications
CN105940654B (en) Franchise static web application in trust
CN106415480B (en) High-speed application for installation on a mobile device for enabling remote configuration of the mobile device
US10684839B2 (en) Plugin for software deployment
US8065675B2 (en) In-page installer
JP7131946B2 (en) Method and system for assessing application security
CN102306117B (en) Automatic hardware test alarm method and device
US9384005B2 (en) Systems and methods for dynamic configuration of client-side development environments through use of application servers
US9262132B1 (en) Incremental local source code analysis
WO2022252637A1 (en) Browser-based rpa implementation method and apparatus, device, and medium
CN106406961A (en) Method and device for loading and providing application based on browser
CN106897607B (en) Application program monitoring method and device
US10169005B2 (en) Consolidating and reusing portal information
WO2014139300A1 (en) Method and device for loading a plug-in
CN103544434B (en) For guaranteeing method and the terminal of safety operation of applied program
CN112099802B (en) Component identification method and device of application program
CN108920359B (en) Application program testing method and device, storage medium and electronic device
TW201839593A (en) Interaction processing method and device
CN111191226A (en) Method, device, equipment and storage medium for determining program by using privilege-offering vulnerability
CN115033894B (en) Software component supply chain safety detection method and device based on knowledge graph
CN113535587B (en) Target application detection method and device and computer equipment
KR20140050323A (en) Method and apparatus for license verification of binary file
CN112860645A (en) Processing method and device for offline compressed file, computer equipment and medium
CN115407977A (en) Information compiling method, device, equipment and computer readable storage medium
CN114398673A (en) Application compliance detection method and device, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant