CN112364353A - Xss vulnerability detection method and device based on nodejs express application - Google Patents
Xss vulnerability detection method and device based on nodejs express application Download PDFInfo
- Publication number
- CN112364353A CN112364353A CN202011207691.4A CN202011207691A CN112364353A CN 112364353 A CN112364353 A CN 112364353A CN 202011207691 A CN202011207691 A CN 202011207691A CN 112364353 A CN112364353 A CN 112364353A
- Authority
- CN
- China
- Prior art keywords
- nodejs
- express application
- express
- xss
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/1734—Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2453—Query optimisation
- G06F16/24534—Query rewriting; Transformation
Abstract
The invention provides a xss vulnerability detection method and device based on nodejs express application, wherein the method comprises the following steps: sending a get request to a nodejs express application; responding to the get request, converting the parameters of the request into a reference type and endowing the reference type with vulnerability marking attributes when a query method of the nodejs express application is called; setting a hook in a nodejs express application return function, and judging whether a returned parameter is a reference type with a vulnerability marking attribute; if yes, the nodejs express application is shown to have xss holes. The invention realizes xss vulnerability detection of nodejs express application, achieves uniqueness of a propagation stage, and ensures accuracy of subsequent operation.
Description
Technical Field
The invention relates to the technical field of vulnerability detection, in particular to a xss vulnerability detection method and device based on nodejs express application.
Background
xss attacks generally refer to the method of injecting malicious instruction codes into a web page by a smart method by utilizing a vulnerability left in web page development, so that a user loads and executes a web page program maliciously manufactured by an attacker.
At present, when nodejs is used as back-end development, no good means for detecting xss vulnerability of nodejs express application exists, so that a user is easy to be attacked by xss.
Disclosure of Invention
The invention provides an xss vulnerability detection method based on nodejs express application, aiming at reducing the risk of xss attack on a user.
In order to solve the technical problems, the invention adopts the following technical scheme:
in a first aspect, a xss vulnerability detection method based on nodejs express application is provided, which includes:
sending a get request to a nodejs express application;
responding to the get request, converting the parameters of the request into a reference type and endowing the reference type with vulnerability marking attributes when a query method of the nodejs express application is called;
setting a hook in a nodejs express application return function, and judging whether a returned parameter is a reference type with a vulnerability marking attribute;
if yes, the nodejs express application is shown to have xss holes.
Wherein, after sending the get request to the nodejs express application, the method further comprises:
project type prototypes have vulnerability signature properties defined on object.
Wherein before sending the get request to the nodejs express application, the method further comprises:
designating a third party library for monitoring nodejs express applications;
and rewriting a query method applied to the nodejs express and setting a hook function.
Wherein, if yes, after the nodejs express application has xss vulnerability, the method further includes:
if not, the nodejs express application does not have xss vulnerability.
In a second aspect, an xss vulnerability detection apparatus based on nodejs express application is provided, including:
a sending module, configured to send a get request to a nodejs express application;
the conversion module is used for responding to the get request, converting the parameters of the request into a reference type and endowing the reference type with vulnerability marking attributes when a query method of the nodejs express application is called;
and the judging module is used for setting a hook in a non-js express application return function and judging whether the parameter is a reference type with a vulnerability marking attribute, if so, the non-js express application has xss vulnerabilities, and if not, the non-js express application does not have xss vulnerabilities.
Wherein, the xss vulnerability detection device based on nodejs express application further comprises:
a definition module, configured to define a vulnerability signature attribute on an object.
Wherein, the xss vulnerability detection device based on nodejs express application further comprises:
the monitoring module is used for appointing a third-party library for monitoring nodejs express application;
and the rewriting module is used for rewriting the query method applied by the nodejs express and setting a hook function.
The invention has the beneficial effects that:
according to the method, the query method is rewritten when the get request is sent to the nodejs express application, the parameters of the request are converted into the reference types and are endowed with the vulnerability marking attributes, then the hooks are arranged on the return function, and whether the nodejs express application has xss vulnerabilities or not is judged according to the returned parameter types and the vulnerability marking attributes, so that the uniqueness of a propagation stage is achieved, and the accuracy of subsequent operation is guaranteed.
Drawings
The detailed structure of the invention is described in detail below with reference to the accompanying drawings
Fig. 1 is a block flow diagram of an xss vulnerability detection method based on nodejs express application according to an embodiment of the present invention;
fig. 2 is a block diagram illustrating a xss vulnerability detection apparatus based on nodejs express application according to an embodiment of the present invention;
fig. 3 is a block diagram of a xss vulnerability detection apparatus based on nodejs express application according to another embodiment of the present invention.
Detailed Description
In order to explain technical contents, structural features, and objects and effects of the present invention in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
Referring to fig. 1, fig. 1 is a block flow diagram of an xss vulnerability detection method based on nodejs express application according to an embodiment of the present invention, and a xss vulnerability detection method based on nodejs express application is characterized by including:
step S200, sending get request to nodejs express application.
Step S300, responding to the get request, converting the parameters of the request into reference types and endowing the reference types with vulnerability marking attributes when the query method of the nodejs express application is called.
It should be noted that, if the parameter id obtained by default when the requested parameter is not processed is { id: 1}, then { id: String (1) } is obtained after processing, where String (1) is a reference type carrying a vulnerability marking attribute.
And step S400, setting a hook in the nodejs express application return function, and judging whether the returned parameter is a reference type with the attribute of the vulnerability marker.
It should be noted that the returned parameter comes from the url or from inside the program, and may have changed compared with the requested parameter in step S300, and the returned parameter needs to be determined, and if the returned parameter is obtained from the url, the returned parameter carries the vulnerability flag attribute.
Step S500, if yes, the nodejs express application is shown to have xss loopholes.
The invention has the beneficial effects that:
according to the method, the query method is rewritten when the get request is sent to the nodejs express application, the parameters of the request are converted into the reference types and are endowed with the vulnerability marking attributes, then the hooks are arranged on the return function, and whether the nodejs express application has xss vulnerabilities or not is judged according to the returned parameter types and the vulnerability marking attributes, so that the uniqueness of a propagation stage is achieved, and the accuracy of subsequent operation is guaranteed.
Further, after step S200, the method further includes:
in step S210, a vulnerability signature attribute is defined on the object.
Specifically, the function of the vulnerability marking attribute is defined as that if no vulnerability marking exists, a vulnerability marking is generated.
Further, before step S200, the method further includes:
step S180, appointing a third-party library for monitoring nodejs express application;
step S190, rewriting the query method applied by the nodejs express and setting a hook function.
It should be noted that loading the nodejs third-party library can execute the nodejs Module request method, so that the third-party library for monitoring nodejs express application can be specified, the query method of the nodejs express application can be rewritten, and the logic of the rewritten query method can be executed when the parameter is requested.
Further, after step S500, the method further includes:
if not, the step S600 shows that the nodejs express application does not have xss vulnerability.
Referring to fig. 2, fig. 2 is a block diagram of an xss vulnerability detection apparatus based on nodejs express application according to an embodiment of the present invention, in which a xss vulnerability detection apparatus based on nodejs express application includes:
a sending module 10, configured to send a get request to a nodejs express application;
a conversion module 20, configured to, in response to the get request, convert a parameter of the request into a reference type and assign a vulnerability marking attribute to the reference type when a query method of the nodejs express application is called;
the judging module 30 is configured to set a hook in a nodejs express application return function, and judge whether a returned parameter is a reference type having a vulnerability marking attribute, if yes, it indicates that the nodejs express application has xss vulnerabilities, and if not, it indicates that the nodejs express application does not have xss vulnerabilities.
Referring to fig. 3, fig. 3 is a block diagram illustrating an xss vulnerability detection apparatus based on nodejs express application according to another embodiment of the present invention.
Further, the xss vulnerability detection device based on nodejs express application further comprises:
a defining module 40, configured to define a vulnerability signature attribute on an object.
Further, the xss vulnerability detection device based on nodejs express application further comprises:
a monitoring module 50, configured to specify a third-party library for monitoring nodejs express applications;
and the rewriting module 60 is configured to rewrite the query method applied by the nodejs express and set a hook function.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes performed by the present specification and drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (7)
1. An xss vulnerability detection method based on nodejs express application is characterized by comprising the following steps:
sending a get request to a nodejs express application;
responding to the get request, converting the parameters of the request into a reference type and endowing the reference type with vulnerability marking attributes when a query method of the nodejs express application is called;
setting a hook in a nodejs express application return function, and judging whether a returned parameter is a reference type with a vulnerability marking attribute;
if yes, the nodejs express application is shown to have xss holes.
2. The nodejs express application-based xss vulnerability detection method of claim 1, wherein after sending the get request to the nodejs express application, further comprising:
project type prototypes have vulnerability signature properties defined on object.
3. The nodejs express application-based xss vulnerability detection method of claim 1, wherein before sending the get request to nodejs express application, further comprising:
designating a third party library for monitoring nodejs express applications;
and rewriting a query method applied to the nodejs express and setting a hook function.
4. The method for xss vulnerability detection based on nodejs express application of claim 1, wherein after the if, then representing that the nodejs express application has xss vulnerability, further comprising:
if not, the nodejs express application does not have xss vulnerability.
5. An xss vulnerability detection device based on nodejs express application, characterized by comprising:
a sending module, configured to send a get request to a nodejs express application;
the conversion module is used for responding to the get request, converting the parameters of the request into a reference type and endowing the reference type with vulnerability marking attributes when a query method of the nodejs express application is called;
and the judging module is used for setting a hook in the nodejs express application return function and judging whether the returned parameter is a reference type with a bug mark attribute, if so, the nodejs express application has xss bugs, and if not, the nodejs express application does not have xss bugs.
6. The nodejs express application-based xss vulnerability detection apparatus of claim 5, further comprising:
a definition module, configured to define a vulnerability signature attribute on an object.
7. The nodejs express application-based xss vulnerability detection apparatus of claim 5, further comprising:
the monitoring module is used for appointing a third-party library for monitoring nodejs express application;
and the rewriting module is used for rewriting the query method applied by the nodejs express and setting a hook function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011207691.4A CN112364353B (en) | 2020-11-03 | 2020-11-03 | Xss vulnerability detection method and device based on nodejs express application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011207691.4A CN112364353B (en) | 2020-11-03 | 2020-11-03 | Xss vulnerability detection method and device based on nodejs express application |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112364353A true CN112364353A (en) | 2021-02-12 |
| CN112364353B CN112364353B (en) | 2021-07-30 |
Family
ID=74514011
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011207691.4A Active CN112364353B (en) | 2020-11-03 | 2020-11-03 | Xss vulnerability detection method and device based on nodejs express application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112364353B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103577188A (en) * | 2013-10-24 | 2014-02-12 | 北京奇虎科技有限公司 | Method and device for preventing cross site scripting attack |
| US20150082424A1 (en) * | 2013-09-19 | 2015-03-19 | Jayant Shukla | Active Web Content Whitelisting |
| CN106575222A (en) * | 2014-03-30 | 2017-04-19 | 动力应用程序公司 | Monitoring of Node.js applications |
| CN106790007A (en) * | 2016-12-13 | 2017-05-31 | 武汉虹旭信息技术有限责任公司 | Web attack defending systems and its method based on XSS and CSRF |
| CN106897624A (en) * | 2017-01-16 | 2017-06-27 | 深圳开源互联网安全技术有限公司 | A kind of leak detection method and its device |
| CN107085686A (en) * | 2017-03-24 | 2017-08-22 | 深圳市九州安域科技有限公司 | A kind of detection method and its system of interactive XSS leaks |
| CN108830083A (en) * | 2018-05-24 | 2018-11-16 | 东南大学 | A kind of XSS vulnerability detection parameter automatic generation method based on output point context |
-
2020
- 2020-11-03 CN CN202011207691.4A patent/CN112364353B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150082424A1 (en) * | 2013-09-19 | 2015-03-19 | Jayant Shukla | Active Web Content Whitelisting |
| CN103577188A (en) * | 2013-10-24 | 2014-02-12 | 北京奇虎科技有限公司 | Method and device for preventing cross site scripting attack |
| CN106575222A (en) * | 2014-03-30 | 2017-04-19 | 动力应用程序公司 | Monitoring of Node.js applications |
| CN106790007A (en) * | 2016-12-13 | 2017-05-31 | 武汉虹旭信息技术有限责任公司 | Web attack defending systems and its method based on XSS and CSRF |
| CN106897624A (en) * | 2017-01-16 | 2017-06-27 | 深圳开源互联网安全技术有限公司 | A kind of leak detection method and its device |
| CN107085686A (en) * | 2017-03-24 | 2017-08-22 | 深圳市九州安域科技有限公司 | A kind of detection method and its system of interactive XSS leaks |
| CN108830083A (en) * | 2018-05-24 | 2018-11-16 | 东南大学 | A kind of XSS vulnerability detection parameter automatic generation method based on output point context |
Non-Patent Citations (2)
| Title |
|---|
| 李宗森: "基于Node.js的XSS和CSRF防御研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 贾文超等: "基于动态污点传播模型的 DOM XSS 漏洞检测", 《计算机应用研究》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112364353B (en) | 2021-07-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8640240B2 (en) | Apparatus and method for using information on malicious application behaviors among devices | |
| US8245289B2 (en) | Methods and systems for preventing security breaches | |
| CN109583202B (en) | System and method for detecting malicious code in address space of process | |
| US20100037317A1 (en) | Mehtod and system for security monitoring of the interface between a browser and an external browser module | |
| CN102254113A (en) | Method and system for detecting and intercepting malicious code of mobile terminal | |
| US10216934B2 (en) | Inferential exploit attempt detection | |
| US8161560B2 (en) | Extensible framework for system security state reporting and remediation | |
| CN103778373A (en) | Virus detection method and device | |
| CN108028843B (en) | Method, system and computing device for securing delivery of computer-implemented functionality | |
| CN112966274B (en) | Web security hole detection method, scanner, storage medium and electronic device | |
| CN113190838A (en) | Web attack behavior detection method and system based on expression | |
| CN112364353B (en) | Xss vulnerability detection method and device based on nodejs express application | |
| CN111291377A (en) | Application vulnerability detection method and system | |
| CN107798244B (en) | Method and device for detecting remote code execution vulnerability | |
| RU2665910C1 (en) | System and method of detecting the harmful code in the address process space | |
| KR101842263B1 (en) | Method and apparatus for preventing reverse engineering | |
| CN113538288A (en) | Network anomaly detection method and device and computer readable storage medium | |
| US11436331B2 (en) | Similarity hash for android executables | |
| CN115174192A (en) | Application security protection method and device, electronic equipment and storage medium | |
| CN113849817A (en) | Method and device for detecting pollution vulnerability of JavaScript prototype chain | |
| CN111752570A (en) | Compiling method, device, terminal and computer readable storage medium | |
| CN112000354A (en) | Version information updating method, version information updating device, version information updating equipment and storage medium | |
| CN111639340A (en) | Malicious application detection method and device, electronic equipment and readable storage medium | |
| KR102497201B1 (en) | Method, apparatus and computer program for diagnosing SQL injection vulnerability | |
| KR102465307B1 (en) | Method for generating of whitelist and user device for perfoming the same, computer-readable storage medium and computer program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |