CN112711424A - Application risk problem determination method and device and storage medium - Google Patents

Application risk problem determination method and device and storage medium Download PDF

Info

Publication number
CN112711424A
CN112711424A CN201911023965.1A CN201911023965A CN112711424A CN 112711424 A CN112711424 A CN 112711424A CN 201911023965 A CN201911023965 A CN 201911023965A CN 112711424 A CN112711424 A CN 112711424A
Authority
CN
China
Prior art keywords
risk
feature
target
determining
feature set
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911023965.1A
Other languages
Chinese (zh)
Inventor
王烨坤
袁明凯
罗章龙
黄斌
严明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201911023965.1A priority Critical patent/CN112711424A/en
Publication of CN112711424A publication Critical patent/CN112711424A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/53Decompilation; Disassembly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/73Program documentation

Abstract

The application discloses a method, a device and a storage medium for determining risk problems of application programs, wherein the method comprises the following steps: acquiring a binary file corresponding to a target application program; decompiling the binary file to obtain an assembly instruction set; converting the assembly instruction set into a pseudo code file; scanning the pseudo code file through a preset risk model, and determining identification information of a target rule corresponding to the pseudo code file; the preset risk model is constructed on the basis of a plurality of rules determined by the sample application program and the corresponding risk problems, and each rule comprises at least one risk characteristic; determining a risk issue for the target application based on the identification information of the target rule. By adopting the technical scheme, the risk problem of all application programs can be comprehensively and accurately detected.

Description

Application risk problem determination method and device and storage medium
Technical Field
The present application relates to the field of internet security technologies, and in particular, to a method and an apparatus for determining a risk problem of an application program, and a storage medium.
Background
For a game item, the quality of the code directly determines the stability, reliability of the game, and whether the game can be run in long lines. And the code scanning detection of the game client and the server can evaluate the code quality and the operation risk. However, for most proxy projects, the source code is highly confidential information, and therefore a direct source code level scan scheme for such projects is not feasible.
In the prior art, by modifying a configuration file or sending abnormal data to a server, whether the protocol data processing of executable files such as a server bin file and the like or whether related codes read by the configuration file have risks is verified; the scheme can only verify the relevant functions of processing protocol data and reading configuration file data, and can not detect the risk of the codes of modules such as game logic, database reading and writing and the like.
Therefore, it is necessary to provide a method, an apparatus and a storage medium for determining risk problems of application programs, so as to detect risk problems of all application programs comprehensively and accurately.
Disclosure of Invention
The application provides a method, a device and a storage medium for determining risk problems of application programs, which can comprehensively and accurately detect the risk problems of all the application programs.
In one aspect, the present application provides a method for determining a risk problem of an application, where the method includes:
acquiring a binary file corresponding to a target application program;
decompiling the binary file to obtain an assembly instruction set;
converting the assembly instruction set into a pseudo code file;
scanning the pseudo code file through a preset risk model, and determining identification information of a target rule corresponding to the pseudo code file; the preset risk model is constructed on the basis of a plurality of rules determined by the sample application program and the corresponding risk problems, and each rule comprises at least one risk characteristic;
determining a risk issue for the target application based on the identification information of the target rule.
Another aspect provides an apparatus for risk issue determination for an application, the apparatus comprising:
the binary file acquisition module is used for acquiring a binary file corresponding to the target application program;
the assembly instruction set determining module is used for performing decompiling on the binary file to obtain an assembly instruction set;
a pseudo code file determining module for converting the assembly instruction set into a pseudo code file;
the identification information determining module of the target rule is used for scanning the pseudo code file through a preset risk model and determining the identification information of the target rule corresponding to the pseudo code file; the preset risk model is constructed on the basis of a plurality of rules determined by the sample application program and the corresponding risk problems, and each rule comprises at least one risk characteristic;
and the risk problem determining module is used for determining the risk problem of the target application program based on the identification information of the target rule.
Another aspect provides a risk issue determination apparatus for an application, the apparatus comprising a processor and a memory, the memory having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions, which is loaded and executed by the processor to implement the risk issue determination method for an application described above.
Another aspect provides a computer readable storage medium having stored therein at least one instruction, at least one program, set of codes or set of instructions, which is loaded and executed by a processor to implement the method of risk issue determination for an application as described above.
The method, the device and the storage medium for determining the risk problem of the application program have the following technical effects:
(1) the coverage of the types of the scanned files is wide: the scanning device can directly perform decompiling and scanning on client and server files generated by compiling various types of C + + under the condition of the passive code, and risk early warning is performed under the condition of avoiding code leakage.
(2) The deployment and the use are convenient: the method can be used for scanning directly in a windows/linux environment, and can also be used by being deployed or integrated on a tool platform.
(3) The detection risk types are relatively comprehensive: various types of risk problems that affect the game business logic or may directly cause downtime, including null pointers, business logic defects, and the like, may be detected.
(4) The positioning is accurate: the early-warned risk problem can be positioned to the path and the line number of the source code file, so that the problem can be conveniently checked by a program of a project group.
Drawings
In order to more clearly illustrate the technical solutions and advantages of the embodiments of the present application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a schematic diagram of a risk problem determination system for an application provided by an embodiment of the present application;
fig. 2 is a schematic flowchart of a risk problem determination method for an application according to an embodiment of the present application;
fig. 3 is a schematic flowchart of a method for determining identification information of a target rule corresponding to the pseudo code file according to an embodiment of the present application;
FIG. 4 is a schematic flow chart diagram illustrating a method for determining a first risk profile according to an embodiment of the present disclosure;
FIG. 5 is a schematic flow chart diagram illustrating another method for determining a first risk profile provided by an embodiment of the present application;
FIG. 6 is a flowchart illustrating a method for determining a target feature set according to an embodiment of the present application;
FIG. 7 is a flowchart illustrating a method for determining a target feature set according to an embodiment of the present application;
FIG. 8 is an illustration of a risk problem of an application provided by an embodiment of the present application;
fig. 9 is a schematic diagram illustrating a path and a line number of a source code file corresponding to a risk problem according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of a risk problem determination apparatus for an application according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Referring to fig. 1, fig. 1 is a schematic diagram of a risk problem determination system for an application according to an embodiment of the present application, and as shown in fig. 1, the system may include at least a server 01 and a client 02.
Specifically, in this embodiment of the present disclosure, the server 01 may include a server that operates independently, or a distributed server, or a server cluster composed of a plurality of servers. The server 01 may comprise a network communication unit, a processor, a memory, etc. Specifically, the server 01 may be configured to determine a risk problem of the application program based on a binary file of the application program.
Specifically, in the embodiment of the present disclosure, the client 02 may include a physical device such as a smart phone, a desktop computer, a tablet computer, a notebook computer, a digital assistant, and a smart wearable device, and may also include software running in the physical device, such as a web page provided by some service providers to a user, and an application provided by the service providers to the user. The client 02 may be configured to query the risk problem of the application program online, and specifically, the client 02 may be configured to compile the application program into a binary file and send the binary file to the server 01.
The following describes a method for determining risk problems of an application program, and fig. 2 is a schematic flow chart of a method for determining risk problems of an application program provided in an embodiment of the present application, and the present specification provides the method operation steps as described in the embodiment or the flow chart, but may include more or less operation steps based on conventional or non-inventive labor. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. In practice, the system or server product may be implemented in a sequential or parallel manner (e.g., parallel processor or multi-threaded environment) according to the embodiments or methods shown in the figures. Specifically, as shown in fig. 2, the method may include:
s201: and acquiring a binary file corresponding to the target application program.
In this embodiment of the present specification, the binary file may be obtained by a processor corresponding to the target application, where the processor may be a client or a server. The file corresponding to the target application program of the server may be an exe executable file (windows) or a bin executable file (linux), and the file of the target application program of the client may be a so/dll link library file. The processor may compile the target application into a binary file in the C + + language based on a source file of the target application.
In some embodiments, the target application may include a gaming application, a multimedia information playing application, and the like.
S203: decompiling the binary file to obtain an assembly instruction set;
in a specific embodiment, the segment corresponding to the binary file may be:
Figure BDA0002248100200000051
Figure BDA0002248100200000061
correspondingly, the instruction behavior of the binary file decompiled single function X64 is as follows:
Figure BDA0002248100200000062
Figure BDA0002248100200000071
s205: converting the assembly instruction set into a pseudo code file;
in this embodiment of the present specification, the pseudo code file may be a class C pseudo code, where the class C pseudo code has a high-level language basic syntax form, including a function scope, a function parameter type and a parameter name, a variable definition, a logical operation, and the like. Such a clear pseudo-code structure facilitates prediction of risk problems.
In some embodiments, the pseudo code file into which the instruction line of the binary decompiled single function X64 is converted is:
Figure BDA0002248100200000072
Figure BDA0002248100200000081
s207: scanning the pseudo code file through a preset risk model, and determining identification information of a target rule corresponding to the pseudo code file; the preset risk model is constructed on the basis of a plurality of rules determined by the sample application program and the corresponding risk problems, and each rule comprises at least one risk characteristic;
in this embodiment of the present specification, as shown in fig. 3, the preset risk model includes a preset risk feature library, and the step S207 may include:
s2071: determining a first risk characteristic of the pseudo code file based on the preset risk characteristic library;
in this embodiment, the first risk characteristic may be a variable, a keyword, or a syntax symbol in the pseudo code file.
In this embodiment of the present specification, the preset risk feature library may be set in a scanning tool, where the scanning tool has a windows version and a linux version, and supports access and use of software and a tool platform of a mainstream operating system.
In an embodiment of the present specification, the determining a first risk characteristic of the pseudo code file based on the preset risk characteristic library may include:
a first risk profile of the pseudo-code file is determined by a scanning tool.
In an embodiment of this specification, before the step of determining the first risk characteristic of the pseudo code file based on the preset risk characteristic library, the method may further include:
determining a sample application program with a risk problem;
and determining the risk characteristics in the sample application program, and constructing a preset risk characteristic library.
In an embodiment of this specification, before the step of determining the first risk characteristic of the pseudo code file based on the preset risk characteristic library, the method may further include:
s2070: and decomposing the pseudo code file into a plurality of features according to a syntactic structure to obtain a decomposition feature set.
In some embodiments, the pseudo code file may be loaded into a memory, and cut according to a syntax structure, and a variable, a keyword, a syntax symbol, and the like are respectively used as a feature to obtain a decomposition feature set.
In a specific embodiment, the pseudo code file is:
int DemoFunc(int k){
return k;
}
the corresponding decomposition characteristics of the pseudo code file are as follows:
"int", "DemoFunc", "(", "int", "k", ")", "{", "return", "k", "; "and" } ".
In some embodiments, as shown in fig. 4, the determining the first risk profile of the pseudo code file based on the preset risk profile library may include:
s20711: determining an intersection feature set of the decomposition feature set and the preset risk feature library based on a preset risk feature library and the decomposition feature set;
s20713: determining any feature in the intersection feature set as a first risk feature of the pseudo code file;
in some embodiments, after the step of parsing the pseudo-code file into a plurality of features according to a syntactic structure to obtain a set of parsed features, the method further comprises:
s20705: constructing a feature double-linked list based on the decomposition feature set;
in a specific embodiment, the decomposition characteristics corresponding to the pseudo code file are as follows:
"int", "DemoFunc", "(", "int", "k", ")", "{", "return", "k", "; "and" } ".
The double linked list structure corresponding to the decomposition features is as follows:
Figure BDA0002248100200000091
in the embodiment of the present specification, after the doubly linked list is determined, the association relationship of each feature in the code file can be quickly established.
In embodiments of the present specification, the pseudocode file may include a plurality of risk features.
In some embodiments, as shown in fig. 5, the determining the first risk profile of the pseudo code file based on the preset risk profile library may include:
s20715: and determining any risk feature in the decomposition feature set as a first risk feature of the pseudo code file based on the preset risk feature library.
S2073: determining identification information of at least one rule corresponding to the first risk characteristic;
in an embodiment of the present specification, the preset risk feature library may include a plurality of rules, and one rule may correspond to one risk model.
In this specification embodiment, the identification information of the rule may be an ID of the rule.
S2075: determining a second risk feature set in each rule based on the identification information of each rule;
in embodiments of the present specification, each rule may include a plurality of risk features, and each rule may correspond to one or more risk issues. The second set of risk features may include one or more second risk features. In a gaming application, the risk issue may include: the null pointer, the service logic defect and the like affect the game service logic or can directly cause the downtime.
S2077: when a target feature set matched with any second risk feature set exists in the pseudo code file, determining identification information of a target rule corresponding to the matched second risk feature set;
in this embodiment of the present specification, as shown in fig. 6, before the step of determining, when a target feature set matching any second risk feature set exists in the pseudo-code file, identification information of a target rule corresponding to the matching second risk feature set, the method may further include:
s20761: and searching a target feature matched with any second risk feature set from the intersection feature set based on the first risk feature to obtain a target feature set.
In this embodiment of the present specification, as shown in fig. 7, before the step of determining, when a target feature set matching any second risk feature set exists in the pseudo-code file, identification information of a target rule corresponding to the matching second risk feature set, the method may further include:
s20763: and searching a target feature matched with any second risk feature set from the feature double-linked list based on the first risk feature to obtain a target feature set.
In this embodiment of the present specification, when there is no target feature set matching any second risk feature set in the pseudo code file, the risk problem corresponding to the first risk feature is determined as the risk problem of the target application program.
In the embodiment of the present specification, after one risk feature in a code file is determined, other risk features in the code file corresponding to the first risk feature may be quickly determined through a double-linked list, so that a target feature set may be quickly determined, and therefore, a risk problem corresponding to a target application program may be conveniently and quickly predicted in a subsequent process.
S209: determining a risk issue for the target application based on the identification information of the target rule.
In an embodiment of the present specification, after the step of determining a risk issue of the target application, the method may further include:
and displaying the risk problem of the target application program and the identification information of the target rule on a display interface.
In an embodiment of the present specification, the determining a risk problem of the target application based on the identification information of the target rule may include:
searching a preset identification risk question bank for risk questions corresponding to the identification information of the target rule, wherein the preset identification risk question bank comprises a mapping relation between the identification information of the rule and the risk questions;
and taking the risk problem corresponding to the identification information of the target rule as the risk problem of the target application program.
In a specific embodiment, the preset labeled risk problem database may include a mapping relationship between a preset number of regular identification information and risk problems, and the preset labeled risk problem database may be a sub-database of the preset risk feature database.
In a specific embodiment, each rule corresponds to one risk model, and after a first risk feature corresponding to a pseudo code file is determined, identification information of at least one rule corresponding to the first risk feature can be determined, so that at least one risk model is determined; and then inputting the characteristics in the pseudo code file into at least one risk model, determining a risk model matched with the pseudo code file, and determining a risk problem corresponding to the matched risk model as a risk problem of the target application program.
In an embodiment of the present specification, the method may further include:
determining a function and a pseudo code line number corresponding to a risk problem of the target application program based on the first risk characteristic and the target characteristic set;
and determining the assembly instruction line address corresponding to the risk problem of the target application program based on the pseudo code line number corresponding to the risk problem of the target application program.
In this embodiment of the present specification, as shown in fig. 8, when the risk problem of the target application is displayed on the display interface, a function corresponding to the risk problem of the target application may also be displayed. Wherein the rule ID is identification information of the rule, and the error information means that the variable pTemp is not initialized before use.
In some embodiments, the risk problem of the target application program may give positioning information such as problem description and function where the problem description is located in the form of a problem list, so as to perform risk early warning. The entire question list supports output in xml format. In addition, the risk issue may also be presented in code segment plus text form.
In an embodiment of the present specification, the method may further include:
and sending the assembly instruction line address corresponding to the risk problem of the target application program to a processor corresponding to the target application program, so that the processor determines a source code file path and a source code line number corresponding to the risk problem of the target application program.
In a specific embodiment, the processor may be a terminal or a server, and the processor may use an addr2line tool under a linux operating system to specify parameters to addresses of corresponding binary files and assembly instruction lines and output corresponding source code file paths and line numbers, for example, as shown in fig. 9, fig. 9 is a schematic diagram illustrating source code file paths and line numbers corresponding to a risk problem; the address of the assembly instruction line corresponding to the first behavior risk problem, the file path and the line number of the source code corresponding to the second behavior risk problem, wherein Cpp refers to C + +, and 197 is the line number corresponding to the source code with the risk problem.
In the embodiment of the present specification, after determining the address of the assembly instruction line where the risk problem is located, the agent sends the address to the application developer, so that the developer further determines the source code corresponding to the risk problem, and the improvement of the source code is facilitated.
As can be seen from the technical solutions provided by the embodiments of the present specification, in the embodiments of the present specification, a binary file corresponding to a target application program is converted into a pseudo code file, a first risk feature in the pseudo code file is determined, and then identification information of at least one corresponding rule is determined based on the first risk feature; further determining identification information of the matched target rule according to the characteristics in the pseudo code file, so that the risk problem of the target application program is determined under the condition that the source code of the target application program cannot be obtained; and each application program has a corresponding pseudo code file, so the technical scheme of the application can comprehensively and accurately detect the risk problems of all application programs.
An embodiment of the present application further provides an apparatus for determining a risk problem of an application, as shown in fig. 10, the apparatus may include:
a binary file obtaining module 1010, configured to obtain a binary file corresponding to a target application program;
an assembly instruction set determining module 1020, configured to perform decompiling on the binary file to obtain an assembly instruction set;
a pseudo code file determining module 1030, configured to convert the assembly instruction set into a pseudo code file;
the identification information determining module 1040 of the target rule is configured to scan the pseudo code file through a preset risk model, and determine the identification information of the target rule corresponding to the pseudo code file; the preset risk model is constructed on the basis of a plurality of rules determined by the sample application program and the corresponding risk problems, and each rule comprises at least one risk characteristic;
a risk problem determination module 1050 configured to determine a risk problem of the target application based on the identification information of the target rule.
In some embodiments, the preset risk model includes a preset risk feature library, and the identification information determination module of the target rule includes:
the first risk characteristic determining unit is used for determining a first risk characteristic of the pseudo code file based on the preset risk characteristic library;
a first identification information determining unit, configured to determine identification information of at least one rule corresponding to the first risk characteristic;
the second risk feature set determining unit is used for determining a second risk feature set in each rule based on the identification information of each rule;
and the second identification information determining unit is used for determining the identification information of the target rule corresponding to the matched second risk feature set when the target feature set matched with any second risk feature set exists in the pseudo-code file.
In some embodiments, the apparatus further comprises:
and the decomposition feature set determining module is used for decomposing the pseudo code file into a plurality of features according to a syntactic structure to obtain a decomposition feature set.
In some embodiments, the first risk characteristic determination unit comprises:
an intersection feature set determining subunit, configured to determine, based on the preset risk feature library and the decomposition feature set, an intersection feature set of the decomposition feature set and the preset risk feature library;
a first determining subunit, configured to determine any feature in the intersection feature set as a first risk feature of the pseudo code file;
correspondingly, the device further comprises:
and searching a target feature matched with any second risk feature set from the intersection feature set based on the first risk feature to obtain a target feature set.
In some embodiments, the apparatus further comprises:
a feature double-linked list construction module for constructing a feature double-linked list based on the decomposition feature set;
correspondingly, the first risk characteristic determination unit comprises:
the second determining subunit is configured to determine, based on the preset risk feature library, any risk feature in the decomposition feature set as the first risk feature of the pseudo code file;
correspondingly, the device further comprises:
and the target feature set determining module is used for searching a target feature matched with any second risk feature set from the feature double-linked list based on the first risk feature to obtain a target feature set.
In some embodiments, the risk issue determination module comprises:
a risk problem searching unit, configured to search a risk problem corresponding to the identification information of the target rule from a preset identification risk problem library, where the preset identification risk problem library includes a mapping relationship between the identification information of the rule and the risk problem;
a risk problem determination unit configured to take a risk problem corresponding to the identification information of the target rule as a risk problem of the target application.
In some embodiments, the apparatus further comprises:
a pseudo code line number determining module, configured to determine a function and a pseudo code line number corresponding to a risk problem of the target application based on the first risk feature and the target feature set;
the assembly instruction line address determining module is used for determining an assembly instruction line address corresponding to the risk problem of the target application program based on the pseudo code line number corresponding to the risk problem of the target application program;
and the assembly instruction line address sending module is used for sending the assembly instruction line address corresponding to the risk problem of the target application program to a processor corresponding to the target application program so that the processor determines the source code file path and the source code line number corresponding to the risk problem of the target application program.
The device and method embodiments in the device embodiment described are based on the same inventive concept.
The present application provides a risk problem determination device for an application program, which includes a processor and a memory, where the memory stores at least one instruction, at least one program, a code set, or a set of instructions, and the at least one instruction, the at least one program, the code set, or the set of instructions is loaded and executed by the processor to implement the risk problem determination method for an application program provided in the above method embodiment.
Embodiments of the present application further provide a computer-readable storage medium, which may be disposed in a terminal to store at least one instruction, at least one program, a code set, or a set of instructions related to implementing a method for determining a risk problem of an application program in the method embodiments, where the at least one instruction, the at least one program, the code set, or the set of instructions are loaded and executed by the processor to implement the method for determining a risk problem of an application program provided in the method embodiments.
Alternatively, in the present specification embodiment, the storage medium may be located at least one network server among a plurality of network servers of a computer network. Optionally, in this embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The memory described in the embodiments of the present disclosure may be used to store software programs and modules, and the processor may execute various functional applications and data processing by operating the software programs and modules stored in the memory. The memory can mainly comprise a program storage area and a data storage area, wherein the program storage area can store an operating system, application programs needed by functions and the like; the storage data area may store data created according to use of the apparatus, and the like. Further, the memory may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory may also include a memory controller to provide the processor access to the memory.
The method for determining the risk problem of the application program provided by the embodiment of the application program can be executed in a mobile terminal, a computer terminal, a server or a similar operation device. Taking the example of running on a server, fig. 11 is a hardware structure block diagram of the server of the risk problem determination method for an application program according to the embodiment of the present application. As shown in fig. 11, the server 1100 may have a relatively large difference due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 1111 (the processor 1111 may include but is not limited to a Processing device such as a microprocessor MCU or a programmable logic device FPGA), a memory 1130 for storing data, and one or more storage media 1120 (e.g., one or more mass storage devices) for storing applications 1123 or data 1122. The memory 1130 and the storage medium 1120 may be, among other things, transient storage or persistent storage. The program stored in the storage medium 1120 may include one or more modules, each of which may include a series of instruction operations for a server. Still further, the central processor 1111 may be configured to communicate with the storage medium 1120, and execute a series of instruction operations in the storage medium 1120 on the server 1100. The server 1100 may also include one or more power supplies 1160, one or more wired or wireless network interfaces 1150, one or more input-output interfaces 1140, and/or one or more operating systems 1121, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.
The input output interface 1140 may be used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the server 1100. In one example, i/o Interface 1140 includes a Network adapter (NIC) that may be coupled to other Network devices via a base station to communicate with the internet. In one example, the input/output interface 1140 can be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
It will be understood by those skilled in the art that the structure shown in fig. 11 is only an illustration and is not intended to limit the structure of the electronic device. For example, server 1100 may also include more or fewer components than shown in FIG. 11, or have a different configuration than shown in FIG. 11.
As can be seen from the embodiments of the method, the apparatus, the server, or the storage medium for determining the risk problem of the application program provided by the present application, the present application converts a binary file corresponding to a target application program into a pseudo code file, determines a first risk feature in the pseudo code file, and then determines identification information of at least one corresponding rule based on the first risk feature; further determining identification information of the matched target rule according to the characteristics in the pseudo code file, so that the risk problem of the target application program is determined under the condition that the source code of the target application program cannot be obtained; and each application program has a corresponding pseudo code file, so the technical scheme of the application can comprehensively and accurately detect the risk problems of all application programs.
It should be noted that: the sequence of the embodiments of the present application is only for description, and does not represent the advantages and disadvantages of the embodiments. And specific embodiments thereof have been described above. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus, device, and storage medium embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference may be made to some descriptions of the method embodiments for relevant points.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (15)

1. A method for risk problem determination for an application, the method comprising:
acquiring a binary file corresponding to a target application program;
decompiling the binary file to obtain an assembly instruction set;
converting the assembly instruction set into a pseudo code file;
scanning the pseudo code file through a preset risk model, and determining identification information of a target rule corresponding to the pseudo code file; the preset risk model is constructed on the basis of a plurality of rules determined by the sample application program and the corresponding risk problems, and each rule comprises at least one risk characteristic;
determining a risk issue for the target application based on the identification information of the target rule.
2. The method according to claim 1, wherein the preset risk model includes a preset risk feature library, and the scanning the pseudo code file through the preset risk model and the determining the identification information of the target rule corresponding to the pseudo code file includes:
determining a first risk characteristic of the pseudo code file based on the preset risk characteristic library;
determining identification information of at least one rule corresponding to the first risk characteristic;
determining a second risk feature set in each rule based on the identification information of each rule;
and when the target feature set matched with any second risk feature set exists in the pseudo-code file, determining the identification information of the target rule corresponding to the matched second risk feature set.
3. The method of claim 2, wherein the step of determining the first risk profile of the pseudocode file based on the library of preset risk profiles is preceded by the method further comprising:
and decomposing the pseudo code file into a plurality of features according to a syntactic structure to obtain a decomposition feature set.
4. The method of claim 3, wherein determining the first risk profile of the pseudocode file based on the library of preset risk profiles comprises:
determining an intersection feature set of the decomposition feature set and the preset risk feature library based on the preset risk feature library and the decomposition feature set;
determining any feature in the intersection feature set as a first risk feature of the pseudo code file;
correspondingly, before the step of determining the identification information of the target rule corresponding to any second risk feature set when the target feature set matching with any second risk feature set exists in the pseudo-code file, the method further includes:
and searching a target feature matched with any second risk feature set from the intersection feature set based on the first risk feature to obtain a target feature set.
5. The method of claim 3, wherein after the step of parsing the pseudo-code file into a plurality of features according to a syntactic structure, resulting in a parsed feature set, the method further comprises:
constructing a feature double-linked list based on the decomposition feature set;
correspondingly, the determining the first risk characteristic of the pseudo code file based on the preset risk characteristic library includes:
determining any risk feature in the decomposition feature set as a first risk feature of the pseudo code file based on the preset risk feature library;
correspondingly, before the step of determining the identification information of the target rule corresponding to any second risk feature set when the target feature set matching with any second risk feature set exists in the pseudo-code file, the method further includes:
and searching a target feature matched with any second risk feature set from the feature double-linked list based on the first risk feature to obtain a target feature set.
6. The method of claim 1, wherein determining the risk issue for the target application based on the identification information of the target rule comprises:
searching a preset identification risk question bank for risk questions corresponding to the identification information of the target rule, wherein the preset identification risk question bank comprises a mapping relation between the identification information of the rule and the risk questions;
and taking the risk problem corresponding to the identification information of the target rule as the risk problem of the target application program.
7. The method of claim 2, further comprising:
determining a function and a pseudo code line number corresponding to a risk problem of the target application program based on the first risk characteristic and the target characteristic set;
determining an assembly instruction line address corresponding to the risk problem of the target application program based on the pseudo code line number corresponding to the risk problem of the target application program;
and sending the assembly instruction line address corresponding to the risk problem of the target application program to a processor corresponding to the target application program, so that the processor determines a source code file path and a source code line number corresponding to the risk problem of the target application program.
8. An apparatus for risk issue determination for an application, the apparatus comprising:
the binary file acquisition module is used for acquiring a binary file corresponding to the target application program;
the assembly instruction set determining module is used for performing decompiling on the binary file to obtain an assembly instruction set;
a pseudo code file determining module for converting the assembly instruction set into a pseudo code file;
the identification information determining module of the target rule is used for scanning the pseudo code file through a preset risk model and determining the identification information of the target rule corresponding to the pseudo code file; the preset risk model is constructed on the basis of a plurality of rules determined by the sample application program and the corresponding risk problems, and each rule comprises at least one risk characteristic;
and the risk problem determining module is used for determining the risk problem of the target application program based on the identification information of the target rule.
9. The apparatus of claim 8, wherein the preset risk model comprises a preset risk feature library, and the identification information determining module of the target rule comprises:
the first risk characteristic determining unit is used for determining a first risk characteristic of the pseudo code file based on the preset risk characteristic library;
a first identification information determining unit, configured to determine identification information of at least one rule corresponding to the first risk characteristic;
the second risk feature set determining unit is used for determining a second risk feature set in each rule based on the identification information of each rule;
and the second identification information determining unit is used for determining the identification information of the target rule corresponding to the matched second risk feature set when the target feature set matched with any second risk feature set exists in the pseudo-code file.
10. The apparatus of claim 9, further comprising:
and the decomposition feature set determining module is used for decomposing the pseudo code file into a plurality of features according to a syntactic structure to obtain a decomposition feature set.
11. The apparatus of claim 10, wherein the first risk characteristic determination unit comprises:
an intersection feature set determining subunit, configured to determine, based on the preset risk feature library and the decomposition feature set, an intersection feature set of the decomposition feature set and the preset risk feature library;
a first determining subunit, configured to determine any feature in the intersection feature set as a first risk feature of the pseudo code file;
correspondingly, the device further comprises:
and searching a target feature matched with any second risk feature set from the intersection feature set based on the first risk feature to obtain a target feature set.
12. The apparatus of claim 10, further comprising:
a feature double-linked list construction module for constructing a feature double-linked list based on the decomposition feature set;
correspondingly, the first risk characteristic determination unit comprises:
the second determining subunit is configured to determine, based on the preset risk feature library, any risk feature in the decomposition feature set as the first risk feature of the pseudo code file;
correspondingly, the device further comprises:
and the target feature set determining module is used for searching a target feature matched with any second risk feature set from the feature double-linked list based on the first risk feature to obtain a target feature set.
13. The apparatus of claim 8, wherein the risk issue determination module comprises:
a risk problem searching unit, configured to search a risk problem corresponding to the identification information of the target rule from a preset identification risk problem library, where the preset identification risk problem library includes a mapping relationship between the identification information of the rule and the risk problem;
a risk problem determination unit configured to take a risk problem corresponding to the identification information of the target rule as a risk problem of the target application.
14. The apparatus of claim 9, further comprising:
a pseudo code line number determining module, configured to determine a function and a pseudo code line number corresponding to a risk problem of the target application based on the first risk feature and the target feature set;
the assembly instruction line address determining module is used for determining an assembly instruction line address corresponding to the risk problem of the target application program based on the pseudo code line number corresponding to the risk problem of the target application program;
and the assembly instruction line address sending module is used for sending the assembly instruction line address corresponding to the risk problem of the target application program to a processor corresponding to the target application program so that the processor determines the source code file path and the source code line number corresponding to the risk problem of the target application program.
15. A computer readable storage medium having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions, which is loaded and executed by a processor to implement the method of risk issue determination for an application according to any one of claims 1 to 7.
CN201911023965.1A 2019-10-25 2019-10-25 Application risk problem determination method and device and storage medium Pending CN112711424A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911023965.1A CN112711424A (en) 2019-10-25 2019-10-25 Application risk problem determination method and device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911023965.1A CN112711424A (en) 2019-10-25 2019-10-25 Application risk problem determination method and device and storage medium

Publications (1)

Publication Number Publication Date
CN112711424A true CN112711424A (en) 2021-04-27

Family

ID=75540767

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911023965.1A Pending CN112711424A (en) 2019-10-25 2019-10-25 Application risk problem determination method and device and storage medium

Country Status (1)

Country Link
CN (1) CN112711424A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112988607A (en) * 2021-05-11 2021-06-18 腾讯科技(深圳)有限公司 Application program component detection method and device and storage medium
CN113377370A (en) * 2021-05-18 2021-09-10 龙芯中科(西安)科技有限公司 File processing method and device, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101814053A (en) * 2010-03-29 2010-08-25 中国人民解放军信息工程大学 Method for discovering binary code vulnerability based on function model
WO2017049800A1 (en) * 2015-09-23 2017-03-30 百度在线网络技术(北京)有限公司 Method and apparatus for detecting loophole code in application
CN106933645A (en) * 2017-01-17 2017-07-07 深圳市能信安科技股份有限公司 A kind of Apk security risks automatic Static auditing system and method
CN107066302A (en) * 2017-04-28 2017-08-18 北京邮电大学 Defect inspection method, device and service terminal
CN110287110A (en) * 2019-06-19 2019-09-27 北京三快在线科技有限公司 The code detection method and device of application program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101814053A (en) * 2010-03-29 2010-08-25 中国人民解放军信息工程大学 Method for discovering binary code vulnerability based on function model
WO2017049800A1 (en) * 2015-09-23 2017-03-30 百度在线网络技术(北京)有限公司 Method and apparatus for detecting loophole code in application
CN106933645A (en) * 2017-01-17 2017-07-07 深圳市能信安科技股份有限公司 A kind of Apk security risks automatic Static auditing system and method
CN107066302A (en) * 2017-04-28 2017-08-18 北京邮电大学 Defect inspection method, device and service terminal
CN110287110A (en) * 2019-06-19 2019-09-27 北京三快在线科技有限公司 The code detection method and device of application program

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112988607A (en) * 2021-05-11 2021-06-18 腾讯科技(深圳)有限公司 Application program component detection method and device and storage medium
CN112988607B (en) * 2021-05-11 2022-02-11 腾讯科技(深圳)有限公司 Application program component detection method and device and storage medium
CN113377370A (en) * 2021-05-18 2021-09-10 龙芯中科(西安)科技有限公司 File processing method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN109117363B (en) Test case generation method and device and server
US11157390B2 (en) Automatic software defect repair
US9262132B1 (en) Incremental local source code analysis
CN108920359B (en) Application program testing method and device, storage medium and electronic device
US20180060415A1 (en) Language tag management on international data storage
EP3690646A1 (en) Correction of translated text in localized applications
CN111078481B (en) Method, device, electronic equipment and storage medium for acquiring configuration checklist
CN112015430A (en) JavaScript code translation method and device, computer equipment and storage medium
US9043651B2 (en) Systematic failure remediation
CN107133165B (en) Browser compatibility detection method and device
EP3779702A1 (en) Electronic device detecting software vulnerability and method for operating same
US10241759B2 (en) Detecting open source components built into mobile applications
CN112328301B (en) Method and device for maintaining consistency of operating environments, storage medium and electronic equipment
CN115827895A (en) Vulnerability knowledge graph processing method, device, equipment and medium
CN112711438A (en) Dependent component information extraction method, dependent component information extraction device, and computer-readable storage medium
CN112711424A (en) Application risk problem determination method and device and storage medium
CN111597069B (en) Program processing method, device, electronic equipment and storage medium
CN113268245A (en) Code analysis method, device and storage medium
WO2023151397A1 (en) Application program deployment method and apparatus, device, and medium
CN109740074B (en) Method, device and equipment for processing parameter configuration information
US20170249238A1 (en) Virtual Test Environment for Webpages with Automation Features
CN112069052A (en) Abnormal object detection method, device, equipment and storage medium
US11650797B2 (en) Cloud portability code scanning tool
CN114816816A (en) Collapse stack information processing method, device, equipment and storage medium
KR20190020363A (en) Method and apparatus for analyzing program by associating dynamic analysis with static analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination