CN112733158B - Android system vulnerability detection method, electronic equipment and storage medium - Google Patents
Android system vulnerability detection method, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN112733158B CN112733158B CN202110365057.1A CN202110365057A CN112733158B CN 112733158 B CN112733158 B CN 112733158B CN 202110365057 A CN202110365057 A CN 202110365057A CN 112733158 B CN112733158 B CN 112733158B
- Authority
- CN
- China
- Prior art keywords
- function
- information
- relation
- layer
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/31—Programming languages or programming paradigms
- G06F8/315—Object-oriented languages
Abstract
The invention provides an Android system vulnerability detection method, electronic equipment and a storage medium, which can efficiently, conveniently, comprehensively and accurately realize vulnerability detection. Wherein the method comprises: acquiring a local system file and a source code file of an Android system, and respectively preprocessing the local system file and the source code file to obtain a byte code file and a key source code file; determining a first-level function call relation of a Java layer, a second-level function call relation of a C/C + + layer and an interlayer function incidence relation of the Java layer and the C/C + + layer according to the byte code files and the key source code files in decibels, and constructing a global function call graph of the Android system according to the first-level function call relation and the second-level function call relation; and selecting a vulnerability to be analyzed, and calling and analyzing the method function related to the vulnerability to be analyzed by using the global function call graph to determine whether the vulnerability to be analyzed exists in the Android system.
Description
Technical Field
The present disclosure relates to the field of computer system security technologies, and in particular, to a method for detecting Android system vulnerabilities, an electronic device, and a storage medium.
Background
The Android system is widely applied due to the characteristics of openness, compatibility, convenience and the like, functions and services including instant messaging, mobile payment, video sharing and the like developed and used based on the Android system are more abundant and more diverse, and convenience is brought to life and work of people. However, the security problems that are exposed therewith are increasing.
In the related technology, the research on the security problem of the Android system is mostly concentrated on vulnerability research at the Android system application program level, and the research range relates to communication vulnerability, permission vulnerability, denial of service vulnerability, privacy disclosure vulnerability and the like of the application program. Besides an application program layer, the rectifying frame of the Android system also comprises a Java frame layer, an Android system running layer, a hardware abstraction layer and a Linux kernel layer, and vulnerability research on the Android system level is less. Only a few researches aiming at vulnerability detection at the Android system level are carried out, or blind fuzzy tests are carried out, so that the path coverage rate is low, the vulnerability analysis process is complicated, and the detection efficiency is low; or only static analysis detection is carried out on the Java framework layer, and bugs existing in other components in the whole system layer are difficult to find; or rely on a large number of manual checks in addition to automated analysis, which is highly complex to perform.
Disclosure of Invention
In view of the above, an object of the present disclosure is to provide an Android system vulnerability detection method, an electronic device, and a storage medium.
Based on the above purpose, a first aspect of the present disclosure provides an Android system vulnerability detection method, wherein the Android system includes a Java layer and a C/C + + layer; the method comprises the following steps:
acquiring a local system file corresponding to the Java layer and a source code file corresponding to the C/C + + layer;
decompiling the local system file to determine a byte code file;
determining a file directory corresponding to the source code file, and screening out a key source code file from the source code file according to the file directory;
determining a first-level function call relation of the Java layer according to the byte code file;
determining a second-level function call relation of the C/C + + layer according to the key source code file;
determining an interlayer function incidence relation between the Java layer and the C/C + + layer according to the byte code file and the key source code file;
constructing a global function call graph of the Android system according to the first level function call relation, the second level function call relation and the interlayer function incidence relation;
selecting a vulnerability to be analyzed, and determining at least one related method function according to a system function corresponding to the vulnerability to be analyzed;
and calling and analyzing the method function according to the global function call graph to determine whether the vulnerability to be analyzed exists in the Android system.
In a second aspect of the present disclosure, an electronic device is provided, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and when the processor executes the program, the method of the first aspect is implemented.
In a third aspect of the disclosure, a non-transitory computer-readable storage medium is provided, which stores a set of instructions of an electronic device for causing the electronic device to perform the method of the first aspect.
As can be seen from the above, according to the Android system vulnerability detection method, the electronic device and the storage medium provided by the present disclosure, bytecode files and key source code files corresponding to the Java layer and the C/C + + layer are respectively analyzed to determine a first-level function call relationship of the Java layer, a second-level function call relationship of the C/C + + layer and an inter-layer function association relationship between the Java layer and the C/C + + layer, a function call relationship is constructed according to different characteristics of different levels, and a global function call graph capable of comprehensively covering all levels of the Android system is determined according to the function call relationship; and then, extracting a function call path of the method function in the Android system based on the global function call graph to perform call analysis so as to determine whether a system bug exists. According to the Android system vulnerability detection method, the electronic equipment and the storage medium, firstly, a hierarchy function call relation is established according to different hierarchy characteristics aiming at the whole system, a function incidence relation between hierarchies is further determined, and finally a global function call relation is determined, and call analysis is carried out based on the function call relation to determine whether a system vulnerability exists.
Drawings
In order to more clearly illustrate the technical solutions in the present disclosure or related technologies, the drawings needed to be used in the description of the embodiments or related technologies are briefly introduced below, and it is obvious that the drawings in the following description are only embodiments of the present disclosure, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic diagram of an Android system vulnerability detection method provided in an embodiment of the present disclosure;
fig. 2 is a schematic diagram illustrating a method for determining a first-level function call relationship in an Android system vulnerability detection method according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram illustrating a method for determining a second-level function call relationship in an Android system vulnerability detection method according to an embodiment of the present disclosure;
fig. 4 is a schematic diagram illustrating a method for determining an inter-layer function association relationship in an Android system vulnerability detection method according to an embodiment of the present disclosure;
fig. 5 is a schematic diagram of a method for constructing a global function call graph in an Android system vulnerability detection method provided by the embodiment of the present disclosure;
fig. 6 is a schematic diagram illustrating a method for call analysis of a method function in the Android system vulnerability detection method provided by the embodiment of the present disclosure;
fig. 7 is a schematic view of an electronic device for Android system vulnerability detection provided in an embodiment of the present disclosure.
Detailed Description
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
It is to be noted that technical terms or scientific terms used in the embodiments of the present disclosure should have a general meaning as understood by those having ordinary skill in the art to which the present disclosure belongs, unless otherwise defined. The use of "first," "second," and similar terms in the embodiments of the disclosure is not intended to indicate any order, quantity, or importance, but rather to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect.
The Android system is widely applied due to the characteristics of openness, compatibility, convenience and the like, functions and services including instant messaging, mobile payment, video sharing and the like developed and used based on the Android system are more abundant and more diverse, and convenience is brought to life and work of people. However, the security problems that are exposed therewith are increasing.
In the related technology, the research on the security problem of the Android system is mostly concentrated on vulnerability research at the Android system application program level, and the research range relates to communication vulnerability, permission vulnerability, denial of service vulnerability, privacy disclosure vulnerability and the like of the application program. Besides an application program layer, the rectifying frame of the Android system also comprises a Java frame layer, an Android system running layer, a hardware abstraction layer and a Linux kernel layer, and vulnerability research on the Android system level is less. Only a few researches aiming at vulnerability detection at the Android system level are carried out, or blind fuzzy tests are carried out, so that the path coverage rate is low, the vulnerability analysis process is complicated, and the detection efficiency is low; or only static analysis detection is carried out on the Java framework layer, and bugs existing in other components in the whole system layer are difficult to find; or rely on a large number of manual checks in addition to automated analysis, which is highly complex to perform.
In view of this, in the disclosure, system vulnerability detection is performed on an integral framework of an Android system, the Android system is constructed through a Java layer and a C/C + + layer of the Android system to construct a global function call relationship, and vulnerabilities that may exist in the system are detected based on the call relationship, so that the completeness, accuracy and efficiency of a vulnerability detection scheme can be ensured.
Based on the above thought, the first aspect of the disclosure provides an Android system vulnerability detection method.
The Android system comprises an overall framework, a hardware abstraction layer and a Linux kernel layer, wherein the application layer and the Java framework layer can be divided into Java layers, codes in the Android system running layer, the hardware abstraction layer and the Linux kernel layer are mainly in C/C + + language, and therefore the three layers can be collectively called as the C/C + + layer.
As shown in fig. 1, some optional embodiments of the present disclosure provide an Android system vulnerability detection method, which includes:
s1: and acquiring a local system file corresponding to the Java layer and a source code file corresponding to the C/C + + layer.
S2: and performing decompiling on the local system file to determine a byte code file.
The byte code file is a file obtained by compiling Java layer source codes in an Android system, the type of file is further compiled and stored in the Android device, and the byte code file of the Java layer can be obtained by pulling a local system file corresponding to the Java layer to perform decompiling.
In the previous version of the Android system 5.0, the "frame" framework layer directory can be directly exported from the system directory of the Android device, and the odex file or the dex file in the "frame" framework layer directory is decompiled to obtain the byte code file. Whereas in the Android system 5.0 and later, there is no more dex/odex file in the "frame" directory, but a new boot at file appears in its subdirectory arm or arm64, the at file is a special ELF file that includes the native machine code translated from the dex file and the original dex file content, from which the byte code file can be obtained.
S3: and determining a file directory corresponding to the source code file, and screening out a key source code file from the source code file according to the file directory.
The method mainly focuses on the source code files related to function calling, and selectively focuses on the source code files through analysis of C/C + + layer source codes in the Android system and research on the file directories: the method comprises the following steps of selecting directories of frames/base/core/jni, frames/base/libs/media, frames/native, bionic, libcore, "libnativehelper" and hardware, and selecting source code files corresponding to the directories as the key source code files. It should be noted that the selection of the key source code file is determined according to the specific code content of the source code of the C/C + + layer in the Android system, and the above list is only an exemplary code directory.
S4: and determining a first-level function call relation of the Java layer according to the byte code file.
The class information of a plurality of classes and the function information of a plurality of functions in the Java layer can be determined according to the bytecode file, and accordingly, the relationships between classes, classes and functions, and between functions are determined, and finally, the first-level function call relationship of the Java layer is determined.
S5: and determining a second-level function call relation of the C/C + + layer according to the key source code file.
The key source code file can be analyzed by lexical and syntactic methods to construct an abstract syntax tree, the function call relations and the corresponding function call type information of a plurality of functions of the C/C + + layer are determined according to the node information and the relationship among the nodes in the abstract syntax tree, and the second-level function call relation of the C/C + + layer is further determined.
S6: and determining the interlayer function incidence relation between the Java layer and the C/C + + layer according to the byte code file and the key source code file.
Mapping relations and communication calling relations exist between a plurality of functions of the Java layer and a plurality of functions of the C/C + + layer, the mapping relations and the communication calling relations can be determined according to the byte code files and the key source code files, and the mapping relations and the communication calling relations are further combined to construct the inter-layer function association relations.
S7: and constructing a global function call graph of the Android system according to the first-level function call relation, the second-level function call relation and the interlayer function incidence relation.
S8: and selecting a vulnerability to be analyzed, and determining at least one related method function according to a system function corresponding to the vulnerability to be analyzed.
The method comprises the steps of selecting vulnerabilities one by one from a plurality of vulnerabilities in a preset vulnerability library to serve as vulnerabilities to be analyzed, and determining corresponding system functions according to information such as a forming principle, a vulnerability mechanism and characteristics of the vulnerabilities to be analyzed, namely determining which system functions the Android system may have when the Android system achieves the vulnerabilities to be analyzed. And the Android system function is realized by calling at least one method function. For example, calling a single method function to implement a corresponding method function; or to invoke two or more method functions that are interrelated to each other to implement more complex system functions. Thus, at least one method function involved in the system function may be further determined.
For example, the vulnerability to be analyzed may be a vulnerability with inconsistent Android serialization. Android provides a unique method for realizing serialization through a Parcellable interface, as long as the interface is realized, serialization can be realized for an object of one class and the object can be transmitted through Intent or Binder, wherein two key methods exist: the method comprises the following steps of 'writeToParcel' and 'readFromParcel', wherein the two methods respectively call a series of write methods and read methods in the Parcel class to realize serialization and deserialization, and are shown as follows:
public void writeToParcel(Parcel out, int flags) { out.writeInt(mData);}
public void readFromParcel(Parcel reply) {mData = in.readInt(); }
an attacker may take advantage of this asymmetry to raise privileges if the asymmetry in the data types of the write method invoked upon serialization and the read method invoked upon deserialization causes serious security problems.
Therefore, for the vulnerability of inconsistent Android serialization, the related method functions comprise a 'writeToParcel' method and a 'readFromParcel' method.
S9: and calling and analyzing the method function according to the global function call graph to determine whether the vulnerability to be analyzed exists in the Android system.
Call analysis may be performed by determining a call path of the method function in the global function call graph. When the vulnerability to be analyzed does not exist in the Android system, the calling path of the method function corresponding to the vulnerability to be analyzed is embodied as a normal path, and when the vulnerability to be analyzed exists in the Android system, the calling path of the method function is abnormal, such as unreachable calling path, unmatched calling path, conflicting calling path and the like. In the present disclosure, whether the vulnerability to be analyzed exists may be determined by analyzing a call path of the method function.
The Android system vulnerability detection method comprises the steps of analyzing byte code files and key source code files corresponding to a Java layer and a C/C + + layer respectively to determine a first-level function call relation of the Java layer, a second-level function call relation of the C/C + + layer and an interlayer function incidence relation of the Java layer and the C/C + + layer, constructing the function call relations according to different characteristics of different levels, and accordingly determining a global function call graph capable of comprehensively covering all levels of an Android system; and then, extracting a function call path of the method function in the Android system based on the global function call graph to perform call analysis so as to determine whether a system bug exists. According to the Android system vulnerability detection method, the electronic equipment and the storage medium, firstly, a hierarchy function call relation is established according to different hierarchy characteristics aiming at the whole system, a function incidence relation between hierarchies is further determined, and finally a global function call relation is determined, and call analysis is carried out based on the function call relation to determine whether a system vulnerability exists.
Because dynamic detection is difficult to trigger and apply all logics, a data stream analysis technology required by privacy disclosure detection is difficult to dynamically realize on a high-version Android system, and static data stream analysis does not influence the detection accuracy, the Android system vulnerability detection method disclosed by the invention adopts a static data stream analysis method, so that the detection time can be effectively reduced by colleagues who guarantee the detection result accuracy.
As shown in fig. 2, in the Android system vulnerability detection method provided in some optional embodiments of the present disclosure, determining a first-level function call relationship S4 of the Java layer according to the bytecode file, further includes:
s201: obtaining class information according to the byte code file, and determining a class association relation according to the class information;
the class information comprises class names of a plurality of classes, corresponding parent class names and an interface list;
the determining a class association relationship according to the class information further includes:
associating a plurality of classes with corresponding parent classes according to the class names and the parent class names;
and associating the plurality of classes with the corresponding interfaces according to the interface list.
S202: and acquiring function definition information according to the byte code file, and determining a class inclusion relationship according to the function definition information, wherein the class inclusion relationship refers to the inclusion relationship between a function and a corresponding class.
S203: and acquiring function calling information according to the byte code file, and determining a first inter-function calling relationship of a plurality of functions of the Java layer according to the function calling information.
S204: and constructing a function rewriting relation according to the class association relation and the class inclusion relation.
S205: and determining the calling relationship of the first-level function according to the class incidence relationship, the class inclusion relationship, the calling relationship among the first functions and the function rewriting relationship.
In some optional embodiments of the present disclosure, the information in the bytecode file may be read using a bytecode manipulation framework (e.g., ASM framework).
The bytecode file (. class file) can be read by using a class reader class in the ASM library, then an accept method of the class is called, and a specific class accessor (class visitor) object is accepted, so that the bytecode file is analyzed. And obtaining the class information, the function definition information and the function calling information by utilizing a class accessor, a method accessor and a rewritten class access method, a class access method (visit), a function block access method (visitMethod) and a function calling instruction access method (visitMethodInsn) in the ASM library so as to construct the function calling relationship.
In the Android system, the byte code file of the Java layer is huge, and the function call relationship of a plurality of functions in the corresponding Java layer is also very complex. The bytecode file includes Android library functions and non-Android library functions, wherein the Android library functions need more attention. Therefore, in some optional embodiments of the present disclosure, when the function definition information is obtained according to the bytecode file, the function definition information of the Android library function is obtained; and acquiring function calling information according to the bytecode file, and acquiring the function calling information of the Android library function. And then determining the first-level function calling relationship according to the function definition information of the Android library function and the function calling information of the Android library function.
As shown in fig. 3, in the Android system vulnerability detection method provided in some optional embodiments of the present disclosure, the determining, according to the key source code file, a second-level function call relation S5 of the C/C + + layer further includes:
s301: analyzing the key source code file by using a syntax analysis tool to construct a corresponding abstract syntax tree;
in computer science, syntactic analysis (syntactical analysis) is a process of analyzing an input text composed of a sequence of words (e.g., program code) according to some given formal grammar and determining its grammatical structure. The key source code files may be parsed using a parsing tool to determine the syntax structure of the C/C + + layer. Some optional embodiments of the present disclosure may select an ANTLR parsing tool to analyze the key source code file and construct a corresponding abstract syntax tree. The lister mechanism in the ANTLR parser can implement traversal access to the nodes in the abstract syntax tree.
The nodes in the abstract syntax tree comprise definition nodes, variable nodes, function definition nodes and function calling nodes.
S302: traversing and accessing nodes in the abstract syntax tree to obtain function definition information, function call information and domain information and variable information of a plurality of functions of the C/C + + layer, wherein the function definition information, the function call information and the domain information and the variable information are related to the plurality of functions, and the method comprises the following steps:
analyzing the definitional node to determine the definitional domain information;
analyzing the variable nodes to determine the variable information;
analyzing the function definition node to determine the function definition information;
analyzing the function call node to determine the function call information;
the definition nodes comprise a name space definition node, a class definition node and a structure definition node, and the definition domain information comprises a function definition domain and a field scope.
S303: determining a second inter-function call relationship of a plurality of functions of the C/C + + layer according to the function definition information and the function call information;
s304: determining calling type information of a plurality of functions of the C/C + + layer according to the function calling information, the domain defining information and the variable information, wherein the calling type information comprises a function calling type and related parameter types;
s305: and determining the calling relation of the second level function according to the calling relation between the second functions and the calling type information.
According to the Android system vulnerability detection method, an abstract syntax tree is constructed to access various nodes in a traversing mode so as to obtain function definition information, function calling information and definition domain information and variable information related to a plurality of functions of a C/C + + layer, firstly, the calling relation among the functions of the functions in the C/C + + layer is determined according to the function definition information and the function calling information, and on the basis, the type tracking is carried out on the function calling type and the related parameter type in the function calling information according to the function calling information, the definition domain information and the variable information, so that the function calling relation is used as supplement to the calling relation among the functions, and finally, the second-level function calling relation is determined.
Analyzing the global inter-function call relation of the Android system, and besides analyzing the first-level function call relation of the Java layer and the second-level function call relation of the C/C + + layer, further considering the association relation between Java layer functions and C/C + + layer functions, including the mapping relation between functions and the communication call relation between functions. As shown in fig. 4, in the Android system vulnerability detection method according to some optional embodiments of the present disclosure, the determining an inter-layer function association relationship S6 between the Java layer and the C/C + + layer according to the bytecode file and the key source code file further includes:
s401: analyzing the key source code file by using a syntax analysis tool to construct a corresponding abstract syntax tree;
s402: traversing and accessing Java local interface nodes and registration method nodes in the abstract syntax tree to determine the mapping relation between the Java layer function and the C/C + + layer function and corresponding Java layer function information and C/C + + layer function information;
a mapping relationship between a Java layer function and a C/C + + layer function is recorded in a Java Native Interface (JNI) of the Android system, and specifically, the mapping relationship between the Java layer function and the C/C + + layer function is recorded in a g _ methods variable in a JNI Native method (jnimationmethod) structure.
In the method, the Java native interface node refers to a jnimationmethod structure definition node, and may traverse and access the jnimationmethod structure definition node to extract g _ methods array content, and determine a mapping relationship between Java layer functions and C/C + + layer functions according to the g _ methods array content.
On the basis of the mapping relationship between the Java layer function and the C/C + + layer function, Java layer function information and C/C + + layer function information corresponding to the mapping relationship also need to be further acquired.
The Java layer function information comprises class information of the Java layer function. Class information of the Java method is indicated when JNI registration is performed, and the JNI registration method is generally inside a method named as "register _ package name _ class name". Therefore, the corresponding information can be obtained by traversing and accessing the registration method node. Traversing the method nodes named by 'register _ package name _ class name', acquiring JNI registration function calling statements in the method nodes to determine class information of Java layer functions, and splicing according to the class information to obtain complete Java layer function information.
For example, in some optional embodiments of the present disclosure, traversing the registration method nodes in the abstract syntax tree, the determined JNI registration methods include "register methods oridie", "JNI register methods", "backup totar", "register national methods". The second parameter in these methods is the class information of the Java layer function.
Regarding the C/C + + layer function information, function information of a complete C/C + + layer function corresponding to the Java layer function mapping may be determined through function name matching.
S403: determining a Java local interface mapping relation according to the inter-function mapping relation, the Java layer function information and the C/C + + layer function information;
the Java layer function information and the C/. C + + layer function information are used for completely supplementing the mapping relation between the functions to obtain the JNI mapping relation of the Java native interface.
S404: acquiring an interface definition file of the Android system, determining a plurality of communication interface classes by analyzing the interface definition file, and determining a plurality of agent classes and a plurality of stub classes for realizing the communication interface classes;
s405: associating the proxy class with a homonymous function in the stub class to determine a communication function call relationship;
an Interface Definition file (AIDL) in an Android system defines a communication function Interface, and a Proxy class (Proxy) associated with a client and a Stub class (Stub) associated with a server are automatically generated at the time of compiling.
Accordingly, a plurality of proxy classes and a plurality of stub classes may be determined by parsing the interface definition file to determine a plurality of communication interface classes. The proxy class and the stub class respectively comprise a plurality of functions, all homonymous functions in the plurality of functions of the proxy class and the stub class are connected, and the connection direction points to the functions in the stub class from the functions in the proxy class, so that the proxy class is associated with the homonymous functions in the stub class, and the communication function calling relation is determined.
S406: and determining the inter-layer function incidence relation according to the mapping relation of the Java local interface and the communication function calling relation.
The method comprises the steps of carrying out call analysis on a method function related to a vulnerability to be analyzed, firstly generating a global function call graph according to a global function call relation of the Android system, then determining a call path of the method function in the global function call graph, and analyzing the call path. As shown in fig. 5, in the Android system vulnerability detection method according to some optional embodiments of the present disclosure, the constructing a global function call graph S7 of the Android system according to the first-level function call relationship, the second-level function call relationship, and the inter-layer function association relationship further includes:
s501: taking a plurality of functions related to the first-level function call relation, the second-level function call relation and the inter-layer function incidence relation as function nodes;
s502: adding a directed edge between a calling function node and a called function node in a plurality of function nodes according to the calling relation of the first-level function, the calling relation of the second-level function and the calling relation of the communication function;
s503: and adding directed edges between Java layer function nodes and C/C + + function nodes in the plurality of function nodes according to the mapping relation of the Java local interface.
In some optional embodiments of the present disclosure, the global function call graph may be built using a network graph analysis tool (e.g., a network graph analysis library "NetworkX") that provides classes of graphical objects, generators for creating standard graphs, IO routines for reading existing datasets, algorithms for analyzing graphs, and some basic drawing tools that a user may use to create, manipulate, and learn about complex networks.
A global function call graph g of the Android system can be constructed based on a 'NetworkX' library;
firstly, reading analysis results of a first-level function call relation of a Java layer, a second-level function call relation of a C/C + + layer and an inter-layer function incidence relation, adding function nodes of a caller and a callee into a graph g, and adding a directed edge from the function node of the caller to the function node of the callee, so that the call relations among a plurality of functions in the global function call graph g can be visually displayed;
in addition, mapping relationships also exist among a plurality of functions in the global function call graph g, analysis results of mapping relationships of Java local interfaces can be read, Java function nodes and corresponding C/C + + function nodes are added into the graph g, directed edges are added from the Java function nodes to the corresponding C/C + + function nodes, and the mapping relationships among the functions in the global function call graph g can be visually displayed.
And after the global function call graph is determined, carrying out call analysis on the method function corresponding to the vulnerability to be analyzed based on the global function call graph. As shown in fig. 6, in the Android system vulnerability detection method according to some optional embodiments of the present disclosure, the calling and analyzing the method function according to the global function call graph to determine whether the vulnerability to be analyzed exists in the Android system S9 further includes:
s601: determining a function node corresponding to the method function in the global function call graph;
s602: extracting a corresponding function call path in the global function call graph according to the function node;
the function call path may include a backward function call path, a forward function call path, and a shortest function call path.
Specifically, the function node may be used as a starting point, a depth-first traversal may be performed on the global function call graph g by using a "dfs _ success" method provided by a "network x" library, and a backward function call path may be extracted;
firstly, obtaining a reverse graph reverse _ g of an original global function call graph g by using a reverse _ view method of a 'network X' library, then performing depth-first traversal on the reverse graph reverse _ g by using a 'dfs _ success' method of the 'network X' library by using the function node as a starting point, and extracting to obtain a forward function call path;
when the number of the method functions related to the system function corresponding to the vulnerability to be analyzed is two or more, a plurality of function nodes corresponding to the plurality of method functions can be respectively determined in the global function call graph, and a starting point and an end point can be determined in the plurality of function nodes according to the method functions of the plurality of method functions. And then, acquiring the shortest function call path between the starting point and the end point from the global function call graph g by using a short _ path method provided by a 'NetworkX' library.
For example, for the "inconsistent Android serialization" vulnerability, the process is to construct an Android system global function call graph, and then extract function call paths respectively with the "writetopparcel method function" and the "readfromaprcel" method function as starting points.
S603: and determining an expected call path according to the system function, comparing and detecting the function call path and the expected call path, and determining whether the vulnerability to be analyzed exists according to a comparison and detection result.
The expected calling path refers to a correct calling path when the system has no loophole.
And performing corresponding qualitative analysis on the function call path of the method function according to the vulnerability to be analyzed, for example, performing path reachability judgment, function call path matching comparison and the like, and determining whether the vulnerability to be analyzed exists. For example, for the "inconsistent Android serialization" vulnerability, it is determined whether the function call paths in each "writetopparcel" and "readfrompparcel" method pair are of a type matching, and if not, it is determined that the "inconsistent Android serialization" vulnerability exists.
It should be noted that the method of the embodiments of the present disclosure may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the devices may only perform one or more steps of the method of the embodiments of the present disclosure, and the devices may interact with each other to complete the method.
It should be noted that the above describes some embodiments of the disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Based on the same inventive concept, corresponding to the method of any embodiment, the present disclosure further provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor executes the computer program to implement the method for detecting the Android system vulnerability according to any embodiment.
Fig. 7 is a schematic diagram illustrating a more specific hardware structure of an electronic device according to this embodiment, where the electronic device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute a relevant program to implement the technical solution of the Android system vulnerability detection method provided in the embodiment of the present specification.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
The electronic device of the embodiment is used for implementing the corresponding Android system vulnerability detection method in any one of the embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to any of the above embodiments, the present disclosure further provides a non-transitory computer-readable storage medium storing a computer instruction, where the computer instruction is used to enable the computer to execute the Android system vulnerability detection method according to any of the above embodiments.
Computer-readable media of the present embodiments, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
The computer instructions stored in the storage medium of the foregoing embodiment are used to enable the computer to execute the Android system vulnerability detection method according to any embodiment, and have the beneficial effects of the corresponding method embodiment, which are not described herein again.
It should be noted that the embodiments of the present disclosure can be further described in the following ways:
the Android system vulnerability detection method comprises the steps that an Android system comprises a Java layer and a C/C + + layer; the method comprises the following steps:
acquiring a local system file corresponding to the Java layer and a source code file corresponding to the C/C + + layer;
decompiling the local system file to determine a byte code file;
determining a file directory corresponding to the source code file, and screening out a key source code file from the source code file according to the file directory;
determining a first-level function call relation of the Java layer according to the byte code file;
determining a second-level function call relation of the C/C + + layer according to the key source code file;
determining an interlayer function incidence relation between the Java layer and the C/C + + layer according to the byte code file and the key source code file;
constructing a global function call graph of the Android system according to the first level function call relation, the second level function call relation and the interlayer function incidence relation;
selecting a vulnerability to be analyzed, and determining at least one related method function according to a system function corresponding to the vulnerability to be analyzed;
and calling and analyzing the method function according to the global function call graph to determine whether the vulnerability to be analyzed exists in the Android system.
Optionally, the determining, according to the bytecode file, a first-level function call relationship of the Java layer further includes:
obtaining class information according to the byte code file, and determining a class association relation according to the class information;
acquiring function definition information according to the byte code file, and determining a class inclusion relationship according to the function definition information, wherein the class inclusion relationship refers to the inclusion relationship between a function and a corresponding class;
acquiring function calling information according to the byte code file, and determining a calling relation among first functions of a plurality of functions of the Java layer according to the function calling information;
constructing a function rewriting relation according to the class association relation and the class inclusion relation;
determining the first-level function call relation according to the class association relation, the class inclusion relation, the first inter-function call relation and the function rewrite relation;
the class information comprises class names of a plurality of classes, corresponding parent class names and an interface list;
the determining a class association relationship according to the class information further includes:
associating a plurality of classes with corresponding parent classes according to the class names and the parent class names;
and associating the plurality of classes with the corresponding interfaces according to the interface list.
Optionally, the bytecode file includes an Android library function;
the function definition information is obtained according to the bytecode file, and further function definition information of the Android library function is obtained;
and acquiring function calling information according to the bytecode file, and further acquiring the function calling information of the Android library function.
Optionally, the determining, according to the key source code file, a second-level function call relationship of the C/C + + layer further includes:
analyzing the key source code file by using a syntax analysis tool to construct a corresponding abstract syntax tree;
traversing and accessing nodes in the abstract syntax tree to acquire function definition information, function call information and definition domain information and variable information related to a plurality of functions of the C/C + + layer;
determining a second inter-function call relationship of a plurality of functions of the C/C + + layer according to the function definition information and the function call information;
determining calling type information of a plurality of functions of the C/C + + layer according to the function calling information, the domain defining information and the variable information;
and determining the calling relation of the second level function according to the calling relation between the second functions and the calling type information.
Optionally, the nodes in the abstract syntax tree include definition nodes, variable nodes, function definition nodes, and function call nodes;
the traversing accesses nodes in the abstract syntax tree to obtain function definition information, function call information, and domain information and variable information related to a plurality of functions of the C/C + + layer, and further includes:
analyzing the definitional node to determine the definitional domain information;
analyzing the variable nodes to determine the variable information;
analyzing the function definition node to determine the function definition information;
analyzing the function call node to determine the function call information;
the definition nodes comprise a name space definition node, a class definition node and a structure definition node, and the definition domain information comprises a function definition domain and a field scope.
Optionally, the determining, according to the bytecode file and the key source code file, an inter-layer function association relationship between the Java layer and the C/C + + layer further includes:
analyzing the key source code file by using a syntax analysis tool to construct a corresponding abstract syntax tree;
traversing and accessing Java local interface nodes and registration method nodes in the abstract syntax tree to determine the mapping relation between the Java layer function and the C/C + + layer function and corresponding Java layer function information and C/C + + layer function information;
determining a Java local interface mapping relation according to the inter-function mapping relation, the Java layer function information and the C/C + + layer function information;
acquiring an interface definition file of the Android system, determining a plurality of communication interface classes by analyzing the interface definition file, and determining a plurality of agent classes and a plurality of stub classes for realizing the communication interface classes;
associating the proxy class with a homonymous function in the stub class to determine a communication function call relationship;
and determining the inter-layer function incidence relation according to the mapping relation of the Java local interface and the communication function calling relation.
Optionally, the constructing a global function call graph of the Android system according to the first-level function call relationship, the second-level function call relationship, and the inter-layer function association relationship further includes:
taking a plurality of functions related to the first-level function call relation, the second-level function call relation and the inter-layer function incidence relation as function nodes;
adding a directed edge between a calling function node and a called function node in a plurality of function nodes according to the calling relation of the first-level function, the calling relation of the second-level function and the calling relation of the communication function;
and adding directed edges between Java layer function nodes and C/C + + function nodes in the plurality of function nodes according to the mapping relation of the Java local interface.
Optionally, the calling and analyzing the method function according to the global function call graph to determine whether the vulnerability to be analyzed exists in the Android system, further comprising:
determining a function node corresponding to the method function in the global function call graph;
extracting a corresponding function call path in the global function call graph according to the function node;
determining an expected call path according to the system function, comparing and detecting the function call path and the expected call path, and determining whether the vulnerability to be analyzed exists according to a comparison and detection result;
those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of the present disclosure, also technical features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present disclosure as described above, which are not provided in detail for the sake of brevity.
In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown in the provided figures for simplicity of illustration and discussion, and so as not to obscure the embodiments of the disclosure. Furthermore, devices may be shown in block diagram form in order to avoid obscuring embodiments of the present disclosure, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the embodiments of the present disclosure are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the disclosure, it should be apparent to one skilled in the art that the embodiments of the disclosure can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.
The disclosed embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, equivalents, improvements, and the like that may be made within the spirit and principles of the embodiments of the disclosure are intended to be included within the scope of the disclosure.
Claims (9)
1. The Android system vulnerability detection method comprises the steps that an Android system comprises a Java layer and a C/C + + layer; the method comprises the following steps:
acquiring a local system file corresponding to the Java layer and a source code file corresponding to the C/C + + layer;
decompiling the local system file to determine a byte code file;
determining a file directory corresponding to the source code file, and screening out a key source code file from the source code file according to the file directory;
determining a first-level function call relation of the Java layer according to the byte code file;
determining a second-level function call relation of the C/C + + layer according to the key source code file;
determining an interlayer function incidence relation between the Java layer and the C/C + + layer according to the byte code file and the key source code file;
constructing a global function call graph of the Android system according to the first level function call relation, the second level function call relation and the interlayer function incidence relation;
selecting a vulnerability to be analyzed, and determining at least one related method function according to a system function corresponding to the vulnerability to be analyzed;
calling and analyzing the method function according to the global function call graph to determine whether the vulnerability to be analyzed exists in the Android system;
wherein the determining a second-level function call relationship of the C/C + + layer according to the key source code file further includes:
analyzing the key source code file by using a syntax analysis tool to construct a corresponding abstract syntax tree;
traversing and accessing nodes in the abstract syntax tree to acquire function definition information, function call information and definition domain information and variable information related to a plurality of functions of the C/C + + layer;
determining a second inter-function call relationship of a plurality of functions of the C/C + + layer according to the function definition information and the function call information;
determining calling type information of a plurality of functions of the C/C + + layer according to the function calling information, the domain defining information and the variable information;
and determining the calling relation of the second level function according to the calling relation between the second functions and the calling type information.
2. The method of claim 1, wherein said determining a first level function call relationship of the Java layer from the bytecode file, further comprising:
obtaining class information according to the byte code file, and determining a class association relation according to the class information;
acquiring function definition information according to the byte code file, and determining a class inclusion relationship according to the function definition information, wherein the class inclusion relationship refers to the inclusion relationship between a function and a corresponding class;
acquiring function calling information according to the byte code file, and determining a calling relation among first functions of a plurality of functions of the Java layer according to the function calling information;
constructing a function rewriting relation according to the class association relation and the class inclusion relation;
determining the first-level function call relation according to the class association relation, the class inclusion relation, the first inter-function call relation and the function rewrite relation;
the class information comprises class names of a plurality of classes, corresponding parent class names and an interface list;
the determining a class association relationship according to the class information further includes:
associating a plurality of classes with corresponding parent classes according to the class names and the parent class names;
and associating the plurality of classes with the corresponding interfaces according to the interface list.
3. The method of claim 2, wherein the bytecode file includes an Android library function;
the function definition information is obtained according to the bytecode file, and further function definition information of the Android library function is obtained;
and acquiring function calling information according to the bytecode file, and further acquiring the function calling information of the Android library function.
4. The method of claim 1, wherein the nodes in the abstract syntax tree include definition nodes, variable nodes, function definition nodes, and function call nodes;
the traversing accesses nodes in the abstract syntax tree to obtain function definition information, function call information, and domain information and variable information related to a plurality of functions of the C/C + + layer, and further includes:
analyzing the definitional node to determine the definitional domain information;
analyzing the variable nodes to determine the variable information;
analyzing the function definition node to determine the function definition information;
analyzing the function call node to determine the function call information;
the definition nodes comprise a name space definition node, a class definition node and a structure definition node, and the definition domain information comprises a function definition domain and a field scope.
5. The method of claim 1, wherein said determining an inter-layer function association of said Java layer and said C/C + + layer from said bytecode file and said key source code file, further comprising:
analyzing the key source code file by using a syntax analysis tool to construct a corresponding abstract syntax tree;
traversing and accessing Java local interface nodes and registration method nodes in the abstract syntax tree to determine the mapping relation between the Java layer function and the C/C + + layer function and corresponding Java layer function information and C/C + + layer function information;
determining a Java local interface mapping relation according to the inter-function mapping relation, the Java layer function information and the C/C + + layer function information;
acquiring an interface definition file of the Android system, determining a plurality of communication interface classes by analyzing the interface definition file, and determining a plurality of agent classes and a plurality of stub classes for realizing the communication interface classes;
associating the proxy class with a homonymous function in the stub class to determine a communication function call relationship;
and determining the inter-layer function incidence relation according to the mapping relation of the Java local interface and the communication function calling relation.
6. The method according to claim 5, wherein the constructing the global function call graph of the Android system according to the first-level function call relation, the second-level function call relation and the inter-layer function incidence relation further comprises:
taking a plurality of functions related to the first-level function call relation, the second-level function call relation and the inter-layer function incidence relation as function nodes;
adding a directed edge between a calling function node and a called function node in a plurality of function nodes according to the calling relation of the first-level function, the calling relation of the second-level function and the calling relation of the communication function;
and adding directed edges between Java layer function nodes and C/C + + function nodes in the plurality of function nodes according to the mapping relation of the Java local interface.
7. The method according to claim 1, wherein the call analysis is performed on the method function according to the global function call graph to determine whether the vulnerability to be analyzed exists in the Android system, and further comprising:
determining a function node corresponding to the method function in the global function call graph;
extracting a corresponding function call path in the global function call graph according to the function node;
and determining an expected call path according to the system function, comparing and detecting the function call path and the expected call path, and determining whether the vulnerability to be analyzed exists according to a comparison and detection result.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any one of claims 1 to 7 when executing the program.
9. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110365057.1A CN112733158B (en) | 2021-04-06 | 2021-04-06 | Android system vulnerability detection method, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110365057.1A CN112733158B (en) | 2021-04-06 | 2021-04-06 | Android system vulnerability detection method, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112733158A CN112733158A (en) | 2021-04-30 |
| CN112733158B true CN112733158B (en) | 2021-08-03 |
Family
ID=75596459
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110365057.1A Active CN112733158B (en) | 2021-04-06 | 2021-04-06 | Android system vulnerability detection method, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112733158B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113296834B (en) * | 2021-05-21 | 2023-11-03 | 南京大学 | Android closed source service type information extraction method based on reverse engineering |
| CN113419971B (en) * | 2021-08-25 | 2021-12-14 | 北京邮电大学 | Android system service vulnerability detection method and related device |
| CN115577363A (en) * | 2022-09-15 | 2023-01-06 | 华北电力科学研究院有限责任公司 | Detection method and device for deserialization utilization chain of malicious code |
| CN116881925A (en) * | 2023-07-13 | 2023-10-13 | 广州筑粒信息科技有限公司 | System safety test method and system based on demand analysis |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104732146A (en) * | 2015-04-03 | 2015-06-24 | 上海斐讯数据通信技术有限公司 | Android program bug detection method and system |
| CN109101819A (en) * | 2017-06-21 | 2018-12-28 | 中兴通讯股份有限公司 | A kind of leak detection method and terminal, storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9507945B2 (en) * | 2013-04-01 | 2016-11-29 | The Johns Hopkins University | Method and apparatus for automated vulnerability detection |
-
2021
- 2021-04-06 CN CN202110365057.1A patent/CN112733158B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104732146A (en) * | 2015-04-03 | 2015-06-24 | 上海斐讯数据通信技术有限公司 | Android program bug detection method and system |
| CN109101819A (en) * | 2017-06-21 | 2018-12-28 | 中兴通讯股份有限公司 | A kind of leak detection method and terminal, storage medium |
Non-Patent Citations (1)
| Title |
|---|
| Android 应用程序反编译工具研究与设计;郑兴生;《中国优秀硕士学位论文全文数据库》;20180630(第6期);摘要,第1-2页,第19页第5段-第24页,第31页-37段,图3-1 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112733158A (en) | 2021-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112733158B (en) | Android system vulnerability detection method, electronic equipment and storage medium | |
| US10169034B2 (en) | Verification of backward compatibility of software components | |
| Sen et al. | Jalangi: A selective record-replay and dynamic analysis framework for JavaScript | |
| US11650905B2 (en) | Testing source code changes | |
| CN112256321A (en) | Static library packaging method and device, computer equipment and storage medium | |
| CN110609687A (en) | Compiling method, device, electronic equipment and storage medium | |
| US20140372988A1 (en) | Using a Static Analysis for Configuring a Follow-On Dynamic Analysis for the Evaluation of Program Code | |
| US9569335B1 (en) | Exploiting software compiler outputs for release-independent remote code vulnerability analysis | |
| CN111159301A (en) | Data creating method, device, equipment and storage medium based on intelligent contract | |
| CN112395098A (en) | Application program interface calling method and device, storage medium and electronic equipment | |
| CN115618363B (en) | Vulnerability path mining method and related equipment | |
| CN110727476B (en) | Method, device, equipment and storage medium for generating authorization configuration file | |
| US9519566B2 (en) | Modeling memory use of applications | |
| US11640281B2 (en) | Tool for introspection in object-oriented source code | |
| CN115659344A (en) | Software supply chain detection method and device | |
| CN114625372A (en) | Automatic component compiling method and device, computer equipment and storage medium | |
| CN112380142A (en) | Interface document management method and device and test equipment | |
| CN108089852B (en) | Method, medium, apparatus and computing device for establishing attribute access | |
| CN112733145B (en) | Android application detection and analysis method, electronic equipment and storage medium | |
| CN112068814A (en) | Method, device, system and medium for generating executable file | |
| CN116974581B (en) | Code generation method, device, electronic equipment and storage medium | |
| US20230315862A1 (en) | Method and apparatus for identifying dynamically invoked computer code using literal values | |
| Mahmoud et al. | Compiler-based Web Services code conversion model for different languages of mobile application | |
| CN116185423A (en) | Code reduction method, device, computer equipment and storage medium | |
| CN116738432A (en) | Digital currency wallet security detection method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |