CN113609004A - Static code detection method and system - Google Patents
Static code detection method and system Download PDFInfo
- Publication number
- CN113609004A CN113609004A CN202110809687.3A CN202110809687A CN113609004A CN 113609004 A CN113609004 A CN 113609004A CN 202110809687 A CN202110809687 A CN 202110809687A CN 113609004 A CN113609004 A CN 113609004A
- Authority
- CN
- China
- Prior art keywords
- code
- server
- target
- terminal
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 153
- 230000003068 static effect Effects 0.000 title claims abstract description 39
- 238000000034 method Methods 0.000 claims abstract description 18
- 230000004048 modification Effects 0.000 claims description 29
- 238000012986 modification Methods 0.000 claims description 29
- 230000006870 function Effects 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 9
- 230000000694 effects Effects 0.000 abstract description 4
- 238000004590 computer program Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3608—Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Quality & Reliability (AREA)
- Stored Programmes (AREA)
Abstract
The application relates to a static code detection method and a system, which belong to the technical field of computers, wherein the method is based on a static code detection system, the static code detection system comprises a server and a terminal, and the method comprises the following steps: the server side obtains a software code uploaded by a first terminal, and marks the software code as a code to be tested; the server selects a target scanning engine from a plurality of deployed scanning engines; the server side determines a code writing grammar rule corresponding to the target scanning engine according to the code language to which the target scanning engine belongs; the server side selects the code to be detected and the corresponding code compiling grammar rule to carry out grammar detection; and the server side acquires the writing detection result and sends the writing detection result to the first terminal. The method and the device have the effect of improving the efficiency of detecting the plurality of software codes.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a static code detection method and system.
Background
Currently, when software is developed, codes in the software need to be checked in a way of missing and filling in defects. Static code scanning is a technical means for checking and repairing the missing of software codes by using a scanning tool.
In the related art, static code scanning usually uses a scanning engine to check whether a software code meets a locally pre-stored code writing grammar rule, the scanning engine outputs a scanning result after scanning is completed, and technicians can judge whether a vulnerability exists in the software code according to the scanning result.
The related art described above has the following drawbacks: when the scanning engine scans a plurality of software codes simultaneously, the scanning engine has an upper scanning limit, so that the scanning engine needs to scan the plurality of software codes sequentially, the software codes are scanned one by one and then scanning results are output, and further the scanning efficiency of the scanning engine is low.
Disclosure of Invention
In order to solve the problem that a scanning engine is difficult to scan a plurality of software codes simultaneously, so that the scanning efficiency is low, the application provides a static code detection method.
In a first aspect, the present application provides a static code detection method, which adopts the following technical scheme:
a static code detection method is based on a static code detection system, the static code detection system comprises a server and a terminal, and the method comprises the following steps:
the server side obtains a software code uploaded by a first terminal, and marks the software code as a code to be tested;
the server selects a target scanning engine from a plurality of deployed scanning engines;
the server side determines a code writing grammar rule corresponding to the target scanning engine according to the code language to which the target scanning engine belongs;
the server side selects the code to be detected and the corresponding code compiling grammar rule to carry out grammar detection;
and the server side acquires the writing detection result and sends the writing detection result to the first terminal.
By adopting the technical scheme, the server receives the software codes uploaded by different first terminals, and then distributes the plurality of software codes to different scanning engines according to the code language types, and the scanning engines perform grammar detection on the software codes and feed back the writing detection result to the first terminals, so that the problem that the writing detection result is slow due to the fact that the software codes are scanned one by one can be avoided, and the efficiency of detecting the plurality of software codes is improved.
Optionally, the method further includes:
the server side obtains a target revision request uploaded by a second terminal, wherein the target revision request comprises a target rule item sequence number and target rule revision content;
the server side determines a target code writing grammar rule item pointed by the target rule sequence number in the code writing grammar rule;
the server performs revision processing on the target item based on the target rule revision content.
By adopting the technical scheme, the server identifies the sequence number of the rule item of the target revision request, revises one of the code writing grammar rules needing to be revised against the revision content of the rule, and further reduces the condition that the accuracy of the writing detection result output by comparing the software code with the code writing grammar rules which are not revised is poor, thereby improving the use experience of a user.
Optionally, the obtaining, by the server, a writing detection result and sending the writing detection result to the first terminal includes:
the server side determines that the writing detection result corresponds to at least one piece of modification suggestion data according to the corresponding relation between the pre-stored writing detection result and the modification suggestion data;
and the server side acquires the at least one piece of modification suggestion data and sends the at least one piece of modification suggestion data to the first terminal.
By adopting the technical scheme, different modification suggestion data corresponding to different vulnerabilities in the detection result are compiled, so that a user can modify the software code according to the obtained multiple modification suggestion data, the user can modify the software code conveniently, and the purpose of improving the modification efficiency of the user is achieved.
Optionally, the selecting, by the server, a target scanning engine from the deployed multiple scanning engines includes:
the server side obtains a current login account of the first terminal and determines at least one code language opened by the current login account;
and the server selects a target scanning engine from the deployed scanning engines corresponding to the at least one code language.
By adopting the technical scheme, the account writes the grammar rules corresponding to the corresponding codes, so that the corresponding scanning engine can carry out grammar detection on the software codes, and the software code detection service provider can limit the user according to the account, so that the user can detect the software codes of different languages only when paying to the service provider, and further the purpose of making profits for the service provider is achieved.
Optionally, the acquiring, by the server, the software code uploaded by the first terminal, and marking the software code as a code to be tested includes:
the server side obtains a software code uploaded by a first terminal and determines the time length required by detection of the software code;
if the time length required by the detection of the software code is longer than the preset time length required by the detection, the server divides the software code into a plurality of code segments based on the preset function start-stop character;
and the server marks the code segment as a code to be tested.
By adopting the technical scheme, when the time required by software code detection is longer than the time required by detection set by a service provider, the server identifies the function start-stop characters in the software code and divides the software code into a plurality of code segments, so that on one hand, the possibility of function failure in the software code caused by software code division is reduced, on the other hand, the software code can be divided into a plurality of code segments, the software code can be conveniently distributed to a plurality of scanning engines for simultaneous processing, and the software code processing efficiency is improved.
Optionally, the obtaining, by the server, a writing detection result and sending the writing detection result to the first terminal includes:
the server side obtains a code segment detection result corresponding to the code segment;
the server side collects a plurality of code segment detection results to generate a code segment detection result set;
and the server side sends the code segment detection result set to the first terminal.
By adopting the technical scheme, after the plurality of code segments are scanned, the server side obtains a plurality of code segment detection results, and the plurality of code segment detection results are assembled into a code segment detection result set according to the logic sequence of the software code, so that the condition that the arrangement of the plurality of code segment detection results is messy is reduced, and a user can check the bugs in the software code conveniently.
Optionally, each scan engine is corresponding to one code buffer queue;
the server selects a target scanning engine from a plurality of deployed scanning engines, and the method comprises the following steps:
the server selects a target scanning engine with the minimum total data volume of the codes to be detected in the corresponding code cache queue from the deployed scanning engines;
and the server adds the software code to the tail of a code buffer queue of the target scanning engine.
By adopting the technical scheme, when the scanning engines are all in work, the server side checks the code cache queue with the shortest time required by software code detection in operation, adds the software code to be detected into the code cache queue, reduces the possibility that the software code to be detected is added into the code cache queue by default to cause longer waiting time of the software code to be detected, and further improves the efficiency of detecting the software code.
In a second aspect, the present application provides a static code detection system, which adopts the following technical solutions:
a static code detection system comprises a server and a terminal, wherein the server is used for:
acquiring a software code uploaded by a first terminal, and marking the software code as a code to be detected;
selecting a target scanning engine from a plurality of deployed scanning engines;
determining a code writing grammar rule corresponding to the target scanning engine according to the code language of the target scanning engine;
selecting the code to be detected and a corresponding code compiling grammar rule to carry out grammar detection;
and acquiring a writing detection result, and sending the writing detection result to the first terminal.
By adopting the technical scheme, the condition that the generated writing detection result is slow due to the fact that the software codes are scanned one by one is reduced, and the efficiency of detecting a plurality of software codes is improved.
In a third aspect, the present application provides a static code detection apparatus, which adopts the following technical solution:
optionally, the static code detection apparatus includes a processor and a memory, where at least one instruction, at least one program, a set of codes, or a set of instructions is stored in the memory, and the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the static code detection method according to the first aspect.
By adopting the technical scheme, the processor in the static code detection device can realize the static code detection method according to the related computer program stored in the memory, so that the collaboration among different source information when the server detects the software code is improved, and the effect of detecting the software code rate is improved.
In a fourth aspect, the present application provides a computer-readable storage medium, which adopts the following technical solutions:
optionally, the storage medium has at least one instruction, at least one program, a set of codes, or a set of instructions stored therein, and the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement a static code detection method according to the first aspect
By adopting the technical scheme, the corresponding program can be stored, and the collaboration among different source information when the server side detects the software code is further improved, so that the effect of detecting the software code rate is improved.
In summary, the present application includes at least one of the following beneficial technical effects:
1. the scanning engine acquires a plurality of software codes, then scans the software codes and outputs the compiling detection result to the first terminal, so that the possibility of slow generation of the compiling detection result caused by one-by-one scanning of the software codes is effectively reduced, and the efficiency of detecting the plurality of software codes is easily improved;
2. the server identifies the sequence number of the rule item of the target revision request, and edits one item to be modified in the grammar rule according to the revision content revision code, so that the possibility that the accuracy of an output writing detection result is poor in comparison between the software code and the non-revised code writing grammar rule is reduced, and the use experience of a user is easily improved;
3. and writing corresponding modification suggestion data corresponding to the vulnerability in the detection result, so that the user can modify the software code according to the obtained multiple modification suggestion data, and the user can modify the software code easily, thereby improving the modification efficiency of the user.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a block diagram of a framework structure of a static code detection system according to an embodiment of the present invention.
Fig. 2 is a flowchart of a method for detecting static codes according to an embodiment of the present invention.
Fig. 3 is a block diagram of a framework structure of correspondence between a scanning engine and a code writing grammar rule according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
The embodiment of the invention provides a static code detection method, which can be applied to a static code detection system. The framework structure of the static code detection system can be shown in fig. 1, and it can include a server and a plurality of terminals, specifically, the execution subject of the method can be the server and is implemented by the assistance of the terminals, and the server is used for detecting the software code and feeding back the detection result to the terminals. Specifically, software codes of a plurality of different languages are transmitted to a server, then the server distributes the software codes to corresponding scanning engines, and the scanning engines write grammar rules according to one code in a corresponding database to detect the software codes.
The process flow shown in fig. 2 will be described in detail below with reference to the specific embodiments, and the contents may be as follows:
In an embodiment, a user inputs a software code into a first terminal, wherein the first terminal can be a computer, a tablet and a mobile phone, development software is installed in the first terminal and used for compiling the software code, and a plug-in is installed in the development software and used for uploading the software code to a server. The development software comprises IntelliJ IDEA, Android Studio, Eclipse, Visual Studio Code and Visual Studio. The server receives and arranges the software codes of different language types uploaded by the first terminal, and marks the software codes as codes to be detected. The software code may support a language such as: NET, PHP, C/C + +, Python, JavaScript, Objective-C, swift, go.
In step 202, the server selects a target scan engine from the deployed scan engines.
In an embodiment, a plurality of scan engines are deployed within the server, each scan engine capable of detecting software code in a different language. The server may select a scan engine (e.g., a target scan engine) to detect the software code sent to the server. In addition, the software code detection service side (which can be abbreviated as a service side later) can configure the scanning engines according to the occurrence frequency of the language type of the software code, configure more scanning engines for the language type with higher occurrence frequency, and configure less scanning engines for the language type with lower occurrence frequency, so that the purpose of reducing the cost of the service side is achieved under the condition of meeting the requirement of detecting the software code.
Optionally, when the grammatical rules of the written codes in the database need to be adjusted, the server side obtains a target revision request uploaded by the second terminal, where the target revision request includes a sequence number of a target rule item and revision contents of the target rule. And the server side determines a target code writing grammar rule item pointed by the target rule sequence number in the code writing grammar rule, and performs revision processing on the target item on the basis of the revision content of the target rule.
In an embodiment, the server sends a revision request (e.g., a target revision request) to the server through the second terminal, where the second terminal is configured to send a request for updating the written code syntax rule to the server. The revision request includes a rule item number and rule revision contents. The grammar rules of the writing codes in the database inside the server are divided into a plurality of sub grammar rules (such as the grammar rule items of the writing target codes), and the sub grammar rules comprise sub sequence numbers and the content of the sub grammar rules. The server side judges whether the rule item serial number is the same as the sub serial number or not, and if the rule item serial number is the same as the sub serial number, the server side replaces the sub grammar rule with the corresponding rule revision content.
Optionally, the server acquires a current login account of the first terminal, and determines at least one code language opened by the current login account; the server selects a target scanning engine from the deployed scanning engines corresponding to at least one code language.
In an embodiment, a user obtains a current login account. If a user wants to detect the software code, the user needs to purchase the use authority of the code language capable of identifying the code to be detected from a service provider. And after the purchase is completed, the server grants the use permission of the corresponding code language of the current login account. Similarly, when the user purchases the usage rights of different code languages, the server opens the corresponding usage right of the current login account according to the different code languages. The user sends the software code to the server, and the server identifies the corresponding code language according to the account opened by the user and allocates a corresponding scanning engine (such as a target scanning engine) to the user. And if the language type of the software code uploaded by the user does not accord with the type of the corresponding code writing grammar rule, the server side feeds back the information of the detection failure to the first terminal and displays the information to the user.
Optionally, each scan engine has a corresponding code buffer queue. The server selects a target scanning engine with the minimum total data volume of the codes to be detected in the corresponding code cache queue from the deployed scanning engines, and adds the software codes to the tail of the code cache queue of the target scanning engine.
In an embodiment, there is one code buffer queue for each scan engine. When the code buffer queue is in an idle state, the server randomly distributes the codes to be tested to the idle code buffer queue. When the scanning engines are in a working state, the server compares the total data volume of the codes to be detected in all the code buffer queues, selects the code buffer queue with the minimum total data volume to be detected, and adds the codes to be detected to the tail of the code buffer queue. In addition, when the scanning engines are all in a working state, if the server side simultaneously acquires at least two codes to be detected, the server side compares the total data amount to be detected in all the code cache queues, then sequentially selects the code cache queue with the minimum total data amount to be detected, and sequentially adds the codes to be detected to the code cache queue with the smaller total data amount to be detected according to the data amount. And then the codes to be detected can be pre-distributed to the corresponding scanning engines, so that the time that all the codes to be detected need to be redistributed after the software codes being processed are completed can be effectively saved, and the efficiency of detecting the codes to be detected by the server side is improved.
In the embodiment, after one target scanning engine is selected, a database is further arranged in the server, code writing grammar rules of different code languages are stored in the database, and the server determines that a plurality of scanning engines capable of recognizing the same code language correspond to the code writing grammar rules of the same code language type, so that each scanning engine can detect the corresponding code to be detected according to the code language. The correspondence between the code writing grammar rule and the scan engine is specifically shown in fig. 3.
204, the server side selects a code to be detected and a corresponding code compiling grammar rule to carry out grammar detection;
in the embodiment, after the server side determines the code compiling grammar rule corresponding to the target scanning engine, the scanning engine compiles the grammar rule according to the corresponding code, grammar detection is carried out on the code to be detected in the same language type, after the software code detection is finished, the server side outputs a compiling detection result, the compiling detection result is whether the software code accords with the code compiling grammar rule or not, if one item which does not accord with the code compiling grammar rule exists in the software code, one item which does not accord with the code compiling grammar rule exists in the software code can be marked in the compiling detection result.
Optionally, when the data size of the code to be detected is large, the time for detecting the code to be detected by a single scan engine is long, which results in a decrease in the detection efficiency of the server, and correspondingly, the processing in step 201 may be as follows: the server acquires the software code uploaded by the first terminal, determines the time length required by the detection of the software code, and if the time length required by the detection of the software code is longer than the preset time length required by the detection, the server bases on the preset function start-stop character. The software code is divided into a plurality of code segments, and the code segments are marked as codes to be tested by the server side.
In an embodiment, before the server detects the software codes, the server checks the time length required by the detection of the software codes. When the time length required by the detection of the software code is longer than the preset time length required by the detection, the server side selects the function start-stop character in the code to be detected according to the preset function start-stop character, marks the function start-stop character in the code to be detected, and divides the software code into a plurality of code segments according to the marked function start-stop character, wherein each code segment is a function. The code sections are marked as codes to be detected, and the server distributes the codes to be detected to different scanning engines for detection. Here, the preset time period required for detection is determined according to the needs of the service provider, such as one minute, one hour, and the like.
And step 205, the server side obtains the writing detection result and sends the corresponding writing detection result to the target first terminal.
In the embodiment, after the server selects the code to be detected and the corresponding code compiling grammar rule to carry out grammar detection, the server receives a compiling detection result of the detected code to be detected, the server transmits the compiling detection result to the first terminal, and the first terminal displays the compiling detection result to a user.
Optionally, based on the foregoing that the server divides the software code into a plurality of code segments according to the preset function start-stop character, correspondingly, the processing in step 205 may be as follows: the server side obtains the code segment detection results corresponding to the code segments, and the server side collects the multiple code segment detection results to generate a code segment detection result set. And the server side sends the code segment detection result set to the first terminal.
In the embodiment, after the detection of the plurality of code segments is completed, the server side generates corresponding code segment detection results, the server side sequentially links the plurality of code segment detection results according to the arrangement sequence of the code segments of the original software code and collects the code segment detection results into a code segment detection result set, and the server side sends the code segment detection result set to the first terminal. If no bug occurs in one code segment, the server end defaults not to generate a code segment detection result, and connects the code segment detection results corresponding to the code segments adjacent to the code segment.
Optionally, in order to facilitate the user to modify the bug in the software code, correspondingly, the processing in step 205 may be as follows: and the server determines that the writing detection result corresponds to at least one piece of modification suggestion data according to the corresponding relation between the pre-stored writing detection result and the modification suggestion data. The server side obtains at least one piece of modification suggestion data and sends the at least one piece of modification suggestion data to the first terminal.
In the embodiment, after the server side obtains the writing detection result, the server side determines that each detection result corresponds to one piece of modification suggestion data according to the corresponding relation between the pre-stored detection result and the modification suggestion data. The server checks the types of the vulnerabilities marked in the writing detection result, and then sends modification suggestion data corresponding to the vulnerability types to the first terminal, wherein the modification suggestion data are specifically shown in table 1.
Thus, the first terminal can acquire the modification advice data based on the above-described contents. The modification suggestion data can list repair suggestions with vulnerability levels of severe, high and suggested modification in turn. And if the software code does not have the bug, the server side displays the information without the bug to the first terminal.
By adopting the technical scheme disclosed by the embodiment of the application, the server receives the software codes of different code languages uploaded by the first terminal, and then distributes the plurality of software codes to the scanning engines for identifying the different code languages according to the types of the code languages, and the scanning engines perform grammar detection on the software codes and feed back the writing detection result to the first terminal, so that the slow generation of the writing detection result caused by one-by-one scanning of the software codes can be avoided, and the efficiency of detecting the plurality of software codes can be easily improved.
Based on the same technical concept, the embodiment of the present application further discloses a static code detection system, where the static code detection system includes a server and a terminal, and the server is specifically configured to:
acquiring a software code uploaded by a first terminal, and marking the software code as a code to be detected;
selecting a target scanning engine from a plurality of deployed scanning engines;
determining a code writing grammar rule corresponding to the target scanning engine according to the code language of the target scanning engine;
selecting a code to be detected and a corresponding code compiling grammar rule to carry out grammar detection;
and acquiring a writing detection result, and sending the writing detection result to the first terminal.
Optionally, the server is further specifically configured to: the server side obtains a target revision request uploaded by the second terminal, wherein the target revision request comprises a target rule item sequence number and target rule revision content;
and the server side determines a target code writing grammar rule item pointed by the target rule sequence number in the code writing grammar rule.
The server performs revision processing on the target item based on the target rule revision content.
Optionally, the server is specifically configured to: determining at least one piece of modification suggestion data corresponding to the writing detection result according to the corresponding relation between the pre-stored writing detection result and the modification suggestion data;
and acquiring at least one piece of modification suggestion data, and sending the at least one piece of modification suggestion data to the first terminal.
Optionally, the server is specifically configured to: acquiring a current login account of a first terminal, and determining at least one code language opened by the current login account;
and selecting a target scanning engine from the scanning engines corresponding to the deployed at least one code language.
Optionally, the server is specifically configured to: acquiring a software code uploaded by a first terminal, and determining the time length required by the detection of the software code;
if the time length required by the detection of the software code is longer than the preset time length required by the detection, dividing the software code into a plurality of code segments based on the preset function start-stop character;
the code segment is marked as the code under test.
Optionally, the server is specifically configured to: acquiring a code segment detection result corresponding to the code segment;
the server side collects a plurality of code segment detection results to generate a code segment detection result set;
and the server side sends the code segment detection result set to the first terminal.
Optionally, the server is specifically configured to: selecting a target scanning engine with the minimum total data quantity of codes to be detected in a corresponding code cache queue from a plurality of deployed scanning engines;
software code is added to the end of the code buffer queue of the target scan engine.
The embodiment of the application also discloses a static code detection device which comprises a memory and a processor, wherein the memory is stored with a computer program which can be loaded by the processor and can execute the static code detection method.
The embodiment of the present application further discloses a computer-readable storage medium, which stores a computer program that can be loaded by a processor and execute the static code detection method as described above, and the computer-readable storage medium includes, for example: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above examples are only used to illustrate the technical solutions of the present application, and do not limit the scope of protection of the application. It is to be understood that the embodiments described are only some of the embodiments of the present application and not all of them. All other embodiments, which can be derived by a person skilled in the art from these embodiments without making any inventive step, are within the scope of the present application.
Claims (10)
1. A static code detection method is characterized in that the method is based on a static code detection system, the static code detection system comprises a server and a terminal, and the method comprises the following steps:
the server side obtains a software code uploaded by a first terminal, and marks the software code as a code to be tested;
the server selects a target scanning engine from a plurality of deployed scanning engines;
the server side determines a code writing grammar rule corresponding to the target scanning engine according to the code language to which the target scanning engine belongs;
the server side selects the code to be detected and the corresponding code compiling grammar rule to carry out grammar detection;
and the server side acquires the writing detection result and sends the writing detection result to the first terminal.
2. The method of claim 1, further comprising:
the server side obtains a target revision request uploaded by a second terminal, wherein the target revision request comprises a target rule item sequence number and target rule revision content;
the server side determines a target code writing grammar rule item pointed by the target rule sequence number in the code writing grammar rule;
the server performs revision processing on the target item based on the target rule revision content.
3. The method according to claim 1, wherein the step of the server side obtaining the writing detection result and sending the writing detection result to the first terminal comprises:
the server side determines that the writing detection result corresponds to at least one piece of modification suggestion data according to the corresponding relation between the pre-stored writing detection result and the modification suggestion data;
and the server side acquires the at least one piece of modification suggestion data and sends the at least one piece of modification suggestion data to the first terminal.
4. The method as claimed in claim 1, wherein the selecting, by the server, a target scan engine from the deployed scan engines comprises:
the server side obtains a current login account of the first terminal and determines at least one code language opened by the current login account;
and the server selects a target scanning engine from the deployed scanning engines corresponding to the at least one code language.
5. The method according to claim 1, wherein the step of the server acquiring the software code uploaded by the first terminal and marking the software code as a code to be tested comprises:
the server side obtains a software code uploaded by a first terminal and determines the time length required by detection of the software code;
if the time length required by the detection of the software code is longer than the preset time length required by the detection, the server divides the software code into a plurality of code segments based on the preset function start-stop character;
and the server marks the code segment as a code to be tested.
6. The method according to claim 5, wherein the step of the server side obtaining the writing detection result and sending the writing detection result to the first terminal comprises:
the server side obtains a code segment detection result corresponding to the code segment;
the server side collects a plurality of code segment detection results to generate a code segment detection result set;
and the server side sends the code segment detection result set to the first terminal.
7. The method according to claim 1, wherein each scan engine has a code buffer queue;
the server selects a target scanning engine from a plurality of deployed scanning engines, and the method comprises the following steps:
the server selects a target scanning engine with the minimum total data volume of the codes to be detected in the corresponding code cache queue from the deployed scanning engines;
and the server adds the software code to the tail of a code buffer queue of the target scanning engine.
8. A static code detection system is characterized in that the system comprises a server and a terminal, wherein the server is used for:
acquiring a software code uploaded by a first terminal, and marking the software code as a code to be detected;
selecting a target scanning engine from a plurality of deployed scanning engines;
determining a code writing grammar rule corresponding to the target scanning engine according to the code language of the target scanning engine;
selecting the code to be detected and a corresponding code compiling grammar rule to carry out grammar detection;
and acquiring a writing detection result, and sending the writing detection result to the first terminal.
9. A static code detection apparatus, characterized in that the static code detection apparatus comprises a processor and a memory, wherein at least one instruction, at least one program, a set of codes or a set of instructions is stored in the memory, and the at least one instruction, the at least one program, the set of codes or the set of instructions is loaded and executed by the processor to implement a static code detection method according to any one of claims 1 to 7.
10. A computer readable storage medium having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions, which is loaded and executed by a processor to implement a static code detection method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110809687.3A CN113609004B (en) | 2021-07-17 | 2021-07-17 | Static code detection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110809687.3A CN113609004B (en) | 2021-07-17 | 2021-07-17 | Static code detection method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113609004A true CN113609004A (en) | 2021-11-05 |
| CN113609004B CN113609004B (en) | 2023-11-03 |
Family
ID=78337803
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110809687.3A Active CN113609004B (en) | 2021-07-17 | 2021-07-17 | Static code detection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113609004B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2013225213A (en) * | 2012-04-20 | 2013-10-31 | Toshiba Corp | Bit error detection device, bit error detection method, and bit error detection program |
| CN105404584A (en) * | 2015-11-25 | 2016-03-16 | 广州博冠信息科技有限公司 | LPC static code inspection method, apparatus and system |
| US20160359875A1 (en) * | 2014-12-03 | 2016-12-08 | Korea Internet & Security Agency | Apparatus, system and method for detecting and preventing malicious scripts using code pattern-based static analysis and api flow-based dynamic analysis |
| US9654251B1 (en) * | 2015-12-03 | 2017-05-16 | Qualcomm Incorporated | Joint crosstalk-avoidance and error-correction coding for parallel data busses |
| CN106776728A (en) * | 2016-11-14 | 2017-05-31 | 上海斐讯数据通信技术有限公司 | Code check method, system and development platform based on log file analysis |
| CN107168872A (en) * | 2017-05-11 | 2017-09-15 | 网易(杭州)网络有限公司 | Method, device, storage medium and the processor of code check |
| CN108205493A (en) * | 2016-12-20 | 2018-06-26 | 腾讯科技(深圳)有限公司 | A kind of code detection method, terminal, server and system |
| CN108459962A (en) * | 2018-01-23 | 2018-08-28 | 平安普惠企业管理有限公司 | Code specification detection method, device, terminal device and storage medium |
| CN109857630A (en) * | 2017-11-30 | 2019-06-07 | 阿里巴巴集团控股有限公司 | Code detection method, system and equipment |
| CN111414302A (en) * | 2020-02-28 | 2020-07-14 | 天津车之家数据信息技术有限公司 | Static code quality analysis method and computing device for continuous integration process |
| KR20200112477A (en) * | 2019-03-22 | 2020-10-05 | 한국전력공사 | Source code inspection system and method |
| CN112783749A (en) * | 2019-11-07 | 2021-05-11 | 北京奇虎科技有限公司 | Static code scanning optimization method and device, electronic equipment and storage medium |
-
2021
- 2021-07-17 CN CN202110809687.3A patent/CN113609004B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2013225213A (en) * | 2012-04-20 | 2013-10-31 | Toshiba Corp | Bit error detection device, bit error detection method, and bit error detection program |
| US20160359875A1 (en) * | 2014-12-03 | 2016-12-08 | Korea Internet & Security Agency | Apparatus, system and method for detecting and preventing malicious scripts using code pattern-based static analysis and api flow-based dynamic analysis |
| CN105404584A (en) * | 2015-11-25 | 2016-03-16 | 广州博冠信息科技有限公司 | LPC static code inspection method, apparatus and system |
| US9654251B1 (en) * | 2015-12-03 | 2017-05-16 | Qualcomm Incorporated | Joint crosstalk-avoidance and error-correction coding for parallel data busses |
| CN106776728A (en) * | 2016-11-14 | 2017-05-31 | 上海斐讯数据通信技术有限公司 | Code check method, system and development platform based on log file analysis |
| CN108205493A (en) * | 2016-12-20 | 2018-06-26 | 腾讯科技(深圳)有限公司 | A kind of code detection method, terminal, server and system |
| CN107168872A (en) * | 2017-05-11 | 2017-09-15 | 网易(杭州)网络有限公司 | Method, device, storage medium and the processor of code check |
| CN109857630A (en) * | 2017-11-30 | 2019-06-07 | 阿里巴巴集团控股有限公司 | Code detection method, system and equipment |
| CN108459962A (en) * | 2018-01-23 | 2018-08-28 | 平安普惠企业管理有限公司 | Code specification detection method, device, terminal device and storage medium |
| KR20200112477A (en) * | 2019-03-22 | 2020-10-05 | 한국전력공사 | Source code inspection system and method |
| CN112783749A (en) * | 2019-11-07 | 2021-05-11 | 北京奇虎科技有限公司 | Static code scanning optimization method and device, electronic equipment and storage medium |
| CN111414302A (en) * | 2020-02-28 | 2020-07-14 | 天津车之家数据信息技术有限公司 | Static code quality analysis method and computing device for continuous integration process |
Non-Patent Citations (3)
| Title |
|---|
| 施孟佶: "飞控系统机载代码静态安全检测系统的研究与开发", 《中国优秀硕士学位论文全文数据库 工程科技Ⅱ辑》, pages 031 - 56 * |
| 有雾有水: "静态代码分析工具汇总", pages 1 - 2, Retrieved from the Internet <URL:https://blog.csdn.net/gdhjgfr/article/details/84194313> * |
| 第伍乐超: "编译指导下的静态分析与代码转换策略研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》, pages 138 - 498 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113609004B (en) | 2023-11-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108388514B (en) | Interface automation test method, device, equipment and computer readable storage medium | |
| US20080295069A1 (en) | User-extensible rule-based source code modification | |
| CN108459954B (en) | Application program vulnerability detection method and device | |
| CN111124479B (en) | Method and system for analyzing configuration file and electronic equipment | |
| CN110716866A (en) | Code quality scanning method and device, computer equipment and storage medium | |
| US20130326497A1 (en) | Synchronization point visualization for modified program source code | |
| CN109947651B (en) | Artificial intelligence engine optimization method and device | |
| CN106796525A (en) | On-demand loading dynamic script language codes are used with reducing internal memory | |
| CN112417899A (en) | Character translation method, device, computer equipment and storage medium | |
| CN117009231A (en) | Automatic generation method and device for high-reliability unit test based on conversational large language model | |
| CN110069736A (en) | Page loading method and equipment | |
| US5946493A (en) | Method and system in a data processing system for association of source code instructions with an optimized listing of object code instructions | |
| CN111258562B (en) | Java code quality inspection method, device, equipment and storage medium | |
| CN113051262A (en) | Data quality inspection method, device, equipment and storage medium | |
| CN110134579B (en) | Code checking method and device | |
| CN113609004A (en) | Static code detection method and system | |
| CN113805861B (en) | Code generation method based on machine learning, code editing system and storage medium | |
| CN115357488A (en) | Method and device for automatic testing, electronic equipment and storage medium | |
| US20150220425A1 (en) | Test context generation | |
| CN110633204B (en) | Program defect detection method and device | |
| CN113419957A (en) | Rule-based big data offline batch processing performance capacity scanning method and device | |
| CN112148581A (en) | Code specification checking method, device, system and storage medium | |
| CN116991706B (en) | Vehicle automatic test method, device, equipment and storage medium | |
| CN113760690B (en) | Method, device and computer equipment for analyzing program interface | |
| KR102291948B1 (en) | Apparatus and method for detecting conditional expression fault |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |