CN113672929A - Vulnerability characteristic obtaining method and device and electronic equipment - Google Patents

Vulnerability characteristic obtaining method and device and electronic equipment Download PDF

Info

Publication number
CN113672929A
CN113672929A CN202010407734.7A CN202010407734A CN113672929A CN 113672929 A CN113672929 A CN 113672929A CN 202010407734 A CN202010407734 A CN 202010407734A CN 113672929 A CN113672929 A CN 113672929A
Authority
CN
China
Prior art keywords
vulnerability
code
file
characteristic
determining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010407734.7A
Other languages
Chinese (zh)
Inventor
陈洪银
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Apollo Zhilian Beijing Technology Co Ltd
Original Assignee
Apollo Zhilian Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Apollo Zhilian Beijing Technology Co Ltd filed Critical Apollo Zhilian Beijing Technology Co Ltd
Priority to CN202010407734.7A priority Critical patent/CN113672929A/en
Priority to KR1020210041412A priority patent/KR102477150B1/en
Priority to JP2021066470A priority patent/JP7231664B2/en
Publication of CN113672929A publication Critical patent/CN113672929A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/079Root cause analysis, i.e. error or fault diagnosis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • G06F11/3612Software analysis for verifying properties of programs by runtime analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/658Incremental updates; Differential updates

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Quality & Reliability (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Biomedical Technology (AREA)
  • Debugging And Monitoring (AREA)
  • Stored Programmes (AREA)

Abstract

The application discloses a vulnerability characteristic obtaining method and device and electronic equipment, and relates to the technical field of information security. The specific implementation scheme is as follows: after vulnerability patch information of the vulnerability is obtained, the type of the vulnerability is determined according to the vulnerability patch information, the type comprises the vulnerability of a code type and the vulnerability of a non-code type, at least one vulnerability characteristic of the vulnerability is extracted according to a vulnerability analysis engine corresponding to the type of the vulnerability, and the at least one vulnerability characteristic of the vulnerability is sent to the electronic equipment. The vulnerability characteristics of the vulnerability can be acquired online, the acquisition efficiency of the vulnerability characteristics is improved, manual analysis is not needed to acquire the vulnerability characteristics, and the maintenance cost of a system vulnerability library is reduced.

Description

Vulnerability characteristic obtaining method and device and electronic equipment
Technical Field
The application relates to the technical field of computers, in particular to the technical field of information security.
Background
In the field of information security, a vulnerability refers to a vulnerability or defect in a system, the susceptibility of a system to a particular threat attack or hazardous event, or the possibility of a threatening action to perform an attack. The bugs may come from defects in the design of application software or operating systems or errors in the encoding, or may come from design defects of services in the interactive processing process or unreasonable positions on the logic flow. These defects, errors or irrationales may be exploited, intentionally or unintentionally, to adversely affect the assets or operations of an organization, such as the information system being attacked or controlled, important material being stolen, user data being tampered with, the system being used as a springboard to intrude into other host systems. The vulnerability characteristics are information representing the vulnerability, one vulnerability has a plurality of vulnerability characteristics, and for the Android system, how to obtain the vulnerability characteristics of the known vulnerability is extremely important for system security analysis.
In the prior art, for example, a vulnerability scanned by vulnerability scanning is a vulnerability characteristic of each vulnerability through manual analysis, when each vulnerability characteristic is detected, a corresponding characteristic detection code is compiled according to the vulnerability characteristic, and the characteristic detection code is run on a target machine to be detected, so as to detect whether the vulnerability characteristic exists. If the vulnerability appearing in the system is updated, the vulnerability characteristics need to be manually analyzed again to execute the subsequent detection process, and the vulnerability characteristics are not obtained efficiently.
Disclosure of Invention
The vulnerability characteristic obtaining method and device and the electronic equipment can achieve online obtaining of the vulnerability characteristic of the vulnerability and improve obtaining efficiency of the vulnerability characteristic.
According to a first aspect, a vulnerability characteristic obtaining method is provided, which includes:
after vulnerability patch information of a vulnerability is obtained, determining the type of the vulnerability according to the vulnerability patch information, wherein the type comprises the vulnerability of a code type and the vulnerability of a non-code type;
extracting at least one vulnerability characteristic of the vulnerability according to a vulnerability analysis engine corresponding to the type of the vulnerability;
and sending at least one vulnerability characteristic of the vulnerability to the electronic equipment.
According to the technology of the application, after the vulnerability patch information of the vulnerability is obtained, whether the vulnerability is a code type vulnerability or a non-code type vulnerability is determined according to the vulnerability patch information, then at least one vulnerability characteristic of the vulnerability is extracted according to a vulnerability analysis engine corresponding to the type of the vulnerability, and finally the at least one vulnerability characteristic of the vulnerability is sent to the electronic equipment. The different types of vulnerabilities correspond to different vulnerability analysis engines which are pre-established according to the different types of vulnerabilities, so that online vulnerability characteristics of the vulnerabilities can be obtained, vulnerability characteristic obtaining efficiency is improved, vulnerability characteristics do not need to be obtained through manual analysis, and maintenance cost of a system vulnerability library is reduced.
According to a second aspect, there is provided a vulnerability characteristic acquisition apparatus, including:
the acquisition module is used for acquiring vulnerability patch information of the vulnerability;
the determining module is used for determining the type of the vulnerability according to the vulnerability patch information, wherein the type comprises vulnerability of a code type and vulnerability of a non-code type;
the extracting module is used for extracting at least one vulnerability characteristic of the vulnerability according to a vulnerability analysis engine corresponding to the type of the vulnerability;
and the sending module is used for sending at least one vulnerability characteristic of the vulnerability to the electronic equipment.
According to the technology of the application, after the module is obtained to obtain the vulnerability patch information of the vulnerability, whether the vulnerability is the vulnerability of a code type or a non-code type is determined according to the vulnerability patch information, then the extraction module extracts at least one vulnerability characteristic of the vulnerability according to a vulnerability analysis engine corresponding to the type of the vulnerability, and finally the sending module sends the at least one vulnerability characteristic of the vulnerability to the electronic equipment. The different types of vulnerabilities correspond to different vulnerability analysis engines which are pre-established according to the different types of vulnerabilities, so that online vulnerability characteristics of the vulnerabilities can be obtained, vulnerability characteristic obtaining efficiency is improved, vulnerability characteristics do not need to be obtained through manual analysis, and maintenance cost of a system vulnerability library is reduced.
According to a third aspect, there is provided an electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of the first aspect.
According to a fourth aspect, there is provided a non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of the first aspect.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not intended to limit the present application. Wherein:
fig. 1 is a schematic view of an application scenario of the present application;
fig. 2 is a flowchart of a first vulnerability characteristic obtaining method provided in the present application;
fig. 3 is a flowchart of a second vulnerability characteristic obtaining method provided by the present application;
fig. 4 is a flowchart of a third vulnerability characteristic obtaining method provided by the present application;
fig. 5 is a flowchart of a fourth exemplary embodiment of a vulnerability profile obtaining method provided in the present application;
fig. 6 is a schematic structural diagram of a vulnerability characteristic acquisition apparatus provided in the present application;
fig. 7 is a schematic structural diagram of a vulnerability characteristic acquisition apparatus provided in the present application;
fig. 8 is a schematic structural diagram of a vulnerability characteristic acquisition apparatus provided in the present application;
fig. 9 is a block diagram of an electronic device for implementing the vulnerability characteristic acquisition method according to the embodiment of the present application.
Detailed Description
The following description of the exemplary embodiments of the present application, taken in conjunction with the accompanying drawings, includes various details of the embodiments of the application for the understanding of the same, which are to be considered exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present application. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
In this application, the terms "exemplary" or "such as" are used to indicate that any embodiment or aspect described as "exemplary" or "such as" in this application is not to be construed as preferred or advantageous over other embodiments or aspects. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
In the prior art, the way of acquiring the vulnerability characteristics is to manually analyze the vulnerability characteristics of the vulnerability, and if the vulnerability appearing in the system is updated, the vulnerability characteristics need to be manually analyzed again, so that the vulnerability characteristics are not high in acquisition efficiency, and the maintenance cost of the vulnerability database is high. In order to solve the problem, different vulnerability analysis engines are established in advance according to different types of vulnerabilities, different vulnerability analysis engines are used for analyzing and extracting vulnerability characteristics of the vulnerabilities of different types, after vulnerability patch information of the vulnerabilities is obtained, the types of the vulnerabilities are determined according to the vulnerability patch information, at least one vulnerability characteristic of the vulnerabilities is extracted according to the vulnerability analysis engine corresponding to the types of the vulnerabilities, and the at least one vulnerability characteristic of the vulnerabilities is sent to electronic equipment for the electronic equipment to perform vulnerability detection. Therefore, online vulnerability characteristics of the vulnerability can be acquired, the acquisition efficiency of the vulnerability characteristics is improved, and the maintenance cost of the system vulnerability database is reduced. A specific implementation process of the vulnerability characteristic acquisition method according to the embodiment of the present application is described in detail below with reference to the accompanying drawings.
First, some terms in the embodiments of the present application are explained below to facilitate understanding by those skilled in the art.
1. And the vulnerability characteristics are information for representing the vulnerability, when the vulnerability is a code type vulnerability, the vulnerability characteristics are difference information between a source code of the vulnerability and a repair code of the vulnerability, and when the vulnerability is a non-code type vulnerability, the vulnerability characteristics are change information of a source file of the vulnerability and a repair file of the vulnerability.
2. The operation entity is an application program (APP) or system software corresponding to the code file when the android system operates, and the application program is various application programs, such as a social application program, a shopping application program and the like.
3. The target testing machine cluster is a plurality of target testing machines, and is a testing machine which is constructed according to different android system versions, different processor architecture platforms and different security patch versions and is used for testing vulnerability characteristics, and each target testing machine corresponds to one android system version, one processor architecture platform and one security patch version.
Fig. 1 is a schematic view of an application scenario of the present application, as shown in fig. 1, the vulnerability obtaining apparatus provided in the present application is used for obtaining vulnerability characteristics of a known vulnerability or vulnerability characteristics of a known vulnerability and a running entity corresponding to each vulnerability characteristic, where the running entity may be an application program (APP) or system software, where the application program is, for example, a social application program, a shopping application program, and the like, and the known vulnerability is, for example, a vulnerability of an android system scanned by vulnerability scanning software or a vulnerability in a post issued by an android official website. The vulnerability characteristics or vulnerability characteristics of the vulnerability acquired by the vulnerability characteristic acquisition device and the corresponding running entity can be used for vulnerability detection, and the whole vulnerability detection is realized in a vulnerability characteristic-driven mode, which can include: java reflection mechanism, decompilation (oatdump), etc. Specifically, the existing detection method may be adopted, for example, when each vulnerability characteristic is detected, the corresponding characteristic detection code is compiled according to the vulnerability characteristic, the characteristic detection code is run on the corresponding running entity on the tested electronic device (if no running entity exists, the characteristic detection code is run on each running entity on the electronic device in sequence), and whether the vulnerability characteristic exists is detected, so as to achieve the purpose of detecting the vulnerability. The electronic device to be tested may be an electronic device using an Android (Android) software system, such as a mobile phone, a palm computer, or a vehicle-mounted device. The vulnerability characteristic obtaining device can obtain vulnerability characteristics of known vulnerabilities of the android system on line, and if vulnerabilities appearing in the android system are updated, vulnerability characteristics of the updated vulnerabilities can be obtained in real time, obtaining efficiency of the vulnerability characteristics is improved, and maintenance cost of a system vulnerability library is reduced. The following describes the vulnerability characteristic obtaining process in detail with reference to the accompanying drawings.
Fig. 2 is a flowchart of a first embodiment of a vulnerability characterizing method provided in the present application, where an executing subject in the present embodiment may be the vulnerability characterizing device shown in fig. 1, and the vulnerability characterizing device may be a hardware device or a software module, as shown in fig. 2, the method of the present embodiment may include:
s101, after vulnerability patch information of the vulnerability is obtained, determining the type of the vulnerability according to the vulnerability patch information, wherein the type comprises the vulnerability of a code type and the vulnerability of a non-code type.
The vulnerability patch information of the vulnerability can be obtained from Android management network security announcement information, specifically, the Android management network security announcement information includes information of the vulnerability such as identification, reference number, type, severity, and updated Android Open Source code Project (AOSP) version of the public vulnerability and exposure (CVE), and the following table one is a content example of the security announcement information: the reference number carries a link of the vulnerability patch information, the type is remote command or code execution (RCE), and the severity includes high, medium and low.
Watch 1
Figure BDA0002492018690000051
Acquiring vulnerability patch information of a vulnerability, firstly determining a corresponding reference number according to an identifier of the vulnerability, and acquiring the corresponding vulnerability patch information according to the reference number. After the vulnerability patch information of the vulnerability is obtained, whether the type of the vulnerability is the vulnerability of a code type or the vulnerability of a non-code type can be determined. If the vulnerability patch information of the vulnerability comprises a source code of the vulnerability and a repair code of the vulnerability, determining that the type of the vulnerability is the vulnerability of the code type; if the vulnerability patch information of the vulnerability includes a source file of the vulnerability and a repair file of the vulnerability, the type of the vulnerability can be determined to be a non-code type vulnerability.
It should be noted that, if the security bulletin information includes a plurality of vulnerabilities, vulnerability patch information of the plurality of vulnerabilities may be obtained at a time, and for each vulnerability, vulnerability characteristics of each vulnerability are obtained respectively. If one vulnerability is updated in the security announcement information within a period of time, vulnerability patch information of the vulnerability is acquired at one time, and then the subsequent process is executed to acquire vulnerability characteristics of the vulnerability.
Optionally, the vulnerability patch information of the vulnerability in the security bulletin information may be periodically obtained according to a preset time, where the preset time may be half a month, one month, 3 months, or 6 months, and the like, and if there is an updated vulnerability, the security bulletin information may be tracked in real time to obtain the vulnerability patch information of the updated vulnerability, and then a subsequent process is executed to obtain vulnerability characteristics of the updated vulnerability.
S102, extracting at least one vulnerability characteristic of the vulnerability according to a vulnerability analysis engine corresponding to the type of the vulnerability.
Specifically, different types of vulnerabilities correspond to different vulnerability analysis engines, vulnerabilities of code types correspond to code analysis engines, and codes of different languages correspond to different code analysis engines, such as a C/C + + code analysis engine, a Java code analysis engine, a kernel code analysis engine, and the like. The vulnerability of the non-code type corresponds to a file analysis engine, such as a configuration file analysis engine.
Specifically, if the vulnerability analysis engine corresponding to the type of the vulnerability is a C/C + + code analysis engine, analyzing vulnerability patch information of the vulnerability through the C/C + + code analysis engine, and extracting characteristics of the vulnerability; if the vulnerability analysis engine corresponding to the type of the vulnerability is a Java code analysis engine, analyzing vulnerability patch information of the vulnerability through the Java code analysis engine, and extracting characteristics of the vulnerability; if the vulnerability analysis engine corresponding to the type of the vulnerability is a kernel code analysis engine, analyzing vulnerability patch information of the vulnerability through the kernel code analysis engine, and extracting characteristics of the vulnerability; if the vulnerability analysis engine corresponding to the type of the vulnerability is a configuration file analysis engine, analyzing vulnerability patch information of the vulnerability through the configuration file analysis engine, and extracting characteristics of the vulnerability. Different vulnerability analysis engines analyze and extract vulnerability characteristics of the vulnerability in different processes.
The vulnerability has at least one vulnerability characteristic, and if a plurality of vulnerabilities exist, the vulnerability characteristics of the vulnerabilities form a vulnerability characteristic set.
For the vulnerability of the code type, the vulnerability characteristics may be, for example, increase or decrease of the function symbol, class or class visible member definition, increase or decrease of a unique character string in the code file, change of the code execution stream (for example, jump to the library function XX is added), and the like. For a non-code type vulnerability, the vulnerability characteristics may be, for example, any of an addition of a string characteristic, a deletion of a string characteristic, a modification of a string characteristic, an addition of a file, and a deletion of a file, where an addition or deletion of a file may be an addition or deletion of a library.
S103, at least one vulnerability characteristic of the vulnerability is sent to the electronic equipment.
Specifically, at least one vulnerability characteristic of the vulnerability is sent to the electronic device for vulnerability detection by the electronic device.
According to the vulnerability feature obtaining method provided by the embodiment, after vulnerability patch information of a vulnerability is obtained, whether the vulnerability is a code type vulnerability or a non-code type vulnerability is determined according to the vulnerability patch information, then at least one vulnerability feature of the vulnerability is extracted according to a vulnerability analysis engine corresponding to the type of the vulnerability, and finally the at least one vulnerability feature of the vulnerability is sent to electronic equipment. The different types of vulnerabilities correspond to different vulnerability analysis engines which are pre-established according to the different types of vulnerabilities, so that online vulnerability characteristics of the vulnerabilities can be obtained, vulnerability characteristic obtaining efficiency is improved, vulnerability characteristics do not need to be obtained through manual analysis, and maintenance cost of a system vulnerability library is reduced.
Fig. 3 is a flowchart of a second embodiment of the vulnerability characterizing obtaining method provided in the present application, where an executing subject in the present embodiment may be the vulnerability characterizing obtaining apparatus shown in fig. 1, as shown in fig. 3, the method of the present embodiment may further include, on the basis of the method shown in fig. 2, before S103:
s104, for each vulnerability characteristic in at least one vulnerability characteristic of the vulnerability, determining a running entity of the vulnerability characteristic according to a source code of the vulnerability characteristic or a code file where a source file is located, and obtaining the vulnerability characteristic and the running entity of the vulnerability.
Specifically, the running entity is an application program (APP) or system software corresponding to the code file when the android system runs, if only vulnerability characteristics are sent to the electronic device, the running entity needs to be tried during detection, the detection is slow, the vulnerability characteristics of the vulnerability are obtained through S102, the running entity of each vulnerability characteristic needs to be determined for subsequent vulnerability detection, and each vulnerability determines the running entity corresponding to the vulnerability, so that the vulnerability detection efficiency can be improved. And obtaining a source code or a source file of the vulnerability according to the vulnerability patch information of the vulnerability, wherein the source code corresponds to the vulnerability of the code type, and the source file corresponds to the vulnerability of the non-code type. It should be noted that, if there are multiple vulnerability characteristics of one vulnerability, the running entities of the multiple vulnerability characteristics may be the same or different.
Correspondingly, S103 may specifically be: s103', at least one vulnerability characteristic of the vulnerability and the corresponding running entity are sent to the electronic equipment.
According to the vulnerability feature obtaining method provided by the embodiment, after vulnerability patch information of a vulnerability is obtained, whether the vulnerability is a code type vulnerability or a non-code type vulnerability is determined according to the vulnerability patch information, then at least one vulnerability feature of the vulnerability is extracted according to a vulnerability analysis engine corresponding to the type of the vulnerability, then for each extracted vulnerability feature, a running entity of the vulnerability feature is determined according to a code file where a source code or a source file of the vulnerability feature is located, and finally at least one vulnerability feature of the vulnerability and the corresponding running entity are sent to electronic equipment. The different types of vulnerabilities correspond to different vulnerability analysis engines which are pre-established according to the different types of vulnerabilities, so that online vulnerability characteristics and corresponding operation entities of the vulnerabilities can be obtained, the vulnerability characteristic obtaining efficiency is improved, manual analysis is not needed for obtaining the vulnerability characteristics, and the maintenance cost of a system vulnerability library is reduced.
Fig. 4 is a flowchart of a third embodiment of the vulnerability characteristic obtaining method provided in the present application, where an execution subject in the present embodiment may be the vulnerability characteristic obtaining apparatus shown in fig. 1, and as shown in fig. 4, the method of the present embodiment may include:
s201, after acquiring vulnerability patch information of the vulnerability, determining the type of the vulnerability according to the vulnerability patch information, wherein the type comprises the vulnerability of a code type and the vulnerability of a non-code type.
The vulnerability patch information of the vulnerability can be obtained from the security announcement information of the android pipe network, and the specific obtaining process can refer to the description of S101, which is not described herein again. If the vulnerability patch information of the vulnerability comprises a source code of the vulnerability and a repair code of the vulnerability, and the type of the vulnerability can be determined to be the vulnerability of the code type, S202 is executed; if the vulnerability patch information of the vulnerability includes a source file of the vulnerability and a repair file of the vulnerability, and it can be determined that the type of the vulnerability is a non-code type vulnerability, S203 is executed.
S202, extracting at least one vulnerability characteristic of the vulnerability according to a vulnerability analysis engine corresponding to the vulnerability of the code type.
The vulnerability of the code type corresponds to a code analysis engine, and codes of different languages correspond to different code analysis engines, such as a C/C + + code analysis engine, a Java code analysis engine, a kernel code analysis engine and the like.
As a practical way, S202 may be: executing the following operations through a vulnerability analysis engine corresponding to the vulnerability of the code type:
s2021, performing syntax analysis of the corresponding coding language on the source code of the bug and the repair code of the bug, and determining at least one difference information of the source code of the bug and the repair code of the bug according to a result of the syntax analysis, where the difference information is, for example, an increase or decrease defined by a function symbol, a class, or a visible member of a class, or an increase or decrease of a unique character string in a code file, or a code execution stream change (for example, a jump to the library function XX is added), or the like.
S2022, determining vulnerability characteristics of the vulnerability according to at least one difference information, wherein one difference information corresponds to one vulnerability characteristic, namely determining one difference information as one vulnerability characteristic after determining the difference information.
Take the vulnerability patch information of one vulnerability as an example:
---a/src/android、SkAandroidFrameworkUtils.cpp
+++b src/android、SkAandroidFrameworkUtils.cpp
@@-17,7+17,9@@
#include“effects/GrDisableColorXP.h”
#endif//SK_SUPPORT_GPU
-#ifdef SK_BUILD_FOR_ANDROID
+#ifdef SK_BUILD_FOR_ANDROID_FRAMWORK
+
+#include<log/log.h>
#if SK_SUPPORT_GPU
Bool SkAndroidFrameworkUtils::clipWithStencil(skcanvas*canvas){
@@-52,5+54,9@@
}
#end if//SK_SUPPORT_GPU
–end if//SK_BUILD_FOR_ANDROID
+void SKAndroidFrameworkUtils::safet8Netlog(const char*bugNumber)
{
+android_errorwritelog(0x534e4554,bugNumber);
+}
+
+#end if//SK_BUILD_FOR_ANDROID_FRAMWORK
in the vulnerability patch information of the vulnerability, the code with the code front of "-" is the source code of the vulnerability, the code with the code front of "+" is the repair code of the vulnerability, and the repair code is a section of the code "
–end if//SK_BUILD_FOR_ANDROID
+void SKAndroidFrameworkUtils::safet8Netlog(const char*bugNumber)
{
+android_errorwritelog(0x534e4554,bugNumber);”
The method 'void SKAndriod FrameworkUtils' added in the corresponding class realization can be analyzed, and 'void 8 Networks' is a vulnerability characteristic.
In the embodiment, the source code of the vulnerability and the repair code of the vulnerability are subjected to syntactic analysis of the corresponding coding language through the vulnerability analysis engine corresponding to the vulnerability of the code type, at least one difference information of the source code of the vulnerability and the repair code of the vulnerability is determined according to the syntactic analysis result, and one difference information is determined as a vulnerability characteristic, so that the vulnerability characteristic of the vulnerability of the code type can be obtained on line, and the obtaining efficiency of the vulnerability characteristic is improved.
S203, extracting at least one vulnerability characteristic of the vulnerability according to the vulnerability analysis engine corresponding to the vulnerability of the non-code type.
The vulnerability of the non-code type corresponds to a file analysis engine, such as a configuration file analysis engine. As an implementable manner, S203 may be: executing the following operations through a vulnerability analysis engine corresponding to the vulnerability of the non-code type:
s2031, determining at least one piece of change information of a source file of the vulnerability and a repair file of the vulnerability, wherein the change information comprises any one of character string feature addition, character string feature deletion, character string feature modification, file addition and file deletion, and the file addition or deletion can be library addition or deletion.
S2032, determining a code file where the source file of the vulnerability is located, and searching whether each piece of change information in at least one piece of change information in the code file where the source file of the vulnerability is located has uniqueness.
S2033, determining the change information with uniqueness as the vulnerability characteristics of the vulnerability.
In the embodiment, change information between a source file of the vulnerability and a repair file of the vulnerability is determined through a vulnerability analysis engine corresponding to the vulnerability of a non-code type, whether each piece of change information has uniqueness is searched in a code file where the source file of the vulnerability is located, and the change information with the uniqueness is determined as the vulnerability characteristic of the vulnerability. Therefore, the vulnerability characteristics of the vulnerability of the non-code type can be acquired online, and the acquisition efficiency of the vulnerability characteristics is improved.
S204, for each vulnerability characteristic in at least one vulnerability characteristic of the vulnerability, determining a running entity of the vulnerability characteristic according to a source code of the vulnerability characteristic or a code file where a source file is located, and obtaining the vulnerability characteristic and the running entity of the vulnerability.
As an implementable manner, determining an operation entity of the vulnerability characteristics according to the source code of the vulnerability characteristics or the code file where the source file is located may specifically be:
s2041, determining a source code of the vulnerability characteristics or a code file where the source file is located.
S2042, searching for an operation entity of the code file from the compiling configuration file of the code file, and determining an operation entity of the vulnerability characteristics according to the operation entity of the code file.
The system of each version corresponds to one compiling configuration file, and the compiling configuration file stores the mapping relation between the code file and the corresponding running entity, so that the running entity of the code file can be found from the compiling configuration file of the code file, and the running entity of the vulnerability characteristics can be determined according to the running entity of the code file. And determining the operation entity of the vulnerability characteristics, so as to facilitate subsequent vulnerability detection. Specifically, when each vulnerability characteristic is detected, the corresponding characteristic detection code is compiled according to the vulnerability characteristic, the characteristic detection code is operated on the corresponding operation entity on the tested electronic equipment, and whether the vulnerability characteristic exists or not is detected, so that the purpose of detecting the vulnerability is achieved, and the detection efficiency can be improved.
On the basis of any one of the embodiments shown in fig. 2 to fig. 4, further, the obtained vulnerability characteristics may be verified to improve the accuracy of vulnerability characteristic obtaining, taking the method shown in fig. 2 as an example, and fig. 5 as a flowchart of a fourth embodiment of the vulnerability characteristic obtaining method provided by the present application, as shown in fig. 5, after S204, the method of this embodiment may further include:
s205, testing and verifying at least one vulnerability characteristic of the vulnerability through a pre-constructed testing target drone cluster to obtain a vulnerability characteristic which passes verification, wherein the testing target drone cluster comprises a testing target drone with a repaired vulnerability and a testing target drone with an unrepaired vulnerability.
The target testing machine cluster comprises target testing machines constructed according to different Android system versions, different processor architecture platforms and different security patch versions, vulnerability characteristics cannot be detected by the target testing machines with repaired vulnerabilities and target testing machines with unrepaired vulnerabilities, the vulnerability characteristics can be detected in the target testing machines with unrepaired vulnerabilities, accuracy of the acquired vulnerability characteristics can be guaranteed, the target testing machines can be constructed by virtual machines (such as Gen8motion virtual machines) and real machines together, and the Gen8motion virtual machines are Android simulators and provide Android virtual environments. As the test target drone cluster is constructed according to different android system versions, different processor architecture platforms and different security patch versions, each test target drone corresponds to one android system version, one processor architecture platform and one security patch version, and therefore comprehensiveness and accuracy of verification can be guaranteed.
And S206, determining the verified vulnerability characteristics as vulnerability characteristics of the vulnerability.
The acquired vulnerability characteristics are tested and verified in a pre-constructed testing target drone cluster, the passed vulnerability characteristics and the vulnerability characteristics of which the operation entity is the final vulnerability are verified, the vulnerability acquisition accuracy can be improved, and the false alarm rate of the vulnerability characteristics is reduced.
Optionally, when the vulnerability characteristics that are not verified are obtained in S205, the method of this embodiment may further include: and S207, displaying the vulnerability characteristics which are not verified.
And displaying the vulnerability characteristics which are not verified to the user, analyzing the generation reasons of the vulnerability characteristics which are not verified by the user (namely, a developer), wherein the generation reasons of the vulnerability characteristics which are not verified can include any one of that no running entity is found, the vulnerability characteristics are not found in the corresponding running entity, the vulnerability characteristics do not show difference in the comparison version of the corresponding running entity and the vulnerability characteristics lack running authority. After analyzing the reason, the user can input the generation reason of the vulnerability characteristics which fail to pass the verification. Further, the method of this embodiment may further include:
and S208, receiving the generation reason of the vulnerability characteristics which are not verified and input by the user, and adding a vulnerability analysis engine or modifying the vulnerability analysis engine according to the generation reason of the vulnerability characteristics which are not verified. The correct vulnerability characteristics can be acquired in an auxiliary mode, the vulnerability acquisition accuracy is further improved, and the false alarm rate of the vulnerability characteristics is reduced.
According to the vulnerability characteristic obtaining method provided by the embodiment, the obtained vulnerability characteristics are tested and verified in a pre-constructed testing target drone cluster, the passed vulnerability characteristics and the running entity are verified to be the final vulnerability characteristics and the running entity of the vulnerability, and for the vulnerability characteristics which are not verified, a vulnerability analysis engine is added or modified according to the generation reason of the vulnerability characteristics which are not verified and input by a user, so that the correct vulnerability characteristics can be obtained in an auxiliary mode, the vulnerability obtaining accuracy is further improved, and the false alarm rate of the vulnerability characteristics is reduced.
Fig. 6 is a schematic structural diagram of a vulnerability characteristic obtaining apparatus provided in the present application, and as shown in fig. 6, the vulnerability characteristic obtaining apparatus 100 of the present embodiment may include: the vulnerability analysis method comprises an acquisition module 11, a determination module 12, an extraction module 13 and a transmission module 14, wherein the acquisition module 11 is used for acquiring vulnerability patch information of a vulnerability, the determination module 12 is used for determining the type of the vulnerability according to the vulnerability patch information, the type comprises a vulnerability of a code type and a vulnerability of a non-code type, the extraction module 13 is used for extracting at least one vulnerability characteristic of the vulnerability according to a vulnerability analysis engine corresponding to the type of the vulnerability, and the transmission module 14 is used for transmitting the at least one vulnerability characteristic of the vulnerability to electronic equipment.
Further, the determining module 12 is further configured to: and determining an operation entity of the vulnerability characteristics according to the source code of the vulnerability characteristics or the code file where the source file is located for each vulnerability characteristic in at least one vulnerability characteristic of the vulnerability.
Accordingly, the sending module is configured to: and sending at least one vulnerability characteristic of the vulnerability and the corresponding running entity to the electronic equipment.
Optionally, the vulnerability patch information of the vulnerability includes a source code of the vulnerability and a repair code of the vulnerability, and the extraction module 12 is configured to: executing the following operations through a vulnerability analysis engine corresponding to the type of the vulnerability:
performing syntactic analysis of corresponding coding languages on a source code of the vulnerability and a repair code of the vulnerability;
determining at least one difference information of a source code of the vulnerability and a repair code of the vulnerability according to the syntax analysis result, and determining vulnerability characteristics of the vulnerability according to the at least one difference information, wherein one difference information corresponds to one vulnerability characteristic.
Optionally, the vulnerability patch information of the vulnerability includes a source file of the vulnerability and a repair file of the vulnerability, and the extraction module 12 is configured to:
executing the following operations through a vulnerability analysis engine corresponding to the type of the vulnerability:
determining at least one piece of change information of a source file of the vulnerability and a repair file of the vulnerability, wherein the change information comprises any one of character string feature addition, character string feature deletion, character string feature modification, file addition and file deletion;
determining a code file where a source file of the vulnerability is located, and searching whether each piece of change information in at least one piece of change information in the code file where the source file of the vulnerability is located has uniqueness;
and determining the change information with uniqueness as the vulnerability characteristics of the vulnerability.
Further, the determining module 12 is configured to:
determining a source code of the vulnerability characteristics or a code file where a source file is located;
and searching the running entity of the code file from the compiling configuration file of the code file, and determining the running entity of the vulnerability characteristics according to the running entity of the code file.
The apparatus of this embodiment may be used to execute the technical solution of the method embodiment shown in fig. 2, fig. 3, or fig. 4, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 7 is a schematic structural diagram of a vulnerability characteristic obtaining apparatus provided in the present application, and as shown in fig. 7, the vulnerability characteristic obtaining apparatus 200 of the present embodiment may further include, on the basis of the apparatus shown in fig. 6: the verification module 15 is configured to, among other things,
the verification module 15 is configured to perform test verification on at least one vulnerability characteristic of the vulnerability through a pre-established testing target drone cluster to obtain a vulnerability characteristic that passes the verification, where the testing target drone cluster includes a testing target drone with a repaired vulnerability and a testing target drone with an unrepaired vulnerability.
The determination module 14 is further configured to: and determining the verified vulnerability characteristics as the vulnerability characteristics of the vulnerability.
Optionally, the target testing machine cluster is constructed according to different android system versions, different processor architecture platforms and different security patch versions.
The apparatus of this embodiment may be used to implement the technical solution of the method embodiment shown in fig. 5, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 8 is a schematic structural diagram of a vulnerability characteristic obtaining apparatus provided in the present application, and as shown in fig. 8, the vulnerability characteristic obtaining apparatus 300 of the present embodiment may further include, on the basis of the apparatus shown in fig. 7: and the display module 16, where the display module 16 is configured to display the vulnerability characteristics that are not verified when the vulnerability characteristics that are not verified are obtained.
Further, a receiving module 17 and a processing module 18 may be further included, where the receiving module 18 is configured to receive a generation cause of the vulnerability characteristics that are not verified by the user, and the processing module 19 is configured to add a vulnerability analysis engine or modify the vulnerability analysis engine according to the generation cause of the vulnerability characteristics that are not verified by the user.
The apparatus of this embodiment may be used to implement the technical solution of the method embodiment shown in fig. 5, and the implementation principle and the technical effect are similar, which are not described herein again.
According to an embodiment of the present application, an electronic device and a readable storage medium are also provided.
As shown in fig. 9, fig. 9 is a block diagram of an electronic device for implementing the vulnerability characteristic obtaining method according to the embodiment of the present application. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the present application that are described and/or claimed herein.
As shown in fig. 9, the electronic apparatus includes: one or more processors 801, memory 802, and interfaces for connecting the various components, including a high speed interface and a low speed interface. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions for execution within the electronic device, including instructions stored in or on the memory to display graphical information of a GUI on an external input/output apparatus (such as a display device coupled to the interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired. Also, multiple electronic devices may be connected, with each device providing portions of the necessary operations (e.g., as a server array, a group of blade servers, or a multi-processor system). Fig. 9 illustrates an example of a processor 801.
The memory 802 is a non-transitory computer readable storage medium as provided herein. The memory stores instructions executable by the at least one processor, so that the at least one processor executes the vulnerability characteristic acquisition method provided by the application. The non-transitory computer-readable storage medium of the present application stores computer instructions for causing a computer to perform the vulnerability characteristic acquisition methods provided herein.
The memory 802 is a non-transitory computer readable storage medium, and can be used for storing non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules (for example, the acquiring module 11, the determining module 12, the extracting module 13, and the sending module 14 shown in fig. 6) corresponding to the vulnerability characteristic acquiring method in the embodiment of the present application. The processor 801 executes various functional applications and data processing of the server by running non-transitory software programs, instructions and modules stored in the memory 802, that is, implements the vulnerability characteristics acquisition method in the above method embodiments.
The memory 802 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by use of the electronic device, and the like. Further, the memory 802 may include high speed random access memory and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 802 optionally includes memory located remotely from the processor 801, which may be connected to the electronic device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The electronic device of the vulnerability characteristic obtaining method may further include: an input device 803 and an output device 804. The processor 801, the memory 802, the input device 803, and the output device 804 may be connected by a bus or other means, and are exemplified by a bus in fig. 8.
The input device 803 may receive input numeric or character information and generate key signal inputs related to user settings and function controls of the electronic device, such as a touch screen, keypad, mouse, track pad, touch pad, pointer stick, one or more mouse buttons, track ball, joystick, or other input device. The output devices 804 may include a display device, auxiliary lighting devices (e.g., LEDs), and haptic feedback devices (e.g., vibrating motors), among others. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device can be a touch screen.
Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, application specific ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
These computer programs (also known as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented using high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
According to the technical scheme of the embodiment of the application, after vulnerability patch information of a vulnerability is obtained, whether the vulnerability is a vulnerability of a code type or a vulnerability of a non-code type is determined according to the vulnerability patch information, then at least one vulnerability characteristic of the vulnerability is extracted according to a vulnerability analysis engine corresponding to the type of the vulnerability, and finally for each extracted vulnerability characteristic, a running entity of the vulnerability characteristic is determined according to a code file where a source code or a source file of the vulnerability characteristic is located, so that the vulnerability characteristic and the running entity of the vulnerability are obtained. The different types of vulnerabilities correspond to different vulnerability analysis engines which are pre-established according to the different types of vulnerabilities, so that online vulnerability characteristics of the vulnerabilities can be obtained, vulnerability characteristic obtaining efficiency is improved, vulnerability characteristics do not need to be obtained through manual analysis, and maintenance cost of a system vulnerability library is reduced.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present application may be executed in parallel, sequentially, or in different orders, and the present invention is not limited thereto as long as the desired results of the technical solutions disclosed in the present application can be achieved.
The above-described embodiments should not be construed as limiting the scope of the present application. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (21)

1. A vulnerability characteristic obtaining method is characterized by comprising the following steps:
after acquiring vulnerability patch information of a vulnerability, determining the type of the vulnerability according to the vulnerability patch information, wherein the type comprises the vulnerability of a code type and the vulnerability of a non-code type;
extracting at least one vulnerability characteristic of the vulnerability according to a vulnerability analysis engine corresponding to the type of the vulnerability;
and sending at least one vulnerability characteristic of the vulnerability to the electronic equipment.
2. The method of claim 1, further comprising:
determining an operation entity of the vulnerability characteristics according to a source code of the vulnerability characteristics or a code file where a source file is located for each vulnerability characteristic in at least one vulnerability characteristic of the vulnerability;
sending the at least one vulnerability characteristic of the vulnerability to an electronic device, including:
and sending at least one vulnerability characteristic of the vulnerability and the corresponding running entity to the electronic equipment.
3. The method of claim 1, wherein the vulnerability patch information of the vulnerability includes a source code of the vulnerability and a repair code of the vulnerability, and wherein extracting at least one vulnerability characteristic of the vulnerability according to a vulnerability analysis engine corresponding to a type of the vulnerability includes:
executing the following operations through a vulnerability analysis engine corresponding to the type of the vulnerability:
performing syntactic analysis of corresponding coding languages on the source code of the vulnerability and the repair code of the vulnerability;
determining at least one difference information of the source code of the vulnerability and the repair code of the vulnerability according to a syntax analysis result, and determining vulnerability characteristics of the vulnerability according to the at least one difference information, wherein one difference information corresponds to one vulnerability characteristic.
4. The method of claim 1, wherein the vulnerability patch information of the vulnerability includes a source file of the vulnerability and a repair file of the vulnerability, and wherein extracting at least one vulnerability characteristic of the vulnerability according to a vulnerability analysis engine corresponding to the type of the vulnerability includes:
executing the following operations through a vulnerability analysis engine corresponding to the type of the vulnerability:
determining at least one piece of change information of a source file of the vulnerability and a repair file of the vulnerability, wherein the change information comprises any one of character string feature addition, character string feature deletion, character string feature modification, file addition and file deletion;
determining a code file where a source file of the vulnerability is located, and searching whether each piece of change information in the at least one piece of change information in the code file where the source file of the vulnerability is located has uniqueness;
and determining the change information with uniqueness as the vulnerability characteristics of the vulnerability.
5. The method of claim 2, wherein determining the running entity of the vulnerability characteristics according to the source code of the vulnerability characteristics or the code file in which the source file is located comprises:
determining a source code of the vulnerability characteristics or a code file where a source file is located;
and searching the running entity of the code file from the compiling configuration file of the code file, and determining the running entity of the vulnerability characteristics according to the running entity of the code file.
6. The method according to any one of claims 1-5, further comprising:
testing and verifying at least one vulnerability characteristic of the vulnerability through a pre-constructed testing target drone cluster to obtain a vulnerability characteristic which passes verification, wherein the testing target drone cluster comprises a testing target drone with a repaired vulnerability and a testing target drone with an unrepaired vulnerability;
and determining the verified vulnerability characteristics as the vulnerability characteristics of the vulnerability.
7. The method of claim 6, wherein the cluster of test targets is constructed from different android system versions, different processor architecture platforms, and different security patch versions.
8. The method of claim 6, further comprising:
and when the vulnerability characteristics which are not verified are obtained, displaying the vulnerability characteristics which are not verified.
9. The method of claim 8, further comprising:
receiving a generation reason of the vulnerability characteristics which are input by a user and fail to be verified;
and adding a vulnerability analysis engine or modifying the vulnerability analysis engine according to the generation reason of the vulnerability characteristics which fail to pass the verification.
10. A vulnerability characteristics acquisition device, comprising:
the acquisition module is used for acquiring vulnerability patch information of the vulnerability;
the determining module is used for determining the type of the vulnerability according to the vulnerability patch information, wherein the type comprises vulnerability of a code type and vulnerability of a non-code type;
the extracting module is used for extracting at least one vulnerability characteristic of the vulnerability according to a vulnerability analysis engine corresponding to the type of the vulnerability;
and the sending module is used for sending at least one vulnerability characteristic of the vulnerability to the electronic equipment.
11. The apparatus of claim 10, wherein the determining module is further configured to:
determining an operation entity of the vulnerability characteristics according to a source code of the vulnerability characteristics or a code file where a source file is located for each vulnerability characteristic in at least one vulnerability characteristic of the vulnerability;
the sending module is used for:
and sending at least one vulnerability characteristic of the vulnerability and the corresponding running entity to the electronic equipment.
12. The apparatus of claim 10, wherein the vulnerability patch information of the vulnerability includes source code of the vulnerability and fix code of the vulnerability, and wherein the extraction module is configured to:
executing the following operations through a vulnerability analysis engine corresponding to the type of the vulnerability:
performing syntactic analysis of corresponding coding languages on the source code of the vulnerability and the repair code of the vulnerability;
determining at least one difference information of the source code of the vulnerability and the repair code of the vulnerability according to a syntax analysis result, and determining vulnerability characteristics of the vulnerability according to the at least one difference information, wherein one difference information corresponds to one vulnerability characteristic.
13. The apparatus of claim 10, wherein the vulnerability patch information of the vulnerability includes a source file of the vulnerability and a fix file of the vulnerability, and wherein the extraction module is configured to:
executing the following operations through a vulnerability analysis engine corresponding to the type of the vulnerability:
determining at least one piece of change information of a source file of the vulnerability and a repair file of the vulnerability, wherein the change information comprises any one of character string feature addition, character string feature deletion, character string feature modification, file addition and file deletion;
determining a code file where a source file of the vulnerability is located, and searching whether each piece of change information in the at least one piece of change information in the code file where the source file of the vulnerability is located has uniqueness;
and determining the change information with uniqueness as the vulnerability characteristics of the vulnerability.
14. The apparatus of claim 11, wherein the determining module is configured to:
determining a source code of the vulnerability characteristics or a code file where a source file is located;
and searching the running entity of the code file from the compiling configuration file of the code file, and determining the running entity of the vulnerability characteristics according to the running entity of the code file.
15. The apparatus according to any one of claims 10-14, further comprising:
the verification module is used for testing and verifying at least one vulnerability characteristic of the vulnerability through a pre-constructed testing target drone cluster to obtain a vulnerability characteristic which passes verification, wherein the testing target drone cluster comprises a testing target drone with a repaired vulnerability and a testing target drone with an unrepaired vulnerability;
the determination module is further to: and determining the verified vulnerability characteristics as the vulnerability characteristics of the vulnerability.
16. The apparatus of claim 15, wherein the cluster of test targets is constructed from different android system versions, different processor architecture platforms, and different security patch versions.
17. The apparatus of claim 15, further comprising:
and the display module is used for displaying the vulnerability characteristics which are not verified when the vulnerability characteristics which are not verified are obtained.
18. The apparatus of claim 17, further comprising:
the receiving module is used for receiving the generation reason of the vulnerability characteristics which are input by the user and fail to be verified;
and the processing module is used for adding a vulnerability analysis engine or modifying the vulnerability analysis engine according to the generation reason of the vulnerability characteristics which fail to pass the verification.
19. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-9.
20. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-9.
21. A vulnerability characteristic obtaining method is characterized by comprising the following steps:
after acquiring vulnerability patch information of a vulnerability, determining the type of the vulnerability according to the vulnerability patch information;
extracting at least one vulnerability characteristic of the vulnerability according to a vulnerability analysis engine corresponding to the type of the vulnerability;
and sending at least one vulnerability characteristic of the vulnerability to the electronic equipment.
CN202010407734.7A 2020-05-14 2020-05-14 Vulnerability characteristic obtaining method and device and electronic equipment Withdrawn CN113672929A (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN202010407734.7A CN113672929A (en) 2020-05-14 2020-05-14 Vulnerability characteristic obtaining method and device and electronic equipment
KR1020210041412A KR102477150B1 (en) 2020-05-14 2021-03-30 Method and apparatus for acquirising vulnerability feature, and electronic device
JP2021066470A JP7231664B2 (en) 2020-05-14 2021-04-09 Vulnerability feature acquisition method, device and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010407734.7A CN113672929A (en) 2020-05-14 2020-05-14 Vulnerability characteristic obtaining method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN113672929A true CN113672929A (en) 2021-11-19

Family

ID=75718558

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010407734.7A Withdrawn CN113672929A (en) 2020-05-14 2020-05-14 Vulnerability characteristic obtaining method and device and electronic equipment

Country Status (3)

Country Link
JP (1) JP7231664B2 (en)
KR (1) KR102477150B1 (en)
CN (1) CN113672929A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117610018A (en) * 2023-12-01 2024-02-27 深圳市马博士网络科技有限公司 Vulnerability simulation method and device

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023224192A1 (en) * 2022-05-16 2023-11-23 엘에스웨어(주) Software management system and method

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009141730A (en) * 2007-12-07 2009-06-25 Nippon Telegr & Teleph Corp <Ntt> System switching apparatus and method
US20090222916A1 (en) * 2005-09-22 2009-09-03 James Blaisdell Embedded patch management
CN104298923A (en) * 2014-09-28 2015-01-21 北京奇虎科技有限公司 Loophole type recognition method and device
CN105893850A (en) * 2016-03-30 2016-08-24 百度在线网络技术(北京)有限公司 Bug fixing method and device
CN106548076A (en) * 2015-09-23 2017-03-29 百度在线网络技术(北京)有限公司 Method and apparatus of the detection using bug code
US20170220808A1 (en) * 2014-10-31 2017-08-03 Hewlett Packard Enterprise Development Lp System and method for vulnerability remediation verification
CN107451474A (en) * 2016-05-31 2017-12-08 百度在线网络技术(北京)有限公司 Software vulnerability restorative procedure and device for terminal
CN107506647A (en) * 2017-07-28 2017-12-22 努比亚技术有限公司 Leak self-repairing method and mobile terminal
CN109117169A (en) * 2016-12-12 2019-01-01 百度在线网络技术(北京)有限公司 Method and apparatus for repairing kernel loophole
CN109359468A (en) * 2018-08-23 2019-02-19 阿里巴巴集团控股有限公司 Leak detection method, device and equipment
CN111008380A (en) * 2019-11-25 2020-04-14 杭州安恒信息技术股份有限公司 Method and device for detecting industrial control system bugs and electronic equipment

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002318716A (en) 2001-04-20 2002-10-31 Sony Corp System and method for delivery, server computer and client computer
JP2005532606A (en) 2001-12-31 2005-10-27 シタデル セキュリティ ソフトウェア インコーポレイテッド An automated system that resolves computer vulnerabilities
US7424706B2 (en) 2003-07-16 2008-09-09 Microsoft Corporation Automatic detection and patching of vulnerable files
JP2006066982A (en) 2004-08-24 2006-03-09 Hitachi Ltd Network connection control system
JP4728017B2 (en) 2005-03-07 2011-07-20 東芝Itサービス株式会社 Integrated security audit apparatus, integrated security audit method, and integrated security audit program
JP2007316686A (en) 2006-05-23 2007-12-06 Matsushita Electric Ind Co Ltd Security state management server, security patch distribution server, file server, take-out detection device, and its system
JP2012208863A (en) * 2011-03-30 2012-10-25 Hitachi Ltd Vulnerability determination system, vulnerability determination method and vulnerability determination program
JP5845888B2 (en) 2011-12-26 2016-01-20 日本電気株式会社 Software correction apparatus, software correction system, software correction method, and software correction program
US9507933B2 (en) * 2012-08-01 2016-11-29 Mitsubishi Electric Corporation Program execution apparatus and program analysis apparatus
CN106663003A (en) * 2014-06-13 2017-05-10 查尔斯斯塔克德拉珀实验室公司 Systems and methods for software analysis
JP6312578B2 (en) 2014-11-07 2018-04-18 株式会社日立製作所 Risk assessment system and risk assessment method

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090222916A1 (en) * 2005-09-22 2009-09-03 James Blaisdell Embedded patch management
JP2009141730A (en) * 2007-12-07 2009-06-25 Nippon Telegr & Teleph Corp <Ntt> System switching apparatus and method
CN104298923A (en) * 2014-09-28 2015-01-21 北京奇虎科技有限公司 Loophole type recognition method and device
US20170220808A1 (en) * 2014-10-31 2017-08-03 Hewlett Packard Enterprise Development Lp System and method for vulnerability remediation verification
CN106548076A (en) * 2015-09-23 2017-03-29 百度在线网络技术(北京)有限公司 Method and apparatus of the detection using bug code
CN105893850A (en) * 2016-03-30 2016-08-24 百度在线网络技术(北京)有限公司 Bug fixing method and device
WO2017166446A1 (en) * 2016-03-30 2017-10-05 百度在线网络技术(北京)有限公司 Vulnerability-fixing method and device
CN107451474A (en) * 2016-05-31 2017-12-08 百度在线网络技术(北京)有限公司 Software vulnerability restorative procedure and device for terminal
CN109117169A (en) * 2016-12-12 2019-01-01 百度在线网络技术(北京)有限公司 Method and apparatus for repairing kernel loophole
CN107506647A (en) * 2017-07-28 2017-12-22 努比亚技术有限公司 Leak self-repairing method and mobile terminal
CN109359468A (en) * 2018-08-23 2019-02-19 阿里巴巴集团控股有限公司 Leak detection method, device and equipment
CN111008380A (en) * 2019-11-25 2020-04-14 杭州安恒信息技术股份有限公司 Method and device for detecting industrial control system bugs and electronic equipment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘臻;武泽慧;曹琰;魏强;: "基于漏洞指纹的软件脆弱性代码复用检测方法", 浙江大学学报(工学版), no. 11, 15 November 2018 (2018-11-15), pages 143 - 153 *
藤堂 洋介 等: "既存脆弱性データベースを利用するクライアント脆弱性検査システム", 《映像情報メディア学会技術報告》, vol. 33, no. 37, 24 September 2009 (2009-09-24), pages 107 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117610018A (en) * 2023-12-01 2024-02-27 深圳市马博士网络科技有限公司 Vulnerability simulation method and device

Also Published As

Publication number Publication date
KR102477150B1 (en) 2022-12-12
KR20210042285A (en) 2021-04-19
JP7231664B2 (en) 2023-03-01
JP2021108189A (en) 2021-07-29

Similar Documents

Publication Publication Date Title
Ashizawa et al. Eth2vec: learning contract-wide code representations for vulnerability detection on ethereum smart contracts
US11151024B2 (en) Dynamic automation of DevOps pipeline vulnerability detecting and testing
US10248541B2 (en) Extraction of problem diagnostic knowledge from test cases
CN111859375A (en) Vulnerability detection method and device, electronic equipment and storage medium
Xia et al. How Android developers handle evolution-induced API compatibility issues: a large-scale study
CN111666206A (en) Method, device, equipment and storage medium for acquiring influence range of change code
CN106022349B (en) Method and system for device type determination
US20150007330A1 (en) Scoring security risks of web browser extensions
CN113076104A (en) Page generation method, device, equipment and storage medium
CN113672929A (en) Vulnerability characteristic obtaining method and device and electronic equipment
CN111309343A (en) Development deployment method and device
CN111654495A (en) Method, apparatus, device and storage medium for determining traffic generation source
CN109543409B (en) Method, device and equipment for detecting malicious application and training detection model
Ngo et al. Automated, cost-effective, and update-driven app testing
US20240037243A1 (en) Artificial intelligence based security requirements identification and testing
US8510719B2 (en) Real-time user configurable debugging framework
CN110505247B (en) Attack detection method and device, electronic equipment and storage medium
Xia et al. AuditGPT: Auditing Smart Contracts with ChatGPT
Chen et al. Dynamic Taint Analysis with Control Flow Graph for Vulnerability Analysis
Padmanabhuni et al. Light-weight rule-based test case generation for detecting buffer overflow vulnerabilities
CN113535568B (en) Verification method, device, equipment and medium for application deployment version
US10664254B2 (en) Analyzing binary software components utilizing multiple instruction sets
Chaudhuri et al. Database Application Developer Tools Using Static Analysis and Dynamic Profiling.
Zhang et al. FirmCVI: Taint Analysis-Based Component Version Identification Method for Large-Scale IoT Firmware
Kargén Scalable Dynamic Analysis of Binary Code

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20211119