CN113849817B - Detection method and device for pollution loopholes of JavaScript prototype chain - Google Patents
Detection method and device for pollution loopholes of JavaScript prototype chain Download PDFInfo
- Publication number
- CN113849817B CN113849817B CN202111003797.7A CN202111003797A CN113849817B CN 113849817 B CN113849817 B CN 113849817B CN 202111003797 A CN202111003797 A CN 202111003797A CN 113849817 B CN113849817 B CN 113849817B
- Authority
- CN
- China
- Prior art keywords
- function
- stain
- pollution
- prototype chain
- fuzzy test
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 36
- 238000012360 testing method Methods 0.000 claims abstract description 77
- 238000000034 method Methods 0.000 claims abstract description 28
- 238000005065 mining Methods 0.000 claims abstract description 18
- 230000006870 function Effects 0.000 claims description 123
- 238000011109 contamination Methods 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 5
- 230000004044 response Effects 0.000 claims description 4
- 238000012795 verification Methods 0.000 claims description 4
- 238000010276 construction Methods 0.000 claims description 3
- 238000004458 analytical method Methods 0.000 abstract description 10
- 238000005516 engineering process Methods 0.000 abstract description 7
- 230000008569 process Effects 0.000 abstract description 6
- 230000009286 beneficial effect Effects 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 5
- 235000014510 cooky Nutrition 0.000 description 2
- VYZAMTAEIAYCRO-UHFFFAOYSA-N Chromium Chemical compound [Cr] VYZAMTAEIAYCRO-UHFFFAOYSA-N 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012038 vulnerability analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Computing Systems (AREA)
- Test And Diagnosis Of Digital Computers (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application discloses a detection method of pollution loopholes of a JavaScript prototype chain, which comprises the following steps: mining a dangerous function in the user-defined code based on the fuzzy test; then traversing the stain source array, and marking the request parameters contained in the stain source array as stains; analyzing the flow direction of the stain information according to the program path direction, and carrying out stain tracking and loophole detection; the detected vulnerabilities are then validated based on fuzzy testing. The method combines the fuzzy test and the stain analysis technology, can be realized without knowing the internal logic structure of the application program, has high detection speed and high detection efficiency, can quickly discover security holes in the code in the process of program development, and is beneficial to improving the quality of the code. The application also discloses a detection device, electronic equipment and storage medium for the pollution loopholes of the JavaScript prototype chain, which have the beneficial effects.
Description
Technical Field
The application relates to the technical field of information security, in particular to a method and a device for detecting pollution loopholes of a JavaScript prototype chain.
Background
In JavaScript, if a class is to be defined, it needs to be implemented in a manner of defining a "constructor", that is, we define a function, there will be a corresponding class, and the class name is the function name. Each function object has a prototype attribute that points to the prototype that the build function instantiates, and when the build function is used to instantiate an object, the attributes and methods in the prototype are inherited, and all objects have a proto attribute that points to the prototype of the build function that created it. Since all properties of JavaScript classes are allowed to be publicly accessed and modified, including_proto_in one application, if an attacker controls and modifies the_proto_property of an object, it will be possible to affect all objects from the same class, parent ancestor class, as all JavaScript objects inherit through the prototype chain, inherit the properties on the object. The pollution of the JavaScript prototype chain can cause loopholes such as denial of service, tampering of program execution flow, remote execution of codes and the like, although the pollution loopholes of the JavaScript prototype chain exist for a long time, the pollution loopholes of the JavaScript prototype chain are gradually focused in recent years, the pollution loopholes of the JavaScript prototype chain can be found to be increased continuously by searching a CVE loophole library, and the detection method for the loopholes is less at present.
In vulnerability analysis, the data of interest is marked as taint data by using a taint analysis technology, and then by tracking the information flow direction related to the taint data, whether the taint data influence some key program operation or not can be known, so that program vulnerabilities can be mined. At present, a technology for applying the taint analysis to web vulnerability detection exists, and the key of the taint analysis technology is to confirm a pollution source and a dangerous function and carry out taint tracking, but for the taint vulnerability of a JavaScript prototype chain, the dangerous function confirmation is difficult for a user-defined code function in JavaScript.
Disclosure of Invention
The application provides a detection method and a detection device for pollution loopholes of a JavaScript prototype chain, which are characterized in that dangerous functions in user-defined codes are mined through fuzzy tests, and the flow of stain information in a program is tracked by utilizing a stain analysis technology, so that automatic detection of the loopholes is realized.
In order to achieve the above purpose, the application discloses the following technical scheme:
the application provides a detection method of a JavaScript prototype chain pollution vulnerability, which comprises the following steps:
mining a dangerous function in the user-defined code based on the fuzzy test;
traversing the stain source array, and marking the request parameters contained in the stain source array as stains;
analyzing the flow direction of the stain information according to the program path direction, and carrying out stain tracking and loophole detection;
and checking and confirming the detected loopholes based on the fuzzy test.
Based on the above scheme, further, before mining the hazard function in the user-defined code based on the fuzzy test, the method further includes:
and analyzing the stain source of the pollution loophole of the JavaScript prototype chain, and setting functions responsible for receiving the user input parameters as the stain source.
Further, the mining of the hazard function in the user-defined code based on the fuzzy test includes the following steps:
constructing a fuzzy test case;
executing a fuzzy test script, and judging whether the function has prototype chain pollution or not;
the function in which the prototype chain contamination is present is marked as a hazard function.
Specifically, in the above step, executing the fuzzy test script, determining whether the function has prototype chain pollution includes:
writing a fuzzy test script, and introducing a script file to be tested;
traversing and extracting functions in the script and executing the extracted functions, wherein function parameters are provided by the fuzzy test cases;
and confirming whether the function has prototype chain pollution or not according to whether the parameter value appointed by the fuzzy test case is transmitted into the prototype chain after the function is executed.
Further, the method includes the steps of:
analyzing the program code to obtain an intermediate representation of the program code;
according to the intermediate representation of the program code, analyzing the flow direction of the taint information along the program path direction, and checking whether the taint information received by the program at the taint source is transmitted to the dangerous function;
if the function passing through in the stain transmission process exists in the dangerous function array, the function is indicated to have a prototype chain pollution vulnerability.
Further, the verifying and confirming the detected loopholes based on the fuzzy test comprises the following steps:
sending a fuzzy test case at a stain source for the detected loopholes;
observing response at dangerous function point, confirming whether the function has prototype chain pollution according to whether the parameter value appointed by fuzzy test case is transmitted into the prototype chain after the function is executed,
if so, checking and confirming as the loophole.
Another aspect of the present application provides a device for detecting a JavaScript prototype chain pollution vulnerability, where the device includes:
the stain source setting module is used for setting a stain source of a JavaScript prototype chain pollution vulnerability;
the dangerous function mining module is used for mining dangerous functions in the marked user-defined codes based on the fuzzy test;
the stain marking module is used for traversing the stain source array and marking the request parameters contained in the stain source array as stains;
the vulnerability detection module is used for analyzing the flow direction of the stain information according to the program path direction and carrying out stain tracking and vulnerability detection;
and the vulnerability verification module is used for verifying and confirming the detected vulnerability based on the fuzzy test.
Further, the dangerous function mining module specifically includes:
the test case construction unit is used for constructing and generating a fuzzy test case;
and the test execution unit is used for executing the fuzzy test script to judge whether the function has prototype chain pollution or not, and marking the function with prototype chain pollution as a dangerous function.
The application also provides an electronic device, which comprises: at least one processor, and at least one memory communicatively coupled to the processor;
the memory stores program instructions executable on the processor;
the processor invokes the program instructions to perform the steps of the method for detecting a JavaScript prototype chain pollution vulnerability according to the first aspect.
In addition, the application also provides a computer readable storage medium, wherein the computer readable storage medium is stored with a computer program, and the computer program realizes the steps of the detection method for the pollution loopholes of the JavaScript prototype chain according to the first aspect when being executed by a processor.
The effects provided in the summary of the application are merely effects of embodiments, not all effects of the application, and one of the above technical solutions has the following advantages or beneficial effects:
according to the detection method for the pollution loopholes of the JavaScript prototype chain, provided by the embodiment of the application, dangerous functions in user-defined codes are mined based on fuzzy tests; then traversing the stain source array, and marking the request parameters contained in the stain source array as stains; analyzing the flow direction of the stain information according to the program path direction, and carrying out stain tracking and loophole detection; the detected vulnerabilities are then validated based on fuzzy testing. The method combines the fuzzy test and the stain analysis technology, can be realized without knowing the internal logic structure of the application program, has high detection speed and high detection efficiency, can quickly discover security holes in the code in the process of program development, and is beneficial to improving the quality of the code.
The detection device, the electronic device and the storage medium for the JavaScript prototype chain pollution loopholes provided by the embodiment of the application can realize the detection method for the JavaScript prototype chain pollution loopholes and obtain the technical effects.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
FIG. 1 is a flowchart of a method for detecting a pollution vulnerability of a JavaScript prototype chain;
FIG. 2 is a flowchart showing the implementation of step S2 in FIG. 1;
FIG. 3 is a block diagram of a detection device for a JavaScript prototype chain contamination vulnerability provided by the application;
fig. 4 is a schematic diagram of a hardware structure of an electronic device according to the present application.
Detailed Description
In order to make the technical solution of the present application better understood by those skilled in the art, the technical solution of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
Fig. 1 shows a flow diagram of a detection method of a JavaScript prototype chain pollution vulnerability provided by an embodiment of the application.
Referring to fig. 1, the method of the present embodiment includes the steps of:
s1, analyzing and determining a stain source of a pollution vulnerability of a JavaScript prototype chain;
for web application, data input by a user is transmitted to a server through a web request, and parameters of the web request are user controllable points, namely stain sources; in addition, user-controlled or indirectly-controlled places such as files, cookies, databases and the like are also stain sources. The pollution loopholes of the JavaScript prototype chain do not relate to the information of files, cookies, databases and the like, web request parameters are mainly analyzed, and functions responsible for receiving user input parameters are stain sources corresponding to the JavaScript.
S2, mining a dangerous function in a user-defined code based on a fuzzy test;
in JavaScript application development, in addition to invoking functions in external libraries, user-defined functions may also store prototype chain contamination. For the called external library functions, the dangerous functions can be collected and tidied in daily life; for the user-defined function, whether the function is a dangerous function can be confirmed by analyzing the common characteristics of prototype chain pollution and by means of fuzzy test. Fuzzing is a method of discovering software faults by providing unexpected inputs and monitoring for abnormal results, and is typically an automated or semi-automated process that involves repeatedly manipulating the target software and providing it with process data. Specifically, as shown in fig. 2, in this step, the procedure of confirming the hazard function in the user-defined code based on the fuzzy test is as follows:
s21, constructing a fuzzy test case;
since prototype chain pollution is mainly caused by that an attacker can set the value of_proto_so it should be found which places can set the value of_proto_or find some objects can control the operation of their key names. By analysis, there are mainly three cases where prototype chain contamination exists: object recursively merges merge, object clone, and a function defining attributes through paths, similar forms: the function (object, path, value). If an attacker can control the value of path, it can set this value to _proto_ myValue "and then assign myValue to the prototype of Object.
Based on the above, the constructed attack payload principle is to transfer the value of_proto_through one, two or three parameters, such as one parameter "_proto_" { test ":123}, two parameters" _proto_, test ","123", three parameters" _proto_ "," test ","123", etc., and then to combine the number of function parameters and the positions of the parameters to generate the test case.
If there is a merge operation:
the purpose of the merge function is to perform object merging, during which there is an assigned operation a [ attr ] =b [ attr ], and this attr can prototype chain pollution if it is _proto_.
Next, the following code experiments were used:
let o1={}
let o2=JSON.parse('{"a":1,"__proto__":{"b":2}}')
merge(o1,o2)
console.log(o1.a,o1.b)
o3={}
console.log(o3.b)
the process of creating o2 with JavaScript sets the _proto_parameter _proto_ "{" b ":2}, and when the merge operation is performed, the prototype is modified by _proto_so that the newly created o3 Object also has the b attribute, which indicates that the Object has been contaminated.
S22, executing a fuzzy test script, and judging whether the function has prototype chain pollution or not;
in this step, node. Js is a JavaScript running environment based on the chrome V8 engine, so JavaScript script running fuzziness test can be performed by means of nodejs. The method comprises the following steps: writing a fuzzy test script, and introducing a js script file to be tested; then traversing and extracting functions in the script, and executing the extracted functions through nodejs, wherein function parameters are provided by the fuzzy test case; and then, according to the parameter values appointed by the fuzzy test cases, whether the function has prototype chain pollution or not is confirmed.
S23, marking a function with prototype chain pollution as a dangerous function.
And (S22) according to the parameter values appointed by the fuzzy test cases in the prototype chain after the function is executed, confirming whether the prototype chain pollution exists in the function, and if so, marking the function as a dangerous function.
S3, traversing the stain source array, and marking the request parameters contained in the stain source array as stains;
specifically, to record contamination information, a contamination label, such as a boolean variable, is typically added to the input variable to indicate whether the variable is contaminated. For all the request data transmitted by the web end, determining that the request parameters contained in the taint source array are marked as taint by traversing the taint source array. For example, the sign determines that the user is logged in, the input parameter req is marked as a smear, and the result is marked during the smear transmission.
S4, carrying out stain tracking and loophole detection according to the flow direction of the stain information;
in the step, a static stain analysis method based on data flow is adopted, firstly, a program code is analyzed to obtain an intermediate representation of the program code, then auxiliary analysis such as control flow analysis and the like is carried out on the program code on the basis of the intermediate representation to obtain a required control flow diagram, a call diagram and the like, the flow direction of stain information is analyzed along the direction of a program path, and whether the stain information received by a program at a stain source point is transmitted to a dangerous function is checked. If the function passing through in the stain transmission process exists in the dangerous function array, the function is indicated to have a prototype chain pollution vulnerability.
S5, checking and confirming the detected loopholes based on fuzzy tests;
considering that in the process of stain tracking, due to the fact that data are filtered or encoded and decoded, deviation exists in judgment of a stain processing function, and the situation that a stain mark error causes error report of a loophole occurs. For the detected loopholes, the attack load, namely the fuzzy test case, is directly sent at the stain source, then the response is observed at the dangerous function point, whether the function has prototype chain pollution or not is confirmed according to whether the parameter value appointed by the fuzzy test case is transmitted into the prototype chain after the function is executed, and if the function has the prototype chain pollution, the function is confirmed to be the loopholes by verification.
In summary, according to the method for detecting the pollution vulnerability of the JavaScript prototype chain, provided by the embodiment, through analyzing the pollution vulnerability characteristics of the JavaScript prototype chain, utilizing fuzzy test to mine dangerous functions in user-defined JavaScript codes, and then combining with a stain analysis technology, automatically detecting the pollution vulnerability of the JavaScript prototype chain by tracking and analyzing the flow of stain information in a program.
The application also provides a device for detecting the pollution loopholes of the JavaScript prototype chain, which can realize the automatic detection of the pollution loopholes of the JavaScript prototype chain, and the device described below can be correspondingly referred to the method described above.
Fig. 3 is a schematic diagram of a detection device structure of a JavaScript prototype chain pollution vulnerability provided by an embodiment of the present application.
Referring to fig. 3, the apparatus of this embodiment includes:
the stain source setting module 1 is used for setting a stain source of a JavaScript prototype chain pollution vulnerability;
the dangerous function mining module 2 is used for mining dangerous functions in user-defined codes based on fuzzy tests;
a stain marking module 3 for traversing the stain source array and marking the request parameters contained in the stain source array as stains;
the vulnerability detection module 4 is used for analyzing the flow direction of the taint information according to the program path direction and carrying out taint tracking and vulnerability detection;
and the vulnerability verification module 5 is used for verifying and confirming the detected vulnerability based on the fuzzy test.
The dangerous function mining module 2 determines whether the function is a dangerous function by means of fuzzy test according to the user-defined function through analyzing the common characteristics of prototype chain pollution. As a preferred embodiment, the hazard function mining module 2 includes:
the test case construction unit is used for constructing and generating a fuzzy test case;
and the test execution unit is used for executing the fuzzy test script to judge whether the function has prototype chain pollution or not, and marking the function with prototype chain pollution as a dangerous function.
The application also provides electronic equipment, and the electronic equipment can be correspondingly referred to the detection method.
Referring to fig. 4, the electronic device of the present embodiment includes an input unit 10, a memory 20, a processor 30, and an output unit 40. The memory 20 stores program instructions that can run on the processor 30, and the processor 30 invokes the program instructions to execute the method for detecting a JavaScript prototype chain pollution vulnerability in the above embodiment, where the input unit 10, the memory 20, the processor 30 and the output unit 40 may interact with each other through a communication bus. Regarding the functions achieved by each unit and the combination thereof, and the technical effects achieved, reference may be made to the descriptions of the corresponding parts of the above-mentioned method embodiments, and their descriptions are omitted here.
In addition, the application also provides a computer readable storage medium, wherein the computer readable storage medium is stored with a computer program, and the computer program realizes the steps of the detection method for the pollution loopholes of the JavaScript prototype chain when being executed by a processor. The detailed implementation steps may refer to the above methods, apparatuses or devices, and are not described herein.
The above description is only of the preferred embodiments of the present application and is not intended to limit the application thereto, and any modifications, improvements, equivalents, and so forth may be made by those skilled in the art without departing from the principles of the present application.
Claims (5)
1. The detection method of the JavaScript prototype chain pollution loophole is characterized by comprising the following steps of:
mining a dangerous function in the user-defined code based on the fuzzy test;
traversing the stain source array, and marking the request parameters contained in the stain source array as stains;
analyzing the flow direction of the stain information according to the program path direction, and carrying out stain tracking and loophole detection;
checking and confirming the detected loopholes based on the fuzzy test;
the mining of the dangerous function in the user-defined code based on the fuzzy test comprises the following steps:
constructing a fuzzy test case;
executing a fuzzy test script, and judging whether the function has prototype chain pollution or not;
marking a function with prototype chain pollution as a hazard function;
executing the fuzzy test script, judging whether the function has prototype chain pollution or not, and specifically comprising the following steps:
writing a fuzzy test script, and introducing a script file to be tested;
traversing and extracting functions in the script and executing the extracted functions, wherein function parameters are provided by the fuzzy test cases;
confirming whether the function has prototype chain pollution or not according to whether a parameter value appointed by a fuzzy test case is transmitted into the prototype chain after the function is executed;
the method comprises the following steps of:
analyzing the program code to obtain an intermediate representation of the program code;
according to the intermediate representation of the program code, analyzing the flow direction of the taint information along the program path direction, and checking whether the taint information received by the program at the taint source is transmitted to the dangerous function;
if the function passing through in the stain transmission process exists in the dangerous function array, the function is indicated to have a prototype chain pollution vulnerability;
the verifying and confirming the detected loopholes based on the fuzzy test comprises the following steps:
sending a fuzzy test case at a stain source for the detected loopholes;
observing response at dangerous function point, confirming whether the function has prototype chain pollution according to whether the parameter value appointed by fuzzy test case is transmitted into the prototype chain after the function is executed,
if so, checking and confirming as the loophole.
2. The method for detecting the JavaScript prototype chain pollution vulnerability according to claim 1, further comprising, before mining the dangerous function in the user-defined code based on the fuzzy test:
and analyzing and determining the stain source of the pollution loophole of the JavaScript prototype chain, and setting functions responsible for receiving the user input parameters as the stain source.
3. The device for detecting the pollution loopholes of the JavaScript prototype chain is characterized by comprising the following components:
the stain source setting module is used for setting a stain source of a JavaScript prototype chain pollution vulnerability;
the dangerous function mining module is used for mining dangerous functions in user-defined codes based on fuzzy tests;
the dangerous function mining module specifically comprises:
the test case construction unit is used for constructing and generating a fuzzy test case;
the test execution unit is used for executing the fuzzy test script to judge whether the function has prototype chain pollution or not, and marking the function with prototype chain pollution as a dangerous function;
the executing of the fuzzy test script judges whether the function has prototype chain pollution or not, and specifically comprises the following steps:
writing a fuzzy test script, and introducing a script file to be tested;
traversing and extracting functions in the script and executing the extracted functions, wherein function parameters are provided by the fuzzy test cases;
confirming whether the function has prototype chain pollution or not according to whether a parameter value appointed by a fuzzy test case is transmitted into the prototype chain after the function is executed;
the stain marking module is used for traversing the stain source array and marking the request parameters contained in the stain source array as stains;
the vulnerability detection module is used for analyzing the flow direction of the stain information according to the program path direction and carrying out stain tracking and vulnerability detection;
the method comprises the following steps of:
analyzing the program code to obtain an intermediate representation of the program code;
according to the intermediate representation of the program code, analyzing the flow direction of the taint information along the program path direction, and checking whether the taint information received by the program at the taint source is transmitted to the dangerous function;
if the function passing through in the stain transmission process exists in the dangerous function array, the function is indicated to have a prototype chain pollution vulnerability;
the vulnerability verification module is used for verifying and confirming detected vulnerabilities based on fuzzy tests;
the verifying and confirming the detected loopholes based on the fuzzy test comprises the following steps:
sending a fuzzy test case at a stain source for the detected loopholes;
observing response at dangerous function point, confirming whether the function has prototype chain pollution according to whether the parameter value appointed by fuzzy test case is transmitted into the prototype chain after the function is executed,
if so, checking and confirming as the loophole.
4. An electronic device, comprising: at least one processor, and at least one memory communicatively coupled to the processor;
the memory stores program instructions executable on the processor;
the processor invoking the program instructions capable of performing the steps of a method of detecting a JavaScript prototype chain contamination vulnerability of any one of claims 1-2.
5. A computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and the computer program is executed by a processor to implement the steps of the method for detecting a JavaScript prototype chain pollution vulnerability according to any one of claims 1-2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111003797.7A CN113849817B (en) | 2021-08-30 | 2021-08-30 | Detection method and device for pollution loopholes of JavaScript prototype chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111003797.7A CN113849817B (en) | 2021-08-30 | 2021-08-30 | Detection method and device for pollution loopholes of JavaScript prototype chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113849817A CN113849817A (en) | 2021-12-28 |
| CN113849817B true CN113849817B (en) | 2023-08-18 |
Family
ID=78976483
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111003797.7A Active CN113849817B (en) | 2021-08-30 | 2021-08-30 | Detection method and device for pollution loopholes of JavaScript prototype chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113849817B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114944997B (en) * | 2022-03-24 | 2024-02-20 | 浙江大华技术股份有限公司 | Protocol detection method, protocol detection device and computer readable storage medium |
| CN115906103A (en) * | 2022-12-26 | 2023-04-04 | 支付宝(杭州)信息技术有限公司 | Prototype chain pollution vulnerability protection method and device, medium and equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112016096A (en) * | 2020-08-28 | 2020-12-01 | 苏州浪潮智能科技有限公司 | XSS vulnerability auditing method and device |
| CN112632560A (en) * | 2020-12-25 | 2021-04-09 | 苏州浪潮智能科技有限公司 | Web vulnerability confirmation method and device |
-
2021
- 2021-08-30 CN CN202111003797.7A patent/CN113849817B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112016096A (en) * | 2020-08-28 | 2020-12-01 | 苏州浪潮智能科技有限公司 | XSS vulnerability auditing method and device |
| CN112632560A (en) * | 2020-12-25 | 2021-04-09 | 苏州浪潮智能科技有限公司 | Web vulnerability confirmation method and device |
Non-Patent Citations (1)
| Title |
|---|
| 基于改进的内存模糊测试 的漏洞挖掘方法研究;周驰凯;中国优秀硕士学位论文全文数据库 信息科技辑;第3-4章 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113849817A (en) | 2021-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9720798B2 (en) | Simulating black box test results using information from white box testing | |
| CN113849817B (en) | Detection method and device for pollution loopholes of JavaScript prototype chain | |
| Lowis et al. | Vulnerability analysis in SOA-based business processes | |
| Johari et al. | Penetration testing in IoT network | |
| Tyagi et al. | Evaluation of static web vulnerability analysis tools | |
| CN111611590B (en) | Method and device for data security related to application program | |
| EP3433782B1 (en) | Integrated interactive application security testing | |
| CN115270131A (en) | Java anti-serialization vulnerability detection method and system | |
| CN115168847A (en) | Application patch generation method and device, computer equipment and readable storage medium | |
| Vimala et al. | VAPE-BRIDGE: Bridging OpenVAS results for automating metasploit framework | |
| CN117579395B (en) | Method and system for scanning network security vulnerabilities by applying artificial intelligence | |
| Brennich et al. | Putting automotive security to the test | |
| CN111625448B (en) | Protocol packet generation method, device, equipment and storage medium | |
| CN115270139B (en) | IoT equipment network service automatic vulnerability analysis method and system | |
| CN116170186A (en) | Attack code online detection method and device based on network traffic analysis | |
| Zheng et al. | Research and implementation of web application system vulnerability location technology | |
| Wang et al. | A model-based fuzzing approach for DBMS | |
| Lesiuta et al. | SLIMECRAFT: State Learning for Client-Server Regression Analysis and Fault Testing | |
| CN117648262B (en) | Fuzzy test method, storage medium and electronic device | |
| Riepponen | Selection of open-source web vulnerability scanner as testing tool in continuous software development | |
| Neelap et al. | Attack Traffic Generation for Network-based Intrusion Detection System | |
| CN112926058B (en) | Code processing method, stain analysis method and device | |
| Lesiuta | State Machine Learning in the Middle of Everything | |
| Yip | Empirical study on exploitation of dependency-based attacks in Node. js | |
| Thiyagarajan et al. | Methods for detection and prevention of SQL attacks in analysis of web field data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |