CN113900665A - Security detection method and device for intelligent contract - Google Patents
Security detection method and device for intelligent contract Download PDFInfo
- Publication number
- CN113900665A CN113900665A CN202111497320.9A CN202111497320A CN113900665A CN 113900665 A CN113900665 A CN 113900665A CN 202111497320 A CN202111497320 A CN 202111497320A CN 113900665 A CN113900665 A CN 113900665A
- Authority
- CN
- China
- Prior art keywords
- information
- intelligent contract
- contract
- semantic
- rule information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/42—Syntactic analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/43—Checking; Contextual analysis
- G06F8/436—Semantic checking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Evolutionary Computation (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Biology (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Medical Informatics (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Computational Linguistics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a security detection method and a security detection device for an intelligent contract, wherein the security detection method comprises the following steps: acquiring code information of an intelligent contract; determining a contract type of the intelligent contract based on the code information; acquiring grammar rule information and semantic rule information corresponding to the intelligent contract based on the contract type; and carrying out grammar check and semantic check on the intelligent contract based on the code information, the grammar rule information and the semantic rule information to obtain the safety information of the intelligent contract. According to the technical scheme of the invention, the contract type of the intelligent contract is determined based on the code information of the intelligent contract, the grammar rule information and the semantic rule information corresponding to the intelligent contract are obtained based on the contract type, and grammar check and semantic check are carried out on the intelligent contract based on the code information, the grammar rule information and the semantic rule information, so that the security of the intelligent contract is ensured, and huge property loss caused by the code loophole security problem is avoided.
Description
Technical Field
The invention relates to the technical field of block chain intelligent contract security, in particular to a security detection method and device for an intelligent contract.
Background
Intelligent contracts are programs that run on blockchains that provide complex business functions to users through intelligent contracts. The block chain technology reconstructs a trust mode of both transaction parties, and a trust medium is created by using the point-to-point consensus synchronous account book technology, so that the both transaction parties remove the dependence on a third-party trust mechanism in the process of value transmission, the trust is guaranteed by using the technology, and the settlement efficiency in the value interaction process is improved to a great extent. Therefore, it is very important to ensure the safe operation of the intelligent contract on the block chain.
In fact, the block chain intelligent contracts often cause security problems due to artificially written program code bugs, but the intelligent contracts are not capable of being tampered once issued, so that the code bug security problems often cause huge property loss. In order to prevent the accidents, the safety check work of the intelligent contract is necessary in advance.
Disclosure of Invention
The invention aims to provide a security detection method and a security detection device for an intelligent contract, which are used for determining the contract type of the intelligent contract through code information based on the intelligent contract, acquiring grammatical rule information and semantic rule information corresponding to the intelligent contract based on the contract type, and carrying out grammatical check and semantic check on the intelligent contract based on the code information, the grammatical rule information and the semantic rule information, so that the security of the intelligent contract is ensured, and huge property loss caused by code loophole security problems is avoided.
In order to achieve the purpose, the invention provides the following scheme:
a security detection method for a smart contract, the method comprising:
acquiring code information of an intelligent contract;
determining a contract type of the intelligent contract based on the code information;
acquiring grammar rule information and semantic rule information corresponding to the intelligent contract based on the contract type;
and carrying out grammar check and semantic check on the intelligent contract based on the code information, the grammar rule information and the semantic rule information to obtain the safety information of the intelligent contract.
Optionally, the determining, based on the code information, a contract type of the intelligent contract includes:
acquiring a contract classification model;
and inputting the code information into the contract classification model to obtain the contract type of the intelligent contract.
Optionally, the method further includes:
acquiring sample code information and a contract type label of a sample intelligent contract;
inputting the sample code information into a preset machine learning model, and performing contract type prediction processing to obtain predicted contract type information;
obtaining contract type loss information according to the contract type label and the predicted contract type information;
and training the preset machine learning model according to the contract type loss information to obtain the contract classification model.
Optionally, the performing syntax check and semantic check on the intelligent contract based on the syntax rule information and the semantic rule information to obtain the security information of the intelligent contract includes:
constructing an abstract syntax tree corresponding to the intelligent contract based on the code information;
matching the node information of the abstract syntax tree with the node information in the syntax rule information based on the syntax rule information;
and under the condition that the node information in the abstract syntax tree is not matched with the node information in the syntax rule information, obtaining the related information of which the safety information is wrong.
Optionally, the performing syntax check and semantic check on the intelligent contract based on the syntax rule information and the semantic rule information to obtain the security information of the intelligent contract includes:
acquiring object information of the intelligent contract based on the code information;
matching the object information of the intelligent contract with the preset object information of the semantic rule information;
and under the condition that the object information of the intelligent contract is not matched with the preset object information of the semantic rule information, obtaining that the safety information is related information with errors.
Optionally, the performing syntax check and semantic check on the intelligent contract based on the syntax rule information and the semantic rule information to obtain the security information of the intelligent contract includes:
acquiring selection branch information of the intelligent contract based on the code information;
and under the condition that the processing information corresponding to the abnormal state does not exist in the option information, obtaining the safety information as the related information with errors.
Optionally, the performing syntax check and semantic check on the intelligent contract based on the syntax rule information and the semantic rule information to obtain the security information of the intelligent contract includes:
acquiring selection combination information corresponding to the intelligent contract based on the code information, wherein the selection combination information comprises variable names corresponding to a plurality of selection combinations;
and under the condition that the same variable name exists in the selection combination information, obtaining the safety information as related information with errors.
In another aspect, the present invention further provides a security detection apparatus for an intelligent contract, including:
the code information acquisition module is used for acquiring the code information of the intelligent contract;
the contract type determining module is used for determining the contract type of the intelligent contract based on the code information;
the rule information determining module is used for acquiring grammar rule information and semantic rule information corresponding to the intelligent contract based on the contract type;
and the safety information acquisition module is used for carrying out grammar check and semantic check on the intelligent contract based on the code information, the grammar rule information and the semantic rule information to obtain the safety information of the intelligent contract.
In another aspect, the present invention further provides an electronic device, including: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to execute the security detection method of the intelligent contract.
In another aspect, the present invention further provides a non-transitory computer-readable storage medium, on which computer program instructions are stored, wherein the computer program instructions, when executed by a processor, implement the security detection method for the intelligent contract.
The invention provides a security detection method and a security detection device for an intelligent contract, which are characterized in that the contract type of the intelligent contract is determined through code information based on the intelligent contract, grammar rule information and semantic rule information corresponding to the intelligent contract are obtained based on the contract type, and grammar check and semantic check are carried out on the intelligent contract based on the code information, the grammar rule information and the semantic rule information, so that the security of the intelligent contract is ensured, and huge property loss caused by code loophole security problems is avoided.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings used in the description of the embodiment or the prior art will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art it is also possible to derive other drawings from these drawings without inventive effort.
FIG. 1 is a flowchart of a security detection method for an intelligent contract according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a security detection method for an intelligent contract according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method for determining a contract type of the intelligent contract based on the code information according to an embodiment of the present invention;
FIG. 4 is a flowchart of a method for constructing a contract classification model according to an embodiment of the present invention;
FIG. 5 is a schematic flow chart of a training contract classification model according to an embodiment of the present invention;
fig. 6 is a flowchart of a method for performing syntax check and semantic check on the intelligent contract based on the syntax rule information and the semantic rule information to obtain security information of the intelligent contract according to the embodiment of the present invention;
fig. 7 is a flowchart of another method for performing syntax check and semantic check on the intelligent contract based on the syntax rule information and the semantic rule information to obtain security information of the intelligent contract according to the embodiment of the present invention;
fig. 8 is a flowchart of another method for performing syntax check and semantic check on the intelligent contract based on the syntax rule information and the semantic rule information to obtain security information of the intelligent contract according to the embodiment of the present invention;
fig. 9 is a flowchart of another method for performing syntax check and semantic check on the intelligent contract based on the syntax rule information and the semantic rule information to obtain security information of the intelligent contract according to the embodiment of the present invention;
fig. 10 is a block diagram of a security detection apparatus for an intelligent contract according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
An embodiment of a security detection method for an intelligent contract according to the present invention is described below, fig. 1 is a flowchart of a method for a security detection method for an intelligent contract according to an embodiment of the present invention, and fig. 2 is a flowchart of a method for a security detection method for an intelligent contract according to an embodiment of the present invention. It is noted that the present specification provides the method steps as described in the examples or flowcharts, but may include more or less steps based on routine or non-inventive labor. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. In practice, the system products may be executed sequentially or in parallel (e.g., in the context of parallel processors or multi-threaded processing) in accordance with the methods described in the embodiments or figures. As shown in fig. 1-2, the present embodiment provides a security detection method for an intelligent contract, including:
s101, code information of the intelligent contract is obtained.
Where an intelligent contract may be a computer protocol intended to propagate, validate or execute contracts in an informational manner. Smart contracts allow trusted transactions to be conducted without third parties, which transactions are traceable and irreversible. The goal of smart contracts is to provide a secure method over traditional contracts and to reduce other transaction costs associated with the contracts. The code information of the intelligent contract may refer to the entire code information of the intelligent contract written based on the programming language.
In practical application, after the intelligent contract is written, the code information of the intelligent contract is input into a security detection device of the intelligent contract.
And S102, determining the contract type of the intelligent contract based on the code information.
Wherein the contract type may be used to determine semantic rule information and grammar rule information. The contract type may characterize a transaction type of the smart contract. The contract types can be divided into two main categories according to specific service attributes, one can be exchange services, and the specific categories can include buying contracts, selling contracts, guaranty contracts, transfer contracts and the like; the other type can be supply chain financial business, and particularly can comprise credit contract, contract issuance, financing contract, repayment contract and the like.
In practical applications, the contract type of the intelligent contract can be obtained based on the contract classification model. Specifically, intelligent contracts may be input into the contract classification model so that the contract type from which the intelligent contract is derived may be output.
And S103, acquiring grammar rule information and semantic rule information corresponding to the intelligent contract based on the contract type.
The grammar rule information may be rule information used for checking grammar of the intelligent contract; the semantic rule information may refer to rule information employed to check semantics of the smart contract. The grammar rule information and the semantic rule information are used for matching and checking with code information of the intelligent contract to realize grammar checking and semantic checking of the intelligent contract, identify whether potential safety hazards exist in the intelligent contract and identify that the intelligent contract does not meet rules or unsafe operations.
In practical application, a semantic grammar rule base can be set, and a plurality of grammar rule information and a plurality of semantic rule information can be included in the semantic grammar rule base. And each contract type can search corresponding grammar rule information and semantic rule information in a semantic grammar rule base. Specifically, the grammar rule information and the semantic rule information corresponding to the contract type of the intelligent contract can be found in a table look-up manner. The grammar rule information and the semantic rule information can be based on an artificial intelligence training module, a large number of intelligent contract security standard samples and error samples are referred to generate corresponding contract types, and then the semantic rule information and the grammar rule information of intelligent contracts under different contract types are formed through modes such as artificial marking.
And S104, carrying out grammar check and semantic check on the intelligent contract based on the code information, the grammar rule information and the semantic rule information to obtain the safety information of the intelligent contract.
Wherein the security information of the intelligent contract can characterize the security of the intelligent contract. The security information of the smart contract may include information regarding the confirmation of security and the presence of errors. The relevant information that there is an error may specifically include: error code content, location and its corresponding error type. For example, the error types may include syntax errors, semantic errors; syntax errors may include object misses, exception handling misses, variable name usage errors, and so on.
In practical application, the code information of the intelligent contract can be checked based on the syntax rule information and the semantic rule information to check whether the code information conforms to the corresponding semantic rule and syntax rule. After the security information is obtained, a detection report of the intelligent contract can be generated according to the security information, and information such as a structure position and an error type of the potential safety hazard of the intelligent contract can be recorded in the detection report in detail, so that related technical personnel can conveniently debug and modify the intelligent contract.
It should be noted that the above security detection method may be implemented when the intelligent contract is written and is not on-line yet, and a writer of the intelligent contract may modify and resubmit the detection according to the detection report until the unsafe item reported in the detection report returns to zero.
The contract type of the intelligent contract is determined based on the code information of the intelligent contract, the grammar rule information and the semantic rule information corresponding to the intelligent contract are obtained based on the contract type, and grammar check and semantic check are carried out on the intelligent contract based on the code information, the grammar rule information and the semantic rule information, so that the safety of the intelligent contract is ensured, and huge property loss caused by the security problem of code holes is avoided.
Fig. 3 is a flowchart of a method for determining a contract type of an intelligent contract based on code information according to an embodiment of the present invention. In one possible implementation, as shown in fig. 3, the step S102 may include:
s301, acquiring a contract classification model.
Wherein, the contract classification model can be used for determining the contract type corresponding to the intelligent contract.
In practical application, the contract classification model can be obtained in advance through a machine learning method. Specifically, the training method of the contract classification model may include: the method comprises the steps of using an existing intelligent contract as a training set, extracting a program segment, segmenting the program segment, marking a code segment after a calling function in the intelligent contract is extracted, encoding the code segment into a vector and other data processing processes, inputting the obtained vector into a neural network, performing semantic analysis training by using a BLSTM (bidirectional long short term memory network) model in the field of natural language processing, and finally obtaining a contract type, grammatical rule information and semantic rule information of the input intelligent contract through a classifier.
S302, inputting the code information into a contract classification model to obtain a contract type of the intelligent contract.
In practical application, the code information can be preprocessed, and the preprocessed code information is input into the contract classification model to obtain the contract type corresponding to the intelligent contract. Specifically, the preprocessing process may be extracting a call function in the intelligent contract, extracting a program segment, segmenting the program segment, marking a code segment, and encoding the code segment into data such as a vector.
Fig. 4 is a flowchart of a method for constructing a contract classification model according to an embodiment of the present invention, and fig. 5 is a flowchart of a method for training a contract classification model according to an embodiment of the present invention. In one possible embodiment, the constructing of the contract classification model may specifically include:
s401, obtaining sample code information and a contract type label of a sample intelligent contract.
Wherein the sample code information may be code information of an existing intelligent contract. The sample code information may constitute a single sample data, and multiple sample data may constitute a training sample set. The contract type label can be preset according to the contract type of the sample code information.
S402, inputting the sample code information into a preset machine learning model, and performing contract type prediction processing to obtain predicted contract type information.
The predetermined machine learning model may include, but is not limited to, one of a neural network model, a regression model, a least squares model, a support vector machine, a markov algorithm, etc., wherein the neural network model includes one or more of a deep neural network, a recurrent neural network, a convolutional neural network, etc. Deep learning is an algorithm for feature learning on large amounts of data. Deep learning is the intrinsic law and expression level of the learning sample data, and the information obtained in the learning process is very helpful for the interpretation of data such as characters, images and sounds. The final aim of the method is to enable the machine to have the analysis and learning capability like a human, and to recognize data such as characters, images and sounds. The feature extraction of deep learning does not depend on manual work, but is automatically extracted, so that the method has very strong learning capability and adaptability, is driven by data, and has a high upper limit.
And S403, obtaining contract type loss information according to the contract type label and the predicted contract type information.
Wherein, the specific loss calculation process of the contract type loss information is not limited in the present disclosure.
S404, training a preset machine learning model according to the contract type loss information to obtain a contract classification model.
The process of training the preset machine learning model is not limited in this disclosure.
And a deep learning method is used for generating a contract classification model, so that complicated calibration calculation and solution are avoided.
Fig. 6 is a flowchart of a method for performing syntax check and semantic check on an intelligent contract based on syntax rule information and semantic rule information to obtain security information of the intelligent contract according to the embodiment of the present invention. In one possible implementation, as shown in fig. 6, the step S104 may include:
s601, constructing an abstract syntax tree corresponding to the intelligent contract based on the code information.
The abstract syntax tree corresponding to the intelligent contract can be an abstract representation of a source code syntax structure of the intelligent contract; the abstract syntax tree represents the syntax structure of the programming language in the form of a tree, and each node on the tree represents a structure in the intelligent contract source code.
In practical application, the code information of the intelligent contract can construct an Abstract Syntax Tree (AST) based on a BNF (back-Naur form) through a built-in compiling tool.
And S602, matching the node information of the abstract syntax tree with the node information in the syntax rule information based on the syntax rule information.
The syntax rule information corresponding to the contract type of the intelligent contract may include rule information of all nodes of the abstract syntax tree under the contract type.
In practical application, through the abstract syntax tree of the intelligent contract, the syntactic content can be subjected to expanded syntax recognition, and simple contract security recognition can be carried out. Specifically, based on the syntax rule information, the node information in the abstract syntax tree and the node information in the syntax rule information are matched according to a recursive descent analysis method to perform syntax check, so that whether potential safety hazards exist can be determined.
S603, under the condition that the node information in the abstract syntax tree is not matched with the node information in the syntax rule information, the safety information is obtained to be the related information with errors.
The information related to the error may specifically include: error code content, location and its corresponding error type. For example, the error types may include syntax errors, semantic errors; syntax errors may include type errors, exception handling misses, variable name usage errors, and the like.
In practical application, under the condition that the node information in the abstract syntax tree is not matched with the node information in the syntax rule information, the code information of the intelligent contract can be determined to have potential safety hazards, and the error code content, the error position and the corresponding error type can be obtained according to the specific unmatched node information, namely the relevant information with errors. The intelligent contract is subjected to syntax check through the abstract syntax tree, the method is simple, and the semantic check accuracy is high.
Fig. 7 is a flowchart of another method for performing syntax check and semantic check on an intelligent contract based on syntax rule information and semantic rule information to obtain security information of the intelligent contract according to the embodiment of the present invention. In a possible embodiment, as shown in fig. 7, the step S104 may further include:
and S701, acquiring object information of the intelligent contract based on the code information.
The object information may refer to information related to objects and methods that need to be exposed and indispensable to the outside in the smart contract. It can be understood that there may be indispensable objects and methods in the smart contract, and it is necessary to check whether the objects and methods are complete. For example, the indispensable methods may include an initialization method, a destruction method, and the like. There are also corresponding indispensable objects and methods for different contract types.
In practical application, based on the code information, the object information of the intelligent contract can be acquired. Specifically, based on the code information, the object and the method exposed to the outside, which are adopted in the smart contract, can be extracted.
And S702, matching the object information of the intelligent contract with the preset object information of the semantic rule information.
In practical application, the preset object information based on the semantic rule information can be matched with the object information of the intelligent contract. For example, 3 objects and 3 methods that need to be exposed to the outside are specified in semantic rule information corresponding to the contract type of the smart contract, and whether the smart contract has the 3 objects and 3 methods is determined through matching check.
And S703, under the condition that the object information of the intelligent contract is not matched with the preset object information of the semantic rule information, obtaining the related information of which the safety information is wrong.
In practical application, when the object information of the intelligent contract and the preset object information of the semantic rule information are not matched, the code information of the intelligent contract can be determined to have potential safety hazards, and the safety information with the error type of object loss can be obtained according to the specific unmatched object or method.
Fig. 8 is a flowchart of another method for performing syntax check and semantic check on an intelligent contract based on syntax rule information and semantic rule information to obtain security information of the intelligent contract according to the embodiment of the present invention. In a possible embodiment, as shown in fig. 8, the step S104 may further include:
and S801, acquiring selective branch information of the intelligent contract based on the code information.
The option branch information may be code information for determining a structure of the execution path according to a certain condition. The selection branch information may include code information of the selection structure and code information of the branch structure.
In practical application, based on the code information, the selection branch information of the intelligent contract can be obtained. Specifically, based on the code information, the selection structure and the branch structure in the intelligent contract can be extracted. And for the condition that the selection structure and the branch structure cannot be extracted correctly due to the fact that the selection structure or the branch structure is not complete, generating safety information with the error type of selection branch missing for outputting.
S802, under the condition that the processing information corresponding to the abnormal state does not exist in the option branch information, the obtained safety information is the related information with errors.
In practical applications, when no processing information corresponding to an abnormal state exists in the option information, the safety information with the error type of abnormal processing missing can be obtained according to the option information corresponding to the processing information corresponding to the abnormal state. It can be understood that the intelligent contract needs to have the corresponding processing steps when the abnormal state occurs when being called so as to deal with the abnormal state. If the processing information corresponding to the abnormal state does not exist, the intelligent contract can be considered to have potential safety hazard.
Fig. 9 is a flowchart of another method for performing syntax check and semantic check on an intelligent contract based on syntax rule information and semantic rule information to obtain security information of the intelligent contract according to the embodiment of the present invention. In a possible embodiment, as shown in fig. 9, the step S104 may further include:
and S901, acquiring selection combination information corresponding to the intelligent contract based on the code information, wherein the selection combination information comprises variable names corresponding to a plurality of selection combinations.
The selective combination information may refer to variable information of different selective combinations in the same contract condition. The selection combination information may include multiple variable names in different selection combinations in the same contract condition.
In practical application, based on the code information, variable names can be extracted from different selection combinations in the same contract condition to obtain selection combination information.
And S902, under the condition that the same variable name exists in the selected combined information, obtaining the safety information which is related to the error.
In practical application, when the same variable name exists in the selected combination information, it can be determined that the code information of the intelligent contract has a potential safety hazard, and the security information with the wrong variable name usage type is generated. It is understood that the same variable name is used in different selection combinations in the same contract condition, combination coverage may occur, and so on, and thus a contract exception due to distributed execution may occur, and it is necessary to check whether the same variable name exists in the selection combination information.
Fig. 10 is a block diagram of a security detection apparatus for an intelligent contract according to an embodiment of the present invention. On the other hand, as shown in fig. 10, the present embodiment further provides a security detection apparatus for a smart contract, the apparatus including:
a code information obtaining module 10, configured to obtain code information of an intelligent contract;
a contract type determining module 20, configured to determine a contract type of the intelligent contract based on the code information;
a rule information determining module 30, configured to obtain, based on the contract type, syntax rule information and semantic rule information corresponding to the intelligent contract;
and the security information acquisition module 40 is configured to perform syntax check and semantic check on the intelligent contract based on the code information, the syntax rule information, and the semantic rule information to obtain security information of the intelligent contract.
On the other hand, an embodiment of the present invention further provides an electronic device, including: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to execute the security detection method of the intelligent contract.
In another aspect, an embodiment of the present invention further provides a non-volatile computer-readable storage medium, on which computer program instructions are stored, where the computer program instructions, when executed by a processor, implement the security detection method for the intelligent contract.
It is noted that while for simplicity of explanation, the foregoing method embodiments have been presented as a series of interrelated states or acts, it should be appreciated by those skilled in the art that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Similarly, the modules of the security detection apparatus of the smart contract refer to computer programs or program segments for performing one or more specific functions, and the distinction between the modules does not mean that actual program codes are also necessarily separated. Further, the above embodiments may be arbitrarily combined to obtain other embodiments.
In the foregoing embodiments, the descriptions of the embodiments have respective emphasis, and reference may be made to related descriptions of other embodiments for parts that are not described in detail in a certain embodiment. Those of skill in the art will further appreciate that the various illustrative logical blocks, units, and steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate the interchangeability of hardware and software, various illustrative components, elements, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design requirements of the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present embodiments.
The foregoing description has disclosed fully preferred embodiments of the present invention. It should be noted that those skilled in the art can make modifications to the embodiments of the present invention without departing from the scope of the appended claims. Accordingly, the scope of the appended claims is not to be limited to the specific embodiments described above.
Claims (10)
1. A security detection method for an intelligent contract, the method comprising:
acquiring code information of an intelligent contract;
determining a contract type of the intelligent contract based on the code information;
acquiring grammar rule information and semantic rule information corresponding to the intelligent contract based on the contract type;
and carrying out grammar check and semantic check on the intelligent contract based on the code information, the grammar rule information and the semantic rule information to obtain the safety information of the intelligent contract.
2. The method of claim 1, wherein determining the contract type of the intelligent contract based on the code information comprises:
acquiring a contract classification model;
and inputting the code information into the contract classification model to obtain the contract type of the intelligent contract.
3. The method of claim 2, further comprising:
acquiring sample code information and a contract type label of a sample intelligent contract;
inputting the sample code information into a preset machine learning model, and performing contract type prediction processing to obtain predicted contract type information;
obtaining contract type loss information according to the contract type label and the predicted contract type information;
and training the preset machine learning model according to the contract type loss information to obtain the contract classification model.
4. The method of claim 1, wherein the performing syntax checking and semantic checking on the intelligent contract based on the syntax rule information and the semantic rule information to obtain security information of the intelligent contract comprises:
constructing an abstract syntax tree corresponding to the intelligent contract based on the code information;
matching the node information of the abstract syntax tree with the node information in the syntax rule information based on the syntax rule information;
and under the condition that the node information in the abstract syntax tree is not matched with the node information in the syntax rule information, obtaining the related information of which the safety information is wrong.
5. The method of claim 1, wherein the performing syntax checking and semantic checking on the intelligent contract based on the syntax rule information and the semantic rule information to obtain security information of the intelligent contract comprises:
acquiring object information of the intelligent contract based on the code information;
matching the object information of the intelligent contract with the preset object information of the semantic rule information;
and under the condition that the object information of the intelligent contract is not matched with the preset object information of the semantic rule information, obtaining that the safety information is related information with errors.
6. The method of claim 1, wherein the performing syntax checking and semantic checking on the intelligent contract based on the syntax rule information and the semantic rule information to obtain security information of the intelligent contract comprises:
acquiring selection branch information of the intelligent contract based on the code information;
and under the condition that the processing information corresponding to the abnormal state does not exist in the option information, obtaining the safety information as the related information with errors.
7. The method of claim 1, wherein the performing syntax checking and semantic checking on the intelligent contract based on the syntax rule information and the semantic rule information to obtain security information of the intelligent contract comprises:
acquiring selection combination information corresponding to the intelligent contract based on the code information, wherein the selection combination information comprises variable names corresponding to a plurality of selection combinations;
and under the condition that the same variable name exists in the selection combination information, obtaining the safety information as related information with errors.
8. A security detection apparatus for smart contracts, the apparatus comprising:
the code information acquisition module is used for acquiring the code information of the intelligent contract;
the contract type determining module is used for determining the contract type of the intelligent contract based on the code information;
the rule information determining module is used for acquiring grammar rule information and semantic rule information corresponding to the intelligent contract based on the contract type;
and the safety information acquisition module is used for carrying out grammar check and semantic check on the intelligent contract based on the code information, the grammar rule information and the semantic rule information to obtain the safety information of the intelligent contract.
9. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to execute the executable instructions to implement the security detection method of the smart contract of any of claims 1-7.
10. A non-transitory computer readable storage medium having stored thereon computer program instructions, wherein the computer program instructions, when executed by a processor, implement a method for security detection of a smart contract according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111497320.9A CN113900665B (en) | 2021-12-09 | 2021-12-09 | Security detection method and device for intelligent contract |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111497320.9A CN113900665B (en) | 2021-12-09 | 2021-12-09 | Security detection method and device for intelligent contract |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113900665A true CN113900665A (en) | 2022-01-07 |
| CN113900665B CN113900665B (en) | 2022-03-15 |
Family
ID=79025634
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111497320.9A Active CN113900665B (en) | 2021-12-09 | 2021-12-09 | Security detection method and device for intelligent contract |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113900665B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103294596A (en) * | 2013-05-23 | 2013-09-11 | 西安电子科技大学 | Early warning method for contract-type software fault based on program invariants |
| CN113486915A (en) * | 2021-04-26 | 2021-10-08 | 深圳前海移联科技有限公司 | Multi-platform-based intelligent contract classification method and system and electronic equipment |
-
2021
- 2021-12-09 CN CN202111497320.9A patent/CN113900665B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103294596A (en) * | 2013-05-23 | 2013-09-11 | 西安电子科技大学 | Early warning method for contract-type software fault based on program invariants |
| CN113486915A (en) * | 2021-04-26 | 2021-10-08 | 深圳前海移联科技有限公司 | Multi-platform-based intelligent contract classification method and system and electronic equipment |
Non-Patent Citations (1)
| Title |
|---|
| 廖俊杰: "智能合约漏洞检测技术研究与应用", 《CNKI》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113900665B (en) | 2022-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10108535B2 (en) | Web application test script generation to test software functionality | |
| US10635409B2 (en) | System and method for improving software code quality using artificial intelligence techniques | |
| CN112015430B (en) | JavaScript code translation method, device, computer equipment and storage medium | |
| EP3588279B1 (en) | Automated extraction of rules embedded in software application code using machine learning | |
| US11775414B2 (en) | Automated bug fixing using deep learning | |
| EP3021225B1 (en) | Automated configuration code based selection of test cases for payment terminals | |
| EP3695310A1 (en) | Blackbox matching engine | |
| US11403536B2 (en) | System and method for anti-pattern detection for computing applications | |
| CN114297654A (en) | Intelligent contract vulnerability detection method and system for source code hierarchy | |
| CN103262088A (en) | Formal analysis of the quality and conformance of information flow downgraders | |
| CN110765483A (en) | Configured log desensitization method and device and electronic equipment | |
| JP2018505506A (en) | Machine-based instruction editing | |
| CN112560049A (en) | Vulnerability detection method and device and storage medium | |
| CN109359055B (en) | Data testing method and device | |
| Nam et al. | A bug finder refined by a large set of open-source projects | |
| CN118013963B (en) | Method and device for identifying and replacing sensitive words | |
| CN110928535B (en) | Derived variable deployment method, device, equipment and readable storage medium | |
| CN113900665B (en) | Security detection method and device for intelligent contract | |
| CN113885876A (en) | Parameter checking method, device, storage medium and computer system | |
| KR20200071413A (en) | Machine learning data generating apparatus, apparatus and method for analyzing errors in source code | |
| CN115328753B (en) | Fault prediction method and device, electronic equipment and storage medium | |
| Savchenko et al. | Deedp: vulnerability detection and patching based on deep learning | |
| CN113127635B (en) | Data processing method, device and system, storage medium and electronic equipment | |
| Ajila et al. | Aspectualization of code clones—an algorithmic approach | |
| CN112631930B (en) | Dynamic system testing method and related device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |