CN114880673A - Method and system for detecting private data leakage aiming at applet source code - Google Patents
Method and system for detecting private data leakage aiming at applet source code Download PDFInfo
- Publication number
- CN114880673A CN114880673A CN202210461183.1A CN202210461183A CN114880673A CN 114880673 A CN114880673 A CN 114880673A CN 202210461183 A CN202210461183 A CN 202210461183A CN 114880673 A CN114880673 A CN 114880673A
- Authority
- CN
- China
- Prior art keywords
- file
- taint
- tool
- flow
- source
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3608—Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation
Abstract
The invention provides a method and a system for detecting private data leakage aiming at an applet source code, which comprises the following steps: reading a small program development document, classifying and marking an application program interface API provided by a small program platform, and storing a marking result as a configuration file of a stain source and a stain convergence point; json, dividing the applet source code file into a tool file and a page file according to the applet configuration file app; the dependency analyzer analyzes the dependency relationship of the tool files and sorts the analysis sequence of the files; obtaining a taint flow of each tool file according to the sequence of the tool files; all additional point sources and additional point gathers are added to the point source and point gather profile; the page unit analyzer adds the analysis results of the HTML file and the JSON file into the JS file; the taint flow analyzer analyzes the JS file to obtain the taint flow of the JS file; a privacy disclosure report is given. The invention can realize the privacy disclosure detection before the small program is put on shelf.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a system for detecting private data leakage aiming at an applet source code.
Background
At present, a large number of applets which can contact privacy information of users exist on various applet platforms, and the applets are widely used in daily life and become a main source of privacy disclosure. With the trend of protecting user privacy, applet privacy disclosure detection becomes an important issue.
Therefore, in the prior art, the invention patent with publication number CN113326539A discloses a method, device and system for detecting private data leakage for an applet, which includes: in response to receiving a detection task for a first page in the applet, which is issued by a detection server, opening the first page in the client, and injecting a detection code into the first page, wherein the detection code comprises a first code; searching a first type of triggerable control in a first page by using a first code; if the first trigger event is found, executing a first trigger event of the first type of triggerable control in the first page; acquiring first information returned by a background server of the applet aiming at a first trigger event, and a first interface used by the background server for transmitting the first information; and if the first information comprises plaintext privacy data, generating and returning a first detection result for indicating that the privacy data is leaked from the first interface. This patent proposes a detection method by injecting code into an applet, which can detect privacy leaks, but the injection of code may destroy the normal function of the applet, and furthermore each detection requires the actual running of the applet, which may be long.
The invention patent with publication number CN113297609A discloses a method and a device for privacy acquisition behavior monitoring aiming at an applet, which comprises the steps of detecting whether first data is user privacy data or not, wherein the first data is acquired by the applet through a host application; if the detection result is positive, adding a privacy tag to the first data; in response to monitoring the calling of the small program to the data output interface, the identification component determines whether the input parameters of the data output interface comprise target data added with a privacy tag, and records privacy acquisition behavior information related to the target data for the small program when the determination result is yes. This patent proposes a method for detecting whether there is private information in the parameters of the applet output interface by monitoring. The method needs a user to participate in detection, so that the privacy disclosure problem cannot be found before the small program is put on shelf.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a method and a system for detecting the leakage of private data aiming at an applet source code.
According to the method and the system for detecting the private data leakage aiming at the applet source code, the scheme is as follows:
in a first aspect, a method for private data disclosure detection for applet source code is provided, the method comprising:
step S1: reading a small program development document, classifying and marking Application Program Interfaces (API) provided by a small program platform into 3 classes, namely a sewage source, a sewage convergence point and the like, wherein the marked result can be stored as a configuration file of the sewage source and the sewage convergence point;
step S2: after the small program platform obtains a small program source code, dividing a small program source code file into a tool file and a page file according to a small program configuration file app.json;
step S3: the dependency analyzer analyzes the dependency relationship of the applet tool files and sorts the analysis sequence of the files according to the dependency relationship;
step S4: sequentially inputting each tool file into a stain flow analyzer according to the sequence of the tool files, and performing analysis by the stain flow analyzer according to configuration files of a stain point source and a stain gathering point to obtain a stain flow of each tool file;
step S5: inputting the taint flow of each tool file into an additional taint source and taint convergence point analyzer, wherein all the additional taint sources and additional taint convergence points are added into the taint source and taint convergence point configuration files;
step S6: after the analysis of all tool files is completed, each page is input into a page unit analyzer, each page unit of the applet comprises an HTML file, a JS file and a JSON file, and the page unit analyzer adds the analysis results of the HTML file and the JSON file into the JS file;
step S7: the stain flow analyzer analyzes the JS file according to the stain source and stain convergent point configuration files to obtain the stain flow of the JS file;
step S8: and giving a privacy disclosure report according to the taint flow of the JS file.
Preferably, the step S3 specifically includes:
step S3.1: analyzing a require keyword in the tool file to obtain which other files the tool file depends on;
step S3.2: representing the dependency relationship of all tool files into an AOE graph, wherein the graph is a directed acyclic graph, one node represents one tool file, and one edge pointing from A to B represents B dependency A;
step S3.3: and carrying out topological sorting on the AOE graph.
Preferably, the step S4 specifically includes:
step S4.1: pre-treating; reconstructing codes in an input file, wherein the codes comprise renamed variable names, rewritten nested functions and anonymous functions;
step S4.2: an assignment flow graph is constructed, and the core of taint propagation is to assign a taint value to another value and create an assignment flow graph for each function;
step S4.3: searching function aliases, and searching aliases of all functions through a worklist algorithm;
step S4.4: asynchronous data stream conversion, wherein a plurality of operations in the applet are asynchronous operations, an asynchronous data stream is generated, and the asynchronous data stream is converted into a synchronous data stream;
step S4.5: and (4) carrying out taint flow propagation through a worklist algorithm.
Preferably, the step S5 specifically includes: the taint flow of each tool file is divided into two types, one type is that the taint flow flows from a taint source to a return value of a function, and the other type is that the taint flow flows from a parameter of the function to a taint gathering point;
inputting the taint flow for each tool file into an additional taint source and taint point aggregator, the function labeled as an additional taint source for the case where the taint flow flows from the taint source to the return value of the function; for the case where the taint flow flows from the parameters of a function to the taint point of convergence, the function is labeled as the additional taint point of convergence.
Preferably, the step S6 specifically includes:
step S6.1: the method comprises the steps that three types of leakage are contained in an HTML file related to user input or user open data, and the HTML file is analyzed according to the types;
step S6.2: and analyzing the JSON file.
Preferably, the step S8 also has two types of special privacy leaks, and data is transferred through page data and global data.
In a second aspect, a system for private data disclosure detection for applet source code is provided, the system comprising:
model M1: reading a small program development document, classifying and marking Application Program Interfaces (API) provided by a small program platform into 3 classes, namely a sewage source, a sewage convergence point and the like, wherein the marked result can be stored as a configuration file of the sewage source and the sewage convergence point;
model M2: after the small program platform obtains a small program source code, dividing a small program source code file into a tool file and a page file according to a small program configuration file app.json;
model M3: the dependency analyzer analyzes the dependency relationship of the applet tool files and sorts the analysis sequence of the files according to the dependency relationship;
model M4: sequentially inputting each tool file into a stain flow analyzer according to the sequence of the tool files, and performing analysis by the stain flow analyzer according to configuration files of a stain point source and a stain gathering point to obtain a stain flow of each tool file;
model M5: inputting the taint flow of each tool file into an additional taint source and taint convergence point analyzer, wherein all the additional taint sources and additional taint convergence points are added into the taint source and taint convergence point configuration files;
model M6: after the analysis of all tool files is completed, each page is input into a page unit analyzer, each page unit of the applet comprises an HTML file, a JS file and a JSON file, and the page unit analyzer adds the analysis results of the HTML file and the JSON file into the JS file;
model M7: the stain flow analyzer analyzes the JS file according to the stain source and stain convergent point configuration files to obtain the stain flow of the JS file;
model M8: and giving a privacy disclosure report according to the taint flow of the JS file.
Preferably, the module M3 specifically includes:
module M3.1: analyzing a require keyword in the tool file to obtain which other files the tool file depends on;
module M3.2: representing the dependency relationship of all tool files into an AOE graph, wherein the graph is a directed acyclic graph, one node represents one tool file, and one edge pointing from A to B represents B dependency A;
module M3.3: and carrying out topological sorting on the AOE graph.
Preferably, the module M4 specifically includes:
module M4.1: pre-treating; reconstructing codes in an input file, wherein the codes comprise renamed variable names, rewritten nested functions and anonymous functions;
module M4.2: an assignment flow graph is constructed, and the core of taint propagation is to assign a taint value to another value and create an assignment flow graph for each function;
module M4.3: searching function aliases, and searching aliases of all functions through a worklist algorithm;
module M4.4: asynchronous data stream conversion, wherein a plurality of operations in the applet are asynchronous operations, an asynchronous data stream is generated, and the asynchronous data stream is converted into a synchronous data stream;
module M4.5: and (4) carrying out taint flow propagation through a worklist algorithm.
Preferably, the module M5 specifically includes: the taint flow of each tool file is divided into two types, one type is that the taint flow flows from a taint source to a return value of a function, and the other type is that the taint flow flows from a parameter of the function to a taint gathering point;
inputting the taint flow for each tool file into an additional taint source and taint point aggregator, the function labeled as an additional taint source for the case where the taint flow flows from the taint source to the return value of the function; for the case where the taint flow flows from a parameter of a function to a taint point of convergence, the function is labeled as an additional taint point of convergence;
the module M6 specifically includes:
module M6.1: the method comprises the steps that three types of leakage are contained in an HTML file related to user input or user open data, and the HTML file is analyzed according to the types;
module M6.2: analyzing the JSON file;
there are also two types of special privacy leaks in the module M8, passing data through page data and global data.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention adopts the method of static detection and analysis of the applet source code, thereby realizing the detection of privacy disclosure before the applet is put on shelf;
2. the invention realizes the efficient and accurate tracking of the stain transmission by adopting the method based on the object chain analysis;
3. the invention realizes the purpose of exposing the data flow for convenient analysis by adopting the method of constructing the assignment flow graph;
4. the invention converts the asynchronous flow into the synchronous flow by adopting the method of constructing the asynchronous flow, thereby realizing tracking of stain propagation in the asynchronous flow.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is an overall flow chart of the present invention;
FIG. 2 is an analysis diagram of the applet platform after the applet source code is obtained;
FIG. 3 is a smear stream analysis.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the invention, but are not intended to limit the invention in any way. It should be noted that it would be obvious to those skilled in the art that various changes and modifications can be made without departing from the spirit of the invention. All falling within the scope of the present invention.
An embodiment of the present invention provides a method for detecting leakage of private data for an applet source code, which is shown in fig. 1 and fig. 2 and specifically includes:
step S1: experts classify Application Programming Interfaces (APIs) provided by the applet platform by reading the applet development documents, and classify the APIs into 3 classes, which are a stain source, a stain aggregation point and others. And the taint source expression program calls the API to introduce user private data into the system, and the taint convergence point expression program calls the API and then the system leaks the user data to the outside. The results of the expert annotation are saved as configuration files of the stain source and the stain gathering point.
Step S2: and after the applet platform obtains the applet source code, dividing the applet source code file into a tool file and a page file according to the applet configuration file app. Json file under applet root directory is used for carrying out global configuration on the applet, determining path and window expression of page files, setting network timeout time, setting multiple tabs and the like.
Step S3: the dependency analyzer analyzes the dependency relationship of the applet tool files and sorts the analysis order of the files accordingly.
Specifically, step S3 specifically includes:
step S3.1: and analyzing the require keywords in the tool file to obtain which other files the tool file depends on.
Step S3.2: representing the dependency relationship of all tool files as an activity-on-edge (AOE) graph, wherein the graph is a directed acyclic graph, one node represents one tool file, and one edge pointing from A to B represents B and depends on A.
Step S3.3: and carrying out topological sorting on the AOE graph.
Step S4: and sequentially inputting each tool file into a taint flow analyzer according to the sequence of the tool files, and performing analysis by the taint flow analyzer according to the configuration files of the taint source and the taint gathering point to obtain the taint flow of each tool file.
Specifically, referring to fig. 3, step S4 specifically includes:
step S4.1: pre-treating; and reconstructing codes in the input file, wherein the code comprises renaming variable names, rewriting nested functions and anonymous functions. Renaming variable names: since there are many variables in an applet with the same name but pointing to different objects, the system renames each variable for distinction based on its scope information. The new variable name consists of the original variable name and a counter value. The counter will record the number of times each variable name has occurred. Rewriting nested and anonymous functions: nested functions and anonymous functions are a function expression (function expression) node in an Abstract Syntax Tree (AST). The present system will track each functional expression and replace the corresponding AST node with a unique identifier. Once the entire AST is accessed, a function declaration is appended in the body for each function encountered. After preprocessing, the JS file can be decomposed into a set of functions, where the global code can be viewed as a virtual function.
Step S4.2: assignment flow graph construction, wherein the core of taint propagation is to assign one taint value to another value, so the system creates an assignment flow graph for each function. The assignment flow graph is a directed acyclic graph, each node represents a state of the program, and each edge represents the data flow condition after the program executes an action.
Step S4.3: and (4) searching function aliases. A function may have multiple function names. The system searches aliases of all functions through a worklist algorithm.
Step S4.4: and (4) asynchronous data stream conversion. Many of the operations in an applet are asynchronous operations, generating asynchronous data streams. The present system thus converts asynchronous data streams into synchronous data streams.
Step S4.5: and (4) carrying out taint flow propagation through a worklist algorithm.
Step S5: the taint flow for each tool file is of two types, one is that there is a return value for the taint flow from the taint source to a function, and the other is that there is a taint flow from a parameter of a function to the taint collection point. Inputting the taint flow for each tool file into an additional taint source and taint point aggregator, the function labeled as an additional taint source for the case where the taint flow flows from the taint source to the return value of the function; for the case where the taint flow flows from the parameters of a function to the taint point of convergence, the function is labeled as the additional taint point of convergence. All additional points of sewage sources and additional points of sewage concentration are added to the sewage source and point of sewage concentration profile.
Step S6: after all tool file analysis is completed, each page is entered into the page unit analyzer. Each page unit of the applet has an HTML file, a JSON file and a JSON file. And the page unit analyzer adds the analysis results of the HTML file and the JSON file into the JS file.
Specifically, step S6 specifically includes:
step S6.1: and analyzing the HTML file. There are three types of leakage in HTML files associated with user input or user open data. 1) Bidirectional data binding refers to a way to bind data between an HTML file and a JS file in a page. The page parser adds a virtual function to each bidirectional data in the data object in the JS file. 2) And inputting a response program of the event. The page analyzer would label the parameters of the response routine for each input event as taint sources. 3) And opening data. The page analyzer will mark the return value requesting open data as the dirty source.
Step S6.2: and analyzing the JSON file. The applet page may use the components. A component is a special class of pages. The page analyzer scans components used by the page. If components are used, the page analyzer also analyzes the components in a manner that analyzes the page.
Step S7: and the stain flow analyzer analyzes the JS file according to the stain source and stain convergent point configuration files to obtain the stain flow of the JS file.
Step S8: and giving a privacy disclosure report according to the taint flow of the JS file. In addition, there are two types of special privacy leaks, data is transferred through page data (page data) and global data (global data). The page data refers to data attributes of each page, which are read and written by this. User privacy information may be stored and disseminated through the page data. Given one taint stream from a taint source to this.data.key and another taint stream from this.data.key to a taint leak point, the present system will link the two to generate a privacy leak report. Similarly, global data may connect taint flows of different pages.
The embodiment of the invention provides a method for detecting privacy data leakage aiming at an applet source code.
Those skilled in the art will appreciate that, in addition to implementing the system and its various devices, modules, units provided by the present invention as pure computer readable program code, the system and its various devices, modules, units provided by the present invention can be fully implemented by logically programming method steps in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Therefore, the system and various devices, modules and units thereof provided by the invention can be regarded as a hardware component, and the devices, modules and units included in the system for realizing various functions can also be regarded as structures in the hardware component; means, modules, units for performing the various functions may also be regarded as structures within both software modules and hardware components for performing the method.
The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.
Claims (10)
1. A method for private data disclosure detection for applet source code, comprising:
step S1: reading a small program development document, classifying and marking Application Program Interfaces (API) provided by a small program platform into 3 classes, namely a sewage source, a sewage convergence point and the like, and storing marking results as configuration files of the sewage source and the sewage convergence point;
step S2: after the small program platform obtains a small program source code, dividing a small program source code file into a tool file and a page file according to a small program configuration file app.json;
step S3: analyzing the dependency relationship of the applet tool files by a dependency analyzer, and sequencing the analysis sequence of the files according to the dependency relationship;
step S4: sequentially inputting each tool file into a stain flow analyzer according to the sequence of the tool files, and performing analysis by the stain flow analyzer according to configuration files of a stain point source and a stain gathering point to obtain a stain flow of each tool file;
step S5: inputting the taint stream of each tool file into an additional taint source and taint convergence point analyzer, all of which are added to the taint source and taint convergence point profiles;
step S6: after the analysis of all tool files is completed, inputting each page into a page unit analyzer, wherein each page unit of the applet comprises an HTML file, a JS file and a JSON file, and the page unit analyzer adds the analysis results of the HTML file and the JSON file into the JS file;
step S7: the stain flow analyzer analyzes the JS file according to the stain source and stain convergent point configuration files to obtain the stain flow of the JS file;
step S8: and giving a privacy disclosure report according to the taint flow of the JS file.
2. The method for detecting leakage of private data with respect to applet source code according to claim 1, wherein the step S3 specifically includes:
step S3.1: analyzing a require keyword in the tool file to obtain which other files the tool file depends on;
step S3.2: representing the dependency relationship of all tool files into an AOE graph, wherein the graph is a directed acyclic graph, one node represents one tool file, and one edge pointing from A to B represents B dependency A;
step S3.3: and carrying out topological sorting on the AOE graph.
3. The method for detecting leakage of private data with respect to applet source code according to claim 1, wherein the step S4 specifically includes:
step S4.1: pre-treating; reconstructing codes in an input file, wherein the codes comprise renamed variable names, rewritten nested functions and anonymous functions;
step S4.2: an assignment flow graph is constructed, and the core of taint propagation is to assign a taint value to another value and create an assignment flow graph for each function;
step S4.3: searching function aliases, and searching aliases of all functions through a worklist algorithm;
step S4.4: asynchronous data stream conversion, wherein a plurality of operations in the applet are asynchronous operations, an asynchronous data stream is generated, and the asynchronous data stream is converted into a synchronous data stream;
step S4.5: and (4) carrying out taint flow propagation through a worklist algorithm.
4. The method for detecting leakage of private data with respect to applet source code according to claim 1, wherein the step S5 specifically includes: the taint flow of each tool file is divided into two types, one type is that the taint flow flows from a taint source to a return value of a function, and the other type is that the taint flow flows from a parameter of the function to a taint gathering point;
inputting the taint flow for each tool file into an additional taint source and taint point aggregator, the function labeled as an additional taint source for the case where the taint flow flows from the taint source to the return value of the function; for the case where the taint flow flows from the parameters of a function to the taint point of convergence, the function is labeled as the additional taint point of convergence.
5. The method for detecting leakage of private data with respect to applet source code according to claim 1, wherein the step S6 specifically includes:
step S6.1: the method comprises the steps that three types of leakage are contained in an HTML file related to user input or user open data, and the HTML file is analyzed according to the types;
step S6.2: and analyzing the JSON file.
6. The method for detecting leakage of privacy data for applet source code according to claim 1, wherein the step S8 further includes two types of special privacy leakage, data are transferred through page data and global data.
7. A system for private data disclosure detection for applet source code, comprising:
model M1: reading a small program development document, classifying and marking Application Program Interfaces (API) provided by a small program platform into 3 classes, namely a sewage source, a sewage convergence point and the like, and storing marking results as configuration files of the sewage source and the sewage convergence point;
model M2: after the small program platform obtains a small program source code, dividing a small program source code file into a tool file and a page file according to a small program configuration file app.json;
model M3: analyzing the dependency relationship of the applet tool files by a dependency analyzer, and sequencing the analysis sequence of the files according to the dependency relationship;
model M4: sequentially inputting each tool file into a stain flow analyzer according to the sequence of the tool files, and performing analysis by the stain flow analyzer according to configuration files of a stain point source and a stain gathering point to obtain a stain flow of each tool file;
model M5: inputting the taint stream of each tool file into an additional taint source and taint convergence point analyzer, all of which are added to the taint source and taint convergence point profiles;
model M6: after the analysis of all tool files is completed, inputting each page into a page unit analyzer, wherein each page unit of the applet comprises an HTML file, a JS file and a JSON file, and the page unit analyzer adds the analysis results of the HTML file and the JSON file into the JS file;
model M7: the stain flow analyzer analyzes the JS file according to the stain source and stain convergent point configuration files to obtain a stain flow of the JS file;
model M8: and giving a privacy disclosure report according to the taint flow of the JS file.
8. The system for detecting leakage of private data from applet source code according to claim 7, wherein the module M3 specifically includes:
module M3.1: analyzing a require keyword in the tool file to obtain which other files the tool file depends on;
module M3.2: representing the dependency relationship of all tool files into an AOE graph, wherein the graph is a directed acyclic graph, one node represents one tool file, and one edge pointing from A to B represents B dependency A;
module M3.3: and carrying out topological sorting on the AOE graph.
9. The system for detecting leakage of private data from applet source code according to claim 7, wherein the module M4 specifically includes:
module M4.1: pre-treating; reconstructing codes in an input file, wherein the codes comprise renamed variable names, rewritten nested functions and anonymous functions;
module M4.2: an assignment flow graph is constructed, and the core of taint propagation is to assign a taint value to another value and create an assignment flow graph for each function;
module M4.3: searching function aliases, and searching aliases of all functions through a worklist algorithm;
module M4.4: asynchronous data stream conversion, wherein a plurality of operations in the applet are asynchronous operations, an asynchronous data stream is generated, and the asynchronous data stream is converted into a synchronous data stream;
module M4.5: and (4) carrying out taint flow propagation through a worklist algorithm.
10. The system for detecting leakage of private data from applet source code according to claim 7, wherein the module M5 specifically includes: the taint flow of each tool file is divided into two types, wherein one type is that the taint flow flows from a taint source to a return value of a function, and the other type is that the taint flow flows from a parameter of the function to a taint convergence point;
inputting the taint flow for each tool file into an additional taint source and taint point aggregator, the function labeled as an additional taint source for the case where the taint flow flows from the taint source to the return value of the function; for the case where the taint flow flows from a parameter of a function to a taint point of convergence, the function is labeled as an additional taint point of convergence;
the module M6 specifically includes:
module M6.1: the method comprises the steps that three types of leakage are contained in an HTML file related to user input or user open data, and the HTML file is analyzed according to the types;
module M6.2: analyzing the JSON file;
there are also two types of special privacy leaks in the module M8, passing data through page data and global data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210461183.1A CN114880673A (en) | 2022-04-28 | 2022-04-28 | Method and system for detecting private data leakage aiming at applet source code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210461183.1A CN114880673A (en) | 2022-04-28 | 2022-04-28 | Method and system for detecting private data leakage aiming at applet source code |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114880673A true CN114880673A (en) | 2022-08-09 |
Family
ID=82670815
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210461183.1A Pending CN114880673A (en) | 2022-04-28 | 2022-04-28 | Method and system for detecting private data leakage aiming at applet source code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114880673A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117272331A (en) * | 2023-11-23 | 2023-12-22 | 北京安普诺信息技术有限公司 | Cross-thread vulnerability analysis method, device, equipment and medium based on code vaccine |
-
2022
- 2022-04-28 CN CN202210461183.1A patent/CN114880673A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117272331A (en) * | 2023-11-23 | 2023-12-22 | 北京安普诺信息技术有限公司 | Cross-thread vulnerability analysis method, device, equipment and medium based on code vaccine |
| CN117272331B (en) * | 2023-11-23 | 2024-02-02 | 北京安普诺信息技术有限公司 | Cross-thread vulnerability analysis method, device, equipment and medium based on code vaccine |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Walkinshaw et al. | Inferring extended finite state machine models from software executions | |
| Zhou et al. | API deprecation: a retrospective analysis and detection method for code examples on the web | |
| Gethers et al. | Using relational topic models to capture coupling among classes in object-oriented software systems | |
| Bavota et al. | Automating extract class refactoring: an improved method and its evaluation | |
| Poshyvanyk et al. | Feature location using probabilistic ranking of methods based on execution scenarios and information retrieval | |
| Sager et al. | Detecting similar Java classes using tree algorithms | |
| Kim et al. | Identifying and summarizing systematic code changes via rule inference | |
| Scanniello et al. | Clustering support for static concept location in source code | |
| US8984485B2 (en) | Analysis of source code changes | |
| Langer et al. | A posteriori operation detection in evolving software models | |
| EP3674918B1 (en) | Column lineage and metadata propagation | |
| Qin et al. | Testmig: Migrating gui test cases from ios to android | |
| Hora et al. | Assessing the threat of untracked changes in software evolution | |
| CN102662825B (en) | Method for detecting memory leakage of heap operational program | |
| D’Souza et al. | Collective intelligence for smarter API recommendations in python | |
| CN111026433A (en) | Method, system and medium for automatically repairing software code quality problem based on code change history | |
| Sun et al. | Effectiveness of exploring historical commits for developer recommendation: an empirical study | |
| Solanki et al. | Comparative study of software clone detection techniques | |
| Feret | Occurrence counting analysis for the π-calculus | |
| Nandi et al. | Debugging probabilistic programs | |
| CN114880673A (en) | Method and system for detecting private data leakage aiming at applet source code | |
| CN108897678B (en) | Static code detection method, static code detection system and storage device | |
| Giachino et al. | Deadlock detection in linear recursive programs | |
| Löhnertz et al. | Steinmetz: Toward Automatic Decomposition of Monolithic Software Into Microservices. | |
| Imran et al. | Complex process modeling in Process mining: A systematic review |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |