CN115292203B - Source code analysis method and device - Google Patents
Source code analysis method and device Download PDFInfo
- Publication number
- CN115292203B CN115292203B CN202211205326.9A CN202211205326A CN115292203B CN 115292203 B CN115292203 B CN 115292203B CN 202211205326 A CN202211205326 A CN 202211205326A CN 115292203 B CN115292203 B CN 115292203B
- Authority
- CN
- China
- Prior art keywords
- file
- decompressed
- code
- source code
- called
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/174—Redundancy elimination performed by the file system
- G06F16/1744—Redundancy elimination performed by the file system using compression, e.g. sparse files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/448—Execution paradigms, e.g. implementations of programming paradigms
- G06F9/4488—Object-oriented
- G06F9/449—Object-oriented method invocation or resolution
Abstract
The application provides a source code analysis method and a source code analysis device, wherein the method comprises the following steps: obtaining source code from a code repository; constructing a code package according to the source code; decompressing the code packet to obtain a first decompressed file; acquiring a second target file corresponding to the multi-mode interdependent items according to the first decompressed file; decompressing the second target file to obtain a second decompressed file; determining an un-called method according to the second decompressed file; and acquiring relevant information of the method which is not called, and recording the relevant information to the scanning log. Therefore, the method can automatically realize code analysis, has short analysis time, does not need to manually judge the analysis result, and has good adaptability, thereby improving the project development efficiency.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a source code analysis method and apparatus.
Background
Currently, in the process of project development, a large amount of code (DeadCode) which has never been called is formed due to history left, automatic generation of editing tools, and the like. The readability of the code is affected, and when the coverage rate of the code is counted, the code can cause great interference. In the existing code analysis method, the call relation of the code is formed by statically analyzing an abstract syntax tree of the code through an IDEA plug-in integrating the instance code, and the analysis is performed according to the call relation. However, in practice, the existing method is long in analysis time, needs to manually check analysis results one by one for judgment, and is poor in adaptability, so that the project development efficiency is reduced.
Disclosure of Invention
The embodiment of the application aims to provide a source code analysis method and device, which can automatically realize code analysis, have short analysis time, do not need to manually judge an analysis result, and have good adaptability, so that the project development efficiency is improved.
A first aspect of the embodiments of the present application provides a source code analysis method, including:
obtaining source code from a code repository;
constructing a code package according to the source code;
decompressing the code packet to obtain a first decompressed file;
acquiring a second target file corresponding to the multi-mode interdependent project according to the first decompressed file;
decompressing the second target file to obtain a second decompressed file;
determining an un-called method according to the second decompressed file;
and acquiring relevant information of the method which is not called, and recording the relevant information to a scanning log.
In the implementation process, the method can preferentially acquire the source code from the code warehouse; constructing a code packet according to the source code; then, carrying out decompression processing on the code packet to obtain a first decompressed file; acquiring a second target file corresponding to the multi-mode interdependent project according to the first decompressed file; then, decompressing the second target file to obtain a second decompressed file; determining the method which is not called according to the second decompressed file; and finally, acquiring the related information of the method which is not called, and recording the related information to the scanning log. Therefore, by implementing the implementation mode, code analysis can be automatically realized, the analysis time is short, the analysis result does not need to be judged manually, and the adaptability is good, so that the project development efficiency is improved.
Further, the obtaining a second target file corresponding to the multi-mode interdependent item according to the first decompressed file includes:
acquiring a project object model file in the first decompressed file;
analyzing the subordinate label of the project object model file to obtain an analysis result;
acquiring a file item from the item object model file according to the analysis result, wherein the file item is a file corresponding to the multi-mode interdependent item, and acquiring a dependent item file;
and acquiring a second target file to be decompressed from the first decompressed file according to the dependent project file.
Further, the method for determining that the file is not called according to the second decompressed file includes:
traversing the second decompressed file through the global search depth to obtain a byte code file list of the whole project;
loading the byte code file of the whole project according to the byte code file list;
judging whether methods called by other files exist in the byte code file or not;
if not, the method is determined to be an un-invoked method.
Further, the related information at least includes a file name of the bytecode file where the method is located, a path of the bytecode file where the method is located, and a method name of the method.
Further, the determining whether there is a method called by another file in the bytecode file includes:
acquiring a file which does not provide an API (application program interface) to the outside in the byte code file to obtain a file to be analyzed;
traversing the file to be analyzed through a preset search algorithm, and judging whether the method in the file to be analyzed is called in other byte code files or not;
if not, the method is determined to be an un-invoked method.
A second aspect of embodiments of the present application provides a source code analysis apparatus, including:
a first obtaining unit configured to obtain a source code from a code repository;
a construction unit for constructing a code package according to the source code;
the first decompression unit is used for decompressing the code packet to obtain a first decompressed file;
a second obtaining unit, configured to obtain, according to the first decompressed file, a second target file corresponding to the multi-mode interdependent item;
the second decompression unit is used for decompressing the second target file to obtain a second decompressed file;
a determining unit, configured to determine an un-called method according to the second decompressed file;
a third obtaining unit, configured to obtain information related to the method that has not been called;
and the log recording unit is used for recording the related information to the scanning log.
In the implementation process, the apparatus may acquire the source code from the code repository through the first acquiring unit; constructing, by a construction unit, a code package from the source code; decompressing the code packet through a first decompressing unit to obtain a first decompressed file; acquiring a second target file corresponding to the multi-mode interdependent items according to the first decompressed file through a second acquisition unit; decompressing the second target file through a second decompressing unit to obtain a second decompressed file; determining, by the determining unit, a method that has not been called from the second decompressed file; acquiring related information of the method which is not called through a third acquisition unit; and recording the relevant information to the scanning log through a log recording unit. Therefore, the device can automatically realize code analysis, has short analysis time, does not need to manually judge the analysis result, and has good adaptability, thereby improving the project development efficiency.
Further, the second acquisition unit includes:
the first acquisition subunit is used for acquiring the project object model file in the first decompressed file;
the analysis subunit is used for analyzing the subordinate labels of the project object model files to obtain analysis results;
the second acquiring subunit is configured to acquire, from the item object model file according to the analysis result, a file corresponding to a file item that is a multi-mode interdependent item, and acquire a dependent item file; and acquiring a second target file to be decompressed from the first decompressed file according to the dependent project file.
Further, the determining unit includes:
the traversal subunit is configured to traverse the second decompressed file through a global search depth to obtain a byte code file list of the whole project;
a loading subunit, configured to load a byte code file of the entire item according to the byte code file list;
the judging subunit is used for judging whether methods called by other files exist in the byte code file or not;
and the determining subunit is used for determining that the method is an un-called method when judging that the method called by other files exists.
Further, the related information at least includes a file name of the bytecode file where the method is located, a path of the bytecode file where the method is located, and a method name of the method.
Further, the judging subunit includes:
the acquisition module is used for acquiring files which do not provide API (application program interface) interfaces to the outside in the byte code files to obtain files to be analyzed;
the judging module is used for traversing the file to be analyzed through a preset searching algorithm and judging whether the method in the file to be analyzed is called in other byte code files or not;
the determining subunit is specifically configured to determine that the method in the file to be analyzed is an un-invoked method when the method is not invoked in other bytecode files.
A third aspect of embodiments of the present application provides an electronic device, including a memory and a processor, where the memory is used to store a computer program, and the processor runs the computer program to enable the electronic device to execute the source code analysis method according to any one of the first aspect of embodiments of the present application.
A fourth aspect of the embodiments of the present application provides a computer-readable storage medium, which stores computer program instructions, and when the computer program instructions are read and executed by a processor, the computer program instructions perform the source code analysis method according to any one of the first aspect of the embodiments of the present application.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic flowchart of a source code analysis method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of another source code analysis method provided in an embodiment of the present application;
fig. 3 is a schematic structural diagram of a source code analysis apparatus according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of another source code analysis apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined or explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Example 1
Referring to fig. 1, fig. 1 is a schematic flow chart diagram of a source code analysis method according to an embodiment of the present application. The source code analysis method comprises the following steps:
s101, acquiring a source code from a code warehouse.
And S102, constructing a code packet according to the source code.
S103, decompressing the code packet to obtain a first decompressed file.
And S104, acquiring a second target file corresponding to the multi-mode interdependent items according to the first decompressed file.
And S105, decompressing the second target file to obtain a second decompressed file.
And S106, determining the method which is not called according to the second decompressed file.
S107, acquiring the related information of the method which is not called, and recording the related information to a scanning log.
In this embodiment, the related information at least includes a file name of the bytecode file where the method is located, a path of the bytecode file where the method is located, and a method name of the method.
In this embodiment, the purpose of the method is to achieve the effect of quickly identifying the DeadCode in the code in the related products in the field of financial technology. The method that is not called corresponds to the DeadCode, and is finally recorded in the scan log by the method.
In this embodiment, the execution subject of the method may be a computing device such as a computer and a server, and is not limited in this embodiment.
In this embodiment, an execution subject of the method may also be an intelligent device such as a smart phone and a tablet computer, which is not limited in this embodiment.
It can be seen that, by implementing the source code analysis method described in this embodiment, analysis can be performed based on a java-constructed product (jar package or war package), so that different development frameworks (such as a springboot development framework or a dubbo development framework) are compatible, and thus adaptability and compatibility of source code analysis are improved. Meanwhile, the method can be compatible with different compiling tools (such as a maven project or an ant project) and different developing tools (such as an IDEA project or an eclipse project); therefore, the method can realize the effect of correctly analyzing and searching the result by only using the same analysis script, so that the method does not need the previous work of modifying the configuration. In addition, the method can also be used for analyzing based on compiled final products (jar, war packages), so that the analysis speed is increased, the analyzed results can be automatically gathered, the files are prevented from being checked one by one, and the search speed is increased.
Example 2
Referring to fig. 2, fig. 2 is a schematic flow chart of a source code analysis method according to an embodiment of the present application. The source code analysis method comprises the following steps:
s201, acquiring a source code from a code warehouse.
And S202, constructing a code package according to the source code.
In this embodiment, the method may acquire the source code from the related code repository, and construct the source code into a jar package or a war package through maven, ant, or gradle.
S203, decompressing the code packet to obtain a first decompressed file.
And S204, acquiring the project object model file in the first decompressed file.
In this embodiment, the project object model file may be a pom.xml file found in the decompressed META-INF folder.
And S205, analyzing the subordinate label of the project object model file to obtain an analysis result.
In this embodiment, the method may analyze the dependency tag, and if there is no dependency whose group is consistent with the group of parent, it indicates that the item is a single module item, and decompression does not need to be continued.
In this embodiment, the method may analyze the dependency tag, and if there is a dependency whose group is consistent with the group of parent, it indicates that the item is an item in which multiple modules depend on each other, and it is necessary to continue decompressing the jar packages of multiple modules that depend on the item in the libs folder after the first decompression.
And S206, acquiring the file item from the item object model file according to the analysis result, wherein the file item is a file corresponding to the multi-mode interdependent item, and acquiring a dependent item file.
S207, acquiring a second target file to be decompressed from the first decompressed file according to the dependent project file.
In this embodiment, the second target file is obtained by continuously decompressing jar packets of the dependent modules in the libs folder decompressed for the first time.
And S208, decompressing the second target file to obtain a second decompressed file.
S209, traversing the second decompressed file through the global search depth to obtain a byte code file list of the whole project.
In this embodiment, the method may use a ClassReader of ASM (Java bytecode manipulation framework) to load class files of the whole project one by one. Wherein, the byte code file list corresponds to class files of the whole item loaded one by the ClassReader.
S210, loading the byte code file of the whole item according to the byte code file list.
S211, obtaining a file which does not provide an API interface to the outside in the byte code file, and obtaining a file to be analyzed.
S212, traversing the file to be analyzed through a preset search algorithm, judging whether the method in the file to be analyzed is called in other byte code files, and if so, ending the process; if not, step S213 is executed.
In this embodiment, the method may determine whether the class file is a controller (providing an api interface for the outside), and if the method in the file has a related url string (/ [0-9a _z ] /) label. Then the file is the controller file and no parsing is required, the file is skipped and the next class file is parsed.
In this embodiment, in the analysis process of the class file, the class file is obtained through a methodviritor class visitmethodlist () method, and if the length of the obtained list is less than 2, it indicates that there is no sub-method under the class. If the length of the obtained list is larger than 2, the method list of the class is taken from the second to the last of the list.
In this embodiment, the method may analyze whether the method of the class file is called in other classes one by one.
In this embodiment, whether the search method is used in other classes is determined by a visitMethod () method and a parameter of a ClassVisitor class, and whether the class name and the path are returned in the visitMethod is true by circularly traversing the method, and if the return is true, the class calls the method, which indicates that the method is called in other classes.
And S213, determining the method as the method which is not called.
S214, obtaining the relevant information of the method which is not called, and recording the relevant information to a scanning log.
In this embodiment, the related information at least includes a file name of the bytecode file where the method is located, a path of the bytecode file where the method is located, and a method name of the method.
In this embodiment, if all classes are traversed and false is returned, it indicates that the method has no other class calls; if the method is not called in other classes after the global search, the method code is changed to Deadcode, and the related information of the name of the class in which the method is located, the path of the class, the name of the method and the like is recorded in the scanning log.
In this embodiment, the execution subject of the method may be a computing device such as a computer and a server, and is not limited in this embodiment.
In this embodiment, an execution subject of the method may also be an intelligent device such as a smart phone and a tablet computer, which is not limited in this embodiment.
It can be seen that, by implementing the source code analysis method described in this embodiment, analysis can be performed based on a java-constructed product (jar package or war package), so that different development frameworks (such as a springboot development framework or a dubbo development framework) are compatible, and thus adaptability and compatibility of source code analysis are improved. Meanwhile, the method can be compatible with different compiling tools (such as a maven project or an ant project) and different developing tools (such as an IDEA project or an eclipse project); therefore, the method can realize the effect of correctly analyzing the search result only by using the same analysis script, so that the previous configuration modification work is not needed. In addition, the method can also be used for analyzing based on compiled final products (jar, war packages), so that the analysis speed is increased, the analyzed results can be automatically summarized, the files are prevented from being checked one by one, and the search speed is increased.
Example 3
Please refer to fig. 3, fig. 3 is a schematic structural diagram of a source code analyzing apparatus according to an embodiment of the present disclosure. As shown in fig. 3, the source code analysis apparatus includes:
a first obtaining unit 310, configured to obtain source code from a code repository;
a building unit 320 for building a code package from the source code;
a first decompressing unit 330, configured to decompress the code packet to obtain a first decompressed file;
a second obtaining unit 340, configured to obtain, according to the first decompressed file, a second target file corresponding to the multi-mode interdependent item;
a second decompressing unit 350, configured to decompress the second target file to obtain a second decompressed file;
a determining unit 360, configured to determine an un-called method according to the second decompressed file;
a third obtaining unit 370, configured to obtain information about a method that has not been called;
a log recording unit 380 for recording the relevant information to the scan log.
In this embodiment, for the explanation of the source code analysis device, reference may be made to the description in embodiment 1 or embodiment 2, and details are not repeated in this embodiment.
It can be seen that, by implementing the source code analysis device described in this embodiment, analysis can be performed based on a java-constructed product (jar package or war package), so that different development frameworks (such as a springboot development framework and a dubbo development framework) are compatible, and thus adaptability and compatibility of source code analysis are improved. Meanwhile, the method can be compatible with different compiling tools (such as a maven project or an ant project) and different development tools (such as an IDEA project or an eclips project); therefore, the method can realize the effect of correctly analyzing and searching the result by only using the same analysis script, so that the method does not need the previous work of modifying the configuration. In addition, the method can also be used for analyzing based on compiled final products (jar, war packages), so that the analysis speed is increased, the analyzed results can be automatically summarized, the files are prevented from being checked one by one, and the search speed is increased.
Example 4
Referring to fig. 4, fig. 4 is a schematic structural diagram of a source code analyzing apparatus according to an embodiment of the present disclosure. As shown in fig. 4, the source code analysis apparatus includes:
a first obtaining unit 310, configured to obtain source code from a code repository;
a construction unit 320 for constructing a code package according to the source code;
the first decompressing unit 330 is configured to decompress the code packet to obtain a first decompressed file;
the second obtaining unit 340 is configured to obtain a second target file corresponding to the multi-mode interdependent item according to the first decompressed file;
a second decompressing unit 350, configured to decompress the second target file to obtain a second decompressed file;
a determining unit 360, configured to determine an un-called method according to the second decompressed file;
a third obtaining unit 370, configured to obtain information about methods that have not been called;
a log recording unit 380 for recording the relevant information to the scan log.
As an optional implementation, the second obtaining unit 340 includes:
a first obtaining sub-unit 341, configured to obtain an item object model file in the first decompressed file;
the analysis subunit 342 is configured to analyze the dependent tag of the item object model file to obtain an analysis result;
the second obtaining subunit 343, is configured to obtain, from the item object model file according to the analysis result, a file item that is a file corresponding to the multi-mode interdependent item, to obtain a dependent item file; and acquiring a second target file to be decompressed from the first decompressed file according to the dependent project file.
As an alternative embodiment, the determining unit 360 includes:
the traversal subunit 361 is configured to traverse the second decompressed file through the global search depth to obtain a byte code file list of the entire project;
a loading subunit 362 for loading the byte code file of the whole item according to the byte code file list;
a judging subunit 363, configured to judge whether there is a method called by another file in the bytecode file;
a determining subunit 364, configured to determine that the method is an un-called method when it is determined that there is a method called by another file.
In this embodiment, the related information at least includes a file name of the bytecode file where the method is located, a path of the bytecode file where the method is located, and a method name of the method.
As an optional implementation, the determining subunit 363 includes:
the acquisition module is used for acquiring files which do not provide API (application program interface) to the outside in the byte code files to obtain files to be analyzed;
the judging module is used for traversing the file to be analyzed through a preset searching algorithm and judging whether the method in the file to be analyzed is called in other byte code files or not;
the determining subunit 364 is specifically configured to determine that a method in the file to be analyzed is an un-called method when the method is not called in other bytecode files.
In this embodiment, the description in embodiment 1 or embodiment 2 may be referred to for explanation of the source code analysis device, and details are not repeated in this embodiment.
It can be seen that, by implementing the source code analysis device described in this embodiment, analysis can be performed based on a java-constructed product (jar package or war package), so that different development frameworks (such as a springboot development framework and a dubbo development framework) are compatible, and thus adaptability and compatibility of source code analysis are improved. Meanwhile, the method can be compatible with different compiling tools (such as a maven project or an ant project) and different developing tools (such as an IDEA project or an eclipse project); therefore, the method can realize the effect of correctly analyzing the search result only by using the same analysis script, so that the previous configuration modification work is not needed. In addition, the method can also be used for analyzing based on compiled final products (jar, war packages), so that the analysis speed is increased, the analyzed results can be automatically gathered, the files are prevented from being checked one by one, and the search speed is increased.
An embodiment of the present application provides an electronic device, including a memory and a processor, where the memory is used to store a computer program, and the processor runs the computer program to make the electronic device execute the source code analysis method in embodiment 1 or embodiment 2 of the present application.
An embodiment of the present application provides a computer-readable storage medium, which stores computer program instructions, and when the computer program instructions are read and executed by a processor, the computer program instructions execute the source code analysis method in embodiment 1 or embodiment 2 of the present application.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus embodiments described above are merely illustrative and, for example, the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk, and various media capable of storing program codes.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made to the present application by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It should be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
Claims (7)
1. A method for analyzing a source code, comprising:
obtaining source code from a code repository;
constructing a code package according to the source code;
decompressing the code packet to obtain a first decompressed file;
acquiring a second target file corresponding to the multi-mode interdependent project according to the first decompressed file;
decompressing the second target file to obtain a second decompressed file;
determining an invocated method according to the second decompressed file;
acquiring related information of the method which is not called, and recording the related information to a scanning log;
wherein the method for determining that the file has not been called according to the second decompressed file comprises:
traversing the second decompressed file through the global search depth to obtain a byte code file list of the whole project;
loading the byte code file of the whole project according to the byte code file list;
judging whether methods called by other files exist in the byte code file or not;
if not, determining that the method is an un-called method;
the method for judging whether the bytecode file has a method called by other files comprises the following steps:
acquiring a file which does not provide an API (application program interface) to the outside in the byte code file to obtain a file to be analyzed;
traversing the file to be analyzed through a preset search algorithm, and judging whether the method in the file to be analyzed is called in other byte code files or not;
if not, the method is determined to be an un-invoked method.
2. The method for source code analysis according to claim 1, wherein the obtaining a second target file corresponding to a multi-mode interdependent item according to the first decompressed file comprises:
acquiring a project object model file in the first decompressed file;
analyzing the subordinate label of the project object model file to obtain an analysis result;
acquiring a file item from the item object model file according to the analysis result, wherein the file item is a file corresponding to the multi-mode interdependent item, and acquiring a dependent item file;
and acquiring a second target file to be decompressed from the first decompressed file according to the dependent project file.
3. The method according to claim 1, wherein the related information at least includes a file name of a bytecode file in which the method is located, a path of the bytecode file in which the method is located, and a method name of the method.
4. A source code analysis apparatus, characterized in that the source code analysis apparatus comprises:
a first obtaining unit configured to obtain a source code from a code repository;
a construction unit for constructing a code package according to the source code;
the first decompression unit is used for decompressing the code packet to obtain a first decompressed file;
the second acquisition unit is used for acquiring a second target file corresponding to the multi-mode interdependent items according to the first decompressed file;
the second decompression unit is used for decompressing the second target file to obtain a second decompressed file;
a determining unit, configured to determine an invocated method according to the second decompressed file;
a third obtaining unit, configured to obtain relevant information of the method that has not been called;
a log recording unit for recording the related information to a scan log;
wherein the determining unit includes:
the traversal sub-unit is used for traversing the second decompressed file through the global search depth to obtain a byte code file list of the whole project;
the loading subunit is used for loading the byte code file of the whole item according to the byte code file list;
the judging subunit is used for judging whether methods called by other files exist in the byte code file or not;
the determining subunit is used for determining that the method is an un-called method when judging that the method called by other files exists;
wherein the judging subunit includes:
the acquisition module is used for acquiring files which do not provide API (application program interface) interfaces to the outside in the byte code files to obtain files to be analyzed;
the judging module is used for traversing the file to be analyzed through a preset searching algorithm and judging whether the method in the file to be analyzed is called in other byte code files or not;
the determining subunit is specifically configured to determine that the method in the file to be analyzed is an un-invoked method when the method is not invoked in other bytecode files.
5. The apparatus according to claim 4, wherein the second acquisition unit includes:
a first obtaining subunit, configured to obtain an item object model file in the first decompressed file;
the analysis subunit is used for analyzing the subordinate labels of the project object model file to obtain an analysis result;
the second obtaining subunit is configured to obtain, from the item object model file according to the analysis result, a file item that is a file corresponding to the multi-mode interdependent item, and obtain a dependent item file; and acquiring a second target file to be decompressed from the first decompressed file according to the dependent project file.
6. An electronic device, comprising a memory for storing a computer program and a processor for executing the computer program to cause the electronic device to perform the source code analysis method of any of claims 1 to 3.
7. A readable storage medium having stored therein computer program instructions which, when read and executed by a processor, perform the source code analysis method of any one of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211205326.9A CN115292203B (en) | 2022-09-30 | 2022-09-30 | Source code analysis method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211205326.9A CN115292203B (en) | 2022-09-30 | 2022-09-30 | Source code analysis method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115292203A CN115292203A (en) | 2022-11-04 |
| CN115292203B true CN115292203B (en) | 2022-12-16 |
Family
ID=83833197
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211205326.9A Active CN115292203B (en) | 2022-09-30 | 2022-09-30 | Source code analysis method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115292203B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116483735B (en) * | 2023-06-21 | 2024-03-19 | 平安银行股份有限公司 | Method, device, storage medium and equipment for analyzing influence of code change |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101901322A (en) * | 2009-07-10 | 2010-12-01 | 卡巴斯基实验室封闭式股份公司 | Be used to detect the system and method for obfuscated malware |
| CN102231134A (en) * | 2011-07-29 | 2011-11-02 | 哈尔滨工业大学 | Method for detecting redundant code defects based on static analysis |
| CN106874184A (en) * | 2016-12-21 | 2017-06-20 | 阿里巴巴集团控股有限公司 | A kind of Java code detection method and device |
| CN111143790A (en) * | 2019-12-13 | 2020-05-12 | 广州华多网络科技有限公司 | Code obfuscation method, device, equipment and storage medium |
| CN114594987A (en) * | 2020-12-04 | 2022-06-07 | 武汉安天信息技术有限责任公司 | Multi-module project source code separation method and equipment |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101876899B (en) * | 2009-12-18 | 2014-06-25 | 北京北大众志微系统科技有限责任公司 | Method and system for optimizing computer program |
| CN104375875B (en) * | 2013-08-15 | 2017-08-25 | 国际商业机器公司 | Method and compiler for the compiling optimization of application program |
| CN103645930B (en) * | 2013-12-18 | 2017-03-08 | 中国科学院声学研究所 | Assembly level is across the construction method of file Scheduling Framework |
| CN105224452B (en) * | 2015-09-11 | 2018-03-16 | 哈尔滨工业大学 | A kind of prediction cost optimization method for scientific program static analysis performance |
| CN106951366A (en) * | 2017-03-09 | 2017-07-14 | 南京邮电大学 | A kind of dead code detection method of C language based on program slicing technique |
| CN111782340B (en) * | 2020-06-29 | 2023-08-08 | 中国工商银行股份有限公司 | Data processing method, device, equipment and system based on byte codes |
-
2022
- 2022-09-30 CN CN202211205326.9A patent/CN115292203B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101901322A (en) * | 2009-07-10 | 2010-12-01 | 卡巴斯基实验室封闭式股份公司 | Be used to detect the system and method for obfuscated malware |
| CN102231134A (en) * | 2011-07-29 | 2011-11-02 | 哈尔滨工业大学 | Method for detecting redundant code defects based on static analysis |
| CN106874184A (en) * | 2016-12-21 | 2017-06-20 | 阿里巴巴集团控股有限公司 | A kind of Java code detection method and device |
| CN111143790A (en) * | 2019-12-13 | 2020-05-12 | 广州华多网络科技有限公司 | Code obfuscation method, device, equipment and storage medium |
| CN114594987A (en) * | 2020-12-04 | 2022-06-07 | 武汉安天信息技术有限责任公司 | Multi-module project source code separation method and equipment |
Non-Patent Citations (2)
| Title |
|---|
| Android系统非应用层软件的管理和优化;蔡完锡;《计算机工程与设计》;20160516;第37卷(第5期);1375-1383 * |
| Dead Code Detection Method Based on Program Slicing;Xing Wang等;《2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC)》;20180111;155-158 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115292203A (en) | 2022-11-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108628751B (en) | Useless dependency item detection method and device | |
| US10114745B2 (en) | Assisted garbage collection in a virtual machine | |
| US8473899B2 (en) | Automatic optimization of string allocations in a computer program | |
| US20160063244A1 (en) | Method and system for recognizing advertisement plug-ins | |
| CN110737899A (en) | machine learning-based intelligent contract security vulnerability detection method | |
| CN110688307B (en) | JavaScript code detection method, device, equipment and storage medium | |
| US9733910B2 (en) | Replacing annotated program code in a networked computing environment | |
| CN111190594B (en) | Document generation method and device of Vue component | |
| CN102200911A (en) | Variable closure | |
| CN115292203B (en) | Source code analysis method and device | |
| CN115543294B (en) | Method for generating visual dependency tree of dynamic link library on Linux system | |
| CN112328259A (en) | Compiling time length processing method and device | |
| CN111352631B (en) | Interface compatibility detection method and device | |
| CN111782239A (en) | Software packaging and source code version information acquisition method, device and storage medium | |
| CN113536316B (en) | Method and device for detecting component dependency information | |
| CN110032366B (en) | Code positioning method and device | |
| CN108255802B (en) | Universal text parsing architecture and method and device for parsing text based on architecture | |
| KR102286451B1 (en) | Method for recognizing obfuscated identifiers based on natural language processing, recording medium and device for performing the method | |
| CN113296834B (en) | Android closed source service type information extraction method based on reverse engineering | |
| CN113946347B (en) | Function call detection method and device, electronic equipment and readable medium | |
| CN110297639B (en) | Method and apparatus for detecting code | |
| CN116432176A (en) | Web malicious program detection method and system based on cross-language semantic analysis | |
| CN115981653A (en) | Abnormal empty statement block detection method, device, equipment and storage medium | |
| CN117149155A (en) | Code verification method, device and equipment of service interface and storage medium | |
| CN114780952A (en) | Method, system and storage medium for detecting sensitive application calling scene |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |