CN115795488A - Code detection system and code detection method - Google Patents
Code detection system and code detection method Download PDFInfo
- Publication number
- CN115795488A CN115795488A CN202310082027.9A CN202310082027A CN115795488A CN 115795488 A CN115795488 A CN 115795488A CN 202310082027 A CN202310082027 A CN 202310082027A CN 115795488 A CN115795488 A CN 115795488A
- Authority
- CN
- China
- Prior art keywords
- code
- vulnerability
- detection
- module
- target program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Stored Programmes (AREA)
Abstract
The invention relates to the technical field of vulnerability detection, and discloses a code detection system and a code detection method, wherein the code detection system comprises: carrying out integrity verification on the PLC engineering project file to obtain a verification result; when the verification result is that the verification is passed, carrying out code analysis on the PLC project file to obtain code blocks of different types; analyzing various code blocks, and outputting the analyzed various code blocks in a preset code format as target program code blocks; and detecting the vulnerability of the target program code block through a preset vulnerability knowledge base. The invention analyzes the codes of the complete PLC engineering project file to obtain different types of code blocks, outputs various code blocks in a preset format as target program code blocks by analyzing various code blocks, and performs vulnerability detection on the target program code blocks by a preset vulnerability knowledge base, thereby solving the problem that the non-grammatical detection of the PLC engineering project codes cannot be performed.
Description
Technical Field
The invention relates to the technical field of vulnerability detection, in particular to a code detection system and a code detection method.
Background
The metallurgical industry is a supporting industry of national economy in China and a basic industry related to national civilization, metallurgical ICS production comprises a plurality of complex links such as pelletizing, sintering, coking, iron making, steel making, continuous casting and rolling, and is limited by conditions such as external environment, and some processes and links need to be assisted by an automatic system. The PLC is positioned at the bottom layer of an ICS framework, directly controls metallurgical field equipment, and has a communication function.
In the prior art, a compiler is used for detecting the codes of the PLC, but the compiler can only detect codes at a grammar level and cannot detect malicious codes of the PLC in a non-grammar way. Therefore, the non-grammatical detection of the malicious codes of the PLC engineering project becomes a problem to be solved urgently.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a code detection system and a code detection method, and aims to solve the technical problem that non-grammatical detection cannot be carried out on a PLC engineering project code in the prior art.
To achieve the above object, the present invention provides a code detection system, including: the code analysis module and the code detection module;
the code analysis module is used for carrying out integrity verification on the PLC project file to obtain a verification result;
the code analysis module is also used for carrying out code analysis on the PLC engineering project file to obtain code blocks of different types when the verification result is that the verification is passed;
the code analysis module is also used for analyzing various code blocks and outputting the analyzed various code blocks as target program code blocks in a preset code format;
and the code detection module is used for carrying out vulnerability detection on the target program code block through a preset vulnerability knowledge base.
Optionally, the code detection system further comprises: a code scanning module;
the code scanning module is respectively connected with the code analyzing module and the code detecting module;
the code scanning module is used for scanning the target program code block sent by the code analysis module;
the code detection module is further used for detecting the vulnerability of the target program code block through a preset vulnerability knowledge base when the code scanning module scans the target program code block;
the code detection module is also used for sending the vulnerability detection result to the code scanning module;
the code scanning module is further configured to generate a scanning result based on the vulnerability detection result, and output the scanning result as a target detection report file.
Optionally, the code analysis module is further configured to analyze the PLC engineering project file to obtain target project information and different types of code blocks;
the code scanning module is also used for acquiring vulnerability detection results corresponding to various code blocks sent by the code detection module;
the code scanning module is further configured to generate a scanning result based on the vulnerability detection result and the target project information, and output the scanning result as a target detection report file.
Optionally, the code analysis module is further configured to obtain a standard engineering project file corresponding to the PLC engineering project file;
and the code analysis module is also used for carrying out integrity check on the PLC engineering project file according to the standard engineering project file.
Optionally, the code analysis module is further configured to determine whether a file type of the PLC project file belongs to a preset file type;
the code analysis module is also used for determining the path information of the PLC project file if the code analysis module is used for determining the path information of the PLC project file;
the code analysis module is also used for converting the PLC project file into a file stream based on the path information;
the code analysis module is further used for converting the file stream into a byte array and obtaining project information and project directory information of the PLC project file based on the byte array;
the code analysis module is also used for packaging the project information and the project catalog information into an object;
the code analysis module is further configured to traverse the item directory information in the object to obtain target item information and different types of code blocks.
Optionally, the code detection module is further configured to perform traversal matching on the target program code block through a preset vulnerability knowledge base;
the code detection module is further used for generating a vulnerability detection result when traversal matching is finished.
Further, in order to achieve the above object, the present application also provides a code detection method based on the above code detection system, where the code detection method includes:
acquiring different types of code blocks in a PLC project file;
analyzing various code blocks, and outputting the analyzed various code blocks in a preset code format as target program code blocks;
and detecting the vulnerability of the target program code block through a preset vulnerability knowledge base.
Optionally, the step of performing vulnerability detection on the target program code block through a preset vulnerability knowledge base includes:
acquiring a plurality of vulnerability types in a preset vulnerability knowledge base;
traversing and matching the target program code block to each vulnerability type;
and when the matching is successful, acquiring the vulnerability type corresponding to the target program code block.
Optionally, the vulnerability type includes operand address duplication;
correspondingly, when the matching is successful, the step of obtaining the vulnerability type corresponding to the target program code block includes:
dividing each line of codes in the target program code block;
when detecting that a type conversion statement exists in the target program code block, searching the upper line and the lower line of the target program code block according to the line where the type conversion statement exists;
when a first target conversion instruction and a second target conversion instruction are detected, converting operands corresponding to the first target conversion instruction and the second target conversion instruction into operands with the same format;
verifying the operand through an address repetition matching algorithm;
and if the repeated address appears, the bug type corresponding to the target program code block is operand address repetition.
Optionally, after the step of performing vulnerability detection on the target program code block through a preset vulnerability knowledge base, the method further includes:
acquiring target project information of the PLC project file;
and generating a target detection report file based on the target project information and the vulnerability detection result.
In the invention, a code analysis module and a code detection module are disclosed; the code analysis module is used for carrying out integrity verification on the PLC project file to obtain a verification result; when the verification result is that the verification is passed, carrying out code analysis on the PLC project file to obtain code blocks of different types; analyzing various code blocks, and outputting the analyzed various code blocks in a preset code format as target program code blocks; the code detection module is used for carrying out vulnerability detection on the target program code block through a preset vulnerability knowledge base; compared with the prior art that a compiler detects a grammar level of a PLC code, the code analysis module in the code detection system analyzes the code of the PLC project file to obtain code blocks of different types when the integrity of the PLC project file is checked to be passed, analyzes various code blocks to output various code blocks in a preset format as target program code blocks, and performs leak detection on the target program code blocks through the preset leak knowledge base, so that the technical problem that non-grammar detection cannot be performed on the PLC project code in the prior art is solved, and the safety of equipment is further guaranteed.
Drawings
FIG. 1 is a block diagram of a first embodiment of a code detection system according to the present invention;
FIG. 2 is a diagram illustrating the analysis results of various code blocks in the first embodiment of the code detection system according to the present invention;
FIG. 3 is a block diagram of a second embodiment of the code detection system of the present invention;
FIG. 4 is a diagram illustrating vulnerability detection results in a second embodiment of the code detection system of the present invention;
FIG. 5 is a diagram of an object detection report file in a second embodiment of the code detection system of the present invention;
FIG. 6 is a flowchart illustrating a first embodiment of a code detection method based on a code detection system according to the present invention;
FIG. 7 is a flowchart illustrating a second embodiment of a code detection method based on a code detection system according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The technical solutions of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments based on the embodiments of the present invention, and all embodiments obtained by a person skilled in the art without making creative efforts belong to the protection scope of the present invention.
It should be noted that the descriptions relating to "first", "second", etc. in the embodiments of the present invention are for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions in the embodiments may be combined with each other, but must be based on the realization of the technical solutions by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the technical solutions should be considered that the combination does not exist, and the technical solutions are not within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a block diagram of a first embodiment of a code detection system according to an embodiment of the present invention.
As shown in fig. 1, the code detection system of the present embodiment includes a code parsing module 100 and a code detection module 200.
It should be noted that the code detection system according to this embodiment may be a code detection device with data processing and network communication functions, or other code detection systems that can implement the same or similar functions and include the code detection device.
The code analysis module 100 is configured to perform integrity verification on the PLC engineering project file to obtain a verification result.
It should be understood that the PLC engineering project file may be a project file written for an industrial control device, such as a siemens industrial control device or an industrial control device in other metallurgical industries, which is not limited in this embodiment.
It is to be understood that the integrity check may be to check whether the contents of the PLC engineering project file are missing, for example, to check whether the directory number and the directory structure of the PLC engineering project file are missing. In practical application, a standard engineering project file corresponding to the PLC engineering project file can be obtained, and integrity verification is performed on the PLC engineering project file according to the standard engineering project file.
In a specific implementation, the code analysis module 100 may obtain a standard engineering project file corresponding to the PLC engineering project file, compare the PLC engineering project file with the standard engineering project file, detect whether contents such as the number of directories, directory structures, and project files of the PLC engineering project file are missing, if the missing contents exist in the PLC engineering project file, the verification does not pass, if the contents of the PLC engineering project file are complete, the verification passes, and after the verification is completed, output a corresponding verification result.
The code analysis module 100 is further configured to, when the verification result is that the verification passes, perform code analysis on the PLC engineering project file to obtain different types of code blocks.
It should be understood that the above check pass may indicate that the PLC engineering project file content is complete.
The code analysis may be configured to analyze a structure of the PLC project file to obtain basic information of the PLC project file and code block information included in the program.
It can be understood that the different types of code blocks may be program code block information of the project obtained after performing structural analysis on the PLC project file, for example: OB organization block, DB database, FC function block, and FB background function block.
In a specific implementation, the code parsing module 100 may read a project type of the PLC engineering project, such as an s7p siemens project, and then read a content structure of a project directory in a character stream form, thereby obtaining project information of the PLC engineering project and obtaining code blocks of different types.
The code analysis module 100 is further configured to analyze each type of code block, and output each type of analyzed code block as a target program code block in a preset code format.
It should be noted that the preset code format may be a file format for outputting codes, such as an STL statement format, or other code formats having the same or similar functions as the STL statement format, which is not limited in this embodiment.
It should be understood that the target program code block may be a code block that outputs various types of code blocks in the STL statement format. In practical application, the analysis result after analyzing each type of code block is shown in fig. 2, and the target program code block in this embodiment may be displayed in the code format in fig. 2.
The code detection module 200 is configured to perform vulnerability detection on the target program code block through a preset vulnerability knowledge base.
It can be understood that the preset vulnerability knowledge base may be a pre-established knowledge base for detecting whether a vulnerability exists in a code block. The preset vulnerability knowledge base comprises contents such as vulnerability ID, vulnerability type vulnerability description, vulnerability level and vulnerability repair scheme. For example: the bug ID is that a bug with variable address exceeding the register address of the CPU causes the address range to be out of limit exists in the bug representation code of the CVE-101, the bug level is represented as 'error', and the corresponding repair scheme is to modify the address of the register into a reasonable address corresponding to the CPU; the bug ID is the bug of the CVE-102, the bug level is represented as 'warning', and the corresponding repair scheme is to not call the undefined data block in the program. In practical applications, the code detection module 200 may identify a bug in the target program code block by presetting existing bug type features in the bug knowledge base.
In specific implementation, when detecting a bug of a PLC engineering project file, the code analysis module 100 first obtains a standard engineering project file corresponding to the PLC engineering project file, then compares the standard engineering project file with the PLC engineering project file to verify the integrity of the PLC engineering project file, detects whether contents such as directory number, target structure, and project file in the PLC engineering project file are missing, if the contents are complete, the verification is passed, at this time, the PLC engineering project file can be subjected to structural analysis, basic information and different types of code blocks of the PLC engineering project file are obtained, then various types of code blocks are analyzed, the analyzed various types of code blocks are output as target program code blocks in an STL statement format, and finally the target program code blocks are matched with bug types existing in a preset bug knowledge base, thereby realizing bug identification of the program code blocks in the PLC engineering project file.
Further, in order to obtain target project information and different types of code blocks in the PLC engineering project file, the code parsing module 100 is further configured to determine whether a file type of the PLC engineering project file belongs to a preset file type; the code analysis module 100 is further configured to determine path information of the PLC engineering project file if the code analysis module is yes; the code analysis module 100 is further configured to convert the PLC engineering project file into a file stream based on the path information; the code analysis module 100 is further configured to convert the file stream into a byte array, and obtain project information and project directory information of the PLC engineering project file based on the byte array; the code parsing module 100 is further configured to encapsulate the item information and the item directory information as an object; the code parsing module 100 is further configured to traverse the item directory information in the object to obtain target item information and different types of code blocks.
Before analyzing the PLC engineering project file, the file needs to be checked, and it is determined whether the PLC engineering project file belongs to an S7 project file or a project type supported by another system, if the PLC engineering project file does not belong to the S7 project file or the project type supported by another system, leak detection cannot be continued, and if the PLC engineering project file belongs to the S7 project file or the project type supported by another system, the project analysis is continued.
It should be understood that the above path information may be the name of the acquisition subdirectory of the PLC engineering project file, for example: a Block path, a Source path, a Symbol path, etc.
It can be understood that the project information and the project catalog information of the PLC project file may be obtained by intercepting the byte array.
It should be understood that the target project information may be hardware information specific to the PLC project file, such as: the PLC model, firmware version, device model, project name, and directory hierarchy, which are not limited in this embodiment.
The embodiment discloses a code analysis module 100 and a code detection module 200; the code analysis module 100 is used for carrying out integrity verification on the PLC project file to obtain a verification result; when the verification result is that the verification is passed, carrying out code analysis on the PLC project file to obtain code blocks of different types; analyzing various code blocks, and outputting the analyzed various code blocks in a preset code format as target program code blocks; the code detection module 200 is configured to perform vulnerability detection on the target program code block through a preset vulnerability knowledge base; compared with the prior art that the grammar level of the PLC codes is detected through a compiler, the code analysis module in the code detection system provided by the embodiment analyzes the codes of the PLC project file to obtain code blocks of different types when the integrity of the PLC project file is checked to pass, analyzes various code blocks to output various code blocks in a preset format as target program code blocks, and performs leak detection on the target program code blocks through a preset leak knowledge base, so that the technical problem that the non-grammar detection cannot be performed on the PLC project codes in the prior art is solved, and the safety of equipment is further ensured.
Referring to fig. 3, fig. 3 is a block diagram of a second embodiment of the code detection system of the present invention. Based on the above-described first embodiment, a second embodiment of the code detection system of the present invention is proposed.
In a second embodiment, the code detection system further comprises: a code scanning module 300; wherein, the code scanning module 300 is respectively connected to the code analyzing module 100 and the code detecting module 200.
The code scanning module 300 is configured to scan a target program code block sent by the code parsing module 100.
It should be noted that the code scanning module 300 may count and store the parsed target program code blocks, and scan the target program code blocks. The object scanned by the code scanning module 300 may be single function code block information, or may be whole function code block information, and the code scanning module may use the OB1 code block as an entry to perform scanning of the inside of the function block and function block calling.
The code detection module 200 is further configured to perform vulnerability detection on the target program code block through a preset vulnerability knowledge base when the code scanning module 300 scans the target program code block.
It should be understood that, in close association between the code detection module 200 and the code scanning module 300, the code scanning module 300 performs vulnerability detection while the code detection module 200 performs scanning on the target program code block.
The code detection module 200 is further configured to send the vulnerability detection result to the code scanning module 300.
It can be understood that the vulnerability detection result may be a vulnerability detection result generated when the target program code block is subjected to traversal matching through a preset vulnerability knowledge base. In practical application, the codes in the target program code block may be matched with each vulnerability type in the preset vulnerability knowledge base, the time complexity is o (m × n), after traversal with all vulnerability types in the preset vulnerability knowledge base is completed, if the vulnerability in the target program code block is successfully matched with the vulnerability in the preset vulnerability knowledge base, the successfully matched vulnerability type may be displayed, and a corresponding vulnerability detection result is generated, wherein the vulnerability detection result is shown in fig. 4 and may include information such as vulnerability data, vulnerability grades and vulnerability type numbers existing in the target code block.
The code scanning module 300 is further configured to generate a scanning result based on the vulnerability detection result, and output the scanning result as a target detection report file.
It should be noted that the scanning result may be a detection result of the code detection module 200 scanned by the code scanning module 300 for performing vulnerability detection on the PLC engineering project code, and in practical application, the code scanning module 300 may obtain a corresponding vulnerability detection result in real time when the code detection module 200 performs vulnerability detection on the code, so as to generate a scanning result.
It should be understood that the target detection report file may be a file in PDF format or XML format generated by the code scanning module 300 based on the bug detection result of the code detection module 200, as shown in fig. 5, fig. 5 is a detection report file in PDF format, and the detection report file may include an item name, program code block information, bug scanning information, and the like. In practical applications, the code scanning module 300 may also count and store the target project information analyzed by the code analysis module 100, and accordingly, the scanning result is generated based on the target project information and the vulnerability detection result.
In a specific implementation, the code analysis module 100 analyzes the PLC project file to obtain target project information and different types of code blocks, the code scanning module 300 scans the target project information and the various types of code blocks, at this time, the code detection module 200 may perform vulnerability detection while the code scanning module 300 scans the various types of code blocks to generate a vulnerability detection result, the code scanning module 300 generates a corresponding scanning result based on the target project information and the vulnerability detection result, and outputs the scanning result as a detection report file in a PDF format or an XML format, and in addition, a user may also install and run a corresponding window application program item, so that the vulnerability scanning result may be viewed on a corresponding client interface.
In this embodiment, the code scanning module 300 scans the target program code block, the code detection module 200 performs vulnerability detection through a preset vulnerability knowledge base when the code scanning module 300 performs code scanning, so as to obtain a vulnerability detection result, and the code scanning module 300 outputs a corresponding detection report file based on the vulnerability detection result, so that vulnerability information existing in the PLC process project file can be exported to a file in a PDF format or an XML format, so that vulnerability detection data is persistently stored and is convenient for a user to view, and user experience is improved.
Based on the embodiments of the code detection system, the first embodiment of the code detection method based on the code detection system is provided.
Referring to fig. 6, fig. 6 is a schematic flowchart of a first embodiment of a code detection method based on a code detection system according to the present invention.
In this embodiment, the code detection method based on the code detection system includes the following steps:
step S10: and acquiring different types of code blocks in the PLC project file.
It should be noted that the execution subject of the method of this embodiment may be a code detection device that performs code detection on a PLC engineering project file, or another code detection system that can implement the same or similar functions and includes the code detection device. The code detection method provided in the present embodiment and each of the embodiments described below is specifically described with reference to a code detection system (hereinafter, referred to as a system).
It can be understood that, when receiving a PLC engineering project file, first identifying a project file type, if the system supports the project type, performing integrity check on the project, and when the check is passed, parsing the PLC engineering project file to obtain different types of program code block information of the PLC project, where the program code block information includes: OB organization block, DB database, FC function block, and FB background function block.
Step S20: and analyzing the various code blocks, and outputting the analyzed various code blocks in a preset code format as target program code blocks.
It should be understood that, parsing ladder diagrams, function block diagrams, sequential function flow diagrams, etc. of PLC codes into structured texts can be implemented by outputting various parsed code blocks as target program code blocks through a preset code format.
Step S30: and detecting the vulnerability of the target program code block through a preset vulnerability knowledge base.
It can be understood that corresponding vulnerability information can be obtained after vulnerability detection is performed on the target program code block through a preset vulnerability knowledge base, wherein the vulnerability information can include vulnerability ID, vulnerability description, vulnerability grade, repair grade, instruction information related to the vulnerability and instance information, and a user can know the vulnerability condition according to the information.
Further, in order to facilitate the user to view the vulnerability detection result, after the step S30, the method further includes: acquiring target project information of the PLC project file; and generating a target detection report file based on the target project information and the vulnerability detection result.
According to the method, different types of code blocks in the PLC project file are analyzed, the analyzed code blocks are output as target program code blocks in a preset code format, vulnerability detection is performed on the target program code blocks through the preset vulnerability knowledge base, and finally a corresponding detection report file is generated based on a vulnerability detection result and target project information of the PLC project file, so that a user can obtain vulnerability information in the PLC project file by checking the detection report file, know vulnerability conditions, repair existing vulnerabilities according to a repair scheme provided in the detection report file, and accordingly equipment safety of industrial control equipment is guaranteed.
Referring to fig. 7, fig. 7 is a schematic flow chart of a second embodiment of the code detection method based on the code detection system of the present invention.
Based on the first embodiment, in order to detect a bug in the target program code block through a preset bug knowledge base, in this embodiment, the step S30 includes:
step S301: and acquiring a plurality of vulnerability types in a preset vulnerability knowledge base.
It should be noted that the vulnerability types may be vulnerability types that may possibly occur in a target program code block that is specified in advance in a preset vulnerability knowledge base, for example: operand address duplication, unreferenced program block in the program, and the like.
Step S302: and traversing and matching the target program code block to each vulnerability type.
It can be understood that the traversal matching may be performed on each type of vulnerability in the preset vulnerability knowledge base for each grid code in the target program block, match the types of vulnerabilities, and check whether a vulnerability type existing in the preset vulnerability knowledge base exists in the target program block.
Step S303: and when the matching is successful, acquiring the vulnerability type corresponding to the target program code block.
It can be understood that, when a specified vulnerability type in the preset vulnerability knowledge base appears in the target program code block, matching is successful, and at this time, the vulnerability type existing in the target program code block can be obtained.
Further, in order to perform vulnerability matching on the operand address duplication condition occurring in the target program code block, the step S303 includes: dividing each line of codes in the target program code block; when detecting that a type conversion statement exists in the target program code block, searching the upper line and the lower line of the target program code block according to the line where the type conversion statement exists; when a first target conversion instruction and a second target conversion instruction are detected, converting operands corresponding to the first target conversion instruction and the second target conversion instruction into operands with the same format; verifying the operand through an address repetition matching algorithm; and if the repeated address exists, the vulnerability type corresponding to the target program code block is operand address repetition.
It can be understood that there are two variables to be converted for the type conversion statements DTR and BTI, etc., and for the two in and out quantities to be converted for the type, the quantities are converted into the statement tables and then are L and T, if there is an operand address duplication, the value is inaccurate and the value cannot be changed subsequently, so that it is necessary to detect this type of bug.
In the specific implementation, firstly, a target program code block is read according to lines, each read line of codes is divided, a first L instruction and a first T instruction are searched above or below the line according to a detected line of a conversion address such as a DTR (delay tolerant register) and the like, operands corresponding to the L instruction and the T instruction are converted into operands in the same format after operands corresponding to the L instruction and the T instruction are obtained for the detected L instruction and the detected T instruction, then an address repetition matching algorithm is carried out on the operands in the same format, if the address is correct, the corresponding code is skipped, if a repeated address occurs, an error is reported, and the fact that a bug of operand address repetition exists in the target program code block is indicated.
In the embodiment, codes in the target code block are subjected to traversal matching with all vulnerability types in the preset vulnerability knowledge base, and after the matching is successfully matched with the corresponding vulnerability types, the corresponding vulnerability types are obtained, so that all vulnerability types appearing in the PLC engineering project file can be obtained, and the non-grammatical vulnerability detection of the PLC engineering project file is completed.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of other like elements in a process, method, article, or system comprising the element.
The above-mentioned serial numbers of the embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments.
Through the description of the foregoing embodiments, it is clear to those skilled in the art that the method of the foregoing embodiments may be implemented by software plus a necessary general hardware platform, and certainly may also be implemented by hardware, but in many cases, the former is a better implementation. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., a rom/ram, a magnetic disk, an optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A code detection system, wherein the code detection system: the code analysis module and the code detection module;
the code analysis module is used for carrying out integrity verification on the PLC project file to obtain a verification result;
the code analysis module is also used for carrying out code analysis on the PLC engineering project file to obtain code blocks of different types when the verification result is that the verification is passed;
the code analysis module is also used for analyzing various code blocks and outputting the analyzed various code blocks as target program code blocks in a preset code format;
and the code detection module is used for carrying out vulnerability detection on the target program code block through a preset vulnerability knowledge base.
2. The code detection system of claim 1, wherein the code detection system further comprises: a code scanning module;
the code scanning module is respectively connected with the code analyzing module and the code detecting module;
the code scanning module is used for scanning the target program code block sent by the code analysis module;
the code detection module is further used for detecting the vulnerability of the target program code block through a preset vulnerability knowledge base when the code scanning module scans the target program code block;
the code detection module is also used for sending the vulnerability detection result to the code scanning module;
the code scanning module is further used for generating a scanning result based on the vulnerability detection result and outputting the scanning result as a target detection report file.
3. The code detection system of claim 2, wherein the code parsing module is further configured to analyze the PLC engineering project file to obtain target project information and different types of code blocks;
the code scanning module is also used for acquiring vulnerability detection results corresponding to various code blocks sent by the code detection module;
the code scanning module is further configured to generate a scanning result based on the vulnerability detection result and the target project information, and output the scanning result as a target detection report file.
4. The code detection system of claim 3, wherein the code parsing module is further configured to obtain a standard engineering project file corresponding to the PLC engineering project file;
and the code analysis module is also used for carrying out integrity check on the PLC engineering project file according to the standard engineering project file.
5. The code detection system according to any one of claims 1 to 3, wherein the code parsing module is further configured to determine whether a file type of the PLC project file belongs to a preset file type;
the code analysis module is also used for determining the path information of the PLC project file if the code analysis module is used for determining the path information of the PLC project file;
the code analysis module is also used for converting the PLC project file into a file stream based on the path information;
the code analysis module is further used for converting the file stream into a byte array and obtaining project information and project directory information of the PLC project file based on the byte array;
the code analysis module is also used for packaging the project information and the project catalog information into an object;
the code analysis module is further configured to traverse the item directory information in the object to obtain target item information and different types of code blocks.
6. The code detection system of claim 2, wherein the code detection module is further configured to perform traversal matching on the target program code block through a preset vulnerability knowledge base;
the code detection module is further used for generating a vulnerability detection result when traversal matching is finished.
7. A code detection method based on the code detection system of any one of claims 1 to 6, characterized in that the code detection method comprises:
acquiring different types of code blocks in a PLC project file;
analyzing various code blocks, and outputting the analyzed various code blocks in a preset code format as target program code blocks;
and detecting the vulnerability of the target program code block through a preset vulnerability knowledge base.
8. The code detection method of claim 7, wherein the step of detecting the vulnerability of the target program code block through a preset vulnerability knowledge base comprises:
acquiring a plurality of vulnerability types in a preset vulnerability knowledge base;
traversing and matching the target program code block to each vulnerability type;
and when the matching is successful, acquiring the vulnerability type corresponding to the target program code block.
9. The code detection method of claim 8, wherein the vulnerability type includes operand address duplication;
correspondingly, the step of obtaining the vulnerability type corresponding to the target program code block when the matching is successful includes:
dividing each line of codes in the target program code block;
when detecting that a type conversion statement exists in the target program code block, searching the upper line and the lower line of the target program code block according to the line where the type conversion statement exists;
when a first target conversion instruction and a second target conversion instruction are detected, converting operands corresponding to the first target conversion instruction and the second target conversion instruction into operands with the same format;
verifying the operand through an address repetition matching algorithm;
and if the repeated address appears, the bug type corresponding to the target program code block is operand address repetition.
10. The code detection method of claim 7, wherein after the step of detecting the vulnerability of the target program code block through a preset vulnerability knowledge base, the method further comprises:
acquiring target project information of the PLC project file;
and generating a target detection report file based on the target project information and the vulnerability detection result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310082027.9A CN115795488B (en) | 2023-02-08 | 2023-02-08 | Code detection system and code detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310082027.9A CN115795488B (en) | 2023-02-08 | 2023-02-08 | Code detection system and code detection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115795488A true CN115795488A (en) | 2023-03-14 |
| CN115795488B CN115795488B (en) | 2023-06-02 |
Family
ID=85430508
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310082027.9A Active CN115795488B (en) | 2023-02-08 | 2023-02-08 | Code detection system and code detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115795488B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117972714A (en) * | 2024-01-09 | 2024-05-03 | 北京国信网联科技有限公司 | Vulnerability detection method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109791514A (en) * | 2016-09-16 | 2019-05-21 | 西门子股份公司 | Resist the Control System Design of network attack |
| CN110825040A (en) * | 2019-10-22 | 2020-02-21 | 中国科学院信息工程研究所 | Process control attack detection method and device for industrial control system |
| WO2021003982A1 (en) * | 2019-07-05 | 2021-01-14 | 深圳壹账通智能科技有限公司 | Service system vulnerability processing method and apparatus, computer device, and storage medium |
| US20210073391A1 (en) * | 2019-11-27 | 2021-03-11 | Intel Corporation | Methods and apparatus to improve security of computer programs using code abstraction |
| WO2021146649A1 (en) * | 2020-01-16 | 2021-07-22 | Georgia Tech Research Corporation | System for detecting malicious programmable logic controller code |
-
2023
- 2023-02-08 CN CN202310082027.9A patent/CN115795488B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109791514A (en) * | 2016-09-16 | 2019-05-21 | 西门子股份公司 | Resist the Control System Design of network attack |
| WO2021003982A1 (en) * | 2019-07-05 | 2021-01-14 | 深圳壹账通智能科技有限公司 | Service system vulnerability processing method and apparatus, computer device, and storage medium |
| CN110825040A (en) * | 2019-10-22 | 2020-02-21 | 中国科学院信息工程研究所 | Process control attack detection method and device for industrial control system |
| US20210073391A1 (en) * | 2019-11-27 | 2021-03-11 | Intel Corporation | Methods and apparatus to improve security of computer programs using code abstraction |
| WO2021146649A1 (en) * | 2020-01-16 | 2021-07-22 | Georgia Tech Research Corporation | System for detecting malicious programmable logic controller code |
Non-Patent Citations (3)
| Title |
|---|
| 孟奂;舒辉;: "基于数据流分析的PLC恶意代码检测技术" * |
| 张晔 等 * |
| 郭书杰;马跃;王品;: "基于IEC61131-3的IL编译器的设计与实现" * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117972714A (en) * | 2024-01-09 | 2024-05-03 | 北京国信网联科技有限公司 | Vulnerability detection method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115795488B (en) | 2023-06-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106572117B (en) | A kind of detection method and device of WebShell file | |
| CN112035359B (en) | Program testing method and device, electronic equipment and storage medium | |
| CN115795488A (en) | Code detection system and code detection method | |
| CN115033894A (en) | Software component supply chain safety detection method and device based on knowledge graph | |
| JP4587976B2 (en) | Application vulnerability inspection method and apparatus | |
| CN113553064B (en) | Web front-end code conversion method | |
| CN113688134A (en) | Visual variable management method, system and equipment based on multidimensional data | |
| CN115495745B (en) | Industrial software source code static detection method and system based on risk function | |
| CN116881971A (en) | Sensitive information leakage detection method, device and storage medium | |
| CN113448613B (en) | Software delivery data checking method and device | |
| CN112817864B (en) | Method, device, equipment and medium for generating test file | |
| CN115795489A (en) | Software vulnerability static analysis method and device based on hardware-level process tracking | |
| CN115794638A (en) | Test method, system and computer equipment based on code change analysis engine | |
| CN108075918B (en) | Internet service change detection method and system | |
| CN115587359A (en) | Permission detection method and device of application package, electronic equipment and storage medium | |
| CN113127003A (en) | Code abnormity warning method, device, equipment and storage medium | |
| CN114492324A (en) | Component data statistical method and device | |
| CN112232031A (en) | Method and device for verifying edge data model of power internet of things and storage medium | |
| CN116361194B (en) | Abnormal code identification method, system, electronic equipment and storage medium | |
| CN113033728B (en) | Test equipment determination method and device in nuclear power periodic test and computer equipment | |
| CN118378270B (en) | Method, device, equipment and medium for generating component vulnerability automatic repair scheme | |
| CN116627826A (en) | Method, device, equipment and storage medium for detecting memory boundary crossing program | |
| CN117539766A (en) | Static code scanning method, system, equipment and storage medium based on PMD | |
| CN117667716A (en) | Page testing method and device and electronic equipment | |
| CN114692032A (en) | Decoding test method and device for multiple two-dimensional code pages |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |