CN115982059A - Method for implementing Shell script checking tool - Google Patents

Method for implementing Shell script checking tool Download PDF

Info

Publication number
CN115982059A
CN115982059A CN202310272213.9A CN202310272213A CN115982059A CN 115982059 A CN115982059 A CN 115982059A CN 202310272213 A CN202310272213 A CN 202310272213A CN 115982059 A CN115982059 A CN 115982059A
Authority
CN
China
Prior art keywords
command
option
lexical
lexical unit
statement
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310272213.9A
Other languages
Chinese (zh)
Other versions
CN115982059B (en
Inventor
王千里
谌志华
李城宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kirin Software Co Ltd
Original Assignee
Kirin Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kirin Software Co Ltd filed Critical Kirin Software Co Ltd
Priority to CN202310272213.9A priority Critical patent/CN115982059B/en
Publication of CN115982059A publication Critical patent/CN115982059A/en
Application granted granted Critical
Publication of CN115982059B publication Critical patent/CN115982059B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Stored Programmes (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention relates to a method for realizing a Shell script checking tool, which comprises the following steps: the method comprises the steps of sequentially analyzing sentences into various lexical units, judging the types of the lexical units through state transfer of a state machine, and obtaining the types of the lexical units, wherein the types of the lexical units comprise a preposed command, a preposed command option, a command option and a command option parameter; storing lexical units of which the types relate to the preposed commands, the commands and the command options into a command structure body; and matching the content of the command structure body according to the rule configuration file, and returning the position and the content of the statement in the Shell script for the successfully matched statement. The invention provides a multi-aspect, customized and reliable stability checking tool for the server, solves the problems of low efficiency of checking the Shell script due to complex environment of a production host and uncontrollable authority, improves the accuracy of automatic script checking by customizing the command checking rule, and ensures that the Shell script runs on the server safely and stably.

Description

Method for implementing Shell script checking tool
Technical Field
The invention relates to the technical field of operation and maintenance script detection, in particular to an implementation method of a Shell script inspection tool.
Background
With the development of information technology, the complexity of information systems is increasing, and the number of servers to be managed is also increasing, so that higher requirements are put on system operation and maintenance. An operation and maintenance script (Shell) is a common operation and maintenance operation means and faces various security risks. The scripts running automatically are very easy to cause irreversible system damage or even system attack behavior due to negligence of operators, so that a server cannot run normally and a series of unpredictable losses are caused. In the face of servers with large quantity and high safety requirements, a large amount of manpower and material resources are consumed to inspect and correct operation and maintenance scripts running on the servers, running of high-risk commands is avoided, and time and labor cost are too high.
In addition, due to the fact that multiple persons develop cooperatively, the operation and maintenance scripts are wide in source, lack of the same standard and the like, and due to the fact that operation and maintenance personnel neglect, manual audit or regular matching analysis is used for detecting script contents, the phenomena of missed judgment, erroneous judgment and the like are prone to occurring. The problem of the prior art is that a script program checking scheme which can perform deep analysis on script contents and allow operation and maintenance personnel to perform custom matching rules is lacking. Therefore, the present invention aims to provide a script program checking scheme, which can implement full-automatic stability detection, support customizable rule files, and support multiple rule matching to cope with different script data.
At present, examples of programs that can parse a Shell script to obtain an Abstract Syntax Tree (AST) include bashlex, syntax, shellcheck, and the like.
In order to further detect the specified script program sample, program content needs to be identified by means of a syntax tree, for example, an automatic operation and maintenance script safety guarantee method performs syntax analysis on program key information by traversing an abstract syntax tree, performs command check and identification line by using a regular expression, and notifies a script auditor to process after judging whether a sensitive command line exists or not by checking a scanning result.
The introduced Shell script identification program can not realize the script program content inspection of any matching rule, only can analyze a syntax tree or a lexical unit, operation and maintenance personnel need to additionally design an inspection scheme through regular matching sentences, and the inspection scheme is complex. For example, different combination writing methods of command options, execution of commands in a path form, weak reference writing method, etc. all result in mismatching of command statements, and the error rate is high.
Disclosure of Invention
In order to solve the defects in the prior art, the invention provides a method for realizing a Shell script checking tool, which comprises the following steps:
step S1: the method comprises the steps that a sentence is sequentially analyzed into various lexical units through a syntax tree, all the lexical units are input into a state machine according to the sequence, the types of the lexical units are judged through state transfer of the state machine, and the types of the lexical units are obtained and comprise a preposed command, a preposed command option parameter, a command option and a command option parameter; the system comprises a front command option, a front command option and a front command option, wherein the front command option comprises a front command long option and a front command short option;
step S2: aiming at the type of the lexical unit judged in the step S1, storing the lexical unit of which the type relates to a preposed command, a command and a command option into a command structure body;
and step S3: and matching the content of the command structure body according to the rule configuration file, and returning the position and the content of the statement in the Shell script for the successfully matched statement.
In step S1, the initial transition condition of the state machine is to first determine whether a pre-order statement exists in a current statement, sequentially determine lexical unit types in the pre-order statement if the pre-order statement is identified, and identify the lexical unit types in the order statement after all lexical units in the pre-order statement are identified.
In step S1, the state machine identifies a lexical unit type in the pre-command sentence by the following method:
step S11: judging whether the current lexical unit is a parameter-free preposed command short option or not from the first lexical unit, if so, directly judging the type of the next lexical unit, and if not, jumping to the step S12;
step S12: judging whether the current lexical unit is a pre-command short option with parameters, if so, directly judging the type of the next lexical unit, and if not, jumping to the step S13;
step S13: judging whether the current lexical unit is a parameter-free preposed command long option or not, if so, directly judging the type of the next lexical unit, and if not, jumping to the step S14;
step S14: and judging whether the current lexical unit is a preset command long option with parameters or not, and directly judging the type of the next lexical unit until the state machine finishes type judgment on all the lexical units in the preset command sentence.
In step S1, the state machine identifies a lexical unit type in the command sentence by the following method:
step S1a: judging whether the current lexical unit is a command short option or not from the first lexical unit, if so, directly judging the type of the next lexical unit, and if not, jumping to the step S1b;
step S1b: judging whether the current lexical unit is a command length option without parameters, if so, directly judging the type of the next lexical unit, and if not, jumping to the step S1c;
step S1c: and judging whether the current lexical unit is a command length option with parameters or not, and directly judging the type of the next lexical unit until the state machine finishes type judgment on all the lexical units in the command sentence.
Wherein, the step S1 further includes: after all the lexical units in the command sentence are judged, recognizing the lexical units as command sub-sentences aiming at the lexical units needing command replacement and related to the lexical units, and judging the types of the sub-lexical units in the command sub-sentences according to the method in the steps S1 a-S1 b.
The invention provides a multi-aspect, customized and reliable stability checking tool for the server, solves the problem of low efficiency of checking the Shell script due to the complex environment of the production host and uncontrollable authority, improves the accuracy of automatic checking of the script by self-defining the command checking rule, and ensures the Shell script to run on the server safely and stably.
Drawings
FIG. 1: the invention discloses an implementation flow chart of a shell script checking tool.
Detailed Description
In order to further understand the technical scheme and the advantages of the present invention, the following detailed description of the technical scheme and the advantages thereof is provided in conjunction with the accompanying drawings.
The underlying meaning convention referred to below is as follows:
shell script: script language code consisting of a series of Shell commands that can be parsed and run by a Unix Shell interpreter.
Operation and maintenance high-risk script: and aiming at the operation and maintenance scene of the operating system, the Shell script has the risk of causing unrecoverable loss and damage to the system.
Command: (command): an executable program with specific functions in a Shell statement. Is one of the components of a Shell statement and generally represents the main operation performed by the current command line.
The preposition order: a command is accepted with a command call statement as a parameter.
Command options: an identifier, usually in the form of both short and long options, identifying the kind of command parameter is one of the components of a piece of Shell statements.
Command parameters: the parameters are variables that adjust the mode of operation, participate in the execution of commands, and may be zero or more.
A lexical unit: also known as words, are sequences of characters in a source program that match a token pattern, which is recognized by a lexical analyzer as an instance of the token.
Aiming at the problems that the existing text matching tool is easy to have misjudgment, missed judgment and the like when checking codes, the invention provides a Shell script checking tool, command sentences are analyzed into lexical units (comprising a preposed command, a preposed command option, a command option and command option parameters) through a state machine, so that the meanings of the lexical units can be analyzed according to the Shell script syntax, and the combined writing methods of different lexical units can be identified, such as whether the command sentences are combined commands of short options and long options, whether the command options contain parameters and the like; the Shell script content can be fully checked from multiple angles, the problem that the safety operation of the server is affected by misjudgment and missed judgment easily caused when the Shell script content is checked is solved, and the operation process of Shell script auditors is greatly simplified.
Furthermore, the Shell script inspection tool provided by the invention utilizes a state machine to obtain the appointed lexical unit from the analyzed lexical unit, judges whether a command sentence to be matched exists by combining with the customized rule, provides a high-freedom customized Shell script content inspection scheme in the judgment process, has a rule configuration file supporting various logic operation writing methods, and can be used for compiling the matching rule of the lexical unit to be detected by operation and maintenance personnel, such as whether the command is rm, whether the short option of the command contains rf or R, whether the long option contains-force and-recursion, and the like, and can add various matching rules in the rule configuration file, can formulate the rule priority to detect the script content, realizes the deep analysis of the contents of the lexical unit of the Shell script and the rule matching detection scheme with high freedom, and improves the monitoring efficiency and the accuracy.
The checking tool judges the composition of command sentences in a state machine mode, and the checking tool comprises a preposed command, a preposed command option parameter, a command option and a command option parameter, and analyzes and identifies lexical units according to a custom rule. The pre-command is a command that accepts a command calling statement as a parameter, for example, sudo-user = userA, sudo is a pre-command, and-user or-u is a specific function of which the pre-command option is an identification command, and userA is an option parameter of the pre-command, and is semantically an identity of userA to execute the command, representing an operation object of the command. Commands are executable programs with specific functions in the Shell statements, such as in particular the ls-aF command statement, ls being commands, -aF being command options and usually having both short options, represented by a dash (-) followed by a character, and long options, represented by a double dash (- -) followed by a character string, short options being used in combination. Some command options have parameters, such as MODE in mkdir — MODE = MODE dir is an option parameter, which acts to fine control the behavior of Shell commands when running under this option.
The method for realizing the Shell script checking tool comprises the following specific implementation flows:
1. parsing command statements into lexical units
The specific flow chart is shown in fig. 1: the method comprises the steps of sequentially analyzing sentences into various lexical units according to a syntax tree, sequentially inputting all the lexical units of the sentences into a state machine, and judging the types of the lexical units through state transfer of the state machine, wherein the initial transfer condition of the state machine is to judge whether a preposed command sentence contained in a preposed command configuration file exists or not, judge whether a short option without parameters exists in the preposed command sentence or not if the preposed command sentence is recognized, namely state 2, and judge whether a short option with parameters possibly exists (namely state 3) or not if the short option without parameters cannot be directly determined, further judge whether the short option contains option parameters (namely state 4), then sequentially judge whether a long option without parameters exists (namely state 5) or not according to the sequence of states 5-7, and further judge whether a long option with parameters possibly exists (namely state 6) or not and further judge whether the long option contains option parameters (namely state 7), and the principle is similar to the principle from state 2 to state 4.
It should be noted that, for each lexical unit, after the determination of the state 2, the state 4, the state 5, or the state 7, it is necessary to return to the state 1 again, that is, it is determined whether there is a pre-command statement after the lexical unit, and it is determined that the lexical unit type of the lexical unit after the lexical unit continues according to the steps of the states 2 to 7, that is, it is determined that the lexical unit type of each lexical unit passes through the states 2 to 7 (each lexical unit does not need to go through the flow of the states 2 to 7, and it jumps to the state 1 after it can be determined that the type of each lexical unit in one of the states).
In the above, the short option and the long option are referred to the prefix command option, that is, whether the current lexical unit belongs to the prefix command short option or the prefix command long option is determined.
The meaning of state 2-state 4 is: on the basis of judging that a certain lexical unit in a preposed command statement is a short option, if the subsequent part of the lexical unit can be directly judged not to contain the preposed command option parameter (for example, if the lexical unit "-H" in sudo-H-uuserA is followed by a lexical unit containing "-", the subsequent part of the lexical unit does not necessarily contain the preposed command option parameter), the situation belongs to the state 2, in this case, the state is directly jumped to the state 1, and the next lexical unit (namely "-u") is judged; if it cannot be directly determined that the rear part of the mobile terminal does not include the pre-command option parameter, there are two cases (for example, "sudo-u root user dd user a lexical unit" -u "), that is, state 3, where it needs to be further determined whether the rear part of the mobile terminal includes the pre-command option parameter, that is, state 4. States 5-7 can be understood the same.
After the lexical units in the pre-command statement are judged to be finished, the state machine continuously transfers to the command statement backwards, in the process, lexical units which are not commands are omitted, after the keyword lexical units are identified, whether command short options and command long options exist is judged according to the sequence of states 9-11, and since the command short options in the command statement have no parameters, when the type of the lexical units is judged to be the command short options (namely, the state 9), whether the command short options contain the parameters is not judged, and only when the type of the lexical units is judged to be the command long options, whether the command long options have the parameters (namely, the state 10 and the state 11) is judged. In addition, in the process, if a lexical unit which needs to be subjected to command replacement is identified (namely, when weak reference or strong reference exists), after judgment is finished, command replacement is carried out according to the syntax tree (namely, the state 12), the lexical unit is identified as a command sub-sentence, and the type judgment of the lexical unit in the command sub-sentence is finished according to the sequence from the state 9 to the state 11. After completing type determination for all lexical units in the corresponding command statement, the state machine transition is ended (i.e., state 13).
2. Storage command structure
And according to the type of the lexical unit judged in the first step, when the lexical unit is stored in the command structure, only the preposed command is stored aiming at the preposed command sentence, and the preposed command option (comprising a preposed command short option and a preposed command long option) and the preposed command option parameter are ignored.
For the preposed command statement, if command components similar to sudo-r role rm-f file are encountered, if all command options in the command are directly stored after analysis, the-r short option can be mistaken to be the short option of the command rm in the rule matching process, and misjudgment is caused. Therefore, the invention can avoid the occurrence of misjudgment conditions by neglecting the preposed command short option, the preposed command long option and the preposed command option parameter.
Meanwhile, aiming at command sentences (including command sub-sentences related to weak reference and strong reference in the command sentences), in the analysis process of the command sentences, after a key command is identified, the lexical unit type behind the command is judged according to a state machine, command short options are selected and stored in a command structure body, and meanwhile, in order to avoid misjudging command option parameters as the command and cause interference to the identification command, whether the command long options carry parameters or not is analyzed, the parameters of the command long options are omitted, and the command long options are reserved.
That is, for a command statement, only the command and command options (including the command short option and the command long option) are stored, and the command option parameters are ignored.
3. Rule matching
The content of the processed command structure body is identified by reading the rule configuration file, the rule configuration file can be written by operation and maintenance management personnel according to different inspection requirements in a self-defining way, and the rule matching writing method can be described as whether the statement contains a command to be matched or not, and whether the statement contains a command long option or a command short option to be matched or not. Wherein, the command short option is split into a single short option form before matching. The rule matching writing method supports a regular combination form and can perform logic expression nesting at the same time. Each matching rule in the rule configuration file can set different rule names, in the matching process, contents written according to the rule are sequentially matched, if all the contents meet the conditions, the matching is successful, the position of the statement in the Shell script and the contents of the statement are returned, if the matching fails, the statement is matched with the next rule, and if no rule matched with the statement exists in the rule configuration file, the next statement is identified and the rule is matched.
Based on the Shell script inspection tool implementation method, the invention provides two specific implementation modes as follows:
1. detailed description of the preferred embodiment 1
The checking tool analyzes the lexical units through the state machine according to the syntax tree of the command sentence, the state machine analyzes the lexical units of the command sentence one by one, the analysis process realizes the selection processing of the lexical units, and the processed command structure is output. Taking LANG = en _ US.UTF-8 sudo-u user shutdown-f as an example, the specific steps are as follows:
step one, selecting whether to store an environment variable of a command statement according to a rule configuration file, such as LANG = en _ US. The next logical decision is made when a "pre" command recorded in the configuration file is encountered (e.g., sudo, nohup, bash, coproc, parallel, etc.). In this case, sudo is a pre-command according to the rule content, and is stored in the command structure, and the short option and the long option are ignored. Meanwhile, the options and parameters in the pre-command can be identified, such as option-u and parameter user of the pre-command sudo in the case, so that misjudgment of the options of the pre-command on the identification of the command options is avoided.
And step two, analyzing and identifying the composition of the command statement according to the comparison of the lexical unit content and the rule, storing all long options and short options of the command statement into a command structure, and simultaneously identifying the long options with parameters in the command by a judging mode designed by the state machine, omitting the parameters of the long options of the command and only keeping the command options.
And step three, when command replacement of sentences such as echo 'shutdown-f' and echo "$ (shutdown-f) is detected, analyzing the content of the lexical units and identifying the lexical units as independent command sentences by the state opportunity, and analyzing according to the flow in the step two.
2. Specific example 2
The user can define the rule name by self, can set the rule checking content as the command to be matched, and can select whether to match the long and short options of the command. After the rule configuration file is set, the combination of various option parameters of the command statement can be detected by combining with the processing flow of the state machine. Taking sudo shutdown, rm-v-ird-force as an example, the specific steps are as follows:
step one, a state machine command analysis part; the command is analyzed to be a shutdown command and an rm command, respective command options are stored in the structural body attributes of the command, and the command options are stored after being split for the combined writing method of the-ird short options.
Step two, the rule matching writing method can be described as:
rule 1: the command is equal to rm; and the short option comprises-R or the long option comprises-recurive; and the short option contains-f or the long option contains-force.
Rule 2: the command equals shutdown; and the short option includes-f.
Step three, the checking tool is matched with the command structure according to the rule configuration file, and the command is not fed back because the shutdown command lacks-f short options in rule description and is not matched with other rules; the rm command statement matches to rule1 and the checking tool will give the location of the command in the script file and display the command statement.
An optional step four, the present checking tool is executed by a command line, the rule to be checked may be specified using a command line parameter-r rule1. The checking tool can also support checking the Shell script file, the user-defined rule configuration file and the like under any file path, and the detection is called through a command line.
The invention can realize the following technical effects:
aiming at the command statement analysis function of the Shell script, the syntax tree is utilized to analyze the statement, and after script scanning is carried out on each statement in the Shell script, the statement is decomposed into lexical units. The invention designs a state machine transfer method which can identify the type of a lexical unit through specific state machine transfer conditions, wherein the type of the lexical unit comprises a preposed command, a preposed command option parameter, a command option and a command option parameter. The state machine identifies a specific preposed command according to the preposed command configuration file, meanwhile, the operation and maintenance personnel can modify the preposed command configuration file to add the preposed command needing to be identified, and when the preposed command exists in the statement, whether a lexical unit of the preposed command option and the preposed command option parameter type is included behind the preposed command can be analyzed according to the transfer condition. In addition, the invention supports the operation and maintenance personnel to self-define and write rule configuration files, the files mainly describe the contents to be matched in the process of identifying the lexical units of the command sentences, one rule mainly comprises whether a specific command is contained in the sentence, whether the command contains a command short option or not, whether the command contains a command long option or not, and the matching rule description of a plurality of options is supported. Aiming at the identification of the command and the options and parameters thereof, the identification is similar to the judgment condition of the preposed command, the command options and the command option parameters are stored in a command structure body after the whole sentence is analyzed and identified, the rule matching check is carried out on the command structure body according to the rule configuration file, when the rule content meeting the condition exists, an alarm is given to inform operation and maintenance personnel of the content of the sentence and the position of the sentence in the script. The invention supports custom rule matched Shell script check, thus realizing high-freedom command detection, correctly identifying various high-freedom writing methods with the same command execution effect (for example, the execution option of rm-rf is taken as an example, and supports the identification of multiple writing methods such as-r-f, -fr, -r-force and the like), having strong expandability, being capable of enabling the server to analyze specific command sentences in different scenes, being capable of greatly avoiding detection omission caused by wide script sources or different command writing methods of different Shell script writing personnel in practical application, avoiding high-risk command execution, providing a multi-aspect, customized and reliable stability check tool for the server according to customized rules, reducing manual detection cost, and enabling the server to analyze specific command sentences in different scenes and being capable of being executed in all platforms and architectures.
Although the present invention has been described with reference to the preferred embodiments, it should be understood that the scope of the present invention is not limited thereto, and those skilled in the art will appreciate that various changes and modifications can be made without departing from the spirit and scope of the present invention.

Claims (5)

  1. The method for realizing the Shell script checking tool is characterized by comprising the following steps of:
    step S1: the method comprises the steps that a sentence is sequentially analyzed into various lexical units through a syntax tree, all the lexical units are input into a state machine according to the sequence, the types of the lexical units are judged through state transfer of the state machine, and the types of the lexical units are obtained and comprise a preposed command, a preposed command option parameter, a command option and a command option parameter; the system comprises a front command option, a front command option and a front command option, wherein the front command option comprises a front command long option and a front command short option;
    step S2: aiming at the type of the lexical unit judged in the step S1, storing the lexical unit of which the type relates to a preposed command, a command and a command option into a command structure body;
    and step S3: and matching the content of the command structure body according to the rule configuration file, and returning the position and the content of the statement in the Shell script for the successfully matched statement.
  2. 2. The method for implementing a Shell script checking tool as claimed in claim 1, wherein in step S1, the initial transition condition of the state machine is to first determine whether a pre-command statement exists in the current statement, and if the pre-command statement is recognized, sequentially determine the lexical unit types in the pre-command statement, and after all the lexical units in the pre-command statement are recognized, recognize the lexical unit types in the command statement.
  3. 3. A method for implementing the Shell script checking tool as recited in claim 2, wherein in step S1, the state machine identifies the lexical unit type in the pre-command statement by:
    step S11: judging whether the current lexical unit is a parameter-free preposed command short option or not from the first lexical unit, if so, directly judging the type of the next lexical unit, and if not, jumping to the step S12;
    step S12: judging whether the current lexical unit is a preposed command short option with parameters, if so, directly judging the type of the next lexical unit, and if not, jumping to the step S13;
    step S13: judging whether the current lexical unit is a parameter-free preposed command length option or not, if so, directly judging the type of the next lexical unit, and if not, jumping to the step S14;
    step S14: and judging whether the current lexical unit is a preset command long option with parameters or not, and directly judging the type of the next lexical unit until the state machine finishes type judgment on all the lexical units in the preset command sentence.
  4. 4. The method for implementing the Shell script checking tool as recited in claim 2, wherein in said step S1, the state machine identifies the lexical unit type in the command statement by:
    step S1a: judging whether the current lexical unit is a command short option or not from the first lexical unit, if so, directly judging the type of the next lexical unit, and if not, jumping to the step S1b;
    step S1b: judging whether the current lexical unit is a command length option without parameters, if so, directly judging the type of the next lexical unit, and if not, jumping to the step S1c;
    step S1c: and judging whether the current lexical unit is a command length option with parameters or not, and directly judging the type of the next lexical unit until the state machine finishes type judgment for all lexical units in the command sentence.
  5. 5. The method for implementing the Shell script checking tool as recited in claim 4, wherein the step S1 further comprises: after all the lexical units in the command sentence are judged, recognizing the lexical units as command sub-sentences aiming at the lexical units needing command replacement and related to the lexical units, and judging the types of the sub-lexical units in the command sub-sentences according to the method in the steps S1 a-S1 b.
CN202310272213.9A 2023-03-21 2023-03-21 Implementation method of Shell script inspection tool Active CN115982059B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310272213.9A CN115982059B (en) 2023-03-21 2023-03-21 Implementation method of Shell script inspection tool

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310272213.9A CN115982059B (en) 2023-03-21 2023-03-21 Implementation method of Shell script inspection tool

Publications (2)

Publication Number Publication Date
CN115982059A true CN115982059A (en) 2023-04-18
CN115982059B CN115982059B (en) 2023-07-04

Family

ID=85976483

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310272213.9A Active CN115982059B (en) 2023-03-21 2023-03-21 Implementation method of Shell script inspection tool

Country Status (1)

Country Link
CN (1) CN115982059B (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101110812A (en) * 2007-08-29 2008-01-23 中兴通讯股份有限公司 Text command analyzing and processing method
CN102054100A (en) * 2010-12-17 2011-05-11 中国科学院计算技术研究所 Static analysis-based method and system for detecting RTL (Resistor Transistor Logic) design errors
US20140130158A1 (en) * 2012-11-07 2014-05-08 Microsoft Corporation Identification of malware detection signature candidate code
CN105786710A (en) * 2016-03-22 2016-07-20 中国银行股份有限公司 Program code review method and engine
CN106845227A (en) * 2016-12-27 2017-06-13 哈尔滨安天科技股份有限公司 A kind of malicious script detection method and system based on ragel state machines
US20180314683A1 (en) * 2017-04-27 2018-11-01 Mediatek Singapore Pte. Ltd. Method and device for processing natural language
CN110221836A (en) * 2018-03-02 2019-09-10 拜椰特(上海)软件技术有限公司 A kind of lexical analysis tool
CN110245085A (en) * 2019-04-08 2019-09-17 华东师范大学 The embedded real-time operating system verification method and system examined using on-time model
CN113221120A (en) * 2021-05-19 2021-08-06 西北工业大学太仓长三角研究院 Vulnerability detection method and system for application rules of Internet of things
CN113741869A (en) * 2020-09-10 2021-12-03 吕戈 Construction method of high-performance variable grammar programming language
CN114117440A (en) * 2021-10-29 2022-03-01 北京长亭未来科技有限公司 Script command vulnerability detection method, vulnerability scanner and storage medium
CN114911711A (en) * 2022-06-14 2022-08-16 南方电网科学研究院有限责任公司 Code defect analysis method and device, electronic equipment and storage medium
CN115757023A (en) * 2022-11-09 2023-03-07 长城计算机软件与系统有限公司 Business process processing method and device and finite-state machine model

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101110812A (en) * 2007-08-29 2008-01-23 中兴通讯股份有限公司 Text command analyzing and processing method
CN102054100A (en) * 2010-12-17 2011-05-11 中国科学院计算技术研究所 Static analysis-based method and system for detecting RTL (Resistor Transistor Logic) design errors
US20140130158A1 (en) * 2012-11-07 2014-05-08 Microsoft Corporation Identification of malware detection signature candidate code
CN105786710A (en) * 2016-03-22 2016-07-20 中国银行股份有限公司 Program code review method and engine
CN106845227A (en) * 2016-12-27 2017-06-13 哈尔滨安天科技股份有限公司 A kind of malicious script detection method and system based on ragel state machines
US20180314683A1 (en) * 2017-04-27 2018-11-01 Mediatek Singapore Pte. Ltd. Method and device for processing natural language
CN110221836A (en) * 2018-03-02 2019-09-10 拜椰特(上海)软件技术有限公司 A kind of lexical analysis tool
CN110245085A (en) * 2019-04-08 2019-09-17 华东师范大学 The embedded real-time operating system verification method and system examined using on-time model
CN113741869A (en) * 2020-09-10 2021-12-03 吕戈 Construction method of high-performance variable grammar programming language
CN113221120A (en) * 2021-05-19 2021-08-06 西北工业大学太仓长三角研究院 Vulnerability detection method and system for application rules of Internet of things
CN114117440A (en) * 2021-10-29 2022-03-01 北京长亭未来科技有限公司 Script command vulnerability detection method, vulnerability scanner and storage medium
CN114911711A (en) * 2022-06-14 2022-08-16 南方电网科学研究院有限责任公司 Code defect analysis method and device, electronic equipment and storage medium
CN115757023A (en) * 2022-11-09 2023-03-07 长城计算机软件与系统有限公司 Business process processing method and device and finite-state machine model

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
伍利: "ATE软件测试方法研究及实现", 中国优秀博硕士学位论文全文数据库 (硕士)信息科技辑 *

Also Published As

Publication number Publication date
CN115982059B (en) 2023-07-04

Similar Documents

Publication Publication Date Title
US8875110B2 (en) Code inspection executing system for performing a code inspection of ABAP source codes
CN103257919B (en) Inspection method and device for script programs
WO2001014969A1 (en) Software rehosting system and method
CN110013672B (en) Method, device, apparatus and computer-readable storage medium for automated testing of machine-run games
CN108897676B (en) Flight guidance control software reliability analysis system and method based on formalization rules
US20180268081A1 (en) Data extraction
CN109710518A (en) Script checking method and device
KR101696694B1 (en) Method And Apparatus For Analysing Source Code Vulnerability By Using TraceBack
CN103914379A (en) Automatic fault injection and fault detecting method and system
CN115080448B (en) Method and device for automatically detecting inaccessible path of software code
CN110197072A (en) The method of excavation and system of software security flaw, storage medium and computer equipment
CN107169092A (en) Intelligent Recognition and the method and system of sensitive content are handled in interaction
CN111459500A (en) Safety compiling method and device based on sea eagle wing brightness operating system
CN113051262B (en) Data quality inspection method, device, equipment and storage medium
CN110659200B (en) Method and system for comparing and analyzing source code and target code of aviation onboard software
CN108427645A (en) Unattended method and system are realized in no command line interface automatically testing platform
CN115982059A (en) Method for implementing Shell script checking tool
CN116662110A (en) Script-based interlocking data automatic configuration method
CN110413518A (en) The generation method and generating means and computer readable storage medium of control object library
CN116610558A (en) Code detection method, device, electronic equipment and computer readable storage medium
CN114116471A (en) Automatic code scanning method, system, electronic equipment and storage medium
CN111338619A (en) Graphical algorithm programming interactive system, programming method and readable storage medium
CN112445391B (en) Service data generation method, device and computer readable storage medium
He et al. A coverage and slicing dependencies analysis for seeking software security defects
Wang et al. ProphetFuzz: Fully Automated Prediction and Fuzzing of High-Risk Option Combinations with Only Documentation via Large Language Model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant