CN116257853A - Method and device for defending system vulnerabilities by using runtime memory patches - Google Patents
Method and device for defending system vulnerabilities by using runtime memory patches Download PDFInfo
- Publication number
- CN116257853A CN116257853A CN202310538658.7A CN202310538658A CN116257853A CN 116257853 A CN116257853 A CN 116257853A CN 202310538658 A CN202310538658 A CN 202310538658A CN 116257853 A CN116257853 A CN 116257853A
- Authority
- CN
- China
- Prior art keywords
- terminal
- vulnerability
- patch
- memory patch
- runtime memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
Abstract
The application provides a method and a device for defending system vulnerabilities by using a runtime memory patch, electronic equipment and a storage medium, and relates to the technical field of computers. According to the method, the system loopholes are repaired by the memory patch technology during operation, so that attack of the system loopholes can be effectively defended, and the safety and stability of the system are improved; and the running condition of the system of the terminal can be monitored by a system monitor arranged on the terminal, the condition that the vulnerability appears again can be found in time, and corresponding measures are taken for repairing; in addition, if the influence on the system of the terminal beyond the preset expectation is monitored after the dynamic injection of the runtime memory patch is successful, the system of the terminal is rolled back to a state before the loaded runtime memory patch is dynamically injected into the process of the system of the terminal with the vulnerability, the operation of the system is preferentially ensured, and the vulnerability repair is carried out by dynamically injecting again after the runtime memory patch is adjusted.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method and apparatus for defending a system vulnerability by using a runtime memory patch, an electronic device, and a storage medium.
Background
In the information age today, computer systems (e.g., the operating system or application system of a computer, etc.) have become an indispensable tool in people's production and life. However, with the increasing expansion of computer application scenarios, system vulnerabilities (which refer to defects in specific implementation of hardware, software, protocols or system security policies, so that an attacker can access or destroy a system under unauthorized conditions) are also increasing, and the attacker can invade a computer system through the vulnerabilities, thereby causing great loss.
In order to solve the problem of system vulnerabilities, some methods are proposed to defend against these attacks, such as patching the vulnerabilities by patching, in particular, replacing old files with new files to repair the vulnerabilities, however, replacing old files with new files requires adapting to the software and hardware environment, and how to provide a more effective solution for repairing the vulnerabilities is a technical problem to be solved.
Disclosure of Invention
In view of the foregoing, the present application is directed to a method and apparatus, an electronic device, and a storage medium for defending against system vulnerabilities with runtime memory patches that overcome or at least partially solve the foregoing problems. The technical scheme is as follows:
In a first aspect, a method for defending against a system vulnerability by using a runtime memory patch is provided, including:
scanning a system of a terminal through a vulnerability scanner installed on the terminal, and identifying system vulnerabilities;
loading a corresponding runtime memory patch according to the identified system vulnerability;
dynamically injecting the loaded runtime memory patch into a system loophole process of the terminal to realize system loophole repair;
the method comprises the steps that through a system monitor installed on a terminal, the running condition of the system of the terminal is monitored, after the feedback of a successful result of dynamic injection of a memory patch in running is received, a vulnerability scanner is called again, the system of the terminal is scanned, and whether a system vulnerability exists or not is identified; and monitoring whether the dynamic injection of the runtime memory patch is successful or not has an influence outside the preset expectation on the system of the terminal, and if the dynamic injection of the runtime memory patch is monitored to be successful, rolling back the system of the terminal to a state before the loaded runtime memory patch is dynamically injected into the process of the system of the terminal with the vulnerability.
In one possible implementation, the loaded runtime memory patch is a binary executable file and includes a patch description file describing process information that the patch needs to inject; the dynamically injecting the loaded runtime memory patch into the system bug process of the terminal to realize system bug repair comprises the following steps:
executing the loaded runtime memory patch, and acquiring the process information to be injected by the patch in the patch description file; the process information to be injected into the patch comprises a process name and an injected memory relative address;
performing dynamic injection of the memory patch in the running process according to the process name and the relative address of the injected memory in the process information to be injected by the patch; if the dynamic injection of the memory patch is successful in running, the program execution logic or the return value of the injected process is changed;
after the dynamic injection of the runtime memory patch is successful, the successful result of the dynamic injection of the runtime memory patch is fed back to the system monitor, the information of the injected process is recorded, and the information of the injected process is returned to the recovery program.
In one possible implementation manner, the monitoring whether the dynamic injection of the runtime memory patch has an unexpected effect on the system of the terminal after the success includes:
Acquiring a baseline of a normal running state of the system in the patch description file;
monitoring whether the system operation of the terminal is inconsistent with a baseline of a normal operation state of the system after the dynamic injection of the memory patch is successful in the operation;
if the dynamic memory patch is successfully injected, monitoring that the system of the terminal is influenced by the preset expectation after the dynamic memory patch is successfully injected in the running process;
rolling back the system of the terminal to a state before dynamically injecting the loaded runtime memory patch into a system vulnerable process of the terminal, including:
and starting the recovery program, searching the information of the injected process, and rolling back the system of the terminal to a state before dynamically injecting the loaded runtime memory patch into the process with the system vulnerability of the terminal.
In one possible implementation manner, the scanning, by a vulnerability scanner installed on a terminal, a system of the terminal, and identifying a system vulnerability include:
scanning a system of a terminal through a vulnerability scanner installed on the terminal to acquire a version number of the system of the terminal;
judging whether the version number of the system of the terminal belongs to a preset version number interval or not;
If the version number of the system of the terminal belongs to the preset version number interval, taking the loopholes corresponding to the preset version number interval as the identified system loopholes.
In one possible implementation manner, the scanning, by a vulnerability scanner installed on a terminal, a system of the terminal, and identifying a system vulnerability include:
scanning a system of a terminal through a vulnerability scanner installed on the terminal to acquire a hash value of a system file of the terminal;
comparing the hash value of the system file of the terminal with the hash value in the vulnerability information library; the vulnerability information library is pre-stored with hash values of system files with vulnerabilities;
and if the hash value of the system file of the terminal is the same as the target hash value in the vulnerability information library, taking the target system file corresponding to the target hash value as the identified system vulnerability.
In one possible implementation manner, the vulnerability scanner comprises executable codes for vulnerability dynamic verification, wherein the executable codes for vulnerability dynamic verification establish a corresponding relation with the vulnerability in advance;
scanning a system of a terminal through a vulnerability scanner installed on the terminal, and identifying a system vulnerability, including:
Loading a vulnerability scanner containing the executable code for vulnerability dynamic verification through an agent installed on a terminal, running the executable code for vulnerability dynamic verification, and obtaining a simulation verification result after loading and running;
and if the simulation verification result is matched with the loophole corresponding to the executable code of the loophole dynamic verification, taking the loophole corresponding to the executable code of the loophole dynamic verification as the identified system loophole.
In one possible implementation manner, loading the corresponding runtime memory patch according to the identified system vulnerability includes:
acquiring a memory patch library which is pre-established and contains the corresponding relation between the loopholes and the memory patches in the running process;
and searching a corresponding runtime memory patch in the memory patch library according to the identified system vulnerability, and loading the corresponding runtime memory patch.
In a second aspect, an apparatus for defending against a system vulnerability using a runtime memory patch is provided, including:
the system comprises an identification module, a vulnerability detection module and a vulnerability detection module, wherein the identification module is used for scanning a system of a terminal through a vulnerability scanner installed on the terminal and identifying system vulnerabilities;
the loading module is used for loading corresponding runtime memory patches according to the identified system vulnerabilities;
The dynamic injection module is used for dynamically injecting the loaded runtime memory patch into the system loophole process of the terminal to realize system loophole repair;
the system monitoring module is used for monitoring the running condition of the system of the terminal through a system monitor arranged on the terminal, and after receiving feedback of a result of successful dynamic injection of the memory patch during running, the system monitoring module calls the vulnerability scanner again to scan the system of the terminal so as to identify whether a system vulnerability exists; and monitoring whether the dynamic injection of the runtime memory patch is successful or not has an influence outside the preset expectation on the system of the terminal, and if the dynamic injection of the runtime memory patch is monitored to be successful, rolling back the system of the terminal to a state before the loaded runtime memory patch is dynamically injected into the process of the system of the terminal with the vulnerability.
In one possible implementation, the loaded runtime memory patch is a binary executable file and includes a patch description file describing process information that the patch needs to inject; the dynamic injection module is further configured to:
Executing the loaded runtime memory patch, and acquiring the process information to be injected by the patch in the patch description file; the process information to be injected into the patch comprises a process name and an injected memory relative address;
performing dynamic injection of the memory patch in the running process according to the process name and the relative address of the injected memory in the process information to be injected by the patch; if the dynamic injection of the memory patch is successful in running, the program execution logic or the return value of the injected process is changed;
after the dynamic injection of the runtime memory patch is successful, the successful result of the dynamic injection of the runtime memory patch is fed back to the system monitor, the information of the injected process is recorded, and the information of the injected process is returned to the recovery program.
In one possible implementation, the system monitoring module is further configured to:
acquiring a baseline of a normal running state of the system in the patch description file;
monitoring whether the system operation of the terminal is inconsistent with a baseline of a normal operation state of the system after the dynamic injection of the memory patch is successful in the operation;
if the dynamic memory patch is successfully injected, monitoring that the system of the terminal is influenced by the preset expectation after the dynamic memory patch is successfully injected in the running process;
And starting the recovery program, searching the information of the injected process, and rolling back the system of the terminal to a state before dynamically injecting the loaded runtime memory patch into the process with the system vulnerability of the terminal.
In one possible implementation, the identification module is further configured to:
scanning a system of a terminal through a vulnerability scanner installed on the terminal to acquire a version number of the system of the terminal;
judging whether the version number of the system of the terminal belongs to a preset version number interval or not;
if the version number of the system of the terminal belongs to the preset version number interval, taking the loopholes corresponding to the preset version number interval as the identified system loopholes.
In one possible implementation, the identification module is further configured to:
scanning a system of a terminal through a vulnerability scanner installed on the terminal to acquire a hash value of a system file of the terminal;
comparing the hash value of the system file of the terminal with the hash value in the vulnerability information library; the vulnerability information library is pre-stored with hash values of system files with vulnerabilities;
and if the hash value of the system file of the terminal is the same as the target hash value in the vulnerability information library, taking the target system file corresponding to the target hash value as the identified system vulnerability.
In one possible implementation manner, the vulnerability scanner comprises executable codes for vulnerability dynamic verification, wherein the executable codes for vulnerability dynamic verification establish a corresponding relation with the vulnerability in advance; the identification module is also used for:
loading a vulnerability scanner containing the executable code for vulnerability dynamic verification through an agent installed on a terminal, running the executable code for vulnerability dynamic verification, and obtaining a simulation verification result after loading and running;
and if the simulation verification result is matched with the loophole corresponding to the executable code of the loophole dynamic verification, taking the loophole corresponding to the executable code of the loophole dynamic verification as the identified system loophole.
In one possible implementation, the loading module is further configured to:
acquiring a memory patch library which is pre-established and contains the corresponding relation between the loopholes and the memory patches in the running process;
and searching a corresponding runtime memory patch in the memory patch library according to the identified system vulnerability, and loading the corresponding runtime memory patch.
In a third aspect, an electronic device is provided, the electronic device comprising a processor and a memory, wherein the memory has a computer program stored therein, the processor being configured to run the computer program to perform the method of defending against system vulnerabilities using a runtime memory patch as in any of the above.
In a fourth aspect, a storage medium is provided, where the storage medium stores a computer program, where the computer program is configured to run-time perform the method of defending against system vulnerabilities with a runtime memory patch as set forth in any one of the preceding claims.
By means of the technical scheme, the method and the device for defending system vulnerabilities by using the memory patches in the running process, the electronic equipment and the storage medium can scan a system of a terminal through a vulnerability scanner installed on the terminal, and identify system vulnerabilities; then loading corresponding runtime memory patches according to the identified system vulnerabilities; dynamically injecting the loaded runtime memory patch into a system loophole process of the terminal to realize system loophole repair; then, the running condition of the system of the terminal is monitored through a system monitor arranged on the terminal, after the feedback of the successful result of the dynamic injection of the memory patch during running is received, a vulnerability scanner is called again, the system of the terminal is scanned, and whether the system vulnerability exists or not is identified; and monitoring whether the run-time memory patch has an influence outside the preset expectation on the system of the terminal after the run-time memory patch is successfully injected, and if the run-time memory patch is monitored to have the influence outside the preset expectation on the system of the terminal after the run-time memory patch is successfully injected, rolling back the system of the terminal to a state before the loaded run-time memory patch is dynamically injected into the process of the system of the terminal with the loophole. It can be seen that the embodiment of the application can repair the system bug by using the memory patch technology during operation, solve the problem that the old file needs to be adapted to the software and hardware environment by adopting the new file in the prior art, effectively defend the attack of the system bug, and improve the safety and stability of the system; and the running condition of the system of the terminal can be monitored by a system monitor arranged on the terminal, the condition that the vulnerability appears again can be found in time, and corresponding measures are taken for repairing; in addition, if the influence on the system of the terminal beyond the preset expectation is monitored after the dynamic injection of the runtime memory patch is successful, the system of the terminal is rolled back to a state before the loaded runtime memory patch is dynamically injected into the process of the system of the terminal with the vulnerability, the operation of the system is preferentially ensured, and the vulnerability repair is carried out by dynamically injecting again after the runtime memory patch is adjusted.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the description of the embodiments of the present application will be briefly described below.
FIG. 1 illustrates a flowchart of a method for defending against system vulnerabilities using runtime memory patches provided by an embodiment of the present application;
FIG. 2 is a diagram showing interactions among a vulnerability scanner, a memory patch loader, a dynamic injector and a system monitor installed on a terminal according to an embodiment of the present application;
FIG. 3 is a block diagram of an apparatus for defending against system vulnerabilities using runtime memory patches provided in an embodiment of the present application;
fig. 4 shows a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Exemplary embodiments of the present application will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present application are shown in the drawings, it should be understood that the present application may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that such uses may be interchanged where appropriate such that embodiments of the present application described herein may be implemented in sequences other than those illustrated or described herein. Furthermore, the terms "include" and variations thereof are to be interpreted as open-ended terms that mean "include, but are not limited to.
In order to solve the above technical problems, an embodiment of the present application provides a method for defending a system vulnerability by using a runtime memory patch, as shown in fig. 1, the method for defending a system vulnerability by using a runtime memory patch may include the following steps S101 to S104:
step S101, scanning a system of a terminal through a vulnerability scanner installed on the terminal, and identifying system vulnerabilities;
step S102, loading corresponding runtime memory patches according to the identified system vulnerabilities;
step S103, dynamically injecting the loaded runtime memory patch into a system bug process of the terminal to realize system bug repair;
step S104, monitoring the running condition of the system of the terminal through a system monitor installed on the terminal, and after receiving the feedback of the successful result of the dynamic injection of the memory patch during running, calling the vulnerability scanner again to scan the system of the terminal and identifying whether a system vulnerability exists; and monitoring whether the run-time memory patch has an influence outside the preset expectation on the system of the terminal after the run-time memory patch is successfully injected, and if the run-time memory patch is monitored to have the influence outside the preset expectation on the system of the terminal after the run-time memory patch is successfully injected, rolling back the system of the terminal to a state before the loaded run-time memory patch is dynamically injected into the process of the system of the terminal with the loophole.
In the above embodiment, the system of the terminal may be an operating system of the terminal or an application system of the terminal, where the terminal may be a computer, a smart phone, a tablet computer, a smart car, or the like, which is not limited in this implementation.
According to the embodiment of the application, the system loophole can be repaired by a memory patch technology during operation, the problem that the old file needs to be matched with the software and hardware environment by adopting the new file in the prior art is solved, the attack of the system loophole can be effectively defended, and the safety and the stability of the system are improved; and the running condition of the system of the terminal can be monitored by a system monitor arranged on the terminal, the condition that the vulnerability appears again can be found in time, and corresponding measures are taken for repairing; in addition, if the influence on the system of the terminal beyond the preset expectation is monitored after the dynamic injection of the runtime memory patch is successful, the system of the terminal is rolled back to a state before the loaded runtime memory patch is dynamically injected into the process of the system of the terminal with the vulnerability, the operation of the system is preferentially ensured, and the vulnerability repair is carried out by dynamically injecting again after the runtime memory patch is adjusted.
In the embodiment of the present application, a possible implementation manner is provided, where step S101 above scans a system of a terminal through a vulnerability scanner installed on the terminal, and identifies a system vulnerability, and may specifically include the following steps A1 to A3:
step A1, scanning a system of a terminal through a vulnerability scanner installed on the terminal to acquire a version number of the system of the terminal;
step A2, judging whether the version number of the system of the terminal belongs to a preset version number interval;
and step A3, if the version number of the system of the terminal belongs to a preset version number interval, taking the loopholes corresponding to the preset version number interval as the identified system loopholes.
If the version number of the system of the terminal is judged not to belong to the preset version number interval, determining that the system loophole does not exist in the current scanning.
According to the embodiment, the system loopholes can be quickly identified through the version numbers of the system, and then the system loopholes can be further identified by combining the hash values of the system files or executable codes dynamically verified by the loopholes, so that the accuracy of identifying the system loopholes is improved.
In the embodiment of the present application, a possible implementation manner is provided, where step S101 above scans a system of a terminal through a vulnerability scanner installed on the terminal, and identifies a system vulnerability, and may specifically include the following steps B1 to B3:
Step B1, scanning a system of the terminal through a vulnerability scanner installed on the terminal to acquire a hash value of a system file of the terminal;
step B2, comparing the hash value of the system file of the terminal with the hash value in the vulnerability information library; the vulnerability information library is pre-stored with hash values of system files with vulnerabilities;
and step B3, if the hash value of the system file of the terminal is the same as the target hash value in the vulnerability information library, taking the target system file corresponding to the target hash value as the identified system vulnerability.
In this embodiment, since the hash values of the system files are unique, and the hash values of different system files are different, the system vulnerabilities can be quickly identified by the hash values of the system files, and the vulnerability identification efficiency is improved.
In the embodiment of the present application, a possible implementation manner is provided, where the system bug may be identified by adopting the steps A1 to A3 and/or the steps B1 to B3, that is, the steps A1 to A3 or the steps B1 to B3, or after the steps A1 to A3 and the steps B1 to B3, an executable code for dynamic verification of the bug is further adopted to perform system bug identification, so that on one hand, efficiency of system bug identification is improved, and on the other hand, accuracy of system bug identification is improved.
Specifically, the vulnerability scanner may include a vulnerability dynamically verified executable code, where the vulnerability dynamically verified executable code establishes a corresponding relationship with the vulnerability in advance, for example, a corresponding relationship is established between an identifier M11 of the vulnerability dynamically verified executable code and an identifier D11 of the vulnerability, a corresponding relationship is established between an identifier M22 of the vulnerability dynamically verified executable code and an identifier D22 of the vulnerability, a corresponding relationship is established between an identifier M33 of the vulnerability dynamically verified executable code and an identifier D33 of the vulnerability, and so on, and the embodiment is not limited thereto.
The step S101 of scanning the system of the terminal through the vulnerability scanner installed on the terminal to identify the system vulnerability may specifically include the following steps C1 and C2:
step C1, loading a vulnerability scanner containing executable codes for vulnerability dynamic verification through an agent installed on a terminal, running the executable codes for vulnerability dynamic verification, and obtaining a simulation verification result after loading and running;
and step C2, if the simulation verification result is matched with the loophole corresponding to the executable code of the loophole dynamic verification, taking the loophole corresponding to the executable code of the loophole dynamic verification as the identified system loophole.
In this embodiment, the dynamic verification of the vulnerability is an executable code, and whether the vulnerability exists is directly checked by the runtime, so as to obtain a more accurate determination result of whether the vulnerability exists.
For example, django is an open source Web (Internet) application framework written by python, a high-level programming language of the interpreted, object-oriented, dynamic data type. The framework modes of MTV are employed, namely template M, view V and template T. Django is also a framework following the MVC design pattern, MVC is a shorthand for Model, view, controller three words, representing model, view, controller, respectively.
The Django official publishes security advertisements, disclosing a potential SQL (structured query language) injection vulnerability that is exploited through the StringAgg implementation. An attacker can bypass escape symbols (\) and inject malicious SQL statements by constructing separators to pass to the aggregation function con-trieb.
The embodiment can construct executable codes for dynamic verification of vulnerabilities corresponding to the vulnerabilities, simulate an attacker to construct a segmenter, transmit the segmenter to an aggregation function, and bypass escape symbols (\) and inject malicious SQL sentences; if the simulation verification result is that the malicious SQL statement is successfully injected, judging that a potential SQL injection vulnerability utilized by the StringAgg implementation exists. The examples are illustrative only and are not intended to limit the present embodiments.
In the embodiment of the present application, a possible implementation manner is provided, where step S102 loads a corresponding runtime memory patch according to the identified system vulnerability, and may specifically include the following steps D1 and D2:
step D1, a memory patch library which is pre-established and contains the corresponding relation between the loopholes and the memory patches in the running process is obtained;
and D2, searching a corresponding runtime memory patch in a memory patch library according to the identified system vulnerability, and loading the corresponding runtime memory patch.
In this embodiment, the memory patch library includes a correspondence between the loopholes and the runtime memory patches, and in the correspondence, there may be a one-to-many or many-to-one case, for example, one or more loopholes may correspond to one runtime memory patch, one or more runtime memory patches correspond to one loophole, and the embodiment is not limited thereto. According to the embodiment, the runtime memory patch corresponding to the identified system bug can be quickly and accurately found through the memory patch library, so that the subsequent bug repair can be further performed.
In one possible implementation manner provided in the embodiment of the present application, the loaded runtime memory patch mentioned in step S103 above may be a binary executable file, and includes a patch description file describing process information that the patch needs to be injected. The patch here requires injected process information, such as a process name and an injected memory relative address, i.e. injection point information of the memory patch at runtime. Furthermore, step S103 dynamically injects the loaded runtime memory patch into the system bug process of the terminal to implement system bug repair, which may specifically include the following steps E1 to E3:
E1, executing loaded runtime memory patches, and acquiring process information to be injected into the patches in the patch description file; the process information to be injected by the patch can comprise a process name and an injected memory relative address;
e2, dynamically injecting the memory patch in the running process according to the process name and the relative address of the injected memory in the process information to be injected by the patch; if the dynamic injection of the memory patch is successful in running, the program execution logic or the return value of the injected process is changed;
and E3, after the dynamic injection of the runtime memory patch is successful, feeding back the successful dynamic injection result of the runtime memory patch to the system monitor, recording the information of the injected process, and returning the information of the injected process to a recovery (rollback) program.
In this embodiment, the loaded runtime memory patch is a binary executable file, and the loaded runtime memory patch can be executed to obtain the process information that the patch in the patch description file needs to be injected, so that the runtime memory patch is dynamically injected according to the process name and the relative address of the injected memory in the process information that the patch needs to be injected, so that the loaded runtime memory patch can be dynamically injected into the process with the vulnerability of the system to achieve vulnerability patching.
In the embodiment of the present application, a possible implementation manner is provided, where the step S104 of monitoring whether the dynamic injection of the runtime memory patch has an unexpected influence on the system of the terminal after success may specifically include the following steps F1 to F3:
step F1, acquiring a baseline of a normal running state of a system in a patch description file;
step F2, monitoring whether the system operation of the terminal is inconsistent with a baseline of a normal operation state of the system after the dynamic injection of the memory patch in the operation is successful;
and F3, if the dynamic injection of the memory patch in the running time is successful, monitoring that the memory patch in the running time has an influence outside the preset expectation on the system of the terminal.
For example, a baseline of the normal operation state of the system may be defined by a return value at the time of system operation, a CPU (central processing unit) at the time of system operation, memory occupation, and the like. For example, the highest memory occupation of a process is defined as 100M (mega) in a base line, when the system monitor monitors that the memory occupation of the process exceeds 100M after the runtime memory patch is injected, the system monitor considers that the system of the terminal has an unexpected influence preset after the runtime memory patch is successfully injected, namely, a rollback program is started to perform rollback operation, and the system is rolled back to a state before patch injection at the memory level.
If the condition that the system operation of the terminal is inconsistent with the base line of the normal operation state of the system after the dynamic injection of the runtime memory patch is successful is monitored, the fact that the system of the terminal is not influenced by the preset expectations after the dynamic injection of the runtime memory patch is successful is determined.
If it is monitored that the runtime memory patch has an influence outside the preset expectation on the system of the terminal after the runtime memory patch is successfully injected, the step S104 of rolling back the system of the terminal to a state before the loading runtime memory patch is dynamically injected into the process of the system vulnerability of the terminal may specifically include the following step F4:
and F4, starting a recovery program, finding out the information of the injected process, and rolling back the system of the terminal to a state before dynamically injecting the loaded runtime memory patch into the process of the system vulnerability of the terminal. That is, the system of the terminal is rolled back to a state before the loaded runtime memory patch is dynamically injected into the injected process by using the recovery program.
In this embodiment, if it is monitored that the runtime memory patch has an influence outside the preset expectations on the system of the terminal after the runtime memory patch is successfully dynamically injected, a recovery program is started, the information of the injected process is found, the system of the terminal is rolled back to a state before the loaded runtime memory patch is dynamically injected into the process of the system of the terminal with the vulnerability, the operation of the system is preferentially ensured, and the vulnerability repair is performed by dynamically injecting again after the runtime memory patch is adjusted.
Having described various implementations of the links of the embodiment shown in fig. 1, a method for defending a system vulnerability by using a runtime memory patch according to an embodiment of the present application will be further described below by way of specific embodiments.
Fig. 2 shows a diagram of interaction among a vulnerability scanner, a memory patch loader, a dynamic injector and a system monitor installed on a terminal according to an embodiment of the present application, which is specifically described below.
And step 1, scanning a system of the terminal through a vulnerability scanner installed on the terminal, and identifying system vulnerabilities. The step may further adopt the schemes of steps A1 to A3, steps B1 to B3, and steps C1 and C2 described above to perform system vulnerability identification, which are not described herein.
And step 2, loading corresponding runtime memory patches according to the identified system vulnerabilities through a memory patch loader installed on the terminal. This step may be further carried out by using the steps D1 and D2 described above, which are not described here again.
And step 3, calling a dynamic injector installed on the terminal, and dynamically injecting the loaded runtime memory patch into a system bug process of the terminal to realize system bug repair. This step may be further performed by using the steps E1 to E3 described above, and will not be described here again.
Step 4, monitoring the running condition of the system of the terminal through a system monitor arranged on the terminal, firstly, detecting whether the vulnerability is truly and effectively repaired, namely monitoring the patch effect, and after receiving feedback of a result of successful dynamic injection of the memory patch in running, calling the vulnerability scanner again to scan the system of the terminal, identifying whether the system vulnerability exists, and if so, returning to the step 2; if the system bug does not exist, the bug is really and effectively repaired; on the other hand, the system monitor also monitors whether the runtime memory patch has an unexpected influence on the system, and the process is to monitor whether the runtime memory patch has a preset unexpected influence on the system of the terminal after the runtime memory patch is successfully injected, and if the runtime memory patch is monitored to have the preset unexpected influence on the system of the terminal after the runtime memory patch is successfully injected, the system of the terminal is rolled back to a state before the process of dynamically injecting the loaded runtime memory patch into the system of the terminal with holes. In this way, the situation that the loophole reappears is found in time through monitoring the system, and corresponding measures are taken for repairing; if the influence of the dynamic injection of the runtime memory patch outside the preset expectation is monitored, a recovery program is started, the information of the injected process is found, the system of the terminal is rolled back to the state before the loaded runtime memory patch is dynamically injected into the injected process, the operation of the system is preferentially ensured, and the vulnerability repair is carried out by dynamically injecting again after the runtime memory patch is adjusted.
It should be noted that, the sequence number of each step in the above embodiment does not mean the sequence of execution sequence, and the execution sequence of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiment of the present application. In practical applications, all possible embodiments may be combined in any combination manner to form possible embodiments of the present application, which are not described in detail herein.
Based on the method for defending system vulnerabilities by using the runtime memory patch provided by the above embodiments, based on the same inventive concept, the embodiment of the present application further provides a device for defending system vulnerabilities by using the runtime memory patch.
Fig. 3 is a block diagram of an apparatus for defending against system vulnerabilities using runtime memory patches according to an embodiment of the present application. As shown in fig. 3, the apparatus for defending against system vulnerabilities by using a runtime memory patch may specifically include an identification module 310, a loading module 320, a dynamic injection module 330, and a system monitoring module 340.
The identifying module 310 is configured to scan a system of the terminal through a vulnerability scanner installed on the terminal, and identify a system vulnerability;
a loading module 320, configured to load a corresponding runtime memory patch according to the identified system vulnerability;
The dynamic injection module 330 is configured to dynamically inject the loaded runtime memory patch into a system bug process of the terminal, so as to implement system bug repair;
the system monitoring module 340 is configured to monitor, by using a system monitor installed on the terminal, a running condition of a system of the terminal, and after receiving feedback of a result that the dynamic injection of the runtime memory patch is successful, recall the vulnerability scanner again, scan the system of the terminal, and identify whether a system vulnerability exists; and monitoring whether the dynamic injection of the runtime memory patch is successful or not has an influence outside the preset expectation on the system of the terminal, and if the dynamic injection of the runtime memory patch is monitored to be successful, rolling back the system of the terminal to a state before the loaded runtime memory patch is dynamically injected into the process of the system of the terminal with the vulnerability.
In one possible implementation manner provided in the embodiments of the present application, the loaded runtime memory patch is a binary executable file, and includes a patch description file describing process information that the patch needs to be injected; the dynamic injection module 330 is further configured to:
Executing the loaded runtime memory patch, and acquiring the process information to be injected by the patch in the patch description file; the process information to be injected into the patch comprises a process name and an injected memory relative address;
performing dynamic injection of the memory patch in the running process according to the process name and the relative address of the injected memory in the process information to be injected by the patch; if the dynamic injection of the memory patch is successful in running, the program execution logic or the return value of the injected process is changed;
after the dynamic injection of the runtime memory patch is successful, the successful result of the dynamic injection of the runtime memory patch is fed back to the system monitor, the information of the injected process is recorded, and the information of the injected process is returned to the recovery program.
One possible implementation manner is provided in the embodiment of the present application, and the system monitoring module 340 is further configured to:
acquiring a baseline of a normal running state of the system in the patch description file;
monitoring whether the system operation of the terminal is inconsistent with a baseline of a normal operation state of the system after the dynamic injection of the memory patch is successful in the operation;
if the dynamic memory patch is successfully injected, monitoring that the system of the terminal is influenced by the preset expectation after the dynamic memory patch is successfully injected in the running process;
And starting the recovery program, searching the information of the injected process, and rolling back the system of the terminal to a state before dynamically injecting the loaded runtime memory patch into the process with the system vulnerability of the terminal.
One possible implementation manner is provided in the embodiment of the present application, and the identifying module 310 is further configured to:
scanning a system of a terminal through a vulnerability scanner installed on the terminal to acquire a version number of the system of the terminal;
judging whether the version number of the system of the terminal belongs to a preset version number interval or not;
if the version number of the system of the terminal belongs to the preset version number interval, taking the loopholes corresponding to the preset version number interval as the identified system loopholes.
One possible implementation manner is provided in the embodiment of the present application, and the identifying module 310 is further configured to:
scanning a system of a terminal through a vulnerability scanner installed on the terminal to acquire a hash value of a system file of the terminal;
comparing the hash value of the system file of the terminal with the hash value in the vulnerability information library; the vulnerability information library is pre-stored with hash values of system files with vulnerabilities;
And if the hash value of the system file of the terminal is the same as the target hash value in the vulnerability information library, taking the target system file corresponding to the target hash value as the identified system vulnerability.
The embodiment of the application provides a possible implementation mode, wherein the vulnerability scanner comprises executable codes for vulnerability dynamic verification, and the executable codes for vulnerability dynamic verification establish a corresponding relation with the vulnerability in advance; the identification module 310 is further configured to:
loading a vulnerability scanner containing the executable code for vulnerability dynamic verification through an agent installed on a terminal, running the executable code for vulnerability dynamic verification, and obtaining a simulation verification result after loading and running;
and if the simulation verification result is matched with the loophole corresponding to the executable code of the loophole dynamic verification, taking the loophole corresponding to the executable code of the loophole dynamic verification as the identified system loophole.
One possible implementation manner is provided in the embodiment of the present application, and the loading module 320 is further configured to:
acquiring a memory patch library which is pre-established and contains the corresponding relation between the loopholes and the memory patches in the running process;
and searching a corresponding runtime memory patch in the memory patch library according to the identified system vulnerability, and loading the corresponding runtime memory patch.
Based on the same inventive concept, the embodiment of the present application further provides an electronic device, including a processor and a memory, where the memory stores a computer program, and the processor is configured to run the computer program to execute the method for defending a system vulnerability by using the runtime memory patch according to any one of the embodiments.
In an exemplary embodiment, there is provided an electronic device, as shown in fig. 4, the electronic device 400 shown in fig. 4 includes: a processor 401 and a memory 403. Processor 401 is connected to memory 403, such as via bus 402. Optionally, the electronic device 400 may also include a transceiver 404. It should be noted that, in practical applications, the transceiver 404 is not limited to one, and the structure of the electronic device 400 is not limited to the embodiment of the present application.
The processor 401 may be a CPU (Central Processing Unit, central processor), general purpose processor, DSP (Digital Signal Processor, data signal processor), ASIC (Application Specific Integrated Circuit ), FPGA (Field Programmable Gate Array, field programmable gate array) or other programmable logic device, transistor logic device, hardware components, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules, and circuits described in connection with this disclosure. Processor 401 may also be a combination that implements computing functionality, such as a combination comprising one or more microprocessors, a combination of a DSP and a microprocessor, or the like.
The Memory 403 may be, but is not limited to, a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory ) or other type of dynamic storage device that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory ), a CD-ROM (Compact Disc Read Only Memory, compact disc Read Only Memory) or other optical disk storage, optical disk storage (including compact discs, laser discs, optical discs, digital versatile discs, blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
The memory 403 is used for storing computer program codes for executing the present application and is controlled to be executed by the processor 401. The processor 401 is arranged to execute computer program code stored in the memory 403 for implementing what is shown in the foregoing method embodiments.
Among them, electronic devices include, but are not limited to: mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., in-vehicle navigation terminals), and the like, and stationary terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 4 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments herein.
Based on the same inventive concept, the embodiments of the present application further provide a storage medium, where the storage medium stores a computer program, where the computer program is configured to execute, when running, the method for defending against a system vulnerability by using the memory patch when running in any one of the embodiments described above.
It will be clear to those skilled in the art that the specific working processes of the above-described systems, devices and modules may refer to the corresponding processes in the foregoing method embodiments, and are not described herein for brevity.
Those of ordinary skill in the art will appreciate that: the technical solution of the present application may be embodied in essence or in whole or in part in a software product stored in a storage medium, which includes program instructions for causing an electronic device (e.g., a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application when the program instructions are executed. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a read-only memory (ROM), a random-access memory (RAM), a magnetic disk, or an optical disk, etc.
Alternatively, all or part of the steps of implementing the foregoing method embodiments may be implemented by hardware (such as a personal computer, a server, or an electronic device such as a network device) associated with program instructions, where the program instructions may be stored in a computer-readable storage medium, and where the program instructions, when executed by a processor of the electronic device, perform all or part of the steps of the methods described in the embodiments of the present application.
The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may be modified or some or all technical features may be replaced equally within the spirit and principles of the present application; such modifications and substitutions do not depart from the scope of the present application.
Claims (10)
1. A method for defending against a system vulnerability with a runtime memory patch, comprising:
scanning a system of a terminal through a vulnerability scanner installed on the terminal, and identifying system vulnerabilities;
loading a corresponding runtime memory patch according to the identified system vulnerability;
dynamically injecting the loaded runtime memory patch into a system loophole process of the terminal to realize system loophole repair;
the method comprises the steps that through a system monitor installed on a terminal, the running condition of the system of the terminal is monitored, after the feedback of a successful result of dynamic injection of a memory patch in running is received, a vulnerability scanner is called again, the system of the terminal is scanned, and whether a system vulnerability exists or not is identified; and monitoring whether the dynamic injection of the runtime memory patch is successful or not has an influence outside the preset expectation on the system of the terminal, and if the dynamic injection of the runtime memory patch is monitored to be successful, rolling back the system of the terminal to a state before the loaded runtime memory patch is dynamically injected into the process of the system of the terminal with the vulnerability.
2. The method of claim 1, wherein the loaded runtime memory patch is a binary executable file and includes a patch description file describing process information to which the patch needs to be injected; the dynamically injecting the loaded runtime memory patch into the system bug process of the terminal to realize system bug repair comprises the following steps:
executing the loaded runtime memory patch, and acquiring the process information to be injected by the patch in the patch description file; the process information to be injected into the patch comprises a process name and an injected memory relative address;
performing dynamic injection of the memory patch in the running process according to the process name and the relative address of the injected memory in the process information to be injected by the patch; if the dynamic injection of the memory patch is successful in running, the program execution logic or the return value of the injected process is changed;
after the dynamic injection of the runtime memory patch is successful, the successful result of the dynamic injection of the runtime memory patch is fed back to the system monitor, the information of the injected process is recorded, and the information of the injected process is returned to the recovery program.
3. The method of claim 2, wherein monitoring whether the dynamic injection of the runtime memory patch has an unexpected effect on the system of the terminal after success comprises:
Acquiring a baseline of a normal running state of the system in the patch description file;
monitoring whether the system operation of the terminal is inconsistent with a baseline of a normal operation state of the system after the dynamic injection of the memory patch is successful in the operation;
if the dynamic memory patch is successfully injected, monitoring that the system of the terminal is influenced by the preset expectation after the dynamic memory patch is successfully injected in the running process;
rolling back the system of the terminal to a state before dynamically injecting the loaded runtime memory patch into a system vulnerable process of the terminal, including:
and starting the recovery program, searching the information of the injected process, and rolling back the system of the terminal to a state before dynamically injecting the loaded runtime memory patch into the process with the system vulnerability of the terminal.
4. A method according to any one of claims 1 to 3, wherein the scanning the system of the terminal by means of a vulnerability scanner installed on the terminal, identifying system vulnerabilities, comprises:
scanning a system of a terminal through a vulnerability scanner installed on the terminal to acquire a version number of the system of the terminal;
Judging whether the version number of the system of the terminal belongs to a preset version number interval or not;
if the version number of the system of the terminal belongs to the preset version number interval, taking the loopholes corresponding to the preset version number interval as the identified system loopholes.
5. A method according to any one of claims 1 to 3, wherein the scanning the system of the terminal by means of a vulnerability scanner installed on the terminal, identifying system vulnerabilities, comprises:
scanning a system of a terminal through a vulnerability scanner installed on the terminal to acquire a hash value of a system file of the terminal;
comparing the hash value of the system file of the terminal with the hash value in the vulnerability information library; the vulnerability information library is pre-stored with hash values of system files with vulnerabilities;
and if the hash value of the system file of the terminal is the same as the target hash value in the vulnerability information library, taking the target system file corresponding to the target hash value as the identified system vulnerability.
6. A method according to any of claims 1 to 3, wherein the vulnerability scanner comprises vulnerability dynamically verified executable code that has previously established a correspondence with a vulnerability;
Scanning a system of a terminal through a vulnerability scanner installed on the terminal, and identifying a system vulnerability, including:
loading a vulnerability scanner containing the executable code for vulnerability dynamic verification through an agent installed on a terminal, running the executable code for vulnerability dynamic verification, and obtaining a simulation verification result after loading and running;
and if the simulation verification result is matched with the loophole corresponding to the executable code of the loophole dynamic verification, taking the loophole corresponding to the executable code of the loophole dynamic verification as the identified system loophole.
7. A method according to any one of claims 1 to 3, wherein loading the corresponding runtime memory patch in accordance with the identified system vulnerability comprises:
acquiring a memory patch library which is pre-established and contains the corresponding relation between the loopholes and the memory patches in the running process;
and searching a corresponding runtime memory patch in the memory patch library according to the identified system vulnerability, and loading the corresponding runtime memory patch.
8. An apparatus for defending against system vulnerabilities with a runtime memory patch, comprising:
the system comprises an identification module, a vulnerability detection module and a vulnerability detection module, wherein the identification module is used for scanning a system of a terminal through a vulnerability scanner installed on the terminal and identifying system vulnerabilities;
The loading module is used for loading corresponding runtime memory patches according to the identified system vulnerabilities;
the dynamic injection module is used for dynamically injecting the loaded runtime memory patch into the system loophole process of the terminal to realize system loophole repair;
the system monitoring module is used for monitoring the running condition of the system of the terminal through a system monitor arranged on the terminal, and after receiving feedback of a result of successful dynamic injection of the memory patch during running, the system monitoring module calls the vulnerability scanner again to scan the system of the terminal so as to identify whether a system vulnerability exists; and monitoring whether the dynamic injection of the runtime memory patch is successful or not has an influence outside the preset expectation on the system of the terminal, and if the dynamic injection of the runtime memory patch is monitored to be successful, rolling back the system of the terminal to a state before the loaded runtime memory patch is dynamically injected into the process of the system of the terminal with the vulnerability.
9. An electronic device comprising a processor and a memory, wherein the memory has stored therein a computer program configured to run the computer program to perform the method of defending against system vulnerabilities with a runtime memory patch of any one of claims 1 to 7.
10. A storage medium having a computer program stored therein, wherein the computer program is configured to perform the method of any one of claims 1 to 7 at runtime to defend against system vulnerabilities with a runtime memory patch.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310538658.7A CN116257853A (en) | 2023-05-15 | 2023-05-15 | Method and device for defending system vulnerabilities by using runtime memory patches |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310538658.7A CN116257853A (en) | 2023-05-15 | 2023-05-15 | Method and device for defending system vulnerabilities by using runtime memory patches |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116257853A true CN116257853A (en) | 2023-06-13 |
Family
ID=86684693
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310538658.7A Pending CN116257853A (en) | 2023-05-15 | 2023-05-15 | Method and device for defending system vulnerabilities by using runtime memory patches |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116257853A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170098087A1 (en) * | 2015-10-06 | 2017-04-06 | Assured Enterprises, Inc. | Method and system for identification of security vulnerabilities |
| CN111078262A (en) * | 2018-10-18 | 2020-04-28 | 百度在线网络技术(北京)有限公司 | Application thermal restoration method and device |
| CN112395616A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Vulnerability processing method and device and computer equipment |
| CN113760339A (en) * | 2020-07-01 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Vulnerability repair method and device |
| CN115688119A (en) * | 2022-11-03 | 2023-02-03 | 苏州浪潮智能科技有限公司 | Vulnerability repairing method and device, electronic equipment and storage medium |
-
2023
- 2023-05-15 CN CN202310538658.7A patent/CN116257853A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170098087A1 (en) * | 2015-10-06 | 2017-04-06 | Assured Enterprises, Inc. | Method and system for identification of security vulnerabilities |
| CN111078262A (en) * | 2018-10-18 | 2020-04-28 | 百度在线网络技术(北京)有限公司 | Application thermal restoration method and device |
| CN112395616A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Vulnerability processing method and device and computer equipment |
| CN113760339A (en) * | 2020-07-01 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Vulnerability repair method and device |
| CN115688119A (en) * | 2022-11-03 | 2023-02-03 | 苏州浪潮智能科技有限公司 | Vulnerability repairing method and device, electronic equipment and storage medium |
Non-Patent Citations (6)
| Title |
|---|
| ADMIN: "Django SQL 注入漏洞 - CVE-2020-7471", pages 1 - 2, Retrieved from the Internet <URL:https://www.shungg.cn/272.html> * |
| CARLTON GIBSON: "CVE-2020-7471: Potential SQL injection via StringAgg(delimiter)", pages 1, Retrieved from the Internet <URL:https://www.djangoproject.com/weblog/2020/feb/03/security-releases/> * |
| YOUR7MAXX: "Django SQL注入漏洞(CVE-2020-7471)复现", pages 1, Retrieved from the Internet <URL:https://www.jianshu.com/p/8a972865a140> * |
| 中国信息通信研究院: "Django SQL注入漏洞(CVE-2020-7471)预警", pages 1, Retrieved from the Internet <URL:www.cstis.cn/post/447600f8-e595-576f-c5dc-ddc284507368> * |
| 绿盟科技: "DJANGO SQL注入漏洞(CVE-2020-7471)威胁通告", pages 1, Retrieved from the Internet <URL:blog.nsfocus.net/Django-sql-injection-vulenrability-cve-2020-7471-report/> * |
| 绿盟科技安全服务部: "【威胁通告】Django SQL注入漏洞(CVE-2020-7471)威胁通告", pages 1 - 2, Retrieved from the Internet <URL:https://cloud.tencent.com/developer/article/1589252> * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200026846A1 (en) | System and method for authenticating safe software | |
| US20080148399A1 (en) | Protection against stack buffer overrun exploitation | |
| CN109583202B (en) | System and method for detecting malicious code in address space of process | |
| US10515213B2 (en) | Detecting malware by monitoring execution of a configured process | |
| CN108763951B (en) | Data protection method and device | |
| CN115221524B (en) | Service data protection method, device, equipment and storage medium | |
| CN104361285A (en) | Method and device for detecting security of application programs of mobile devices | |
| US20190121985A1 (en) | Detecting vulnerabilities in applications during execution | |
| US11397812B2 (en) | System and method for categorization of .NET applications | |
| CN114186239A (en) | Program white list method and device based on path information | |
| CN114417335A (en) | Malicious file detection method and device, electronic equipment and storage medium | |
| CN110677391B (en) | Third-party link verification method based on URL Scheme technology and related equipment | |
| CN112035843A (en) | Vulnerability processing method and device, electronic equipment and storage medium | |
| CN109472135B (en) | Method, device and storage medium for detecting process injection | |
| CN113810431A (en) | Method and system for traffic Internet of things terminal security detection based on Hook | |
| CN112241529B (en) | Malicious code detection method, device, storage medium and computer equipment | |
| CN111191235B (en) | Suspicious file analysis method, suspicious file analysis device and computer readable storage medium | |
| CN116257853A (en) | Method and device for defending system vulnerabilities by using runtime memory patches | |
| CN108959931B (en) | Vulnerability detection method and device, information interaction method and equipment | |
| CN112395603A (en) | Vulnerability attack identification method and device based on instruction execution sequence characteristics and computer equipment | |
| CN103116724B (en) | The method of locator(-ter) sample hazardous act and device | |
| GB2543813A (en) | Improved malware detection | |
| CN114386047A (en) | Application vulnerability detection method and device, electronic equipment and storage medium | |
| CN116775147B (en) | Executable file processing method, device, equipment and storage medium | |
| CN113836542B (en) | Trusted white list matching method, system and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |