CN116541855A - Cross-coroutine runtime vulnerability analysis method and device, electronic equipment and storage medium - Google Patents

Cross-coroutine runtime vulnerability analysis method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN116541855A
CN116541855A CN202310822917.9A CN202310822917A CN116541855A CN 116541855 A CN116541855 A CN 116541855A CN 202310822917 A CN202310822917 A CN 202310822917A CN 116541855 A CN116541855 A CN 116541855A
Authority
CN
China
Prior art keywords
stain
pool
function
value
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310822917.9A
Other languages
Chinese (zh)
Other versions
CN116541855B (en
Inventor
张涛
陈钟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Peking University
Original Assignee
Peking University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Peking University filed Critical Peking University
Priority to CN202310822917.9A priority Critical patent/CN116541855B/en
Publication of CN116541855A publication Critical patent/CN116541855A/en
Application granted granted Critical
Publication of CN116541855B publication Critical patent/CN116541855B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The application provides a cross-coroutine runtime vulnerability analysis method, a device, electronic equipment and a storage medium, and relates to the field of code security, wherein the method comprises the following steps: pre-inserting a pile probe in a go source code compiling stage; monitoring a function, a stain source function, a stain propagation function and a stain converging function related to a request through the pre-inserted pile probe when a program runs, and sequentially acquiring stain feature calling index information corresponding to a characteristic value of a parameter of the stain converging function in a first stain pool and a stain pool index value corresponding to the stain feature calling index information; and intercepting the request associated with the second stain pool corresponding to the index value of the stain pool. The method can comprehensively analyze the data streams of different cooperative threads of different requests, realize the analysis of stain propagation among different cooperative threads of different requests and reduce missing report. Meanwhile, the real-time report and interception treatment of the loopholes are realized through the setting of the local two-stage stain pool.

Description

Cross-coroutine runtime vulnerability analysis method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of code security, and in particular, to a cross-coroutine runtime vulnerability analysis method, apparatus, electronic device, and storage medium.
Background
One-way multiple request interactions are required in a user transaction scenario. For example, in making online purchases, a user needs to obtain merchandise information from a merchant website, submit an order, make a payment, etc., which require interaction through multiple requests, and the requests are unidirectional, i.e., each request involves only the client sending data to the server, and not the server returning data to the client. Specifically, when online shopping is performed, a user can send a request to acquire information such as a commodity list, commodity details and the like through a browser, then select commodities and submit orders, and the operations need to be interacted through multiple requests. If the user selects online payment, a payment operation is also required, which also requires interaction through multiple requests.
The go language is very suitable for constructing a micro-service architecture, in which an http service often needs to call rpc service to process business logic, multiple requests can occur and each request can generate multiple cooperative scenes, in addition, in the grpc application scene, especially when a client and a server carry out bidirectional communication in a streaming mode, the server and the client often have different cooperative scenes of different requests to process simultaneously, so that concurrency performance and throughput of the system are improved.
go coroutines are lightweight thread implementations in the go language, managed by the go runtime (runtime). A go key is added before a function call, and this call is performed concurrently in a new go. This gooout also ends automatically when the called function returns. It should be noted that if this function has a return value, this return value is discarded. Coroutines operate in a user mode, which can process tasks in parallel similar to the field operation mode.
The existing code security solution is to monitor the data flow information of each stage of application program operation through the instrumentation key function, and upload the taint data to the server as a whole to regenerate the method call graph to detect the loopholes. In the scene of spot tracking and safety protection of a single cooperative program for processing a single request, a spot pool is established at the beginning of the request and is associated with the cooperative program of the request, and when a key method is called, calculation is carried out by combining method parameters and the spot pool associated with the cooperative program of the request, so that the requirements of spot tracking and safety protection are realized.
However, in practical application, there are often multiple coprocesses of multiple requests to process the same service logic, but in Go language we cannot acquire the association relationship between the coprocesses of each request, if other coprocesses are started in the request, then the stain tracking and the vulnerability protection cannot be performed. In the prior art, the taint propagation analysis is an analysis process aiming at a single request, and the cross-request cross-coroutine propagation condition of the taint is not considered, so that the condition of missing report can occur. In addition, the method for regenerating the method call graph to detect the loopholes by uploading the stain data to the server is low in searching efficiency, and real-time interception and repair treatment of the loopholes can not be performed.
Disclosure of Invention
In view of this, an object of the embodiments of the present application is to provide a cross-process vulnerability analysis method and apparatus, which can comprehensively analyze data flows of cross-processes between different requests, implement analysis of stain propagation between cross-processes of the cross-requests, and reduce false alarm. Meanwhile, the real-time report and interception treatment of the loopholes are realized through the setting of the local two-stage stain pool.
An embodiment of the present invention provides a cross-coroutine runtime vulnerability analysis method, including:
pre-inserting pile probes for functions, taint source functions, taint propagation functions and taint convergence functions related to the request in the go source code compiling stage;
when the program runs, acquiring all requests through the functions related to the monitoring requests of the pre-inserted probes, and respectively acquiring first context information of each request in all the requests;
monitoring a pollution point source function through the pre-pile probe, and judging whether pollution input is generated or not;
if yes, calculating a characteristic value of a return value of the pollution point source function, and acquiring first context information of a request corresponding to parameters of the pollution point source function;
establishing a second stain pool associated with a request corresponding to parameters of a stain source function, wherein the second stain pool comprises a stain pool index value for indicating the position of the second stain pool, adding detailed information and second context information of the stain source function to the second stain pool, and generating a stain source calling index value for indicating the position of the stain point source function in the second stain pool;
Establishing a first stain pool, combining a characteristic value of a return value of a stain source function, a stain pool index value and a stain source call index value into stain characteristic call index information, and adding the stain characteristic call index information to the first stain pool;
monitoring a stain propagation function through the pre-inserted pile probe, calculating the characteristic value of the parameter of the stain propagation function, and inquiring whether the characteristic value of the parameter of the stain propagation function exists in the first stain pool;
if the stain spreading function exists, acquiring stain feature calling index information corresponding to the characteristic value of the parameter of the stain spreading function in the first stain pool and a stain pool index value corresponding to the stain feature calling index information in sequence, adding detailed information and third context information of the stain spreading function into a second stain pool corresponding to the stain pool index value, and generating a stain spreading calling index value for indicating the stain spreading function at the position of the second stain pool;
combining the feature value of the return value of the taint spreading function, the index value of the taint pool and the index value of the taint spreading call to form taint feature call index information and adding the taint feature call index information to the first taint pool;
monitoring a stain converging function through the pre-pile-inserted probe, calculating the characteristic value of the parameter of the stain converging function, and inquiring whether the characteristic value of the parameter of the stain converging function exists in the first stain pool;
If the stain pool index value exists, acquiring stain feature calling index information corresponding to the characteristic value of the parameter of the stain pool function in the first stain pool and a stain pool index value corresponding to the stain feature calling index information in sequence, adding detailed information and fourth context information of the stain pool function into a second stain pool corresponding to the stain pool index value, and generating a stain pool calling index value for indicating the position of the stain pool function in the second stain pool;
combining the characteristic value of the parameter of the stain converging function, the index value of the stain pool and the index value of the stain converging call to form stain characteristic call index information, and adding the stain characteristic call index information to the first stain pool;
the method comprises the steps of sequentially obtaining feature values of parameters of a stain converging function, corresponding stain feature calling index information in a first stain pool and a stain pool index value corresponding to the stain feature calling index information, and intercepting a request associated with a second stain pool corresponding to the stain pool index value.
In the implementation process, according to the cross-coroutine runtime vulnerability analysis method, the pre-instrumentation probes are compiled during running, so that real-time monitoring of functions, taint source functions, taint propagation functions and taint convergence functions related to the requests during program running is realized. And then, by establishing two-stage taint pools, storing the characteristic values (unique abstract information in the life cycle) of all the requested taints globally and the indexes of the taint in a second taint pool in the first taint pool, and additionally establishing a second taint pool for each request, and storing detailed information and context information of the taint relevant to a single request. By searching the characteristic value of the monitoring point function in the first stain pool, the stain tracking of the cross-request cross-cooperative range can be rapidly realized, and meanwhile, a large number of faster query requirements can be met through the design of the two-stage stain pool, so that the method is suitable for the condition of multiple concurrent cooperative ranges of the go language.
Optionally, the pre-stub probe for the request-related function, the smear source function, the smear propagation function, and the smear convergence function includes:
acquiring a compiling source code parameter, and adding a reagent into the compiling source code parameter through a toolexec parameter of a go build command;
in the go source code compiling stage, analyzing the input compiling command and compiling parameters through the agent to acquire a file list and package information in the compiling parameters;
carrying out grammar analysis on the files in the file list to obtain a token sequence, and obtaining an abstract grammar tree structure through the token sequence;
modifying the abstract syntax tree structure by the agent, and inserting detection logic codes into the key functions.
Optionally, the key function includes: request related functions, smear source functions, smear propagation functions, and smear convergence functions.
Optionally, the first context information includes: request parameters, url, and request method.
Optionally, the monitoring the pollution point source function by the pre-pile probe to determine whether to generate the pollution point input includes: and judging whether the return value of the current pollution point source function is not null.
Optionally, the detailed information of the stain source function includes: stain data type, stain source function name, parameters, return value, stack trace information; the stain data type is a source; the second context information includes: and the first context information of the request corresponding to the parameters of the pollution point source function.
Optionally, the detailed information of the stain spread function includes: the stain data type, the stain spreading function name, the parameter, the return value and the stack tracking information; the stain data type is spread; the third context information includes: the feature value of the parameter of the stain propagation function calls index information in the stain feature corresponding to the feature value searched in the first stain pool.
Optionally, the detailed information of the stain convergence function includes: stain data type, stain convergence function name, parameters, return value, stack tracking information; the stain data types are converged; the fourth context information includes: and invoking index information on the stain features corresponding to the feature values found in the first stain pool by the feature values of the parameters of the stain converging function.
Optionally, the intercepting the request associated with the second stain pool corresponding to the index value of the stain pool includes: the redirect operation is performed in place of the url of the request.
Optionally, the method further comprises: monitoring a stain converging function through the pre-pile-inserted probe, calculating the characteristic value of the parameter of the stain converging function, and inquiring whether the characteristic value of the parameter of the stain converging function exists in the first stain pool; if so, executing a return operation on the stain collection function, and ending the stain collection function execution.
Optionally, the method further comprises: and after the request is finished, sequentially adding a stain source function, a stain propagation function and a stain converging function in a second stain pool corresponding to the stain pool index value to form a data pollution path, and reporting detailed information of the stain source function, second context information, detailed information of the stain propagation function, third context information, detailed information of the stain converging function and fourth context information to form loophole information.
A second aspect of the embodiments of the present application provides a cross-coroutine runtime vulnerability analysis device, including:
the pile inserting module is used for pre-inserting pile probes for the functions, the stain source functions, the stain propagation functions and the stain converging functions related to the request in the go source code compiling stage;
the first monitoring module is used for acquiring all requests through functions related to the pre-instrumentation probe monitoring requests when the program runs, and respectively acquiring first context information of each request in all the requests;
the second monitoring module is used for monitoring the pollution point source function through the pre-inserted pile probe and judging whether the pollution point input is generated or not; if yes, calculating a characteristic value of a return value of the pollution point source function, and acquiring first context information of a request corresponding to parameters of the pollution point source function; the method comprises the steps of setting up a first stain pool corresponding to a request of parameters of a stain source function, wherein the first stain pool comprises a stain pool index value for indicating the position of the first stain pool, adding detailed information and first context information of the stain source function to the first stain pool, and generating a stain source calling index value for indicating the position of the stain point source function in the first stain pool; the method comprises the steps of setting up a first stain pool, combining a characteristic value of a return value of a stain source function, a stain pool index value and a stain source call index value into stain characteristic call index information, and adding the stain characteristic call index information to the first stain pool;
The third monitoring module is used for monitoring the stain propagation function through the pre-inserted pile probe, calculating the characteristic value of the parameter of the stain propagation function, and inquiring whether the characteristic value of the parameter of the stain propagation function exists in the first stain pool; if the stain spreading function exists, acquiring stain feature calling index information corresponding to the characteristic value of the parameter of the stain spreading function in the first stain pool and a stain pool index value corresponding to the stain feature calling index information in sequence, adding detailed information and third context information of the stain spreading function into a second stain pool corresponding to the stain pool index value, and generating a stain spreading calling index value for indicating the stain spreading function at the position of the second stain pool; the method comprises the steps of determining a feature value of a return value of a taint propagation function, a taint pool index value and a taint propagation call index value according to a feature value of the returned value of the taint propagation function, and adding the feature value, the taint pool index value and the taint propagation call index value into taint feature call index information to a first taint pool;
the fourth monitoring module is used for monitoring the stain converging function through the pre-inserted pile probe, calculating the characteristic value of the parameter of the stain converging function, and inquiring whether the characteristic value of the parameter of the stain converging function exists in the first stain pool; if the stain pool index value exists, acquiring stain feature calling index information corresponding to the characteristic value of the parameter of the stain pool function in the first stain pool and a stain pool index value corresponding to the stain feature calling index information in sequence, adding detailed information and fourth context information of the stain pool function into a second stain pool corresponding to the stain pool index value, and generating a stain pool calling index value for indicating the position of the stain pool function in the second stain pool; the method is also used for combining the characteristic value of the parameter of the stain converging function, the index value of the stain pool and the index value of the stain converging call into stain characteristic call index information and adding the stain characteristic call index information to the first stain pool;
The interception module is used for sequentially acquiring the corresponding stain feature calling index information of the characteristic values of the parameters of the stain converging function in the first stain pool and the stain pool index value corresponding to the stain feature calling index information, and intercepting the request associated with the second stain pool corresponding to the stain pool index value.
A third aspect of the embodiments of the present application provides an electronic device, where the electronic device includes a memory and a processor, where the memory stores a computer program, and where the processor executes steps of any implementation manner of the first aspect of the embodiments of the present application when the computer program is executed.
A fourth aspect of the embodiments of the present application provides a readable storage medium having stored therein a computer program which, when run on a processor, performs the steps of any implementation of the first aspect of the embodiments of the present application.
A fifth aspect of the embodiments of the present application provides a computer program product for performing the steps of any implementation manner of the first aspect when the computer program product is run on a computer.
Compared with the prior art, the technical scheme provided by the embodiment of the application has the following advantages: by compiling the pre-instrumentation probes during running, real-time monitoring of functions, taint source functions, taint propagation functions and taint convergence functions related to requests during program running is achieved. And then, by establishing two-stage taint pools, storing the characteristic values (unique abstract information in the life cycle) of all the requested taints globally and the indexes of the taint in a second taint pool in the first taint pool, and additionally establishing a second taint pool for each request, and storing detailed information and context information of the taint relevant to a single request. By searching the characteristic value of the monitoring point function in the first stain pool, the stain tracking of the cross-request cross-cooperative range can be rapidly realized, and meanwhile, a large number of faster query requirements can be met through the design of the two-stage stain pool, so that the method is suitable for the condition of multiple concurrent cooperative ranges of the go language. The method can comprehensively analyze the data flow of multiple cooperative processes, realize the stain propagation analysis among the cross-request cooperative processes and reduce the missing report. Meanwhile, the real-time report and interception treatment of the loopholes are realized through the setting of the local two-stage stain pool.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered limiting the scope, and that other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a cross-coroutine runtime vulnerability analysis method provided in an embodiment of the present application;
FIG. 2 is a schematic cross-process propagation and tracking diagram of a cross-process runtime vulnerability analysis method according to an embodiment of the present application;
FIG. 3 is a schematic diagram illustrating another cross-coroutine propagation and tracking method for cross-coroutine runtime vulnerability analysis according to an embodiment of the present application;
FIG. 4 is a schematic structural diagram of a cross-coroutine runtime vulnerability analysis device according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. In the description of the present application, the terms "first," "second," and the like are used merely to distinguish between descriptions and are not to be construed as indicating or implying relative importance. It will be apparent that the embodiments described below are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments of the present application without making any inventive effort, are intended to be within the scope of the embodiments of the present application.
Embodiment one:
referring to fig. 1, fig. 1 is a flow chart of a cross-coroutine runtime vulnerability analysis method according to an embodiment of the present application. Wherein the method comprises the following steps:
s100: pre-inserting a pile probe for a function, a taint source function, a taint propagation function and a taint convergence function related to a request in a go source code compiling stage;
in the embodiment, a compiling source code parameter is obtained, and a agent is added in the compiling source code parameter through a toolexec parameter of a go build command; in the go source code compiling stage, analyzing the input compiling command and compiling parameters through the agent to acquire a file list and package information in the compiling parameters; carrying out grammar analysis on files in the file list to obtain a token sequence, and obtaining an abstract grammar tree structure through the token sequence; modifying the abstract syntax tree structure by the agent, and inserting detection logic codes into the key functions. The key functions include a request related function, a smear source function, a smear propagation function, and a smear convergence function.
It should be noted that, the technical term "agent" mentioned in the embodiments of the present application refers to a compilation interception tool, which may be regarded as a hook (hook) mechanism, and a tool parameter is used to specify a program (i.e., agent), and the compilation interception tool is called by the program at the time of compilation, so as to intervene in the compilation process. The "instrumentation" mentioned in the embodiment of the present application refers to a method of inserting a detection logic code into a program on the basis of ensuring the original logic integrity of the tested program, and obtaining control flow and data flow of the program by analyzing the program operation characteristic data (i.e. the operation time data) thrown by the "pre-instrumentation probe", so as to obtain dynamic information such as logic coverage, and the like, thereby achieving the purpose of testing. The 'pre-pile probe' with corresponding capturing function can be designed according to different pile inserting points, data capturing requirements and the like, and required data can be obtained. In the same tested program, only one 'pre-stake-inserting probe' can be inserted according to different testing requirements, and a plurality of 'pre-stake-inserting probes' can also be respectively inserted into a plurality of different stake-inserting points.
The location of the stake is specifically a spot tracking correlation point, such as: source point (stain source function), production, sink point (stain sink function), and related methods/functions such as serveHTTP methods requested by http requests, rpc.
source point stain source functions such as: http.header. Get, http..request.
http.header. Get is the value of the specified key obtained from the HTTP request header. This function returns a string type value and returns an empty string if the specified key is not present. http.(. Request.) FormValue is the value obtained from the HTTP POST Request for the specified key. This function returns a string type value and returns an empty string if the specified key is not present. The source function of the spot of the stub is mainly a function/method that involves retrieving a value from a request.
The stain spread function of the production point is as follows: stings.clone, stings.join. StringClone is to copy a string and return a pointer to the string. This function returns a pointer to the string type. StringJoin is to concatenate a string slice into a single string. This function returns a string type value. The taint propagation function of the stake is mainly a function/method for operating some character strings
stain convergence functions of sink points are as follows: openfile, os. OpenFile is a file that is opened and a pointer is returned to the file. This function returns a value of the File type. The rename is renaming one file to another. This function returns an error type value and, if the operation is successful, nil. The spot pooling function of the stake is primarily a function/method of some critical operations.
S101: acquiring all requests through functions related to the pre-instrumentation probe monitoring requests when the program runs, and respectively acquiring first context information of each request in all the requests; the first context information includes a request parameter, url, and a request method. And by monitoring all requests and acquiring the context information of the requests, the detailed information acquisition of the stain source after the establishment of the subsequent stain pool is facilitated, and the requests are intercepted in real time according to the context information of the requests.
In this embodiment, there may be one or more of the monitored taint source functions, and there may be one or more of the taint propagation functions, i.e., a call to a taint propagation function originates from a call to a taint source function, or from multiple taint point source functions or a call to a taint propagation function. And the call of the taint source function, the taint propagation function and the taint convergence function can be sourced from different coroutines of the same request or from different coroutines of different requests.
Since the actual blobs propagation process is a nonlinear complex propagation path, there may be multiple blobs source functions or multiple invocations of blobs propagation functions, such as one blobs propagation process. As shown in fig. 2, fig. 2 is a schematic cross-coroutine propagation and tracking diagram of a cross-coroutine runtime vulnerability analysis method according to an embodiment of the present application. This one-time smear propagation process involves two smear source functions a and b, two smear propagation functions c and d, and one smear convergence function e. The call of the taint source function a is from a coroutine A generated by a request 1, the call of the taint source function B is from a coroutine C generated by a request 2, the call of the taint propagation function C is from a coroutine B generated by the request 1, the call of the taint propagation function D is from a coroutine D generated by the request 2, and the call of the taint convergence function E is from a coroutine E generated by the request 2.
As further shown in fig. 3, fig. 3 is another cross-coroutine propagation and tracking schematic diagram of a cross-coroutine runtime vulnerability analysis method according to an embodiment of the present application. The smear propagation process involves a smear source function A, a smear propagation function B, and a smear convergence function C. The call of the taint source function A is from the coroutine 1 generated by the request a, the call of the taint propagation function B is from the coroutine 2 generated by the request a, and the call of the taint convergence function C is from the coroutine 3 generated by the request a. To enable cross-request and/or cross-coroutine taint propagation analysis. By compiling the pre-instrumentation probes during running, real-time monitoring of functions, taint source functions, taint propagation functions and taint convergence functions related to requests during program running is achieved. And then, by establishing two-stage taint pools, storing the characteristic values of all the requested taints globally and the indexes of the taints in the second taint pool in the first taint pool, and additionally establishing a second taint pool for each request, and storing the detailed information and the context information of the taints related to the single request. By searching the characteristic value of the monitoring point function in the first stain pool, the stain tracking of the cross-request cross-cooperative process can be rapidly realized, and the missing report is reduced. Meanwhile, the real-time report and interception treatment of the loopholes are realized through the setting of the local two-stage stain pool.
S102: monitoring a pollution point source function through a pre-pile-inserted probe, judging whether the return value of the current pollution point source function is not empty, and judging whether pollution input is generated or not;
if yes, namely the return value of the stain source function is not null, namely the current stain source function is called. If http.header.get obtains the value of the specified key from the HTTP request header, the returned value is not null if the returned string is not null. And calculating a characteristic value of a return value of the pollution point source function, and acquiring first context information, such as request parameters, url and a request method, of a request corresponding to the parameters of the pollution point source function.
In this embodiment, the feature value of the return value of the pollution point source function is actually extracted to extract a unique identifier from the summary information of the return character string, and may be a hash value.
In another embodiment, calculating the feature value of the return value of the dirty point source function generates a summary feature which is unique in at least the life of one HTTP request by calculating summary information, and extracts a unique identifier from the summary information of the return string, as calculated by: eigenvalue = memory address offset/absolute value of string + string sequence.
Establishing a second stain pool associated with a request corresponding to parameters of the stain source function, wherein the second stain pool comprises a stain pool index value for indicating the position of the second stain pool, adding detailed information and second context information of the stain source function to the second stain pool, and generating a stain source calling index value for indicating the position of the stain point source function in the second stain pool;
In this embodiment, the detailed information of the stain source function includes: stain data type, stain source function name, parameters, return value, stack trace information; the stain data type is the source at this time; the second context information is the first context information of the request corresponding to the parameters of the stain source function, namely the context information relevant to the tracking request, so that the subsequent interception is facilitated.
Establishing a first stain pool, combining the characteristic value of the return value of the stain source function, the stain pool index value and the stain source call index value into stain characteristic call index information, and adding the stain characteristic call index information into the first stain pool.
In this embodiment, the secondary pool design is used.
L1 grade pool (i.e. first pool): the characteristic values of all the stains and the indexes of the characteristic values in the L2-level stain pool (namely, a second stain pool) are saved, wherein the characteristic values comprise a stain pool index value for indicating the position of the second stain pool and a stain source calling index value for indicating the position of a stain point source function in the second stain pool.
L2 grade pool (i.e. second pool): the establishment mode is that each request correspondingly establishes an L2-level taint pool, and detailed information and context information (taint data) of relevant taint of the request are stored.
In this embodiment, for a dirty point source, the dirty data generated by it is added to the L2 class dirty pool associated with the request, and its characteristic value and the index of the L2 class dirty pool are added to the L1 class dirty pool. The stain data is context information of the call and detailed information of the call stain source function, including detailed information of the stain and the context information, and the detailed information includes: stain data type, stain function name, parameters, return value. The context information includes context information corresponding to the request.
S103: monitoring a stain propagation function through a pre-pile-inserted probe, calculating the characteristic value of the parameter of the stain propagation function, and inquiring whether the characteristic value of the parameter of the stain propagation function exists in a first stain pool;
in this embodiment, the feature value of the parameter for calculating the stain spreading function is actually a unique identifier extracted from the summary information of the parameter string, and may be a hash value. It may also be calculated as follows: eigenvalue = memory address offset/absolute value of string + string sequence.
In this embodiment, whether the feature value exists in the first stain pool is determined by performing a traversal search, specifically a hash table query, in the first stain pool. The presence of a query indicates successful matching and equal eigenvalues.
If the stain spread function exists, acquiring stain feature calling index information corresponding to the characteristic value of the parameter of the stain spread function in a first stain pool and a stain pool index value corresponding to the stain feature calling index information in sequence, adding detailed information and third context information of the stain spread function into a second stain pool corresponding to the stain pool index value, and generating a stain spread calling index value for indicating the stain spread function at the position of the second stain pool;
In this embodiment, the detailed information of the stain spread function includes: the stain data types are propagation, stain propagation function names, parameters, return values and stack tracking information; the third context information includes: the feature value of the parameter of the stain propagation function calls index information in the stain feature corresponding to the feature value searched in the first stain pool.
In this embodiment, the dirty feature call index information may be generated by a dirty source function or a dirty propagation function.
And combining the feature value of the return value of the taint propagation function, the taint pool index value and the taint propagation call index value into taint feature call index information, and adding the taint feature call index information into the first taint pool.
In this embodiment, for a propagation point, calculating a feature value of an input (parameter) of the propagation point, and querying the feature value in an L1 level taint pool, and if the feature value does not exist, not performing other operations; if the characteristic value exists, the characteristic value of the returned value is added into an L1-level stain pool, and the index value of the stain pool of the L2-level stain pool is the same as the index to which the characteristic value just inquired belongs. Meanwhile, the stain spreading function is added into an L2 grade stain pool corresponding to the index value of the stain pool, a stain spreading calling index value for indicating the stain spreading function at the position of the second stain pool is generated, and the index value is added into an L1 grade stain pool for searching the characteristic value of the subsequent stain spreading. The propagated taint data is context information of the call and detailed information of the call taint propagation function, including: the stain data type is propagation, and an upstream mark (third context information) is the stain index information corresponding to the feature value found in the L1 stain pool by the propagation point input feature value.
S104: monitoring a stain converging function through the pre-pile-inserted probe, calculating the characteristic value of the parameter of the stain converging function, and inquiring whether the characteristic value of the parameter of the stain converging function exists in the first stain pool;
in this embodiment, the feature value of the parameter for calculating the stain convergence function is actually a unique identifier extracted from the summary information of the parameter string, which may be a hash value, or may be calculated as follows: eigenvalue = memory address offset/absolute value of string + string sequence.
In this embodiment, whether the feature value exists in the first stain pool is determined by performing a traversal search, specifically a hash table query, in the first stain pool. The presence of a query indicates successful matching and equal eigenvalues.
If the stain converging function exists, acquiring stain feature calling index information corresponding to the characteristic value of the parameter of the stain converging function in a first stain pool and a stain pool index value corresponding to the stain feature calling index information in sequence, adding detailed information and fourth context information of the stain converging function into a second stain pool corresponding to the stain pool index value, and generating a stain converging calling index value for indicating the position of the stain converging function in the second stain pool;
In this embodiment, detailed information of the stain convergence function includes: the stain data types are the collection, stain collection function name, parameter, return value and stack tracking information; the fourth context information includes: and invoking index information on the stain features corresponding to the feature values found in the first stain pool by the feature values of the parameters of the stain converging function.
In this embodiment, the dirty feature call index information may be generated by a dirty source function or a dirty propagation function.
Combining the characteristic value of the parameter of the stain converging function, the index value of the stain pool and the index value of the stain converging call to form stain characteristic call index information, and adding the stain characteristic call index information to a first stain pool;
in this embodiment, for the convergence point, the stain tracking algorithm is similar to that of the propagation point, the stain type is convergence, the upstream mark (fourth context information) is the feature value input (parameter) by the convergence point, and all the stain data corresponding to the feature value are found in the L1-level stain pool.
S105: according to the feature values of the parameters of the stain converging function, corresponding stain feature calling index information in the first stain pool and the stain pool index values corresponding to the stain feature calling index information are sequentially acquired; and intercepting the request associated with the second stain pool corresponding to the index value of the stain pool.
In this embodiment, intercepting a request associated with a second stain pool corresponding to the index value of the stain pool includes: replace the url of the request, perform a redirect operation, etc.
As an optional implementation manner, monitoring the stain converging function through a pre-pile-inserted probe, calculating the characteristic value of the parameter of the stain converging function, and inquiring whether the characteristic value of the parameter of the stain converging function exists in the first stain pool; if the stain converging function exists, the stain converging function can be executed in real time to finish the execution of the stain converging function.
As an optional implementation manner, after the request is finished, the stain source function, the stain propagation function and the stain convergence function which are sequentially added in the second stain pool corresponding to the index value of the stain pool corresponding to the request form a data pollution path, and the detailed information and the second context information of the stain source function, the detailed information and the third context information of the stain propagation function, and the detailed information and the fourth context information of the stain convergence function form loophole information to report.
In the implementation process, according to the cross-coroutine runtime vulnerability analysis method, the pre-instrumentation probes are compiled during running, so that real-time monitoring of functions, taint source functions, taint propagation functions and taint convergence functions related to the requests during program running is realized. And then, by establishing two-stage taint pools, storing the characteristic values (unique abstract information in the life cycle) of all the requested taints globally and the indexes of the taint in a second taint pool in the first taint pool, and additionally establishing a second taint pool for each request, and storing detailed information and context information of the taint relevant to a single request. By searching the characteristic value of the monitoring point function in the first stain pool, the stain tracking of the cross-request cross-cooperative range can be rapidly realized, and meanwhile, a large number of faster query requirements can be met through the design of the two-stage stain pool, so that the method is suitable for the condition of multiple concurrent cooperative ranges of the go language.
Embodiment two:
referring to fig. 4, fig. 4 is a schematic structural diagram of a cross-coroutine runtime vulnerability analysis apparatus according to an embodiment of the present application, where the apparatus 400 includes:
the instrumentation module 410 is configured to pre-instrumentation probes for the function, the taint source function, the taint propagation function, and the taint convergence function related to the request in the go source code compiling stage;
the first monitoring module 420 is configured to obtain, when the program runs, all requests through the function related to the pre-instrumentation probe monitoring request, and obtain first context information of each request in all requests respectively;
a second monitoring module 430, configured to monitor the pollution point source function by using the pre-pile probe, and determine whether a pollution input is generated; if yes, calculating a characteristic value of a return value of the pollution point source function, and acquiring first context information of a request corresponding to parameters of the pollution point source function; the method comprises the steps of setting up a first stain pool corresponding to a request of parameters of a stain source function, wherein the first stain pool comprises a stain pool index value for indicating the position of the first stain pool, adding detailed information and first context information of the stain source function to the first stain pool, and generating a stain source calling index value for indicating the position of the stain point source function in the first stain pool; the method comprises the steps of setting up a first stain pool, combining a characteristic value of a return value of a stain source function, a stain pool index value and a stain source call index value into stain characteristic call index information, and adding the stain characteristic call index information to the first stain pool;
A third monitoring module 440, configured to monitor the smear propagation function by using the pre-inserted probe, calculate a characteristic value of a parameter of the smear propagation function, and query the first smear pool for the presence of the characteristic value of the parameter of the smear propagation function; if the stain spread function exists, acquiring stain feature calling index information corresponding to the characteristic value of the parameter of the stain spread function in a first stain pool and a stain pool index value corresponding to the stain feature calling index information in sequence, adding detailed information and third context information of the stain spread function into a second stain pool corresponding to the stain pool index value, and generating a stain spread calling index value for indicating the stain spread function at the position of the second stain pool; the feature value of the return value of the taint spreading function, the index value of the taint pool and the taint spreading calling index value are combined into taint feature calling index information to be added into the first taint pool;
a fourth monitoring module 450, configured to monitor the spot aggregation function by using the pre-inserted pile probe, calculate a characteristic value of a parameter of the spot aggregation function, and query the first spot pool for the presence of the characteristic value of the parameter of the spot aggregation function; if the stain converging function exists, acquiring stain feature calling index information corresponding to the characteristic value of the parameter of the stain converging function in a first stain pool and a stain pool index value corresponding to the stain feature calling index information in sequence, adding detailed information and fourth context information of the stain converging function into a second stain pool corresponding to the stain pool index value, and generating a stain converging calling index value for indicating the position of the stain converging function in the second stain pool; the method is also used for combining the characteristic value of the parameter of the stain converging function, the index value of the stain pool and the index value of the stain converging call into stain characteristic call index information to be added into the first stain pool;
The interception module 460 is configured to sequentially obtain, according to a feature value of a parameter of the stain converging function, corresponding stain feature calling index information in the first stain pool and a stain pool index value corresponding to the stain feature calling index information; and intercepting the request associated with the second stain pool corresponding to the index value of the stain pool.
For a detailed description of the cross-process runtime vulnerability analysis apparatus, please refer to the description of the related method steps in the above embodiment.
Embodiment III:
referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application, where the electronic device 500 includes: the memory 510 and the processor 520 are connected through the bus 530, the memory 510 stores a computer program, and when the processor 520 reads and runs the computer program, the electronic device 500 can execute all or part of the flow of the method in the embodiment to realize cross-process runtime vulnerability analysis.
It should be understood that the electronic device may be a personal computer (Personal Computer, PC), tablet computer, smart phone, etc. with logic computing capabilities.
The embodiment of the application also provides a readable storage medium, wherein the readable storage medium stores a computer program, and when the computer program runs on a processor, the steps in the cross-program runtime vulnerability analysis method are executed.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other manners as well. The apparatus embodiments described above are merely illustrative, for example, flow diagrams and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely exemplary embodiments of the present application and is not intended to limit the scope of the present application, and various modifications and variations may be suggested to one skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application. It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

Claims (14)

1. A cross-coroutine runtime vulnerability analysis method, the method comprising:
pre-inserting pile probes for functions, taint source functions, taint propagation functions and taint convergence functions related to the request in the go source code compiling stage;
when the program runs, acquiring all requests through the functions related to the monitoring requests of the pre-inserted probes, and respectively acquiring first context information of each request in all the requests;
Monitoring a pollution point source function through the pre-pile probe, and judging whether pollution input is generated or not;
if yes, calculating a characteristic value of a return value of the pollution point source function, and acquiring first context information of a request corresponding to parameters of the pollution point source function;
establishing a second stain pool associated with a request corresponding to parameters of a stain source function, wherein the second stain pool comprises a stain pool index value for indicating the position of the second stain pool, adding detailed information and second context information of the stain source function to the second stain pool, and generating a stain source calling index value for indicating the position of the stain point source function in the second stain pool;
establishing a first stain pool, combining a characteristic value of a return value of a stain source function, a stain pool index value and a stain source call index value into stain characteristic call index information, and adding the stain characteristic call index information to the first stain pool;
monitoring a stain propagation function through the pre-inserted pile probe, calculating the characteristic value of the parameter of the stain propagation function, and inquiring whether the characteristic value of the parameter of the stain propagation function exists in the first stain pool;
if the stain spreading function exists, acquiring stain feature calling index information corresponding to the characteristic value of the parameter of the stain spreading function in the first stain pool and a stain pool index value corresponding to the stain feature calling index information in sequence, adding detailed information and third context information of the stain spreading function into a second stain pool corresponding to the stain pool index value, and generating a stain spreading calling index value for indicating the stain spreading function at the position of the second stain pool;
Combining the feature value of the return value of the taint spreading function, the index value of the taint pool and the index value of the taint spreading call to form taint feature call index information and adding the taint feature call index information to the first taint pool;
monitoring a stain converging function through the pre-pile-inserted probe, calculating the characteristic value of the parameter of the stain converging function, and inquiring whether the characteristic value of the parameter of the stain converging function exists in the first stain pool;
if the stain pool index value exists, acquiring stain feature calling index information corresponding to the characteristic value of the parameter of the stain pool function in the first stain pool and a stain pool index value corresponding to the stain feature calling index information in sequence, adding detailed information and fourth context information of the stain pool function into a second stain pool corresponding to the stain pool index value, and generating a stain pool calling index value for indicating the position of the stain pool function in the second stain pool;
combining the characteristic value of the parameter of the stain converging function, the index value of the stain pool and the index value of the stain converging call to form stain characteristic call index information, and adding the stain characteristic call index information to the first stain pool;
the method comprises the steps of sequentially obtaining feature values of parameters of a stain converging function, corresponding stain feature calling index information in a first stain pool and a stain pool index value corresponding to the stain feature calling index information, and intercepting a request associated with a second stain pool corresponding to the stain pool index value.
2. The method of claim 1, wherein the pre-instrumentation of the request-dependent functions, the smear source function, the smear propagation function, and the smear convergence function comprises:
acquiring a compiling source code parameter, and adding a reagent into the compiling source code parameter through a toolexec parameter of a go build command;
in the go source code compiling stage, analyzing the input compiling command and compiling parameters through the agent to acquire a file list and package information in the compiling parameters; carrying out grammar analysis on the files in the file list to obtain a token sequence, and obtaining an abstract grammar tree structure through the token sequence;
modifying the abstract syntax tree structure by the agent, and inserting detection logic codes into the key functions.
3. The method of claim 2, wherein the key function comprises: request related functions, a smear source function, a smear propagation function, and a smear convergence function.
4. The method of claim 1, wherein the first context information comprises: request parameters, url, and request method.
5. The method of claim 1, wherein monitoring the stain source function by the pre-stake probe to determine whether a stain input is generated comprises: and judging whether the return value of the current pollution point source function is not null.
6. The method of claim 1, wherein the detailed information of the stain source function comprises: stain data type, stain source function name, parameters, return value, stack trace information;
the stain data type is a source;
the second context information includes: and the first context information of the request corresponding to the parameters of the pollution point source function.
7. The method of claim 1, wherein the detailed information of the smudge propagation function comprises: the stain data type, the stain spreading function name, the parameter, the return value and the stack tracking information;
the stain data type is spread;
the third context information includes: the feature value of the parameter of the stain propagation function calls index information in the stain feature corresponding to the feature value searched in the first stain pool.
8. The method of claim 1, wherein the detailed information of the spot pooling function comprises: stain data type, stain convergence function name, parameters, return value, stack tracking information;
the stain data types are converged;
the fourth context information includes: and invoking index information on the stain features corresponding to the feature values found in the first stain pool by the feature values of the parameters of the stain converging function.
9. The method of claim 1, wherein intercepting the request associated with the second spot pool corresponding to the spot pool index value comprises: the redirect operation is performed in place of the url of the request.
10. The method according to claim 1, wherein the method further comprises:
monitoring a stain converging function through the pre-pile-inserted probe, calculating the characteristic value of the parameter of the stain converging function, and inquiring whether the characteristic value of the parameter of the stain converging function exists in the first stain pool;
if so, executing a return operation on the stain collection function, and ending the stain collection function execution.
11. The method according to claim 1, wherein the method further comprises:
after the request is finished, the stain source function, the stain propagation function and the stain converging function which are sequentially added in the second stain pool corresponding to the stain pool index value form a data pollution path, and the detailed information of the stain source function, the second context information, the detailed information of the stain propagation function, the third context information, the detailed information of the stain converging function and the fourth context information form loophole information to be reported.
12. A cross-coroutine runtime vulnerability analysis device, comprising:
the pile inserting module is used for pre-inserting pile probes for the functions, the stain source functions, the stain propagation functions and the stain converging functions related to the request in the go source code compiling stage;
the first monitoring module is used for acquiring all requests through functions related to the pre-instrumentation probe monitoring requests when the program runs, and respectively acquiring first context information of each request in all the requests;
the second monitoring module is used for monitoring the pollution point source function through the pre-inserted pile probe and judging whether the pollution point input is generated or not; if yes, calculating a characteristic value of a return value of the pollution point source function, and acquiring first context information of a request corresponding to parameters of the pollution point source function; the method comprises the steps of setting up a first stain pool corresponding to a request of parameters of a stain source function, wherein the first stain pool comprises a stain pool index value for indicating the position of the first stain pool, adding detailed information and first context information of the stain source function to the first stain pool, and generating a stain source calling index value for indicating the position of the stain point source function in the first stain pool; the method comprises the steps of setting up a first stain pool, combining a characteristic value of a return value of a stain source function, a stain pool index value and a stain source call index value into stain characteristic call index information, and adding the stain characteristic call index information to the first stain pool;
The third monitoring module is used for monitoring the stain propagation function through the pre-inserted pile probe, calculating the characteristic value of the parameter of the stain propagation function, and inquiring whether the characteristic value of the parameter of the stain propagation function exists in the first stain pool; if the stain spreading function exists, acquiring stain feature calling index information corresponding to the characteristic value of the parameter of the stain spreading function in the first stain pool and a stain pool index value corresponding to the stain feature calling index information in sequence, adding detailed information and third context information of the stain spreading function into a second stain pool corresponding to the stain pool index value, and generating a stain spreading calling index value for indicating the position of the stain spreading function in the second stain pool; the method comprises the steps of determining a feature value of a return value of a taint propagation function, a taint pool index value and a taint propagation call index value according to a feature value of the returned value of the taint propagation function, and adding the feature value, the taint pool index value and the taint propagation call index value into taint feature call index information to a first taint pool;
the fourth monitoring module is used for monitoring the stain converging function through the pre-inserted pile probe, calculating the characteristic value of the parameter of the stain converging function, and inquiring whether the characteristic value of the parameter of the stain converging function exists in the first stain pool; if the stain pool index value exists, acquiring stain feature calling index information corresponding to the characteristic value of the parameter of the stain pool function in the first stain pool and a stain pool index value corresponding to the stain feature calling index information in sequence, adding detailed information and fourth context information of the stain pool function into a second stain pool corresponding to the stain pool index value, and generating a stain pool calling index value for indicating the position of the stain pool function in the second stain pool; the method is also used for combining the characteristic value of the parameter of the stain converging function, the index value of the stain pool and the index value of the stain converging call into stain characteristic call index information and adding the stain characteristic call index information into the first stain pool;
The interception module is used for sequentially acquiring the corresponding stain feature calling index information of the characteristic values of the parameters of the stain converging function in the first stain pool and the stain pool index value corresponding to the stain feature calling index information, and intercepting the request associated with the second stain pool corresponding to the stain pool index value.
13. An electronic device comprising a memory storing a computer program and a processor executing the method of any of claims 1 to 11 when the computer program is run.
14. A readable storage medium, characterized in that it has stored therein a computer program which, when run on a processor, performs the method of any of claims 1 to 11.
CN202310822917.9A 2023-07-06 2023-07-06 Cross-coroutine runtime vulnerability analysis method and device, electronic equipment and storage medium Active CN116541855B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310822917.9A CN116541855B (en) 2023-07-06 2023-07-06 Cross-coroutine runtime vulnerability analysis method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310822917.9A CN116541855B (en) 2023-07-06 2023-07-06 Cross-coroutine runtime vulnerability analysis method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN116541855A true CN116541855A (en) 2023-08-04
CN116541855B CN116541855B (en) 2023-09-08

Family

ID=87456413

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310822917.9A Active CN116541855B (en) 2023-07-06 2023-07-06 Cross-coroutine runtime vulnerability analysis method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116541855B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116842531A (en) * 2023-08-28 2023-10-03 北京安普诺信息技术有限公司 Code vaccine-based vulnerability real-time verification method, device, equipment and medium
CN117272331A (en) * 2023-11-23 2023-12-22 北京安普诺信息技术有限公司 Cross-thread vulnerability analysis method, device, equipment and medium based on code vaccine

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120011493A1 (en) * 2010-07-08 2012-01-12 Microsoft Corporation Binary code change vulnerability prioritization
US20120317647A1 (en) * 2011-05-26 2012-12-13 Carnegie Mellon University Automated Exploit Generation
CN106709356A (en) * 2016-12-07 2017-05-24 西安电子科技大学 Static taint analysis and symbolic execution-based Android application vulnerability discovery method
CN112328423A (en) * 2020-11-19 2021-02-05 腾讯科技(深圳)有限公司 Processing method, device and storage medium for search service loophole
CN113176990A (en) * 2021-03-25 2021-07-27 中国人民解放军战略支援部队信息工程大学 Taint analysis framework and method supporting correlation analysis among data
CN113868136A (en) * 2021-09-28 2021-12-31 中南民族大学 Program vulnerability analysis method based on Go language executable formal semantics
CN114510358A (en) * 2022-01-19 2022-05-17 北京金山云网络技术有限公司 Vulnerability scanning method and device and distributed vulnerability scanning system
CN114756872A (en) * 2022-04-28 2022-07-15 杭州孝道科技有限公司 Injection type taint data tracking method and device based on GO language and electronic device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120011493A1 (en) * 2010-07-08 2012-01-12 Microsoft Corporation Binary code change vulnerability prioritization
US20120317647A1 (en) * 2011-05-26 2012-12-13 Carnegie Mellon University Automated Exploit Generation
CN106709356A (en) * 2016-12-07 2017-05-24 西安电子科技大学 Static taint analysis and symbolic execution-based Android application vulnerability discovery method
CN112328423A (en) * 2020-11-19 2021-02-05 腾讯科技(深圳)有限公司 Processing method, device and storage medium for search service loophole
CN113176990A (en) * 2021-03-25 2021-07-27 中国人民解放军战略支援部队信息工程大学 Taint analysis framework and method supporting correlation analysis among data
CN113868136A (en) * 2021-09-28 2021-12-31 中南民族大学 Program vulnerability analysis method based on Go language executable formal semantics
CN114510358A (en) * 2022-01-19 2022-05-17 北京金山云网络技术有限公司 Vulnerability scanning method and device and distributed vulnerability scanning system
CN114756872A (en) * 2022-04-28 2022-07-15 杭州孝道科技有限公司 Injection type taint data tracking method and device based on GO language and electronic device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘露平;方勇;刘亮;龙刚;: "基于动态插桩的缓冲区溢出漏洞检测技术研究", 信息安全与通信保密, no. 04 *
高文莲;白凤凤;: "基于转移函数的移动网络海量数据隐私泄露检测技术", 科学技术与工程, no. 21 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116842531A (en) * 2023-08-28 2023-10-03 北京安普诺信息技术有限公司 Code vaccine-based vulnerability real-time verification method, device, equipment and medium
CN116842531B (en) * 2023-08-28 2023-11-03 北京安普诺信息技术有限公司 Code vaccine-based vulnerability real-time verification method, device, equipment and medium
CN117272331A (en) * 2023-11-23 2023-12-22 北京安普诺信息技术有限公司 Cross-thread vulnerability analysis method, device, equipment and medium based on code vaccine
CN117272331B (en) * 2023-11-23 2024-02-02 北京安普诺信息技术有限公司 Cross-thread vulnerability analysis method, device, equipment and medium based on code vaccine

Also Published As

Publication number Publication date
CN116541855B (en) 2023-09-08

Similar Documents

Publication Publication Date Title
CN116541855B (en) Cross-coroutine runtime vulnerability analysis method and device, electronic equipment and storage medium
US11163670B2 (en) Data records selection
US9720746B2 (en) Analytics for application programming interfaces
JP2008546054A (en) Recognition of event patterns from event streams
CN109933514B (en) Data testing method and device
CN106293891B (en) Multidimensional investment index monitoring method
CN110532782B (en) Method and device for detecting task execution program and storage medium
Chen et al. Invariants based failure diagnosis in distributed computing systems
CN107579944B (en) Artificial intelligence and MapReduce-based security attack prediction method
CN107920067B (en) Intrusion detection method on active object storage system
CN110580170B (en) Method and device for identifying software performance risk
Rajbahadur et al. Pitfalls analyzer: quality control for model-driven data science pipelines
CN113918534A (en) Policy processing system and method
Masouleh et al. Optimization of ETL process in data warehouse through a combination of parallelization and shared cache memory
US20120198281A1 (en) Validation rules for process validation
CN116225622A (en) Docker-based PaaS application parameter template testing method
CN114363002B (en) Method and device for generating network attack relation diagram
Punn et al. Testing big data application
CN112507725B (en) Static publishing method, device, equipment and storage medium of financial information
CN112181816A (en) Interface testing method and device based on scene, computer equipment and medium
US20200151080A1 (en) Utilizing application performance management automatic discovery data for plugin priority
Papale et al. SDD sentinel: a support tool for detecting and investigating electronic transaction frauds
CN110298669B (en) iOS charging risk control system based on graphic structure
Hemani et al. Foundations of a generic design for complex event processing
CN117544423A (en) API (application program interface) link mapping method based on data characteristics

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant