CN116975798A - Method, device, equipment and storage medium for processing application program - Google Patents

Method, device, equipment and storage medium for processing application program Download PDF

Info

Publication number
CN116975798A
CN116975798A CN202310245869.1A CN202310245869A CN116975798A CN 116975798 A CN116975798 A CN 116975798A CN 202310245869 A CN202310245869 A CN 202310245869A CN 116975798 A CN116975798 A CN 116975798A
Authority
CN
China
Prior art keywords
source code
objective function
syntax tree
abstract syntax
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310245869.1A
Other languages
Chinese (zh)
Inventor
张磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202310245869.1A priority Critical patent/CN116975798A/en
Publication of CN116975798A publication Critical patent/CN116975798A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The application provides a method, a device, equipment and a storage medium for processing an application program, and relates to the technical field of computers. The application processing method comprises the following steps: acquiring an objective function from the code of the application program; adding a source code of a decorator and a source code of a tangent plane program of the decorator into a first source code of the objective function to obtain a second source code of the objective function; the decorator is used for verifying the authorization information of the application program, and the tangent plane program is used for verifying the authorization information; and obtaining the source code of the application program according to the second source code of the objective function. The embodiment of the application can be beneficial to improving the safety of the application program.

Description

Method, device, equipment and storage medium for processing application program
Technical Field
The embodiment of the application relates to the technical field of computers, in particular to a method, a device, equipment and a storage medium for processing an application program.
Background
An application refers to a computer program that, when run in user mode, may interact with a user in order to accomplish a particular job or jobs. A Web page (Web) application is an application that can be accessed through the Web, and a user only needs to have a browser to access the application without installing other software. A Web application is made up of various Web components (Web components) that perform specific tasks and expose services to the outside world through the Web. In practical applications, web applications may consist of multiple applet services (servlets), java server pages (Java Server Pages, JSP), hypertext markup language (Hyper Text Markup Language, HTML) files, image files, and the like. All of these components coordinate with each other to provide a complete set of services to the user.
Many businesses such as online banking, online shopping, online game and the like have high requirements on the safety of application programs, so that it is important to ensure the safety of the application programs. In the related art, security verification is performed on an entry function directly applied to a Web application, which is equivalent to that only one lock is used for one application program. After the entry function passes the verification, the subsequent Web application is easily cracked because the application program is not subjected to the security verification. Therefore, the security of the application program is required to be improved.
Disclosure of Invention
The application provides a method, a device, equipment and a storage medium for processing an application program, which can be beneficial to improving the safety of the application program.
In a first aspect, an embodiment of the present application provides a method for processing an application program, including:
acquiring an objective function from the code of the application program;
adding a source code of a decorator and a source code of a tangent plane program of the decorator into a first source code of the objective function to obtain a second source code of the objective function; the decorator is used for verifying the authorization information of the application program, and the tangent plane program is used for verifying the authorization information;
And obtaining the source code of the application program according to the second source code of the objective function.
In a second aspect, an embodiment of the present application provides an apparatus for processing an application, including:
an acquisition unit for acquiring an objective function from a code of an application program;
the adding unit is used for adding the source code of the decorator and the source code of the tangent plane program of the decorator into the first source code of the objective function to obtain the second source code of the objective function; the decorator is used for verifying the authorization information of the application program, and the tangent plane program is used for verifying the authorization information;
the acquisition unit is further used for obtaining the source code of the application program according to the second source code of the objective function.
Optionally, the adding unit is specifically configured to:
converting the first source code into a first abstract syntax tree;
converting the source code of the decorator into a second abstract syntax tree;
converting the source code of the tangent plane program into a third abstract syntax tree;
adding the second abstract syntax tree and the third abstract syntax tree into the first abstract syntax tree according to the type of the node of the first abstract syntax tree, so as to obtain the modified first abstract syntax tree;
And obtaining the second source code of the objective function according to the modified first abstract syntax tree.
Optionally, the adding unit is specifically configured to:
adding the second abstract syntax tree to a first node of the first abstract syntax tree according to the type of the node in the first abstract syntax tree, wherein the type of the first node corresponds to a position above the objective function in the first source code;
and adding the third abstract syntax tree on a second node in the first abstract syntax tree according to the type of the node in the first abstract syntax tree.
Optionally, the type of the second node corresponds to a class to which the objective function belongs in the first source code.
Optionally, if the authorization information is not verified, the tangent plane procedure is further configured to interrupt execution of the objective function.
Optionally, the acquiring unit is specifically configured to:
acquiring a flame graph of the application program, wherein the flame graph is used for representing time distribution and calling frequency distribution of a calling stack of the application program;
and acquiring the target function from the calling function of the application program according to the flame graph.
Optionally, the time consumption of the objective function is less than a preset value, and/or the number of times of calling the objective function is less than a preset value.
Optionally, the application program comprises a web page application program.
In a third aspect, an embodiment of the present application provides an electronic device, including: a processor and a memory for storing a computer program, the processor being for invoking and running the computer program stored in the memory for performing the method as in the first aspect.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium comprising instructions which, when run on a computer, cause the computer to perform a method as in the first aspect.
In a fifth aspect, embodiments of the present application provide a computer program product comprising computer program instructions for causing a computer to perform the method as in the first aspect.
In a sixth aspect, embodiments of the present application provide a computer program for causing a computer to perform the method as in the first aspect.
According to the technical scheme, the decorator for verifying the authorization information of the application program and the tangent plane program of the decorator are added into the target program of the application program, the authorization information of the application program can be verified through the decorator when the application program executes the target function, if the target function does not pass the verification, the target function cannot be executed, and compared with the scheme of only performing safety verification at the entry function of the application program, the safety verification is added to other functions in the application program, which is equivalent to that only one lock is changed into a plurality of locks corresponding to one application program from the traditional application program, the safety of the application program is improved, and the application program is prevented from being cracked.
Drawings
FIG. 1 is a schematic illustration of a flame pattern for an application;
FIG. 2 is a diagram illustrating security performance of an application according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an implementation scenario of the solution provided by the embodiments of the present application;
FIG. 4 is a schematic flow chart of a method of application processing according to an embodiment of the application;
FIG. 5 is a schematic diagram of an authorization check result of an application program according to an embodiment of the present application;
FIG. 6 is a schematic flow chart diagram of a method of another application processing in accordance with an embodiment of the present application;
FIG. 7 is a schematic flow chart diagram of a method of another application processing in accordance with an embodiment of the present application;
FIG. 8 is a schematic block diagram of an apparatus for application processing in accordance with an embodiment of the present application;
fig. 9 is a schematic block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application.
It should be understood that in embodiments of the present application, "B corresponding to a" means that B is associated with a. In one implementation, B may be determined from a. It should also be understood that determining B from a does not mean determining B from a alone, but may also determine B from a and/or other information.
In the description of the present application, unless otherwise indicated, "at least one" means one or more, and "a plurality" means two or more. In addition, "and/or" describes an association relationship of the association object, and indicates that there may be three relationships, for example, a and/or B may indicate: a alone, a and B together, and B alone, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
It should be further understood that the description of the first, second, etc. in the embodiments of the present application is for illustration and distinction of descriptive objects, and is not intended to represent any limitation on the number of devices in the embodiments of the present application, nor is it intended to constitute any limitation on the embodiments of the present application.
It should also be appreciated that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the application. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
First, related terms related to the embodiments of the present application will be described.
And (3) construction: refers to a modification process to a programming language. For example, compressing a javaScript file is a building action. The files are JavaScript code before and after compression, and can be directly run.
Source code: also called source program, refers to an uncompiled text file written according to a certain programming language specification, and is a series of human-readable computer language instructions.
A decorator: is a special type of claim that can be attached to class claims, methods, accessors, attributes or parameters. The decorator uses the form @ expression which must be a function after evaluation. The decorator may be invoked at runtime and the declaration information being decorated is passed in as a parameter.
Abstract syntax tree (Abstract Syntax Tree, AST): a Syntax tree (synctree) for short, is an abstract representation of the source code Syntax structure. The abstract syntax tree represents the syntax structure of the programming language in the form of a tree, each node on the tree representing a structure in the source code.
Flame Graph (Flame Graph): unlike all other performance analysis (profiling) methods, invented by the Linux performance optimization master brendan gregg, the flame map sees a time distribution in a global view, listing all call stacks from bottom to top that can lead to performance bottlenecks. The entire pattern of the flame pattern looks like a jumping flame, which is the origin of its name.
FIG. 1 illustrates one example of a flame pattern for an application. Wherein each column represents a call stack and each grid represents a function. The vertical axis shows the depth of the stack, arranged from bottom to top according to the calling relationship. The deeper the call stack, the higher the flame. At the top is the function being executed and below is its parent function. The horizontal axis represents the number of samples, i.e., the number of call stack information to be collected, and the plurality of information is aggregated together in a manner of alphabetical lateral ordering. It should be noted that the horizontal axis does not represent time, but rather all call stacks are combined and arranged alphabetically. If a function occupies a wider width on the horizontal axis, it is expressed as more times it is pumped, i.e., longer execution times.
Many businesses such as online banking, online shopping, online game and the like have high requirements on the safety of application programs, so that it is important to ensure the safety of the application programs. In the related art, security verification is performed on an entry function directly applied to a Web application, which is equivalent to that only one lock is used for one application program. After the entry function passes the verification, the subsequent Web application is easily cracked because the application program is not subjected to the security verification.
In view of this, the embodiments of the present application provide a method, an apparatus, a device, and a storage medium for processing an application program, which can be beneficial to improving the security of the application program.
Specifically, an objective function may be obtained from the code of the application program, and then the source code of the decorator and the source code of the tangent plane program of the decorator are added to the first source code of the objective function, so as to obtain the second source code of the objective function. The decorator is used for verifying the authorization information of the application program, and the tangent plane program is used for verifying the authorization information. Thereafter, the source code of the application may be obtained from the second source code of the objective function.
According to the embodiment of the application, the decorator for verifying the authorization information of the application program and the tangent plane program of the decorator are added into the target program of the application program, so that the authorization information of the application program can be verified through the decorator when the application program executes the target function, and if the target function does not pass the verification, the target function cannot be executed.
For example, as shown in fig. 2 (a), the scheme of performing security verification only at the entry function of the application program is equivalent to setting a security lock on the overall framework of the application program only, so as to perform security verification on the authorization information, ensure that the application program runs safely, and the function in the application program does not perform security verification. For the technical solution of the embodiment of the present application, as shown in fig. 2 (b), security locks may be set for a plurality of functions (for example, 4 functions) in the application program, and security verification is performed on authorization information when each application program runs, so as to further ensure safe running of the application program.
The scheme of the embodiment of the application can be used in any application program, and is not limited. For example, when the scheme of the embodiment of the application is used for processing the payment application program, when one or more functions in the payment application program run, the decorator injected in the one or more functions can realize logic in the tangent plane program, and the authorization information of the payment application is subjected to security check, so that the security of the payment application program is improved. Specifically, when the code language of the payment application is constructed, at least one objective function can be obtained from the code of the payment application program, the source code of the decorator and the source code of the tangent plane program of the decorator are respectively added into the first source code of each objective function, so as to obtain the second source code of each objective function, wherein the decorator can be used for checking the authorization information of the application program, and the tangent plane program can be used for checking the authorization information. The source code of the payment application may then be derived from the second source code of the objective function. Alternatively, the source code may be compressed and obfuscated to generate a published software product of the payment application. The payment application program obtained by the embodiment of the application is difficult to crack after authorization.
Fig. 3 is an alternative schematic diagram of an implementation scenario of the method for application processing according to the embodiment of the present application. As shown in fig. 3, the application scenario involves a server 1 and a terminal device 2, and the terminal device 2 may communicate data with the server 1 through a communication network.
In some possible implementations, the terminal device 2 may refer to a device with rich man-machine interaction modes, capability of accessing to the internet, various operating systems usually carried, and relatively strong processing capability. The terminal device 2 may include, but is not limited to, a cell phone, a computer, an intelligent voice interaction device, an in-vehicle device, etc.
Optionally, in the embodiment of the present application, a tool, such as a programming tool, having an application processing function is installed and executed in the terminal device 2, and is used for processing the code of the application.
The server 1 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs (Content Delivery Network, content delivery networks), basic cloud computing services such as big data and artificial intelligent platforms, and the like. Servers may also become nodes of the blockchain.
The server may be one or more. Where the servers are multiple, there are at least two servers for providing different services and/or there are at least two servers for providing the same service, such as in a load balancing manner, as embodiments of the application are not limited in this respect.
The terminal device and the server may be directly or indirectly connected through wired or wireless communication, which is not limited in the present application. The present application does not limit the number of servers or terminal devices. The scheme provided by the application can be independently completed by the terminal equipment, can be independently completed by the server, and can be completed by the cooperation of the terminal equipment and the server, and the application is not limited to the scheme.
In the embodiment of the application, the source codes of the decorator and the tangent plane program can be added into the source codes of the target functions of the application program codes to obtain the application program source codes with higher security performance, specifically, a developer can upload or input the original codes of the application program to the terminal equipment 2, after the terminal equipment 2 obtains the codes of the application program, the target functions can be obtained in the application program, and the source codes of the decorator and the tangent plane program are added into the source codes of the target functions to obtain the source codes of the application program. Alternatively, the terminal device 2 may also send the application code to the server 1, and the server 1 processes the application code to obtain the source code of the application. Taking the server 1 as an example to execute the application program processing method provided by the embodiment of the application, after the server acquires the application program code, the server can acquire the objective function from the code of the application program, and the source code of the decorator and the source code of the tangent plane program are added into the first source code of the objective function to obtain the second source code of the objective function. And then, obtaining the source code of the application program according to the second source code of the objective function. Alternatively, the source code may be compressed and obfuscated to generate a published software product of the application.
It should be understood that fig. 3 is only an exemplary illustration, and does not specifically limit the application scenario of the embodiment of the present application. For example, fig. 3 illustrates one terminal device, one server, and may actually include other numbers of terminal devices and servers, which the present application is not limited to.
The following describes the technical scheme of the embodiments of the present application in detail through some embodiments.
Fig. 4 is a schematic flow chart of a method 400 of application processing according to an embodiment of the present application, where the method 400 may be performed by any electronic device having data processing capabilities, for example, the electronic device may be implemented as a server or a terminal device, and may specifically be performed on a programming tool (e.g., node. Js tool) running on the server or the terminal device, which is not limited in this regard.
As shown in fig. 4, method 400 includes steps 410 through 430.
410, obtaining the objective function from the code of the application program.
Illustratively, a developer may input or upload application code to a client running a programming tool that may obtain an objective function from the application's code. The objective function is the function of the decorator to be injected.
Here, the code of the application program may be a source code of the application program. By way of example, the application may be a Web application, a third party application, or other application, as the application is not limited in this regard.
By way of example, an objective function, or a plurality of objective functions, may be obtained from the code of an application, and embodiments of the present application are not limited in this regard. When the objective function is plural, an objective function list including plural objective functions to be injected into the decorator may be generated.
In some embodiments, the time consumption of the objective function may be less than a predetermined value, and/or the number of calls may be less than a predetermined value. That is, a function that consumes less than a preset value and/or calls less than a preset value may be selected in the application code as the objective function.
According to the embodiment of the application, the decorator is added into the objective function with less time consumption, so that the problem that the performance bottleneck of an application program is caused by increasing the time consumption of the objective function can be avoided to a certain extent. In addition, the embodiment of the application can avoid frequently checking the authorization information of the application program to a certain extent by adding the decorator into the objective function with lower calling times.
In some embodiments, a flame graph of the application may be obtained, where the flame graph of the application is used to represent a time distribution and a call number distribution of a call stack of the application, and then the objective function is obtained from a call function of the application according to the flame graph of the application.
Specifically, the time distribution and the call number distribution of the application call stack can be seen from the global view through the flame graph, so that the functions with low time consumption and low call number can be selected from the application code according to the flame graph. For example, for the flame diagram in fig. 1, the horizontal axis is arranged alphabetically after all call stacks are merged, so the criteria for objective function selection may be a function with a narrower width of the horizontal axis. Optionally, a part of functions can be randomly selected from the functions with low time consumption and low calling times to serve as target functions, and a decorator and a section program are added to verify the authorization information of the application program.
Illustratively, the flame patterns of the application may be generated using a Chrome developer tool, or using a flame pattern generation tool at the node. Js end, as the application code is not limited in this regard.
420, adding the source code of the decorator and the source code of the tangent plane program of the decorator into the first source code of the objective function to obtain the second source code of the objective function; the decorator is used for verifying the authorization information of the application program, and the section program is used for verifying the authorization information.
Illustratively, the original source code of the objective function (i.e., the first source code described above) may be obtained from the source code of the application program, and the source code of the decorator, and the source code of the section program (may also be referred to as section logic, section method, etc.), and then the source code of the decorator and the source code of the section program of the decorator are injected into the original source code of the objective function, so as to obtain the processed source code containing the decorator of the objective function. Therefore, by adding the decorator and the tangent plane program of the decorator into the source code of the objective function of the application program, the decorator and the tangent plane program can be operated when the objective function is operated, and the verification is performed according to the authorization information of the program. Compared with the scheme that safety verification is only carried out at the entry function of the application program in the prior art, the embodiment of the application also adds safety verification to other functions (such as target functions) in the application program, which is equivalent to changing only one lock from a traditional application program into a plurality of locks corresponding to the application program, thereby being beneficial to improving the safety of the application program and preventing the application program from being cracked.
Illustratively, taking the target function as the greet method as an example, the source code of the greet method is as follows:
the class to which the greet method belongs is greetter.
The source code of the decorator may be as follows:
@authorize()
the source code of the decorator's tangent plane procedure may be as follows:
Staticauthorize(){
}
in this example, the three code segments described above need to be combined into one source code program.
In some embodiments, the implementation of author () may be as follows:
the above-mentioned authority () method is a cut-plane method, which hives a method defined by a software script, for example, before executing the software script function, the cut-plane method is used to perform authorization detection on the software, and if the authorization detection is passed, the execution of the software script function is continued. By way of example, the authorization information may include, without limitation, a license (license) or a trial time, etc.
In some embodiments, if the authorization information of the application program is not verified, the tangent plane program is further configured to interrupt execution of the objective function. That is, if the authority of the tangent plane method to the software is not detected, execution of the original function of the software is interrupted. Alternatively, the user may be prompted at this point that the software is not authorized.
For example, referring to FIG. 5, when the application is running, the decorator's tangent plane program checks whether the HTMLyFiles license (license) has expired. When the license verification of HTMLyFiles expires, the user may be prompted "the license of HTMLyFiles has a problem: your HTMLyFiles license has expired. The function of yFiles is not available.
It should be noted that, the implementation code of the tangent plane program is a fixed program flow, and does not need to be injected into the source code of the application program. For example, the implementation code of a tangent plane program may be spelled to the top of the program at the time of program construction.
In some embodiments, referring to fig. 6, automatic injection of the source code of the decorator and the source code of the tangent plane procedure of the decorator into the first source code of the objective function may be accomplished through steps 421 through 424, resulting in a second source code of the objective function.
421, the first source code of the objective function is converted into a first abstract syntax tree.
By way of example, the generation of abstract syntax trees may be performed by lexical analysis (lexicalanysis), token, and syntax analysis (paramenalysis) of source code. Specifically, a program or function for performing lexical analysis is called a lexical analyzer (Lexer), which may also be called a scanner (scanner), and the character stream is converted into a corresponding token stream. Token divides the code into individual "strings", i.e., grammar elements, according to certain rules, such as token tokens (typically representing keywords, variable names, grammar symbols, etc.). Grammar parsing is a logical stage of the compilation process whose task is to combine word sequences into grammar trees, such as "programs", "sentences", "expressions", etc., on the basis of lexical analysis. The parser determines whether the source code is structurally correct.
As a specific example, for the source code of the above greet method, a specific example of the first abstract syntax tree of the transformation may be as follows:
/>
/>
at 422, source code of the decorator is converted to a second abstract syntax tree.
As a specific example, a specific example of the second abstract syntax tree corresponding to the decorator may be as follows:
/>
423, the source code of the slice program is converted to a third abstract syntax tree.
As a specific example, a specific example of the third abstract syntax tree corresponding to the tangent plane procedure of the decorator may be as follows:
/>
/>
and 424, adding a second abstract syntax tree and a third abstract syntax tree into the first abstract syntax tree according to the type of the node of the first abstract syntax tree, so as to obtain a modified first abstract syntax tree.
In particular, automatic injection of the second abstract syntax tree and the third abstract syntax tree in the first abstract syntax tree may be achieved according to the type of the node of the first abstract syntax tree. By way of example, the node types meeting the preset types can be automatically searched in the first abstract syntax tree, then the second abstract syntax tree and the third abstract syntax tree are added to the nodes corresponding to the node types, so that the source codes corresponding to the decorator and the tangent plane program of the decorator can be automatically added to the source codes of the objective function, a developer is not required to manually write the source codes of the decorator and the tangent plane program into the source codes of the objective function, the decorator and the tangent plane program source codes can be automatically injected into the application program, and the software development efficiency is improved.
As one implementation, referring to fig. 7, step 424 may be implemented specifically by steps 4241 and 4242.
4241 adding a second abstract syntax tree on a first node of the first abstract syntax tree according to the type of the node in the first abstract syntax tree, wherein the type of the first node corresponds to an upper position of the objective function in the first source code of the objective function.
Therefore, by adding the second abstract syntax tree to the first node of the first abstract syntax tree, the source code corresponding to the decorator can be automatically injected to the upper position of the objective function in the first source code of the objective function. By injecting the source code of the decorator into the first source code of the object function at a location above the object function, verification logic in the tangent plane program running the decorator prior to running the object function can be enabled to verify the authorization information.
Taking the green method described above as an example of the objective function, the type (kind) value corresponding to the first node is 169, namely "kind": the node 169 corresponds to a location above the object function in the first source code of the object function. At this point, the "kine" of the first abstract syntax tree of the objective function may be: 169 into a second abstract syntax tree corresponding to the decorator, as follows:
/>
Here, the type (kine) value of the first node is 169, that is, "kine: 169 are used to describe the joining nodes of the decorator, but the embodiments of the present application are not limited thereto, for example, different types of parsers for obtaining abstract syntax trees may have different values of the kine corresponding to them, and when other parsers are selected to obtain the first abstract syntax tree, the first node may have other values corresponding to the type of the first node.
4242 adding a third abstract syntax tree to the second node in the first abstract syntax tree according to the type of the node in the first abstract syntax tree.
By adding the second abstract syntax tree to the second node of the first abstract syntax tree, the source code corresponding to the decorator can be automatically injected into the first source code of the objective function.
In some embodiments, the type of the second node corresponds to a class in the first source code to which the objective function belongs. By setting the type of the second node to correspond to the class to which the objective function belongs in the first source code, the source code corresponding to the tangent plane program of the decorator can be automatically injected into the class to which the objective function belongs. The positioning and calling of the tangent plane program can be facilitated by injecting the source code corresponding to the tangent plane program into the class to which the objective function belongs.
Continuing with the greet method described above as an example, when the type of the second node corresponds to the class to which the objective function belongs in the first source code, the type (ind) value corresponding to the second node is 235, namely "ind": the node of 235 corresponds to a class to which the objective function belongs in the first source code of the objective function. At this point, the "kine" of the first abstract syntax tree of the objective function may be: and adding a third abstract syntax tree corresponding to the tangent plane program under the 235 node, wherein the third abstract syntax tree is as follows:
/>
/>
here, the type (kine) value of the second node is 235, that is, "kine: 235 is illustrated as an example of a joining node of a cut-plane program, but embodiments of the present application are not limited thereto, for example, different types of parsers for obtaining abstract syntax trees may have different values of the corresponding kine, and when other parsers are selected to obtain a first abstract syntax tree, the type of the second node may correspond to other values.
And 425, obtaining second source codes of the objective function according to the modified first abstract syntax tree.
Specifically, the modified first abstract syntax tree may be converted into a source code, so as to obtain a second source code corresponding to the objective function. Continuing with the above-described target function greet method as an example, the regenerated source code (i.e., one example of the second source code) of the modified first abstract syntax tree is as follows:
/>
After the source code of the objective function is regenerated, a decorator for performing authorization information verification is already added to the source code of the objective function, and the source code @ author () of the decorator is located above the objective function (i.e., the greet function). In addition, the implementation of the decorator is suspended in the static author method of the class (greener class) to which the objective function (i.e., greenet function) belongs.
It should be noted that, when the objective functions are plural, the foregoing manner provided by the embodiment of the present application may be adopted to inject the decorator codes into the source codes of the plural objective functions of the application program, so that verification logic in the tangent plane program of the decorator is adopted to verify the authorization information before each objective function is operated.
430, obtaining the source code of the application program according to the second source code of the objective function.
Specifically, the source code of the application program can be obtained according to the updated second source code of the objective function and other source codes of other parts in the application program. Compression obfuscation of the source code of an application may generate a software product that publishes the application.
Therefore, the decorator for verifying the authorization information of the application program and the tangent plane program of the decorator are added in the target program of the application program, the authorization information of the application program can be verified through the decorator when the application program executes the target function, if the target function cannot be executed after the verification is not passed, compared with the scheme of only performing safety verification at the entry function of the application program, the safety verification is added to other functions in the application program, which is equivalent to that only one lock is changed into a plurality of locks corresponding to one application program from the traditional application program, thereby being beneficial to improving the safety of the application program and preventing the application program from being cracked.
In addition, according to the embodiment of the application, the first source code is converted into the first abstract syntax tree, the source code of the decorator is converted into the second abstract syntax tree, the source code of the tangent plane program is converted into the third abstract syntax tree, and then the second abstract syntax tree and the third abstract syntax tree are added into the first abstract syntax tree according to the types of the nodes of the first abstract syntax tree, so that the abstract syntax tree of the decorator and the tangent plane program can be automatically injected into the first abstract syntax tree, the source code of the target program can be automatically added, a developer is not required to manually write the source codes of the decorator and the tangent plane program into the source codes of the target function, the decorator and the tangent plane program can be automatically injected into the application program, and the software development efficiency is improved.
The specific embodiments of the present application have been described in detail above with reference to the accompanying drawings, but the present application is not limited to the specific details of the above embodiments, and various simple modifications can be made to the technical solution of the present application within the scope of the technical concept of the present application, and all the simple modifications belong to the protection scope of the present application. For example, the specific features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various possible combinations are not described further. As another example, any combination of the various embodiments of the present application may be made without departing from the spirit of the present application, which should also be regarded as the disclosure of the present application.
It should be further understood that, in the various method embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic of the processes, and should not constitute any limitation on the implementation process of the embodiments of the present application. It is to be understood that the numbers may be interchanged where appropriate such that the described embodiments of the application may be practiced otherwise than as shown or described.
The method embodiments of the present application are described above in detail, and the apparatus embodiments of the present application are described below in detail with reference to fig. 8 to 9.
Fig. 8 is a schematic block diagram of an apparatus 10 for application processing according to an embodiment of the present application. As shown in fig. 8, the apparatus 10 may include an acquisition unit 11 and a joining unit 12.
An acquisition unit 11 for acquiring an objective function from a code of an application program;
an adding unit 12, configured to add, to the first source code of the objective function, a source code of a decorator and a source code of a tangent plane program of the decorator, so as to obtain a second source code of the objective function; the decorator is used for verifying the authorization information of the application program, and the tangent plane program is used for verifying the authorization information;
The obtaining unit 11 is further configured to obtain a source code of the application program according to the second source code of the objective function.
In some embodiments, the adding unit 12 is specifically configured to:
converting the first source code into a first abstract syntax tree;
converting the source code of the decorator into a second abstract syntax tree;
converting the source code of the tangent plane program into a third abstract syntax tree;
adding the second abstract syntax tree and the third abstract syntax tree into the first abstract syntax tree according to the type of the node of the first abstract syntax tree, so as to obtain the modified first abstract syntax tree;
and obtaining the second source code of the objective function according to the modified first abstract syntax tree.
In some embodiments, the adding unit 12 is specifically configured to:
adding the second abstract syntax tree to a first node of the first abstract syntax tree according to the type of the node in the first abstract syntax tree, wherein the type of the first node corresponds to a position above the objective function in the first source code;
and adding the third abstract syntax tree on a second node in the first abstract syntax tree according to the type of the node in the first abstract syntax tree.
In some embodiments, the type of the second node corresponds to a class in the first source code to which the objective function belongs.
In some embodiments, if the authorization information does not pass, the tangent plane procedure is further configured to interrupt execution of the objective function.
In some embodiments, the obtaining unit 11 is specifically configured to:
acquiring a flame graph of the application program, wherein the flame graph is used for representing time distribution and calling frequency distribution of a calling stack of the application program;
and acquiring the target function from the calling function of the application program according to the flame graph.
In some embodiments, the time consumption of the objective function is less than a preset value and/or the number of calls of the objective function is less than a preset value.
In some embodiments, the application comprises a web application.
It should be understood that apparatus embodiments and method embodiments may correspond with each other and that similar descriptions may refer to the method embodiments. To avoid repetition, no further description is provided here. Specifically, the apparatus 10 shown in fig. 8 may perform the above-described method embodiments, and the foregoing and other operations and/or functions of each module in the apparatus 10 are respectively for implementing the corresponding flow in the above-described method 400, which is not described herein for brevity.
The apparatus of the embodiments of the present application is described above in terms of functional modules with reference to the accompanying drawings. It should be understood that the functional module may be implemented in hardware, or may be implemented by instructions in software, or may be implemented by a combination of hardware and software modules. Specifically, each step of the method embodiment in the embodiment of the present application may be implemented by an integrated logic circuit of hardware in a processor and/or an instruction in a software form, and the steps of the method disclosed in connection with the embodiment of the present application may be directly implemented as a hardware decoding processor or implemented by a combination of hardware and software modules in the decoding processor. Alternatively, the software modules may be located in a well-established storage medium in the art such as random access memory, flash memory, read-only memory, programmable read-only memory, electrically erasable programmable memory, registers, and the like. The storage medium is located in a memory, and the processor reads information in the memory, and in combination with hardware, performs the steps in the above method embodiments.
Fig. 9 is a schematic block diagram of an electronic device 30 provided by an embodiment of the present application.
As shown in fig. 9, the electronic device 30 may include:
a memory 31 and a processor 32, the memory 31 being for storing a computer program and for transmitting the program code to the processor 32. In other words, the processor 32 may call and run a computer program from the memory 31 to implement the method in the embodiment of the present application.
For example, the processor 32 may be configured to perform the above-described method embodiments according to instructions in the computer program.
In some embodiments of the present application, the processor 32 may include, but is not limited to:
a general purpose processor, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like.
In some embodiments of the present application, the memory 31 includes, but is not limited to:
volatile memory and/or nonvolatile memory. The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable EPROM (EEPROM), or a flash Memory. The volatile memory may be random access memory (Random Access Memory, RAM) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (Double Data Rate SDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), and Direct memory bus RAM (DR RAM).
In some embodiments of the present application, the computer program may be divided into one or more modules, which are stored in the memory 31 and executed by the processor 32 to perform the methods provided by the present application. The one or more modules may be a series of computer program instruction segments capable of performing the specified functions, which are used to describe the execution of the computer program in the electronic device.
As shown in fig. 9, the electronic device 30 may further include:
a transceiver 33, the transceiver 33 being connectable to the processor 32 or the memory 31.
The processor 32 may control the transceiver 33 to communicate with other devices, and in particular, may send information or data to other devices or receive information or data sent by other devices. Transceiver 730 may include a transmitter and a receiver. The transceiver 33 may further include antennas, the number of which may be one or more.
It will be appreciated that the various components in the electronic device are connected by a bus system that includes, in addition to a data bus, a power bus, a control bus, and a status signal bus.
The present application also provides a computer storage medium having stored thereon a computer program which, when executed by a computer, enables the computer to perform the method of the above-described method embodiments. Alternatively, embodiments of the present application also provide a computer program product comprising instructions which, when executed by a computer, cause the computer to perform the method of the method embodiments described above.
When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the application, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a digital video disc (digital video disc, DVD)), or a semiconductor medium (e.g., a Solid State Disk (SSD)), or the like.
It will be appreciated that in the specific implementation of the present application, when the above embodiments of the present application are applied to specific products or technologies and relate to data related to user information and the like, user permission or consent needs to be obtained, and the collection, use and processing of the related data needs to comply with the relevant laws and regulations and standards.
Those of ordinary skill in the art will appreciate that the various illustrative modules and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple modules or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or modules, which may be in electrical, mechanical, or other forms.
The modules illustrated as separate components may or may not be physically separate, and components shown as modules may or may not be physical modules, i.e., may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. For example, functional modules in various embodiments of the present application may be integrated into one processing module, or each module may exist alone physically, or two or more modules may be integrated into one module.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily appreciate variations or alternatives within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (12)

1. A method of application processing, comprising:
acquiring an objective function from the code of the application program;
adding a source code of a decorator and a source code of a tangent plane program of the decorator into a first source code of the objective function to obtain a second source code of the objective function; the decorator is used for verifying the authorization information of the application program, and the tangent plane program is used for verifying the authorization information;
And obtaining the source code of the application program according to the second source code of the objective function.
2. The method of claim 1, wherein adding the source code of the decorator and the source code of the tangent plane program of the decorator to the first source code of the objective function results in the second source code of the objective function, comprising:
converting the first source code into a first abstract syntax tree;
converting the source code of the decorator into a second abstract syntax tree;
converting the source code of the tangent plane program into a third abstract syntax tree;
adding the second abstract syntax tree and the third abstract syntax tree into the first abstract syntax tree according to the type of the node of the first abstract syntax tree, so as to obtain the modified first abstract syntax tree;
and obtaining the second source code of the objective function according to the modified first abstract syntax tree.
3. The method according to claim 2, wherein adding the second abstract syntax tree and the third abstract syntax tree to the first abstract syntax tree according to the type of the node of the first abstract syntax tree comprises:
Adding the second abstract syntax tree to a first node of the first abstract syntax tree according to the type of the node in the first abstract syntax tree, wherein the type of the first node corresponds to a position above the objective function in the first source code;
and adding the third abstract syntax tree on a second node in the first abstract syntax tree according to the type of the node in the first abstract syntax tree.
4. A method according to claim 3, wherein the type of the second node corresponds to the class in the first source code to which the objective function belongs.
5. The method according to any of claims 1-4, wherein the tangent plane procedure is further adapted to interrupt execution of the objective function if the authorization information check is not passed.
6. The method according to any one of claims 1-4, wherein the obtaining the objective function from the calling function of the application program comprises:
acquiring a flame graph of the application program, wherein the flame graph is used for representing time distribution and calling frequency distribution of a calling stack of the application program;
and acquiring the target function from the calling function of the application program according to the flame graph.
7. The method according to any of claims 1-4, wherein the time consumption of the objective function is less than a preset value and/or the number of calls of the objective function is less than a preset value.
8. The method of any of claims 1-4, wherein the application comprises a web application.
9. An apparatus for application processing, comprising:
an acquisition unit for acquiring an objective function from a code of an application program;
the adding unit is used for adding the source code of the decorator and the source code of the tangent plane program of the decorator into the first source code of the objective function to obtain the second source code of the objective function; the decorator is used for verifying the authorization information of the application program, and the tangent plane program is used for verifying the authorization information;
the acquisition unit is further used for obtaining the source code of the application program according to the second source code of the objective function.
10. An electronic device comprising a processor and a memory, the memory having instructions stored therein that when executed by the processor cause the processor to perform the method of any of claims 1-8.
11. A computer storage medium for storing a computer program, the computer program comprising instructions for performing the method of any one of claims 1-8.
12. A computer program product comprising computer program code which, when run by an electronic device, causes the electronic device to perform the method of any one of claims 1-8.
CN202310245869.1A 2023-03-06 2023-03-06 Method, device, equipment and storage medium for processing application program Pending CN116975798A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310245869.1A CN116975798A (en) 2023-03-06 2023-03-06 Method, device, equipment and storage medium for processing application program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310245869.1A CN116975798A (en) 2023-03-06 2023-03-06 Method, device, equipment and storage medium for processing application program

Publications (1)

Publication Number Publication Date
CN116975798A true CN116975798A (en) 2023-10-31

Family

ID=88470080

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310245869.1A Pending CN116975798A (en) 2023-03-06 2023-03-06 Method, device, equipment and storage medium for processing application program

Country Status (1)

Country Link
CN (1) CN116975798A (en)

Similar Documents

Publication Publication Date Title
Gupta et al. Enhancing the browser-side context-aware sanitization of suspicious HTML5 code for halting the DOM-based XSS vulnerabilities in cloud
US10387647B2 (en) Detecting script-based malware using emulation and heuristics
US9237130B2 (en) Hierarchical rule development and binding for web application server firewall
CN105553917B (en) Method and system for detecting webpage bugs
Doupe et al. deDacota: toward preventing server-side XSS via automatic code and data separation
Jovanovic et al. Static analysis for detecting taint-style vulnerabilities in web applications
US20130019314A1 (en) Interactive virtual patching using a web application server firewall
Almorsy et al. Supporting automated vulnerability analysis using formalized vulnerability signatures
Alkhalaf et al. Viewpoints: differential string analysis for discovering client-and server-side input validation inconsistencies
Sönmez Security qualitative metrics for open web application security project compliance
CN112688966A (en) Webshell detection method, device, medium and equipment
CN105550540A (en) Detection method and device for homogenization application
US8484232B2 (en) Method, computer arrangement, computer program and computer program product for checking for the presence of control statements in a data value
CN113449330B (en) Method for transmitting Javascript encrypted file
Shi et al. A new approach for SQL-injection detection
Bafghi A Simple and Fast Technique for Detection and Prevention of SQL Injection Attacks (SQLIAs)
CN116361793A (en) Code detection method, device, electronic equipment and storage medium
CN116975798A (en) Method, device, equipment and storage medium for processing application program
Dwivedi et al. SQLAS: Tool to detect and prevent attacks in php web applications
CN114546857A (en) Interface test case generation method and device, electronic equipment and storage medium
Gupta et al. POND: polishing the execution of nested context-familiar runtime dynamic parsing and sanitisation of XSS worms on online edge servers of fog computing
Gupta et al. SEC‐H5: secure and efficient integration of settings of enhanced HTML5 XSS vector defensive framework on edge network of fog nodes
CN116167048B (en) Webshell detection method and device for EL expression
CN117131515B (en) Application request execution method and device, computer equipment and storage medium
Okubo et al. Secure software development through coding conventions and frameworks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication