KR101539139B1 - Filtering method and system for satisfying both security and performance - Google Patents

Abstract

A filtering method and system for satisfying both security and performance are disclosed. The filtering method for filtering the code includes the steps of checking the currently available memory capacity, calculating the expected amount of memory usage when parsing through the first parser by checking the capacity of the code Selecting one of the first parser and the second parser based on the memory capacity and the memory usage, proceeding with parsing of the code through the selected parser to generate a parsing result, And performing filtering of the code using a parsing result.

Description

TECHNICAL FIELD [0001] The present invention relates to a filtering method and system for satisfying both security and performance.

Embodiments of the present invention relate to a filtering method and system for satisfying both security and performance.

Cross Site Scripting (XSS) is an attack technique used to extract information of other users. It is a technique that an attacker inserts script code (XSS code) into a part of a user input such as a bulletin board or a search input window, Malicious actions such as log-in with information of another user viewing the content or taking personal information can be performed. Therefore, when allowing HTML (Hyper Text Markup Language) in a bulletin board or a search input window, a process of filtering whether or not malicious tags and scripts are included in the data inputted by the user is necessary.

For example, the XSS filter is a web security filter that handles the identification and invalidation of unauthorized codes such as JavaScript among data inputted by the user in order to reduce the risk of XSS.

Many Web-based user services develop and apply XSS processing at the individual project level or use open source libraries, so the XSS security policy bundled by the security department does not apply, but different rules and logic And there is a problem that OOM (Out Of Memory) error may occur when a document object model (DOM) parser-type XSS filter is used for large-capacity contents such as a mail service. . In addition, the prior art XSS filters are vulnerable to parsing of malformed HTML code by enabling complete parsing only for well-formed HTML code.

By selectively utilizing either the document object model (DOM) markup parser or the Simple API for XML (SAX) markup parser by comparing the amount of available memory to the capacity of the code to be filtered, And a filtering system and a filtering system capable of improving the filtering performance.

Parsing with the DOM markup parser automatically switches the DOM markup parser to a SAX markup parser that does not cause a stack overflow error when it detects the occurrence of a stack overflow error A filtering method, and a filtering system.

The present invention provides a filtering method and filtering system capable of establishing and applying a consistent XSS security policy using a whitelist filtering method instead of a blacklist filtering method.

A method for filtering a code, the method comprising: checking a currently available memory capacity; estimating a capacity of the code and calculating an expected memory usage when parsing is performed through a first parser Selecting one of the first parser and the second parser based on the memory capacity and the memory usage, proceeding with parsing the code through the selected parser to produce a parsing result, And performing filtering of the code using the parsed result.

According to one aspect, the first parser includes a parser that generates and provides a tree for the entire tag included in the code as the parsing result, and the second parser parses the tags included in the code as the parsing result And a parser for sequentially providing the parser.

According to another aspect, the step of selecting the one parser may include comparing the memory capacity and the memory usage to determine whether or not an Out Of Memory (OOM) error occurs through parsing using the first parser Selecting the first parser when the OOM error does not occur, and selecting the second parser if the OOM error occurs.

According to another aspect of the present invention, the selecting of the one parser may include selecting the first parser when the memory capacity is larger than the memory capacity by a preset capacity or more, And selects the second parser if the capacity of the second parser is not greater than the capacity.

According to another aspect, the step of generating the parsing result comprises: if the first parser is selected as the one parser, performing parsing of the code using the first parser, Monitoring whether or not an error has occurred; and when the occurrence of the stack overflow error is detected, switching the selected first parser to the second parser to re-execute the code through the second parser, And a step of generating the generated image data.

According to another aspect, the step of performing the filtering of the code may include comparing the parsing result with a whitelist setting to determine whether the code (or tags) allowed in the parsing result (Or tags) other than the tags (e.g., tags) are changed or deleted to perform filtering on the codes.

According to another aspect, the white list setting may be implemented such that the filtering rule of the white list upper setting file is inherited or overridden as the white list lower setting file.

CLAIMS What is claimed is: 1. A filtering system for filtering code, comprising: at least one processor; and at least one memory, wherein the at least one processor is configured to: determine, for the at least one memory, A parser for calculating a memory usage expected when parsing is performed through a first parser based on the memory capacity and the memory usage, The parsing of the code is performed through the selected parser to generate a parsing result, and the filtering of the code is performed using the parsing result.

A library providing system for providing a library for filtering codes, the library providing system comprising: a file providing unit for providing a file for installing the library to a client system, the library including: A module for controlling the client system to check the capacity of the client system, a module for controlling the client system to calculate the expected amount of memory usage in case of parsing through the first parser, A module for controlling the client system to select a parser of one of the first parser and the second parser based on the memory capacity and the amount of memory usage; parsing the code through the selected parser to generate a parsing result The client system This library providing system characterized in that it comprises a module for controlling the system such that client by using the control module and the parsing result of performing the filtering of the generated code is provided.

You can selectively use either the document object model (DOM) markup parser or the Simple API for XML (SAX) markup parser by comparing the amount of available memory to the capacity of the code to be filtered.

Parsing with the DOM markup parser automatically switches the DOM markup parser to a SAX markup parser that does not cause a stack overflow error when it detects the occurrence of a stack overflow error Can be performed.

By using the whitelist filtering method instead of the blacklist filtering method, a consistent XSS security policy can be established and applied.

1 is a block diagram for explaining an example of a filtering system in an embodiment of the present invention.
2 is a flowchart for explaining an example of a filtering process in an embodiment of the present invention.
3 is a flow chart for explaining an example of a method for preventing an OOM error in an embodiment of the present invention.
4 is a flow chart for explaining an example of a method for preventing a stack overflow error in an embodiment of the present invention.
Figure 5 is a block diagram illustrating a filtering system and a file provisioning system in one embodiment of the present invention.
6 is a flow chart illustrating a filtering method in an embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

The filtering system according to the exemplary embodiments of the present invention can use an xml (extensible markup language) based whitelist filtering scheme to establish and apply a consistent XSS (Cross Site Scripting) security policy. In addition, the filtering system can selectively or adapt the SAX (Simple API for XML) parser, which improves memory usage and speed, and does not cause stack overflow errors, as well as a DOM (document object model) parser It is possible to prevent the occurrence of OOM (Out Of Memory) error and to perform proper parsing for malformed code (for example, HTML code).

FIG. 1 is a block diagram for explaining an example of a filtering system in an embodiment of the present invention. FIG. 2 is a flowchart for explaining an example of a filtering process in an embodiment of the present invention. The filtering system 100 according to the present embodiment may include at least one processor (not shown) and at least one memory (not shown). At this time, a filter object 110 for filtering the code may be generated by at least one processor. For example, the filter object 110 is a library module for filtering input code 120 to generate and provide an output code, and may be generated by at least one processor for filtering the input code. In this case, the generated filter object 110 may be loaded into the at least one memory described above.

The filter object 110 may include a filter core 111, a configuration builder 112, and a parser 113, as shown in FIG. Here, the filter object 110, the filter core 111, the configuration builder 112, and the parser 113 may each be a library module for controlling the operation of at least one processor.

Here, the steps included in the filtering process according to the present embodiment may be performed by at least one processor included in the filtering system 100 or the filtering system 100. Hereinafter, for convenience of explanation, it is assumed that each step is performed by the filtering system 100.

In operation 210, the filtering system 100 may generate the filter object 110 for filtering the input code 120, and send the contents defined in the white list configuration 140 to the setting builder 112. [ As shown in FIG. Here, the white list setting method is a setting method that permits only the previously described setting contents and performs filtering for all other parts, and is excellent in security. For example, a black list setting scheme that describes unacceptable content is vulnerable to security because it can not prevent new attack patterns. In one example, the whitelist setting 140 may be stored and maintained in the form of an xml file. At this time, the whitelist setting can be implemented so that inheritance (for example, inheritance of an object or a class in the Java environment) and overriding of the whitelist upper configuration file are possible. Therefore, in the file object 110, the basic security policy can be applied to the file object 110 by inheriting the parent configuration file. In addition, since filtering rules that can not be changed according to the service can be redefined in the lower file, it is also possible to modify the filtering rule according to the service.

In step 220, the filtering system 100 may forward the whitelist setting 140 to the filter core 111. At this time, an initialization operation for filtering may be performed through delivery of the white list setting 140. [ For example, filtering rules, such as security policies, may be applied using the whitelist setting 140. As shown in Figure 1, the filter object 110 reads the white list settings individually through the configuration builder 112 and passes them to the filter core 111, and the white list settings are applied at the filter core 111 It is therefore possible to apply a consistent and integrated XSS security policy rather than using different rules and logic for each service.

In step 230, the filtering system 100 provides the input code 120 to the parser 113. At this time, the input code is unfiltered HTML code and may contain malicious XSS code. In one example, the input code 120 may be passed to the parser 113 through the filter core 111. In this embodiment, the parser 113 may include both a DOM parser 114 and a SAX parser 115. At this time, which parser of the DOM parser 114 and the SAX parser 115 is to be used to parse the input code 120 may be determined by the filter core 111 or may be determined by the parser 113 .

For example, if the input code 120 is passed to the filter object 110, the use option may be passed along with the input code 120. [ At this time, the use option may include information on one of the three options as shown in the following (1) to (3).

(1) Options using the DOM scheme - For example, the DOM parser 114 is used to parse the input code 120.

(2) Option using SAX method - For example, the SAX parser 115 is used to parse the input code 120.

(3) Option to basically use the DOM method and automatically switch to the SAX method as needed to use the SAX method. For example, in parsing the input code 120 using the DOM parser 114, the OOM error Or when a stack overflow error occurs during the parsing of the input code 120 using the DOM parser 114, the DOM parser 114 is switched to the SAX parser 115, The input code 120 is parsed using the input code 115. FIG.

Conditions and a method for converting the DOM parser 114 to the SAX parser 115 in connection with the option (3) will be described in more detail with reference to FIG. 3 and FIG.

The filtering system 100 may pass the input code 120 through the parser 113 to the filter core 111 in step 240. At this time, when the DOM parser 114 is used, the entire code DOM tag tree can be generated in the parser 113, and the generated entire code DOM tag tree can be transmitted to the filter core 111. [ When the SAX parser 115 is used, the tags may be transmitted to the filter core 111 through a streaming method in which the tags are read one by one and are transferred to the filter core 111 in order, rather than the entire code.

The filtering system 100 in step 250 may filter the input code 120 by comparing the parsing result of the parser 113 with the white list setting 140 via the filter core 111. [ For example, in the filter core 111, the parsing result and the whitelist setting 140 may be provided by filtering the remaining codes except for the allowed code. At this time, since the parsing result provided through the DOM parser 114 constitutes the entire code DOM tag tree, it is possible to change the structure of the code such as deletion or correction of child tags. In addition, it is not possible to change the structure of the code through the parsing result provided through the SAX parser 114, but since the streaming method is used, the speed is fast and the memory usage can be greatly reduced. Accordingly, by selectively using an appropriate parser through the use option described above, it becomes possible to provide a filtering system 100 that can satisfy both security and performance.

3 is a flow chart for explaining an example of a method for preventing an OOM error in an embodiment of the present invention. The method according to the present embodiment can be performed by the filtering system 100 described with reference to FIG. In one example, the filtering system 100 may perform the method according to the present embodiment using the filter object 110 described above with reference to FIG. 1 or through control of the filter object 110.

In step 310, the filtering system 100 can determine the amount of memory currently available when filtering begins. For example, in a Java-based environment, the capacity of the heap memory available in the Java Virtual Machine (JVM) can be checked.

In step 320, the filtering system 100 may calculate the expected memory usage when parsing through the DOM parser by checking the capacity of the target code.

In step 330, the filtering system 100 may determine whether an OOM error has occurred by comparing the amount of memory currently available with the expected memory usage.

In step 340, the filtering system 100 may select one of the DOM parser and the SAX parser depending on whether an OOM error has occurred, and proceed with parsing through the selected one parser. For example, the filtering system 100 may use a DOM parser when it is determined that an OOM error will not occur, and may parse the code using a SAX parser if it is determined that an OOM error will occur. At this time, the filtering system 100 may use various methods to determine whether an OOM error has occurred. For example, the filtering system 100 may determine that an OOM error will occur if the amount of memory currently available is less than the memory usage. As another example, the filtering system 100 may determine that an OOM error will occur if the currently available memory capacity is not greater than the memory usage by more than a predetermined amount.

The choice of these parsers depends on the characteristics of the DOM parser and the SAX parser. For example, in a Java-based environment, the DOM parser requires about eight times as much memory as the target, while the SAX parser has about three times as much memory as the code to be filtered Requires usage. Thus, if an OOM error is expected to occur when using a DOM parser, the filtering system 100 may proceed with parsing the code using a SAX parser with a relatively small memory requirement instead of a DOM parser.

4 is a flow chart for explaining an example of a method for preventing a stack overflow error in an embodiment of the present invention. The method according to the present embodiment can be performed by the filtering system 100 described with reference to FIG. In one example, the filtering system 100 may perform the method according to the present embodiment using the filter object 110 described above with reference to FIG. 1 or through control of the filter object 110. In addition, the method according to the present embodiment can be included in the process of parsing the code using the DOM parser.

In operation 410, the filtering system 100 may monitor the occurrence of a stack overflow error while parsing the code using the DOM parser.

In operation 420, the filtering system 100 may automatically switch the DOM parser to a SAX parser and re-execute the parsing if a stack overflow error is detected. As described above with reference to FIGS. 1 and 2, the SAX parser sequentially transmits the tags included in the code to the filter core 111 in a streaming manner. Therefore, since the stack overflow error does not occur fundamentally, the DOM parser is automatically switched to the SAX parser to redo the parsing, and as a result, the problem caused by the occurrence of the stack overflow error can be solved.

The parsing result parsed using one of the DOM parser and the SAX parser may be transmitted to the filter core 111 described with reference to FIG. 1 and used for filtering the target code.

Table 1 below shows an example of the performance test results using the DOM parser and the SAX parser.

SAX method DOM method Performance Demand memory Three times 8 times speed 1 second 1.4 seconds stability Thread Safety Yes Yes Memory leak No No OOM Yes Yes Stack overflow No Yes

Table 1 shows an example in which the SAX method and the DOM method require 3 times and 8 times as much memory as the input HTML code in the Java environment, respectively. 'Speed' is an example of the time it takes to process 6 megabytes of HTML code. At this time, in the DOM method, if the depth of the nested tags in the code is deepened, the recursive function calls may increase, and the speed may be seriously slowed down.

Also, in Table 1, 'thread safe' indicates whether execution is safe in a multi-thread environment in using the parsers, and 'memory leak' indicates whether a memory leak bug exists in the parser.

In Table 1, 'OOM' indicates whether an OOM error can occur. At this time, both the DOM parser and the SAX parser are likely to cause OOM errors. However, when the DOM parser uses 1024 megabytes of available memory, 9 users can simultaneously request 6-megabytes of HTML code to be filtered. However, when using the SAX parser, the same available memory OOM errors can occur if 22 users simultaneously request filtering of 6 megabytes of HTML code. That is, the possibility of OOM error is relatively reduced when the SAX parser is used rather than using the DOM parser.

Also, in Table 1, "stack overflow" indicates whether or not a stack overflow error occurs. As we've already seen, the DOM parser approach provides a tag tree by parsing the entire tag of the code. In this case, when the depth of the tag is large, a large number of recursive functions are called to cause a stack overflow error. On the other hand, in the method using the SAX parser, each tag is sequentially parsed and provided, No flow error occurs.

Parsers (DOM parser and SAX parser) according to temporal examples of the present invention may use parsing rules redefined based on Extended Backus-Naur Form (EBNF) notation. EBNF notation is a notation defined in the XML 1.0 specification that can be used to redefine parsing rules so that the parser can parse non-canonicalized code. By using the Extended Backus-Naur Form (EBNF) notation, you can add rules to the parsing rules for code that contains special types of tags, such as code that applies only to a particular browser (for example, Counter-Strike Source hack) It can be easily recognized by a simple way of adding.

In addition, the filtering system according to an exemplary embodiment of the present invention may provide an element listener or an attribute listener. For example, in addition to converting / removing malicious XSS code, you can provide an event handling interface to add sub-elements to specific elements or change data.

In addition, the filtering system according to an embodiment of the present invention can provide a function of transmitting the detected XSS code to the log collection system. For example, a log of the XSS code detected in the filtering process during the user input to the actual service can be transmitted to the enterprise log collection system, and the XSS filter log can be managed in the enterprise log collection system. The collected XSS filter log can be utilized for future security measures. At this time, the function of transmitting the detected XSS code to the enterprise log collection system can be determined based on the setting based on the agreement of the existing service using the filtering system according to the present embodiment.

Further, according to one embodiment of the present invention, the methods described with reference to FIGS. 2 through 4 can be implemented in a library installed in a filtering system (or a computer system including at least one processor and at least one memory) Or by controlling the filtering system (or the computer system) to perform the filtering. For example, the library may include modules for controlling the filtering system (or the computer system) to perform the steps of the methods. In this case, the library may be transmitted to the filtering system (or the computer system) and installed by a file distribution system that distributes a file for installation of the library.

FIG. 5 is a block diagram illustrating a computer system and a file providing system in an embodiment of the present invention, and FIG. 6 is a flowchart illustrating a filtering method in an embodiment of the present invention. Figure 5 shows a computer system 510, a library 520, and a library providing system 530. The computer system 510 may include at least one processor (not shown) and at least one memory (not shown), and the library providing system 530 may include a file providing a file for installation of the library to the client system (531). In this case, the computer system 510 may correspond to the client system.

In addition, the filtering method according to the present embodiment can be performed by the computer system 510 shown in Fig. The filtering method may be performed under the control of the library 520 by at least one processor of the computer system 510 in which the library 520 provided by the library providing system 530 is installed.

At step 610, the computer system 510 may determine the currently available memory capacity. In one example, the computer system 510 can determine the currently available memory capacity for at least one memory included in the computer system 510.

In step 620, the computer system 510 may calculate the expected memory usage when parsing the code through the first parser by checking the capacity of the code. Here, the first parser may include a parser generating and providing a tree of the entire tag included in the code as a parsing result. As an example, the DOM parser already described can be used as the first parser.

At step 630, the computer system 510 may select a parser of either the first parser or the second parser based on memory capacity and memory usage. Here, the second parser may include a parser that sequentially provides the tags included in the code as a parsing result. For example, the SAX parser already described can be used as the second parser.

As an example of selecting one parser, the computer system 510 may determine whether an Out Of Memory (OOM) error has occurred based on memory capacity and memory usage, and may determine one parser according to the determination result. For this, step 630 compares the memory capacity and the memory usage to determine whether an Out Of Memory (OOM) error occurs through parsing using a first parser (not shown) and an OOM error (Not shown) to select the first parser if no OOM error occurs, and to select the second parser if OOM error occurs.

As another example for selecting one parser, in step 630, the computer system 510 selects the first parser if the memory capacity is greater than the memory usage by more than a predetermined amount, and if the memory capacity exceeds the memory usage If it is not greater than the capacity, the second parser can be selected.

At step 640, the computer system 510 may proceed to parse the code through the selected parser to produce a parsing result. As described above, the first parser can generate and provide a tree for the entire tag included in the code as the parsing result, and the second parser can sequentially provide the tags included in the code as the parsing result .

At this time, if a parsing result is generated using the first parser, the computer system 510 may determine whether a stack overflow error has occurred, convert the first parser to a second parser, You can re-execute the parsing of the code. For this purpose, step 640 includes steps (not shown) for monitoring the occurrence of a stack overflow error while parsing the code using the first parser, if the first parser is selected as one parser, When the occurrence of the flow error is detected, the step of converting the selected first parser into the second parser to re-execute the parsing of the code through the second parser to generate a parsing result (not shown).

At step 650, the computer system 510 may perform filtering of the code using the generated parsing result. For example, the computer system 510 compares the parsing result with the whitelist setting, and determines whether the remaining code (or tags (or tags) other than the permitted code (or tags) ) Can be changed or deleted to perform filtering on the code. Here, the whitelist setting may be implemented such that the filtering rule of the whitelist upper setting file is inherited or overridden as the whitelist lower setting file.

The contents omitted in Figs. 5 and 6 can be referred to Fig. 1 to Fig.

As described above, according to embodiments of the present invention, by comparing a usable memory capacity with a capacity of a filtering target code, a markup parser (DOM) and a simple API for XML (SAX) markup parser One can be selectively used. In addition, parsing using the DOM markup parser automatically switches the DOM markup parser to a SAX markup parser where stack overflow errors do not occur naturally when a stack overflow error is detected. To perform parsing. In addition, a consistent XSS security policy can be established and applied using the whitelist filtering method instead of the blacklist filtering method.

The apparatus described above may be implemented as a hardware component, a software component, and / or a combination of hardware components and software components. For example, the apparatus and components described in the embodiments may be implemented within a computer system, such as, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable array (FPA) A programmable logic unit (PLU), a microprocessor, or any other device capable of executing and responding to instructions. The processing device may execute an operating system (OS) and one or more software applications running on the operating system. The processing device may also access, store, manipulate, process, and generate data in response to execution of the software. For ease of understanding, the processing apparatus may be described as being used singly, but those skilled in the art will recognize that the processing apparatus may have a plurality of processing elements and / As shown in FIG. For example, the processing unit may comprise a plurality of processors or one processor and one controller. Other processing configurations are also possible, such as a parallel processor.

The software may include a computer program, code, instructions, or a combination of one or more of the foregoing, and may be configured to configure the processing device to operate as desired or to process it collectively or collectively Device can be commanded. The software and / or data may be in the form of any type of machine, component, physical device, virtual equipment, computer storage media, or device , Or may be permanently or temporarily embodied in a transmitted signal wave. The software may be distributed over a networked computer system and stored or executed in a distributed manner. The software and data may be stored on one or more computer readable recording media.

The method according to an embodiment may be implemented in the form of a program command that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions to be recorded on the medium may be those specially designed and configured for the embodiments or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. For example, it is to be understood that the techniques described may be performed in a different order than the described methods, and / or that components of the described systems, structures, devices, circuits, Lt; / RTI > or equivalents, even if it is replaced or replaced.

Therefore, other implementations, other embodiments, and equivalents to the claims are also within the scope of the following claims.

100: Filtering system
110: Filter object
110: filter core
120: Setup builder
130: Parser

Claims (17)

A method of filtering a code, the method comprising:
Checking the currently available memory capacity;
Checking the capacity of the code and calculating an expected amount of memory usage when parsing is performed through a first parser;
Selecting one of the first parser and the second parser based on the memory capacity and the memory usage;
Proceeding with parsing the code through the selected parser to produce a parsing result; And
Performing filtering of the code using the generated parsing result
/ RTI > The method according to claim 1,
Wherein the first parser includes a parser that generates and provides a tree for the entire tag included in the code as the parsing result,
Wherein the second parser includes a parser for sequentially providing the tags included in the code as the parsing result. 3. The method of claim 2,
Wherein the step of selecting one parser comprises:
Comparing the memory capacity and the amount of memory usage and determining whether an Out Of Memory (OOM) error occurs through parsing using the first parser; And
Selecting the first parser if the OOM error does not occur, and selecting the second parser if the OOM error occurs
And filtering the received signal. 3. The method of claim 2,
Wherein the step of selecting one parser comprises:
And selects the first parser when the memory capacity is larger than the memory capacity by a predetermined capacity or more and selects the second parser when the memory capacity is not larger than the memory capacity by the preset capacity or more. Lt; / RTI > 3. The method of claim 2,
Wherein generating the parsing result comprises:
Monitoring the occurrence of a stack overflow error while parsing the code using the first parser if the first parser is selected as the one parser; And
If the occurrence of the stack overflow error is detected, converting the selected first parser to the second parser and re-parsing the code through the second parser to generate the parsing result
And filtering the received signal. The method according to claim 1,
Wherein performing the filtering of the code comprises:
(Or tags) other than the code (or tags) allowed through the whitelist setting among the codes (or tags) included in the parsing result by comparing the parsing result and the white list setting, Wherein the filtering is performed on the code. The method according to claim 6,
Wherein the white list setting is implemented such that the filtering rule of the white list upper configuration file is inherited or overridden as the white list lower configuration file. A computer-readable recording medium recording a program for performing the method of any one of claims 1 to 7. A filtering system for filtering code,
At least one processor; And
At least one memory
Lt; / RTI >
Wherein the at least one processor comprises:
Determining, for the at least one memory, a currently available memory capacity,
The capacity of the code is checked and an expected memory use amount is calculated when parsing is performed through the first parser,
Selecting one of the first parser and the second parser based on the memory capacity and the memory usage,
Parsing the code through the selected parser to generate a parsing result,
And the filtering of the code is performed using the generated parsing result
The filtering system comprising: 10. The method of claim 9,
Wherein the first parser includes a parser that generates and provides a tree for the entire tag included in the code as the parsing result,
Wherein the second parser includes a parser that sequentially provides the tags included in the code as the parsing result. 11. The method of claim 10,
Wherein the at least one processor is further adapted to:
Compares the memory capacity with the memory usage, determines whether an OOM (Out Of Memory) error occurs through parsing using the first parser,
Selects the first parser if the OOM error does not occur, and selects the second parser if the OOM error occurs
The filtering system comprising: 11. The method of claim 10,
Wherein the at least one processor is further adapted to:
Selects the first parser when the memory capacity is larger than the memory capacity by a predetermined capacity or more and selects the second parser when the memory capacity is not greater than the predetermined capacity by more than the predetermined capacity
The filtering system comprising: 11. The method of claim 10,
Wherein the at least one processor is configured to:
Wherein if the first parser is selected as the one parser, parsing of the code is performed using the first parser to monitor whether a stack overflow error has occurred,
When the occurrence of the stack overflow error is detected, converting the selected first parser to the second parser and re-parsing the code through the second parser to generate the parsing result
. 10. The method of claim 9,
Wherein the at least one processor is further configured to:
(Or tags) other than the code (or tags) allowed through the whitelist setting among the codes (or tags) included in the parsing result by comparing the parsing result and the white list setting, To perform filtering on your code
. 15. The method of claim 14,
Wherein the white list setting is implemented such that the filtering rule of the white list upper configuration file is inherited or overridden as the white list lower configuration file. A library providing system for providing a library for filtering codes,
A file providing unit for providing a file for installing the library to a client system,
Lt; / RTI >
The library includes:
A module for controlling the client system to determine a currently available memory capacity for at least one memory;
A module for checking the capacity of the code and controlling the client system to calculate an expected amount of memory usage when parsing is performed through a first parser;
A module for controlling the client system to select a parser of one of the first parser and the second parser based on the memory capacity and the memory usage;
A module for controlling the client system to proceed with parsing of the code through the selected parser to generate a parsing result; And
A module for controlling the client system to perform filtering of the code using the generated parsing result;
The library providing system comprising: 17. The method of claim 16,
Wherein the first parser includes a parser that generates and provides a tree for the entire tag included in the code as the parsing result,
Wherein the second parser includes a parser for sequentially providing the tags included in the code as the parsing result.

Images