WO2019134276A1 - Method and system for protecting web page code, storage medium, and electronic device - Google Patents
Method and system for protecting web page code, storage medium, and electronic device Download PDFInfo
- Publication number
- WO2019134276A1 WO2019134276A1 PCT/CN2018/081320 CN2018081320W WO2019134276A1 WO 2019134276 A1 WO2019134276 A1 WO 2019134276A1 CN 2018081320 W CN2018081320 W CN 2018081320W WO 2019134276 A1 WO2019134276 A1 WO 2019134276A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- code
- module
- function
- client
- detection
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000006870 function Effects 0.000 claims abstract description 128
- 238000001514 detection method Methods 0.000 claims abstract description 118
- 238000004590 computer program Methods 0.000 claims description 11
- 230000006399 behavior Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
Definitions
- the present invention relates to the field of human-machine recognition technology, and in particular, to a method, a storage medium, an electronic device and a system for protecting a webpage code.
- HTML5 is the next-generation HTML standard, and most browsers already have support for HTML5.
- the main code of the page is JavaScript code, which is a scripting language, so when publishing the page, it is equivalent to the source code release, anyone can directly get the JavaScript code of the page, and The entire code is integrated into your own code to call the corresponding function.
- the function of a function is to decrypt the data sent by the server.
- this function will be very complicated, so the hacker does not need to analyze the implementation method. The hacker can directly copy this function code to himself. Executed in the code, so that the decryption of the data sent by the server can also be completed. Therefore, a way is needed to protect the core JavaScript code of the page from being copied.
- the object of the present invention is to provide a method for protecting a webpage code, which can identify the legitimacy of the client and realize the protection of the webpage code.
- a method of protecting webpage code including steps:
- a detection code for determining whether the set function of the webpage code and the global variable exist is added to a core function of the webpage code in advance;
- the detection code detects whether there are other functions and global variables of the set webpage code in the running environment, and identifies whether the client is legal according to the detection result, and The client handles it accordingly.
- the method further includes the step of: encrypting the detection code.
- the steps include:
- the detection code is added to the core function of the webpage code in advance, and the detection code determines whether there is a corresponding function and a global variable in the running environment according to the set function name and the global variable name, and encrypts the detection code;
- the server identifies whether the client is legal according to the detection result, and performs corresponding processing on the client.
- the detection result before sending the detection result to the server, the detection result is encrypted, and then the encrypted detection result is sent to the server, and the server decrypts the encrypted detection result after receiving the encrypted detection result. Then, according to the decrypted detection result, it is recognized whether the client is legal.
- the present invention also provides a storage medium having stored thereon a computer program that, when executed by a processor, implements the steps of the above method.
- the present invention also provides an electronic device comprising a memory, a processor, and a computer program stored on the memory and running on the processor, the processor implementing the steps of the method when the computer program is executed.
- the present invention also provides a system for protecting a webpage code, the system comprising a setting module, a detecting module and a processing module;
- the setting module is configured to add, in advance, a detection code for determining whether the set function of the webpage code and the global variable exist in a core function of the webpage code;
- the detecting module is configured to: when the core function is executed in a running environment of the client, control the detecting code to detect whether there are other functions and global variables of the set webpage code in the running environment, and the detection result is Sent to the processing module;
- the processing module is configured to identify, according to the detection result obtained by the detection module, whether the client is legal, and perform corresponding processing on the client.
- the parameter setting module, the first encryption module, and the first decryption module are further included.
- the parameter setting module is configured to set a function name and a global variable name of the webpage code to be detected
- the first encryption module is configured to encrypt the detection code after adding a detection code to a core function of the webpage code
- the first decryption module is configured to decrypt the detection code when the core function is executed in a running environment of a client;
- the detecting module is further configured to: when the core function is executed in a running environment of the client, after the first decrypting module decrypts the detecting code, run the detecting code, and control the detecting code according to the setting
- the function name and the global variable name detect whether there is a function and a global variable of the set webpage code in the running environment.
- the first encryption module and the first decryption module both adopt a DES symmetric encryption algorithm.
- the second encryption module and the second decryption module are further included;
- the second encryption module is configured to encrypt the detection result of the detection module, and send the encrypted detection result to the processing module;
- the processing module is further configured to send the encrypted detection result to the second decryption module
- the second decryption module is configured to decrypt the received detection result, and return the decrypted detection result to the processing module;
- the processing module is further configured to identify, according to the decrypted detection result, whether the client is legal.
- the method for protecting a webpage code of the present invention can determine the legitimacy of the client by implementing the function and the global variable of the set webpage code in the running environment of the client, thereby realizing the protection of the webpage code.
- the method for protecting the webpage code of the present invention first encrypts the detection code, and when the core function runs in the client, decrypts the detection code, which can effectively prevent the detection code from being discovered by the hacker, so as to prevent the hacker from evading it. Or tampering to ensure the reliability of the web page code protection method.
- FIG. 1 is a flowchart of a method for protecting a webpage code in an embodiment of the present invention
- FIG. 2 is a block diagram showing the connection of an electronic device in an embodiment of the present invention.
- an embodiment of the present invention provides a method for protecting a webpage code, including the steps of:
- S1 Set the function name and global variable name of the webpage code to be detected.
- the set function name and global variable name can be selected according to actual needs, preferably some function functions or global variables unique to the live platform, such as sending bullets. Curtain functions, etc.
- the detection code is added to the core function of the webpage code in advance, and the detection code determines whether there is a corresponding function and a global variable in the running environment according to the set function name and the global variable name.
- the detection code includes a plurality of functions for detecting whether the set global variable exists and a plurality of functions for detecting whether the set function exists.
- the function for detecting whether the set global variable exists is as follows:
- variableName is the set global variable name, and the function can detect whether the global variable exists.
- the global variable is set in the JS code of the live broadcast platform, it is used to store some global settings. This global variable is unique to the live broadcast platform. You can choose whether to detect the existence of the global variable and name the global variable. For dyConfig, you can get the global variable dyConfig by the following code, as follows:
- ExitsVariable is a function for detecting the presence of a set global variable
- "dyConfig" is the name of the global variable to be detected
- dyConfigFlag is the result value for detecting the existence of the global variable.
- the function name for detecting whether the set function exists is ExitsFunction
- the variable name passed is funcName
- funcName is the set function name
- the function funcName can be detected by the ExitsFunction function.
- dySendDanmu dySendDanmu
- ExitsFunction is a function for detecting whether a set function exists
- "dySendDanmu” is a function name for transmitting a barrage
- dySendDanmuFlag is a result value for detecting whether a function for transmitting a barrage exists.
- the function name of the display advertisement is dySendDanmu, and the function of displaying the advertisement exists by the following code, as follows:
- dyShowAdvertisement is the function name for displaying the advertisement
- dyShowAdvertisementFlag is the result value for detecting whether the function for displaying the advertisement exists.
- the function name of the function reported to the server is dySenddot.
- the following code can be used to obtain the function, as follows:
- dySenddot is the function name of the user behavior reported to the server
- dySenddotFlag is the result value of detecting whether the function of the management user is reported to the server.
- the function name and the global variable name that need to be detected may be preset according to actual needs, and corresponding functions for detecting whether the set global variable exists or not, and a function for detecting the setting are added in the detection code. Whether the function exists or not.
- the encryption detection code can effectively prevent the detection code from being discovered by the hacker, so as to avoid hacking.
- the DES symmetric encryption algorithm is used for encryption, and the detection code to be protected is encrypted by the key KEY value.
- the specific implementation process is to write an encryption function to encrypt the detection code to be protected, and a string can be obtained.
- Encrypted data EncryptJs as follows:
- DES.Encrypt is the encryption interface Encrypt of the encryption algorithm DES
- the parameter getInterfaceFlag is the JavaScript detection code to be protected
- the parameter KEY is the key
- the server when a client logs in, the server generates a key similar to the key used for encryption.
- the KEY value is sent to the client so that the client decrypts the detection code, EncryptJs returns the result, and the result is a string of encrypted data.
- the encrypted detection code becomes a string of encrypted constant data.
- the data has no readable meaning.
- the server saves the constant data in the webpage code and saves it as a string variable. When decryption is needed, the data is saved. String variables can be decrypted.
- the DES symmetric encryption algorithm is used for decryption, and the detection code to be protected is decrypted by the key KEY value.
- the specific implementation process is to write a decryption function to decrypt the encrypted detection code, which will be encrypted.
- the obtained constant data is decrypted into the original code of the detection code as follows:
- DES.Decrypt is the interface of the corresponding decryption algorithm
- encryptCode is the constant data obtained by detecting the code encryption
- KEY is the key KEY value sent by the server to the server
- getInterfaceFlag is the original code of the decrypted core code. So that the client can execute the corresponding detection code to complete the relevant logic functions.
- the detection code After decrypting the detection code, the detection code is run, and the detection code can detect whether there is a set function and a global variable in the running environment, and correspondingly obtain a return result of each set function and global variable. If the set function or global variable exists, the corresponding return result is set to 1, and if it does not exist, the corresponding return result is set to 0.
- the set global variable name is dyConfig
- the set function names are dySendDanmu, dyShowAdvertisement, and dySenddot, respectively.
- four return results can be obtained correspondingly, and the four returned results correspond to dyConfigFlag, dySendDanmuFlag, dyShowAdvertisementFlag, and dySenddotFlag, respectively, and the four returned results are packed to obtain a string Dataflag, and the packed string Dataflag is detected.
- S5 The server identifies whether the client is legal according to the detection result, and processes the client accordingly.
- the client When each character in the string of the detection result is 1, indicating that there is a set function and a global variable in the running environment of the client, the client may be considered to be legal when the client runs the detection result in the environment. Not all characters in the file are 1, indicating that there is at least one set function or global variable in the client running environment, the client may be considered illegal, and the server shall impose corresponding penalties on the client. Thereby achieving protection of the webpage code.
- the detection result is encrypted, and then the encrypted detection result is sent to the server, and after receiving the encrypted detection result, the server first Decrypt, and then according to the decrypted detection result to identify whether the client is legal.
- the method for encrypting and decrypting the above detection result also adopts the DES symmetric encryption algorithm, and uses the same key KEY to encrypt or decrypt the detection result, which can effectively prevent the detection result from being discovered by the hacker in the process of being sent to the server. In order to avoid hacking or circumventing it, the reliability of the webpage code protection method is guaranteed.
- the principle of the method for protecting webpage code in the embodiment of the present invention is: since all functions and global variables in the webpage code are necessarily present in the normal webpage code, when the client uses the webpage code, if the user uses the webpage code, Will use the published webpage code, the detection code can detect that the set function and the global variable exist, then the client can be considered to be legal. If the hacker directly copies the webpage code, usually the hacker will not copy the webpage. Webpage code, and will not use the same global variables as in the normal webpage code. At this time, when the detection code runs in the client of the hacker, it must detect that at least one set function or global variable does not exist. The client is considered to be illegal, and the server can process the client to prevent misappropriation, thereby protecting the webpage code.
- the embodiment of the invention further provides a storage medium on which a computer program is stored, and when the computer program is executed by the processor, the step of protecting the webpage code method is implemented.
- an embodiment of the present invention further provides an electronic device, including a memory, a processor, and a computer program stored on the memory and running on the processor, and the method for protecting the webpage code when the processor executes the computer program. step.
- the embodiment of the invention further provides a system for protecting a webpage code, the system comprising a setting module, a detecting module and a processing module.
- the setting module is configured to add, in advance, a detection function for determining whether other functions of the set webpage code and global variables exist in the core function of the webpage code; the detecting module is configured to control when the core function is executed in the running environment of the client The detection code detects whether there are other functions and global variables of the set webpage code in the running environment, and sends the detection result to the processing module; the processing module is configured to identify whether the client is legal according to the detection result obtained by the detecting module, and The client handles it accordingly.
- the system further includes a parameter setting module, a first encryption module, and a first decryption module.
- the parameter setting module is configured to set a function name and a global variable name of the webpage code to be detected;
- the first encryption module is configured to encrypt the detection code after adding the detection code to the core function of the webpage code;
- the first decryption module is used as the core
- the function decrypts the detection code when executed in the running environment of the client;
- the detection module is further configured to: when the core function is executed in the running environment of the client, after the first decryption module decrypts the detection code, run the detection code, and control the detection code according to the setting
- the function name and global variable name of the fixed function detect whether there is a function and a global variable of the set webpage code in the running environment.
- the first encryption module and the first decryption module both adopt a DES symmetric encryption algorithm.
- the system further includes a second encryption module and a second decryption module, where the second encryption module is configured to encrypt the detection result of the detection module, and send the encrypted detection result to the processing module; the processing module is further configured to receive The encrypted detection result is sent to the second decryption module; the second decryption module is configured to decrypt the received detection result, and return the decrypted detection result to the processing module; the processing module is further configured to perform the detection according to the decryption The result is to determine if the client is legitimate.
- the principle of the system for protecting webpage code in the embodiment of the present invention is that since all functions and global variables in the webpage code are necessarily present in the normal webpage code, when the client uses the webpage code, if the user uses the webpage code, Will use the published webpage code, the detection code can detect that the set function and the global variable exist, then the client can be considered to be legal. If the hacker directly copies the webpage code, usually the hacker will not copy the webpage. Webpage code, and will not use the same global variables as in the normal webpage code. At this time, when the detection code runs in the client of the hacker, it must detect that at least one set function or global variable does not exist. The client is considered to be illegal, and the server can process the client to prevent misappropriation, thereby protecting the webpage code.
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
Disclosed are a method for protecting a web page code, wherein same relates to the technical field of human-machine recognition. The method comprises the steps of: adding, to a core function of a web page code in advance, a detection code for determining whether the other functions and global variables of the set web page code exist; and when the core function is executed in a running environment of a client, the detection code detecting whether the functions and global variables of the set web page code exist in the running environment, recognizing, according to a detection result, whether the client is legitimate, and performing corresponding processing on the client. The method for protecting a web page code provided in the present invention can recognize the legitimacy of a client, thus protecting the web page code.
Description
本发明涉及人机识别技术领域,具体涉及一种保护网页代码的方法、存储介质、电子设备和系统。The present invention relates to the field of human-machine recognition technology, and in particular, to a method, a storage medium, an electronic device and a system for protecting a webpage code.
目前,随着HTML5技术的发展,HTML5是下一代HTML标准,大部分浏览器已经具备了对HTML5的支持。对于HTML5的直播平台来说,其页面主要的代码都是JavaScript代码,其是一种脚本语言,所以在发布页面时相当于是源码发布,任何人都可以直接获取到该页面的JavaScript代码,并将其整个代码融入到自己的代码中,从而调用其中对应的功能。Currently, with the development of HTML5 technology, HTML5 is the next-generation HTML standard, and most browsers already have support for HTML5. For the HTML5 live broadcast platform, the main code of the page is JavaScript code, which is a scripting language, so when publishing the page, it is equivalent to the source code release, anyone can directly get the JavaScript code of the page, and The entire code is integrated into your own code to call the corresponding function.
例如,在页面的源码中有个函数的功能是解密服务器下发的数据,必然此函数会非常复杂,那么黑客并不需要分析清楚其中的实现方式,黑客可以将此段功能代码直接拷贝到自己的代码中执行,从而也可以完成对服务器下发的数据的解密。因此,需要一种方法来对页面的核心JavaScript代码来进行保护,防止其被拷贝使用。For example, in the source code of the page, the function of a function is to decrypt the data sent by the server. Inevitably, this function will be very complicated, so the hacker does not need to analyze the implementation method. The hacker can directly copy this function code to himself. Executed in the code, so that the decryption of the data sent by the server can also be completed. Therefore, a way is needed to protect the core JavaScript code of the page from being copied.
发明内容Summary of the invention
针对现有技术中存在的缺陷,本发明的目的在于提供一种保护网页代码的方法,可以识别出客户端的合法性,实现对网页代码的保护。Aiming at the defects existing in the prior art, the object of the present invention is to provide a method for protecting a webpage code, which can identify the legitimacy of the client and realize the protection of the webpage code.
为达到以上目的,本发明采取的技术方案是:In order to achieve the above objectives, the technical solution adopted by the present invention is:
一种保护网页代码的方法,包括步骤:A method of protecting webpage code, including steps:
预先在网页代码的核心函数中加入用于判断设定的所述网页代 码的函数及全局变量是否存在的检测代码;A detection code for determining whether the set function of the webpage code and the global variable exist is added to a core function of the webpage code in advance;
当所述核心函数在客户端的运行环境中执行时,检测代码检测该运行环境中是否存在设定的所述网页代码的其他函数及全局变量,并根据检测结果识别该客户端是否合法,并对该客户端进行相应处理。When the core function is executed in a running environment of the client, the detection code detects whether there are other functions and global variables of the set webpage code in the running environment, and identifies whether the client is legal according to the detection result, and The client handles it accordingly.
在上述技术方案的基础上,还包括步骤:对所述检测代码进行加密。Based on the foregoing technical solution, the method further includes the step of: encrypting the detection code.
在上述技术方案的基础上,具体包括步骤:Based on the above technical solutions, the steps include:
设定需要检测的网页代码的函数名称及全局变量名称;Set the function name and global variable name of the webpage code to be detected;
预先在网页代码的核心函数中加入检测代码,所述检测代码根据设定的函数名称及全局变量名称判断在运行环境中是否存在对应的函数及全局变量,并加密所述检测代码;The detection code is added to the core function of the webpage code in advance, and the detection code determines whether there is a corresponding function and a global variable in the running environment according to the set function name and the global variable name, and encrypts the detection code;
当所述核心函数在客户端的运行环境中执行时,解密并运行所述检测代码,所述检测代码检测出该运行环境中是否存在设定的所述网页代码的函数及全局变量,并向服务器发送检测结果;Decrypting and running the detection code when the core function is executed in a running environment of the client, the detection code detecting whether there is a function and a global variable of the set webpage code in the running environment, and Send test results;
服务器根据所述检测结果识别该客户端是否合法,并对该客户端进行相应处理。The server identifies whether the client is legal according to the detection result, and performs corresponding processing on the client.
在上述技术方案的基础上,在向服务器发送检测结果之前,先对检测结果进行加密,再将加密后的检测结果发送给服务器,服务器在接收到加密后的检测结果后,先对其进行解密,再根据解密后的检测结果识别客户端是否合法。On the basis of the foregoing technical solution, before sending the detection result to the server, the detection result is encrypted, and then the encrypted detection result is sent to the server, and the server decrypts the encrypted detection result after receiving the encrypted detection result. Then, according to the decrypted detection result, it is recognized whether the client is legal.
本发明还提供了一种存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现上述方法的步骤。The present invention also provides a storage medium having stored thereon a computer program that, when executed by a processor, implements the steps of the above method.
本发明还提供了一种电子设备,包括存储器、处理器及存储在所述存储器上并在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述方法的步骤。The present invention also provides an electronic device comprising a memory, a processor, and a computer program stored on the memory and running on the processor, the processor implementing the steps of the method when the computer program is executed.
本发明还提供了一种保护网页代码的系统,所述系统包括设置模块、检测模块和处理模块;The present invention also provides a system for protecting a webpage code, the system comprising a setting module, a detecting module and a processing module;
所述设置模块用于预先在网页代码的核心函数中加入用于判断设定的所述网页代码的函数及全局变量是否存在的检测代码;The setting module is configured to add, in advance, a detection code for determining whether the set function of the webpage code and the global variable exist in a core function of the webpage code;
所述检测模块用于当所述核心函数在客户端的运行环境中执行时,控制所述检测代码检测该运行环境中是否存在设定的所述网页代码的其他函数及全局变量,并将检测结果发送给所述处理模块;The detecting module is configured to: when the core function is executed in a running environment of the client, control the detecting code to detect whether there are other functions and global variables of the set webpage code in the running environment, and the detection result is Sent to the processing module;
所述处理模块用于根据检测模块得到的检测结果识别该客户端是否合法,并对该客户端进行相应处理。The processing module is configured to identify, according to the detection result obtained by the detection module, whether the client is legal, and perform corresponding processing on the client.
在上述技术方案的基础上,还包括参数设定模块、第一加密模块和第一解密模块。Based on the foregoing technical solution, the parameter setting module, the first encryption module, and the first decryption module are further included.
所述参数设定模块用于设定需要检测的网页代码的函数名称及全局变量名称;The parameter setting module is configured to set a function name and a global variable name of the webpage code to be detected;
所述第一加密模块用于在网页代码的核心函数中加入检测代码后加密所述检测代码;The first encryption module is configured to encrypt the detection code after adding a detection code to a core function of the webpage code;
所述第一解密模块用于当所述核心函数在客户端的运行环境中执行时解密所述检测代码;The first decryption module is configured to decrypt the detection code when the core function is executed in a running environment of a client;
所述检测模块还用于当所述核心函数在客户端的运行环境中执行时,在所述第一解密模块解密所述检测代码后,运行所述检测代码,并控制所述检测代码根据设定的函数名称和全局变量名称检测该运行环境中是否存在设定的所述网页代码的函数及全局变量。The detecting module is further configured to: when the core function is executed in a running environment of the client, after the first decrypting module decrypts the detecting code, run the detecting code, and control the detecting code according to the setting The function name and the global variable name detect whether there is a function and a global variable of the set webpage code in the running environment.
在上述技术方案的基础上,所述第一加密模块和第一解密模块均采用DES对称加密算法。On the basis of the foregoing technical solutions, the first encryption module and the first decryption module both adopt a DES symmetric encryption algorithm.
在上述技术方案的基础上,还包括第二加密模块和第二解密模块;Based on the foregoing technical solution, the second encryption module and the second decryption module are further included;
所述第二加密模块用于对所述检测模块的检测结果进行加密,并将加密后的检测结果发送给所述处理模块;The second encryption module is configured to encrypt the detection result of the detection module, and send the encrypted detection result to the processing module;
所述处理模块还用于将接收到加密后的检测结果发送给第二解密模块;The processing module is further configured to send the encrypted detection result to the second decryption module;
所述第二解密模块用于对接收到的检测结果进行解密,并将解密后的检测结果返回给所述处理模块;The second decryption module is configured to decrypt the received detection result, and return the decrypted detection result to the processing module;
所述处理模块还用于根据解密后的检测结果识别客户端是否合法。The processing module is further configured to identify, according to the decrypted detection result, whether the client is legal.
与现有技术相比,本发明的优点在于:The advantages of the present invention over the prior art are:
(1)本发明的保护网页代码的方法,通过判断客户端的运行环境中是否存在设定的网页代码的函数及全局变量,从而可以识别出客户端的合法性,实现对网页代码的保护。(1) The method for protecting a webpage code of the present invention can determine the legitimacy of the client by implementing the function and the global variable of the set webpage code in the running environment of the client, thereby realizing the protection of the webpage code.
(2)本发明的保护网页代码的方法,先对检测代码加密,当核心函数在客户端中运行时,再解密该检测代码,可有效防止该检测代码被黑客发现,以免黑客对其进行规避或篡改,从而保证该网页代码保护方法的可靠性。(2) The method for protecting the webpage code of the present invention first encrypts the detection code, and when the core function runs in the client, decrypts the detection code, which can effectively prevent the detection code from being discovered by the hacker, so as to prevent the hacker from evading it. Or tampering to ensure the reliability of the web page code protection method.
图1为本发明实施例中保护网页代码的方法的流程图;1 is a flowchart of a method for protecting a webpage code in an embodiment of the present invention;
图2为本发明实施例中电子设备的连接框图。2 is a block diagram showing the connection of an electronic device in an embodiment of the present invention.
以下结合附图及实施例对本发明作进一步详细说明。The present invention will be further described in detail below with reference to the accompanying drawings and embodiments.
参见图1所示,本发明实施例提供一种保护网页代码的方法,包括步骤:Referring to FIG. 1, an embodiment of the present invention provides a method for protecting a webpage code, including the steps of:
S1:设定需要检测的网页代码的函数名称及全局变量名称,设定 的函数名称及全局变量名称可以根据实际需求进行选取,优选为直播平台中特有的一些功能函数或全局变量,如发送弹幕的函数等。S1: Set the function name and global variable name of the webpage code to be detected. The set function name and global variable name can be selected according to actual needs, preferably some function functions or global variables unique to the live platform, such as sending bullets. Curtain functions, etc.
S2:预先在网页代码的核心函数中加入检测代码,检测代码根据设定的函数名称及全局变量名称判断在运行环境中是否存在对应的函数及全局变量。S2: The detection code is added to the core function of the webpage code in advance, and the detection code determines whether there is a corresponding function and a global variable in the running environment according to the set function name and the global variable name.
具体实现过程为:检测代码中包括若干用于检测设定的全局变量是否存在的函数和若干用于检测设定的函数是否存在的函数。其中,用于检测设定的全局变量是否存在的函数如下:The specific implementation process is: the detection code includes a plurality of functions for detecting whether the set global variable exists and a plurality of functions for detecting whether the set function exists. Among them, the function for detecting whether the set global variable exists is as follows:
其中,用于检测设定的全局变量是否存在的函数名称是ExitsVariable,传入的变量名是variableName,variableName为设定的全局变量名称,通过该函数可以检测出该全局变量是否存在。The function name for detecting whether the set global variable exists is ExitsVariable, the variable name passed is variableName, and variableName is the set global variable name, and the function can detect whether the global variable exists.
若直播平台的JS代码中会设置一个全局变量,用于存放一些全局的设置,这个全局变量是本直播平台所特有的,则可选择对是否存在该全局变量进行检测,将该全局变量名称命名为dyConfig,通过以下代码即可得到全局变量dyConfig是否存在,如下:If the global variable is set in the JS code of the live broadcast platform, it is used to store some global settings. This global variable is unique to the live broadcast platform. You can choose whether to detect the existence of the global variable and name the global variable. For dyConfig, you can get the global variable dyConfig by the following code, as follows:
dyConfigFlag=ExitsVariable(“dyConfig”);dyConfigFlag=ExitsVariable("dyConfig");
其中,ExitsVariable是用于检测设定的全局变量是否存在的函数, “dyConfig”是待检测的全局变量名称,dyConfigFlag是检测该全局变量是否存在的结果值。Among them, ExitsVariable is a function for detecting the presence of a set global variable, "dyConfig" is the name of the global variable to be detected, and dyConfigFlag is the result value for detecting the existence of the global variable.
另外,用于检测设定的函数是否存在的函数如下:In addition, the function for detecting the presence of the set function is as follows:
其中,用于检测设定的函数是否存在的函数名称是ExitsFunction,传入的变量名是funcName,funcName为设定的函数名称,通过该ExitsFunction函数可以检测出函数funcName是否存在。Among them, the function name for detecting whether the set function exists is ExitsFunction, the variable name passed is funcName, and funcName is the set function name, and the function funcName can be detected by the ExitsFunction function.
对于直播平台特有的一些功能函数,如发送弹幕、显示广告等,则可选择检测这些本直播平台特有的功能函数是否存在,如发送弹幕的函数名称为dySendDanmu,通过以下代码即可得到发送弹幕的函数是否存在,如下:For some function functions unique to the live broadcast platform, such as sending a barrage, displaying advertisements, etc., you can choose to detect whether the function functions unique to the live broadcast platform exist. For example, the function name of the send barrage is dySendDanmu, which can be sent by the following code. Whether the function of the barrage exists, as follows:
dySendDanmuFlag=ExitsFunction(“dySendDanmu”);dySendDanmuFlag=ExitsFunction("dySendDanmu");
其中,ExitsFunction是用于检测设定的函数是否存在的函数,“dySendDanmu”是发送弹幕的函数名称,dySendDanmuFlag是检测发送弹幕的函数是否存在的结果值。Among them, ExitsFunction is a function for detecting whether a set function exists, "dySendDanmu" is a function name for transmitting a barrage, and dySendDanmuFlag is a result value for detecting whether a function for transmitting a barrage exists.
当需要检测显示广告的函数是否存在时,显示广告的函数名称为dySendDanmu,通过以下代码即可得到显示广告的函数是否存在,如下:When it is necessary to detect whether the function displaying the advertisement exists, the function name of the display advertisement is dySendDanmu, and the function of displaying the advertisement exists by the following code, as follows:
dyShowAdvertisementFlag=ExitsFunction(“dyShowAdvertisement”);dyShowAdvertisementFlag=ExitsFunction("dyShowAdvertisement");
其中,“dyShowAdvertisement”是显示广告的函数名称,dyShowAdvertisementFlag是检测显示广告的函数是否存在的结果值。Among them, "dyShowAdvertisement" is the function name for displaying the advertisement, and dyShowAdvertisementFlag is the result value for detecting whether the function for displaying the advertisement exists.
当需要检测打点用户行为进行上报到服务器的函数是否存在时,打点用户行为进行上报到服务器的函数名称为dySenddot,通过以下代码即可得到该函数是否存在,如下:When it is necessary to detect whether the function of the user is reported to the server, the function name of the function reported to the server is dySenddot. The following code can be used to obtain the function, as follows:
dySenddotFlag=ExitsFunction(“dySenddot”);dySenddotFlag=ExitsFunction("dySenddot");
其中,“dySenddot”是打点用户行为进行上报到服务器的函数名称,dySenddotFlag是检测打点用户行为进行上报到服务器的函数是否存在的结果值。Among them, "dySenddot" is the function name of the user behavior reported to the server, and dySenddotFlag is the result value of detecting whether the function of the management user is reported to the server.
类似地,可以根据实际需求,预设需要检测的函数名称及全局变量名称,并在检测代码中对应加入相应的用于检测设定的全局变量是否存在的函数、以及用于检测设定的函数是否存在的函数即可。Similarly, the function name and the global variable name that need to be detected may be preset according to actual needs, and corresponding functions for detecting whether the set global variable exists or not, and a function for detecting the setting are added in the detection code. Whether the function exists or not.
S3:加密检测代码,可有效防止该检测代码被黑客发现,以免黑客对其进行规避。S3: The encryption detection code can effectively prevent the detection code from being discovered by the hacker, so as to avoid hacking.
本发明实施例中,加密采用的是DES对称加密算法,通过密钥KEY值对要保护的检测代码进行加密,具体实现过程为编写一个加密函数对要保护的检测代码进行加密,可以得到一串加密的数据EncryptJs,如下:In the embodiment of the present invention, the DES symmetric encryption algorithm is used for encryption, and the detection code to be protected is encrypted by the key KEY value. The specific implementation process is to write an encryption function to encrypt the detection code to be protected, and a string can be obtained. Encrypted data EncryptJs, as follows:
EncryptJs=DES.Encrypt(getInterfaceFlag,KEY);EncryptJs=DES.Encrypt(getInterfaceFlag,KEY);
其中,DES.Encrypt是加密算法DES的加密接口Encrypt,参数getInterfaceFlag是要保护的JavaScript检测代码,参数KEY为密钥,且当有客户端登录时,服务器会生成一个与加密使用的密钥相同的KEY值,发送给客户端,以便客户端解密该检测代码,EncryptJs为返回结果,且返回结果为一串加密的数据。Among them, DES.Encrypt is the encryption interface Encrypt of the encryption algorithm DES, the parameter getInterfaceFlag is the JavaScript detection code to be protected, the parameter KEY is the key, and when a client logs in, the server generates a key similar to the key used for encryption. The KEY value is sent to the client so that the client decrypts the detection code, EncryptJs returns the result, and the result is a string of encrypted data.
加密后的检测代码变成一串加密的常量数据,该数据无任何可读的意义,服务器将这些常量数据保存到网页代码中,以字符串变量的 形成进行保存,在需要解密时,对该字符串变量进行解密即可。The encrypted detection code becomes a string of encrypted constant data. The data has no readable meaning. The server saves the constant data in the webpage code and saves it as a string variable. When decryption is needed, the data is saved. String variables can be decrypted.
S4:当核心函数在客户端的运行环境中执行时,解密并运行检测代码,检测代码检测出该运行环境中是否存在设定的网页代码的函数及全局变量,并向服务器发送检测结果。S4: When the core function is executed in the running environment of the client, the detection code is decrypted and run, and the detection code detects whether there is a function and a global variable of the set webpage code in the running environment, and sends the detection result to the server.
在本发明实施例中,解密采用的也是DES对称加密算法,通过密钥KEY值对要保护的检测代码进行解密,具体实现过程为编写一个解密函数对已加密的检测代码进行解密,将已加密得到的常量数据解密为检测代码的原始代码,如下:In the embodiment of the present invention, the DES symmetric encryption algorithm is used for decryption, and the detection code to be protected is decrypted by the key KEY value. The specific implementation process is to write a decryption function to decrypt the encrypted detection code, which will be encrypted. The obtained constant data is decrypted into the original code of the detection code as follows:
getInterfaceFlag=DES.Decrypt(encryptCode,KEY);getInterfaceFlag=DES.Decrypt(encryptCode,KEY);
其中,DES.Decrypt则是对应的解密算法的接口,encryptCode是检测代码加密后得到的常量数据,KEY是登录到服务器,服务器下发的密钥KEY值,getInterfaceFlag是解密出来的核心代码的原始代码,从而客户端则可以执行对应的检测代码完成相关逻辑功能。Among them, DES.Decrypt is the interface of the corresponding decryption algorithm, encryptCode is the constant data obtained by detecting the code encryption, KEY is the key KEY value sent by the server to the server, and getInterfaceFlag is the original code of the decrypted core code. So that the client can execute the corresponding detection code to complete the relevant logic functions.
在解密检测代码之后,运行该检测代码,检测代码可检测出该运行环境中是否存在设定的函数和全局变量,并对应得到每个设定的函数和全局变量的返回结果。若该设定函数或全局变量存在,则对应的返回结果置为1,若不存在,则对应的返回结果置为0。After decrypting the detection code, the detection code is run, and the detection code can detect whether there is a set function and a global variable in the running environment, and correspondingly obtain a return result of each set function and global variable. If the set function or global variable exists, the corresponding return result is set to 1, and if it does not exist, the corresponding return result is set to 0.
当需要检测全局变量dyConfig、以及发送弹幕、显示广告、打点用户行为进行上报到服务器的函数是否存在时,设定的全局变量名称为dyConfig,设定的函数名称分别为dySendDanmu、dyShowAdvertisement和dySenddot,则可对应得到四个返回结果,这四个返回结果对应分别为dyConfigFlag、dySendDanmuFlag、dyShowAdvertisementFlag和dySenddotFlag,并将这四个返回结果进行打包,得到一个字符串Dataflag,将打包后的字符串Dataflag作为检测结果发送给服务器,该字符串Dataflag表示为:Dataflag=dyConfigFlag+dySendDanmuFlag+dyShowAdvertisementFlag+ dySenddotFlag,如字符串Dataflag为1111、1101或0000等。When it is necessary to detect the global variable dyConfig, and whether the function of transmitting the barrage, displaying the advertisement, and puncturing the user behavior to report to the server exists, the set global variable name is dyConfig, and the set function names are dySendDanmu, dyShowAdvertisement, and dySenddot, respectively. Then, four return results can be obtained correspondingly, and the four returned results correspond to dyConfigFlag, dySendDanmuFlag, dyShowAdvertisementFlag, and dySenddotFlag, respectively, and the four returned results are packed to obtain a string Dataflag, and the packed string Dataflag is detected. The result is sent to the server, and the string Dataflag is expressed as: Dataflag=dyConfigFlag+dySendDanmuFlag+dyShowAdvertisementFlag+ dySenddotFlag, such as the string Dataflag is 1111, 1101 or 0000.
S5:服务器根据检测结果识别该客户端是否合法,并对该客户端进行相应处理。S5: The server identifies whether the client is legal according to the detection result, and processes the client accordingly.
当检测结果的字符串中每个字符均为1,表明该客户端运行环境中存在设定的函数和全局变量,则可认为该客户端是合法的,当该客户端运行环境中的检测结果中并非所有字符均为1,表明该客户端运行环境中至少有一个设定的函数或全局变量不存在,则可认为该客户端是不合法的,服务器对该客户端进行相应的处罚措施,从而实现对网页代码的保护。When each character in the string of the detection result is 1, indicating that there is a set function and a global variable in the running environment of the client, the client may be considered to be legal when the client runs the detection result in the environment. Not all characters in the file are 1, indicating that there is at least one set function or global variable in the client running environment, the client may be considered illegal, and the server shall impose corresponding penalties on the client. Thereby achieving protection of the webpage code.
进一步地,在本发明实施例中,在向服务器发送检测结果之前,先对检测结果进行加密,再将加密后的检测结果发送给服务器,服务器在接收到加密后的检测结果后,先对其进行解密,再根据解密后的检测结果识别客户端是否合法。对上述检测结果进行加密和解密的方法也采用的是DES对称加密算法,使用相同的密钥KEY对检测结果进行加密或解密,可有效防止该检测结果在发送给服务器的过程中被黑客发现,以免黑客对其进行篡改或规避,从而保证该网页代码保护方法的可靠性。Further, in the embodiment of the present invention, before the detection result is sent to the server, the detection result is encrypted, and then the encrypted detection result is sent to the server, and after receiving the encrypted detection result, the server first Decrypt, and then according to the decrypted detection result to identify whether the client is legal. The method for encrypting and decrypting the above detection result also adopts the DES symmetric encryption algorithm, and uses the same key KEY to encrypt or decrypt the detection result, which can effectively prevent the detection result from being discovered by the hacker in the process of being sent to the server. In order to avoid hacking or circumventing it, the reliability of the webpage code protection method is guaranteed.
本发明实施例中保护网页代码的方法的原理在于:由于正常的网页代码中必然存在设定的该网页代码中所有函数及全局变量,当客户端使用该网页代码时,若是正常用户使用,则会使用到发布的网页代码,检测代码可以检测到设定的函数及全局变量均存在,则可认为该客户端是合法的,若是黑客直接拷贝使用该网页代码,由于通常黑客不会全部拷贝该网页代码,且不会使用到与正常网页代码中相同的全局变量,此时,检测代码在黑客的客户端中运行时,必然检测到至少有一个设定的函数或全局变量不存在,则可认为该客户端是不合法 的,服务器可以对客户端进行相应处理,防止盗用,从而保护网页代码。The principle of the method for protecting webpage code in the embodiment of the present invention is: since all functions and global variables in the webpage code are necessarily present in the normal webpage code, when the client uses the webpage code, if the user uses the webpage code, Will use the published webpage code, the detection code can detect that the set function and the global variable exist, then the client can be considered to be legal. If the hacker directly copies the webpage code, usually the hacker will not copy the webpage. Webpage code, and will not use the same global variables as in the normal webpage code. At this time, when the detection code runs in the client of the hacker, it must detect that at least one set function or global variable does not exist. The client is considered to be illegal, and the server can process the client to prevent misappropriation, thereby protecting the webpage code.
本发明实施例还提供了一种存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现上述保护网页代码方法的步骤。The embodiment of the invention further provides a storage medium on which a computer program is stored, and when the computer program is executed by the processor, the step of protecting the webpage code method is implemented.
参见图2所示,本发明实施例还提供了一种电子设备,包括存储器、处理器及存储在存储器上并在处理器上运行的计算机程序,处理器执行计算机程序时实现保护网页代码方法的步骤。Referring to FIG. 2, an embodiment of the present invention further provides an electronic device, including a memory, a processor, and a computer program stored on the memory and running on the processor, and the method for protecting the webpage code when the processor executes the computer program. step.
本发明实施例还提供了一种保护网页代码的系统,系统包括设置模块、检测模块和处理模块。The embodiment of the invention further provides a system for protecting a webpage code, the system comprising a setting module, a detecting module and a processing module.
设置模块用于预先在网页代码的核心函数中加入用于判断设定的网页代码的其他函数及全局变量是否存在的检测代码;检测模块用于当核心函数在客户端的运行环境中执行时,控制检测代码检测该运行环境中是否存在设定的网页代码的其他函数及全局变量,并将检测结果发送给处理模块;处理模块用于根据检测模块得到的检测结果识别该客户端是否合法,并对该客户端进行相应处理。The setting module is configured to add, in advance, a detection function for determining whether other functions of the set webpage code and global variables exist in the core function of the webpage code; the detecting module is configured to control when the core function is executed in the running environment of the client The detection code detects whether there are other functions and global variables of the set webpage code in the running environment, and sends the detection result to the processing module; the processing module is configured to identify whether the client is legal according to the detection result obtained by the detecting module, and The client handles it accordingly.
进一步地,系统还包括参数设定模块、第一加密模块和第一解密模块。参数设定模块用于设定需要检测的网页代码的函数名称及全局变量名称;第一加密模块用于在网页代码的核心函数中加入检测代码后加密检测代码;第一解密模块用于当核心函数在客户端的运行环境中执行时解密检测代码;检测模块还用于当核心函数在客户端的运行环境中执行时,在第一解密模块解密检测代码后,运行检测代码,并控制检测代码根据设定的函数名称和全局变量名称检测该运行环境中是否存在设定的网页代码的函数及全局变量。Further, the system further includes a parameter setting module, a first encryption module, and a first decryption module. The parameter setting module is configured to set a function name and a global variable name of the webpage code to be detected; the first encryption module is configured to encrypt the detection code after adding the detection code to the core function of the webpage code; the first decryption module is used as the core The function decrypts the detection code when executed in the running environment of the client; the detection module is further configured to: when the core function is executed in the running environment of the client, after the first decryption module decrypts the detection code, run the detection code, and control the detection code according to the setting The function name and global variable name of the fixed function detect whether there is a function and a global variable of the set webpage code in the running environment.
且本发明实施例中,第一加密模块和第一解密模块均采用DES对称加密算法。In the embodiment of the present invention, the first encryption module and the first decryption module both adopt a DES symmetric encryption algorithm.
进一步地,系统还包括第二加密模块和第二解密模块,第二加密模块用于对检测模块的检测结果进行加密,并将加密后的检测结果发送给处理模块;处理模块还用于将接收到加密后的检测结果发送给第二解密模块;第二解密模块用于对接收到的检测结果进行解密,并将解密后的检测结果返回给处理模块;处理模块还用于根据解密后的检测结果识别客户端是否合法。Further, the system further includes a second encryption module and a second decryption module, where the second encryption module is configured to encrypt the detection result of the detection module, and send the encrypted detection result to the processing module; the processing module is further configured to receive The encrypted detection result is sent to the second decryption module; the second decryption module is configured to decrypt the received detection result, and return the decrypted detection result to the processing module; the processing module is further configured to perform the detection according to the decryption The result is to determine if the client is legitimate.
本发明实施例中保护网页代码的系统的原理在于:由于正常的网页代码中必然存在设定的该网页代码中所有函数及全局变量,当客户端使用该网页代码时,若是正常用户使用,则会使用到发布的网页代码,检测代码可以检测到设定的函数及全局变量均存在,则可认为该客户端是合法的,若是黑客直接拷贝使用该网页代码,由于通常黑客不会全部拷贝该网页代码,且不会使用到与正常网页代码中相同的全局变量,此时,检测代码在黑客的客户端中运行时,必然检测到至少有一个设定的函数或全局变量不存在,则可认为该客户端是不合法的,服务器可以对客户端进行相应处理,防止盗用,从而保护网页代码。The principle of the system for protecting webpage code in the embodiment of the present invention is that since all functions and global variables in the webpage code are necessarily present in the normal webpage code, when the client uses the webpage code, if the user uses the webpage code, Will use the published webpage code, the detection code can detect that the set function and the global variable exist, then the client can be considered to be legal. If the hacker directly copies the webpage code, usually the hacker will not copy the webpage. Webpage code, and will not use the same global variables as in the normal webpage code. At this time, when the detection code runs in the client of the hacker, it must detect that at least one set function or global variable does not exist. The client is considered to be illegal, and the server can process the client to prevent misappropriation, thereby protecting the webpage code.
本发明不局限于上述实施方式,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也视为本发明的保护范围之内。本说明书中未作详细描述的内容属于本领域专业技术人员公知的现有技术。The present invention is not limited to the above embodiments, and those skilled in the art can also make several improvements and retouchings without departing from the principles of the present invention. These improvements and retouchings are also considered as protection of the present invention. Within the scope. The contents not described in detail in the present specification belong to the prior art well known to those skilled in the art.
Claims (10)
- 一种保护网页代码的方法,其特征在于,包括步骤:A method for protecting a webpage code, comprising the steps of:预先在网页代码的核心函数中加入用于判断设定的所述网页代码的函数及全局变量是否存在的检测代码;A detection code for determining whether the set function of the webpage code and the global variable exist is added to a core function of the webpage code in advance;当所述核心函数在客户端的运行环境中执行时,检测代码检测该运行环境中是否存在设定的所述网页代码的函数及全局变量,并根据检测结果识别该客户端是否合法,并对该客户端进行相应处理。When the core function is executed in a running environment of the client, the detection code detects whether the function and the global variable of the set webpage code exist in the running environment, and identifies whether the client is legal according to the detection result, and The client handles it accordingly.
- 如权利要求1所述的保护网页代码的方法,其特征在于,还包括步骤:对所述检测代码进行加密。A method of protecting a webpage code according to claim 1, further comprising the step of encrypting said detection code.
- 如权利要求2所述的保护网页代码的方法,其特征在于,具体包括步骤:The method for protecting a webpage code according to claim 2, further comprising the steps of:设定需要检测的网页代码的函数名称及全局变量名称;Set the function name and global variable name of the webpage code to be detected;预先在网页代码的核心函数中加入检测代码,所述检测代码根据设定的函数名称及全局变量名称判断在运行环境中是否存在对应的函数及全局变量,并加密所述检测代码;The detection code is added to the core function of the webpage code in advance, and the detection code determines whether there is a corresponding function and a global variable in the running environment according to the set function name and the global variable name, and encrypts the detection code;当所述核心函数在客户端的运行环境中执行时,解密并运行所述检测代码,所述检测代码检测出该运行环境中是否存在设定的所述网页代码的函数及全局变量,并向服务器发送检测结果;Decrypting and running the detection code when the core function is executed in a running environment of the client, the detection code detecting whether there is a function and a global variable of the set webpage code in the running environment, and Send test results;服务器根据所述检测结果识别该客户端是否合法,并对该客户端进行相应处理。The server identifies whether the client is legal according to the detection result, and performs corresponding processing on the client.
- 如权利要求3所述的保护网页代码的方法,其特征在于:在向服务器发送检测结果之前,先对检测结果进行加密,再将加密后的检测结果发送给服务器,服务器在接收到加密后的检测结果后,先对其进行解密,再根据解密后的检测结果识别客户端是否合法。The method for protecting a webpage code according to claim 3, wherein before the detection result is sent to the server, the detection result is encrypted, and the encrypted detection result is sent to the server, and the server receives the encrypted After the result is detected, it is decrypted first, and then the client is legal according to the decrypted detection result.
- 一种存储介质,其上存储有计算机程序,其特征在于:所述 计算机程序被处理器执行时实现上述权利要求1至4中任一项所述方法的步骤。A storage medium having stored thereon a computer program, characterized in that the computer program is executed by a processor to carry out the steps of the method of any one of claims 1 to 4.
- 一种电子设备,包括存储器、处理器及存储在所述存储器上并在所述处理器上运行的计算机程序,其特征在于:所述处理器执行所述计算机程序时实现上述权利要求1至4中任一项所述方法的步骤。An electronic device comprising a memory, a processor, and a computer program stored on the processor and running on the processor, wherein the processor executes the computer program to implement the above claims 1 to 4 The steps of any of the methods described.
- 一种保护网页代码的系统,其特征在于:所述系统包括设置模块、检测模块和处理模块;A system for protecting webpage code, characterized in that: the system comprises a setting module, a detecting module and a processing module;所述设置模块用于预先在网页代码的核心函数中加入用于判断设定的所述网页代码的函数及全局变量是否存在的检测代码;The setting module is configured to add, in advance, a detection code for determining whether the set function of the webpage code and the global variable exist in a core function of the webpage code;所述检测模块用于当所述核心函数在客户端的运行环境中执行时,控制所述检测代码检测该运行环境中是否存在设定的所述网页代码的其他函数及全局变量,并将检测结果发送给所述处理模块;The detecting module is configured to: when the core function is executed in a running environment of the client, control the detecting code to detect whether there are other functions and global variables of the set webpage code in the running environment, and the detection result is Sent to the processing module;所述处理模块用于根据检测模块得到的检测结果识别该客户端是否合法,并对该客户端进行相应处理。The processing module is configured to identify, according to the detection result obtained by the detection module, whether the client is legal, and perform corresponding processing on the client.
- 如权利要求7所述的保护网页代码的系统,其特征在于:还包括参数设定模块、第一加密模块和第一解密模块。The system for protecting a webpage code according to claim 7, further comprising a parameter setting module, a first encryption module, and a first decryption module.所述参数设定模块用于设定需要检测的网页代码的函数名称及全局变量名称;The parameter setting module is configured to set a function name and a global variable name of the webpage code to be detected;所述第一加密模块用于在网页代码的核心函数中加入检测代码后加密所述检测代码;The first encryption module is configured to encrypt the detection code after adding a detection code to a core function of the webpage code;所述第一解密模块用于当所述核心函数在客户端的运行环境中执行时解密所述检测代码;The first decryption module is configured to decrypt the detection code when the core function is executed in a running environment of a client;所述检测模块还用于当所述核心函数在客户端的运行环境中执行时,在所述第一解密模块解密所述检测代码后,运行所述检测代码, 并控制所述检测代码根据设定的函数名称和全局变量名称检测该运行环境中是否存在设定的所述网页代码的函数及全局变量。The detecting module is further configured to: when the core function is executed in a running environment of the client, after the first decrypting module decrypts the detecting code, run the detecting code, and control the detecting code according to the setting The function name and the global variable name detect whether there is a function and a global variable of the set webpage code in the running environment.
- 如权利要求8所述的保护网页代码的系统,其特征在于:所述第一加密模块和第一解密模块均采用DES对称加密算法。The system for protecting webpage code according to claim 8, wherein the first encryption module and the first decryption module both adopt a DES symmetric encryption algorithm.
- 如权利要求8所述的保护网页代码的系统,其特征在于:还包括第二加密模块和第二解密模块;The system for protecting webpage code according to claim 8, further comprising: a second encryption module and a second decryption module;所述第二加密模块用于对所述检测模块的检测结果进行加密,并将加密后的检测结果发送给所述处理模块;The second encryption module is configured to encrypt the detection result of the detection module, and send the encrypted detection result to the processing module;所述处理模块还用于将接收到加密后的检测结果发送给第二解密模块;The processing module is further configured to send the encrypted detection result to the second decryption module;所述第二解密模块用于对接收到的检测结果进行解密,并将解密后的检测结果返回给所述处理模块;The second decryption module is configured to decrypt the received detection result, and return the decrypted detection result to the processing module;所述处理模块还用于根据解密后的检测结果识别客户端是否合法。The processing module is further configured to identify, according to the decrypted detection result, whether the client is legal.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810011207.7 | 2018-01-05 | ||
CN201810011207.7A CN108319822B (en) | 2018-01-05 | 2018-01-05 | Method, storage medium, electronic device and system for protecting webpage code |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019134276A1 true WO2019134276A1 (en) | 2019-07-11 |
Family
ID=62893770
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2018/081320 WO2019134276A1 (en) | 2018-01-05 | 2018-03-30 | Method and system for protecting web page code, storage medium, and electronic device |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108319822B (en) |
WO (1) | WO2019134276A1 (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109711187B (en) * | 2018-11-29 | 2020-01-24 | 北京字节跳动网络技术有限公司 | Page processing method and device, computer readable storage medium and electronic equipment |
CN111475763B (en) * | 2020-04-15 | 2020-12-15 | 成都安易迅科技有限公司 | Webpage running method and device, storage medium and equipment |
CN114201701B (en) * | 2022-02-18 | 2022-05-03 | 成都鲁易科技有限公司 | Method and device for identifying operating environment, storage medium, server and client |
CN115114626B (en) * | 2022-08-26 | 2022-12-30 | 国网江西省电力有限公司电力科学研究院 | Industrial equipment code detection method, system, computer equipment and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103995992A (en) * | 2014-05-28 | 2014-08-20 | 全联斯泰克科技有限公司 | Method and device for protecting software |
CN105849737A (en) * | 2013-11-14 | 2016-08-10 | Inka安特沃客有限公司 | Program protection device |
US20170068804A1 (en) * | 2014-02-28 | 2017-03-09 | Wibu-Systems Ag | Method for Protecting a Computer Program From Being Influenced, and Computer System |
CN106650355A (en) * | 2016-12-08 | 2017-05-10 | 武汉斗鱼网络科技有限公司 | Method and device for protecting function call |
CN107169324A (en) * | 2017-05-12 | 2017-09-15 | 北京理工大学 | A kind of Android application reinforcement means based on dynamic encryption and decryption |
CN107196761A (en) * | 2017-03-31 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | A kind of method of core function in protection application program |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8533673B2 (en) * | 2008-03-20 | 2013-09-10 | Sap Ag | Language-level integration of programming models |
CN101719204B (en) * | 2009-12-15 | 2011-07-27 | 北京大学 | Heapspray detection method based on intermediate command dynamic instrumentation |
CN102542201B (en) * | 2011-12-26 | 2015-01-21 | 北京奇虎科技有限公司 | Detection method and system for malicious codes in web pages |
CN102819698B (en) * | 2011-12-27 | 2015-05-20 | 腾讯科技(深圳)有限公司 | Method and device for detecting malicious code in webpage |
CN102831345B (en) * | 2012-07-30 | 2015-01-28 | 西北工业大学 | Injection point extracting method in SQL (Structured Query Language) injection vulnerability detection |
CN103279710B (en) * | 2013-04-12 | 2016-04-13 | 深圳市易聆科信息技术有限公司 | Method and system for detecting malicious codes of Internet information system |
CN103259790B (en) * | 2013-04-28 | 2017-09-08 | 深信服科技股份有限公司 | The means of defence and device of network security |
CN103258163B (en) * | 2013-05-15 | 2015-08-26 | 腾讯科技(深圳)有限公司 | A kind of script virus recognition methods, Apparatus and system |
CN104951700B (en) * | 2014-10-11 | 2018-11-06 | 腾讯科技(深圳)有限公司 | Webpage leak detection method and device |
CN105205359B (en) * | 2015-10-12 | 2018-11-23 | 厦门飞信网络科技有限公司 | A kind of JavaScript code guard method and device |
CN106598837A (en) * | 2015-10-20 | 2017-04-26 | 北京国双科技有限公司 | Code debugging method and device |
CN105491053A (en) * | 2015-12-21 | 2016-04-13 | 用友网络科技股份有限公司 | Web malicious code detection method and system |
CN106250761B (en) * | 2016-07-28 | 2019-12-20 | 广州爱九游信息技术有限公司 | Equipment, device and method for identifying web automation tool |
CN106101145B (en) * | 2016-08-10 | 2019-11-15 | 北京神州绿盟信息安全科技股份有限公司 | A kind of website vulnerability detection method and device |
-
2018
- 2018-01-05 CN CN201810011207.7A patent/CN108319822B/en active Active
- 2018-03-30 WO PCT/CN2018/081320 patent/WO2019134276A1/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105849737A (en) * | 2013-11-14 | 2016-08-10 | Inka安特沃客有限公司 | Program protection device |
US20170068804A1 (en) * | 2014-02-28 | 2017-03-09 | Wibu-Systems Ag | Method for Protecting a Computer Program From Being Influenced, and Computer System |
CN103995992A (en) * | 2014-05-28 | 2014-08-20 | 全联斯泰克科技有限公司 | Method and device for protecting software |
CN106650355A (en) * | 2016-12-08 | 2017-05-10 | 武汉斗鱼网络科技有限公司 | Method and device for protecting function call |
CN107196761A (en) * | 2017-03-31 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | A kind of method of core function in protection application program |
CN107169324A (en) * | 2017-05-12 | 2017-09-15 | 北京理工大学 | A kind of Android application reinforcement means based on dynamic encryption and decryption |
Also Published As
Publication number | Publication date |
---|---|
CN108319822B (en) | 2020-05-12 |
CN108319822A (en) | 2018-07-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108322461B (en) | Method, system, device, equipment and medium for automatically logging in application program | |
US8973107B2 (en) | Method and apparatus for securing keystrokes from being intercepted between the keyboard and a browser | |
US10409984B1 (en) | Hierarchical data security measures for a mobile device | |
D’Orazio et al. | Circumventing iOS security mechanisms for APT forensic investigations: A security taxonomy for cloud apps | |
WO2019134276A1 (en) | Method and system for protecting web page code, storage medium, and electronic device | |
CN111917540B (en) | Data encryption and decryption method and device, mobile terminal and storage medium | |
US20180314827A1 (en) | Enabling Offline Restart Of Shielded Virtual Machines Using Key Caching | |
US9338012B1 (en) | Systems and methods for identifying code signing certificate misuse | |
CN106919811B (en) | File detection method and device | |
CN111163095B (en) | Network attack analysis method, network attack analysis device, computing device, and medium | |
CN111193740B (en) | Encryption method, device, decryption method, computer device and storage medium | |
CN107784207B (en) | Display method, device and equipment of financial APP interface and storage medium | |
CN111163094B (en) | Network attack detection method, network attack detection device, electronic device, and medium | |
CN109818906B (en) | Equipment fingerprint information processing method and device and server | |
US20230418911A1 (en) | Systems and methods for securely processing content | |
CN114244522A (en) | Information protection method and device, electronic equipment and computer readable storage medium | |
CN110753257A (en) | Data display method, display terminal, server, display system, and storage medium | |
US11374898B1 (en) | Use of partial hash of domain name to return IP address associated with the domain name | |
CN106789051B (en) | method, device and computing equipment for protecting files | |
KR101630462B1 (en) | Apparatus and Method for Securing a Keyboard | |
Sapra et al. | Circumventing keyloggers and screendumps | |
US20160210474A1 (en) | Data processing apparatus, data processing method, and program | |
CN105975860B (en) | A kind of trust file management method, device and equipment | |
KR102047547B1 (en) | System for security using encryption mode in self-protected javascript and method thereof | |
KR101511451B1 (en) | Method of encryption to keyboard input information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18897947 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 18897947 Country of ref document: EP Kind code of ref document: A1 |