WO2020252698A1 - Data flow tracking method and system, storage medium, and server - Google Patents

Data flow tracking method and system, storage medium, and server Download PDF

Info

Publication number
WO2020252698A1
WO2020252698A1 PCT/CN2019/091919 CN2019091919W WO2020252698A1 WO 2020252698 A1 WO2020252698 A1 WO 2020252698A1 CN 2019091919 W CN2019091919 W CN 2019091919W WO 2020252698 A1 WO2020252698 A1 WO 2020252698A1
Authority
WO
WIPO (PCT)
Prior art keywords
data flow
flow tracking
data
function
tracking process
Prior art date
Application number
PCT/CN2019/091919
Other languages
French (fr)
Chinese (zh)
Inventor
潘志祥
万振华
王颉
Original Assignee
深圳开源互联网安全技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳开源互联网安全技术有限公司 filed Critical 深圳开源互联网安全技术有限公司
Priority to CN201980097492.1A priority Critical patent/CN114127721A/en
Priority to PCT/CN2019/091919 priority patent/WO2020252698A1/en
Publication of WO2020252698A1 publication Critical patent/WO2020252698A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

A data flow tracking method and system, a storage medium, and a server, the method comprising: obtaining request data; before responding to the request data, obtaining a function needed to be called when responding to the request data; determining, on the basis of the function, whether or not to trigger execution of a data flow tracking process; and if so, executing the data flow tracking process, and performing data flow tracking on the request data. The invention can prevent introduction of a large amount of unnecessary tracking logic code and reduce memory occupation, thereby reducing performance overheads and improving the efficiency of program operations.

Description

一种数据流跟踪方法、系统、存储介质和服务器Data flow tracking method, system, storage medium and server 技术领域Technical field
本发明涉及信息安全技术领域,尤其涉及一种数据流跟踪方法、系统、存储介质和服务器。The invention relates to the technical field of information security, in particular to a data stream tracking method, system, storage medium and server.
背景技术Background technique
数据流跟踪技术是一种在信息安全领域被广泛使用的安全技术。在数据流跟踪技术中,利用污点分析可以较为准确地监控应用程序在运行过程中的信息流,例如跟踪是否有敏感数据从预设的污点源传播至预设的安全敏感操作点。污点分析现已被广泛运用于未知漏洞检测、恶意软件分析、测试用例生成等安全研究领域。Data flow tracking technology is a security technology widely used in the field of information security. In the data flow tracking technology, the use of taint analysis can more accurately monitor the information flow of the application during operation, such as tracking whether sensitive data is transmitted from the preset taint source to the preset security sensitive operation point. Stain analysis has been widely used in security research fields such as unknown vulnerability detection, malware analysis, and test case generation.
在现有技术中,如果要跟踪污点数据的行为,在具体实施过程中,插桩代码需要涉及几乎所有的数据操作,即插桩是大范围的。在此种情况下,一个正常程序的执行中会引入大量不必要的跟踪逻辑代码,占用大量的内存,导致性能开销比较大,程序运行效率降低。In the prior art, if the behavior of tainted data is to be tracked, in the specific implementation process, the instrumentation code needs to involve almost all data operations, that is, instrumentation is a wide range. In this case, a large amount of unnecessary tracking logic codes will be introduced into the execution of a normal program, occupying a large amount of memory, leading to a relatively large performance overhead and reducing the efficiency of program operation.
技术问题technical problem
本发明实施例提供了一种数据流跟踪方法、系统、存储介质和服务器,以解决现有技术中,大范围插桩使得一个正常程序的执行中会引入大量不必要的跟踪逻辑代码,占用大量的内存,导致性能开销比较大,程序运行效率降低的问题。The embodiments of the present invention provide a data flow tracking method, system, storage medium and server to solve the problem that in the prior art, large-scale instrumentation causes a large amount of unnecessary tracking logic codes to be introduced in the execution of a normal program, which takes up a lot of The memory, resulting in relatively large performance overhead, and the problem of reduced program operation efficiency.
技术解决方案Technical solutions
本申请的第一方面提供了一种数据流跟踪方法,包括:The first aspect of this application provides a data stream tracking method, including:
获取请求数据;Get request data;
在响应所述请求数据之前,获取响应所述请求数据时需调用的函数;Before responding to the request data, obtain the function to be called when responding to the request data;
基于所述响应所述请求数据时需调用的函数,确定是否触发执行数据流跟踪流程;Determine whether to trigger the execution of the data flow tracking process based on the function to be called when responding to the requested data;
若确定触发执行所述数据流跟踪流程,则执行数据流跟踪流程,对所述请求数据进行数据流跟踪。If it is determined that the execution of the data flow tracking process is triggered, the data flow tracking process is executed, and the data flow tracking is performed on the requested data.
本申请的第二方面提供了一种数据流跟踪系统,包括:The second aspect of the application provides a data stream tracking system, including:
数据获取单元,用于获取请求数据;Data acquisition unit for acquiring requested data;
函数确定单元,用于在响应所述请求数据之前,获取响应所述请求数据时需调用的函数;The function determining unit is configured to obtain the function to be called in response to the request data before responding to the request data;
数据流跟踪判断单元,用于基于所述响应所述请求数据时需调用的函数,确定是否触发执行数据流跟踪流程;The data flow tracking judgment unit is configured to determine whether to trigger the execution of the data flow tracking process based on the function to be called when responding to the requested data;
数据流跟踪单元,用于若确定触发执行所述数据流跟踪流程,则执行数据流跟踪流程,对所述请求数据进行数据流跟踪。The data flow tracking unit is configured to, if it is determined that the execution of the data flow tracking process is triggered, execute the data flow tracking process, and perform data flow tracking on the requested data.
本申请的第三方面提供了一种服务器,上述服务器包括存储器、处理器以及存储在上述存储器中并可在上述处理器上运行的计算机程序,上述处理器执行上述计算机程序时实现如下步骤:A third aspect of the present application provides a server. The server includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, and the processor implements the following steps when the processor executes the computer program:
获取请求数据;Get request data;
在响应所述请求数据之前,获取响应所述请求数据时需调用的函数;Before responding to the request data, obtain the function to be called when responding to the request data;
基于所述响应所述请求数据时需调用的函数,确定是否触发执行数据流跟踪流程;Determine whether to trigger the execution of the data flow tracking process based on the function to be called when responding to the requested data;
若确定触发执行所述数据流跟踪流程,则执行数据流跟踪流程,对所述请求数据进行数据流跟踪。If it is determined that the execution of the data flow tracking process is triggered, the data flow tracking process is executed, and the data flow tracking is performed on the requested data.
本申请的第四方面提供了一种计算机可读存储介质,上述计算机可读存储介质存储有计算机程序,上述计算机程序被处理器执行时实现如下步骤:A fourth aspect of the present application provides a computer-readable storage medium, the computer-readable storage medium stores a computer program, and the computer program is executed by a processor to implement the following steps:
获取请求数据;Get request data;
在响应所述请求数据之前,获取响应所述请求数据时需调用的函数;Before responding to the request data, obtain the function to be called when responding to the request data;
基于所述响应所述请求数据时需调用的函数,确定是否触发执行数据流跟踪流程;Determine whether to trigger the execution of the data flow tracking process based on the function to be called when responding to the requested data;
若确定触发执行所述数据流跟踪流程,则执行数据流跟踪流程,对所述请求数据进行数据流跟踪。If it is determined that the execution of the data flow tracking process is triggered, the data flow tracking process is executed, and the data flow tracking is performed on the requested data.
本申请的第五方面提供了一种计算机程序产品,上述计算机程序产品包括计算机程序,上述计算机程序被一个或多个处理器执行时实现如下步骤:The fifth aspect of the present application provides a computer program product. The computer program product includes a computer program. When the computer program is executed by one or more processors, the following steps are implemented:
获取请求数据;Get request data;
在响应所述请求数据之前,获取响应所述请求数据时需调用的函数;Before responding to the request data, obtain the function to be called when responding to the request data;
基于所述响应所述请求数据时需调用的函数,确定是否触发执行数据流跟踪流程;Determine whether to trigger the execution of the data flow tracking process based on the function to be called when responding to the requested data;
若确定触发执行所述数据流跟踪流程,则执行数据流跟踪流程,对所述请求数据进行数据流跟踪。If it is determined that the execution of the data flow tracking process is triggered, the data flow tracking process is executed, and the data flow tracking is performed on the requested data.
有益效果Beneficial effect
本发明实施例中,通过获取请求数据,在响应所述请求数据之前,获取响应所述请求数据时需调用的函数,并基于所述响应所述请求数据时需调用的函数,确定是否触发执行数据流跟踪流程,若确定触发执行所述数据流跟踪流程,才执行数据流跟踪流程,对所述请求数据进行数据流跟踪,对全部函数的调用都执行数据流跟踪流程,减少引入大量不必要的跟踪逻辑代码,减少内存的占用,从而减少性能开销,提高程序运行的效率。In the embodiment of the present invention, by acquiring request data, before responding to the request data, the function to be called in response to the request data is acquired, and based on the function to be called in response to the request data, it is determined whether to trigger execution Data flow tracking process, if it is determined that the execution of the data flow tracking process is triggered, the data flow tracking process is executed, the data flow tracking is performed on the requested data, and the data flow tracking process is executed for all function calls, reducing the introduction of a large number of unnecessary The tracking logic code reduces memory usage, thereby reducing performance overhead and improving the efficiency of program operation.
附图说明Description of the drawings
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to explain the technical solutions in the embodiments of the present invention more clearly, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only of the present invention. For some embodiments, for those of ordinary skill in the art, other drawings can be obtained from these drawings without creative labor.
图1是本发明实施例提供的数据流跟踪方法的实现流程图;FIG. 1 is an implementation flowchart of a data flow tracking method provided by an embodiment of the present invention;
图2是本发明实施例提供的一种确定是否触发执行数据跟踪流程的示意流程图;2 is a schematic flowchart of a process for determining whether to trigger execution of data tracking according to an embodiment of the present invention;
图3是本发明实施例提供的数据流跟踪系统的结构框图;Figure 3 is a structural block diagram of a data flow tracking system provided by an embodiment of the present invention;
图4是本发明实施例提供的服务器的示意图。Fig. 4 is a schematic diagram of a server provided by an embodiment of the present invention.
本发明的实施方式Embodiments of the invention
为使得本发明的发明目的、特征、优点能够更加的明显和易懂,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,下面所描述的实施例仅仅是本发明一部分实施例,而非全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。In order to make the objectives, features, and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be described clearly and completely in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the following The described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.
图1示出了本发明实施例提供的数据流跟踪方法的实现流程,该方法流程包括步骤S101至S104。各步骤的具体实现原理如下:Fig. 1 shows an implementation process of a data flow tracking method provided by an embodiment of the present invention, and the method process includes steps S101 to S104. The specific implementation principles of each step are as follows:
S101:获取请求数据。S101: Obtain request data.
在本发明实施例中,所述请求数据携带污点数据,所述污点数据是指由客户端或者前端浏览器发送的数据,也可以为另一服务器对客户端或者前端浏览器发送的数据的二次封装后发送的数据。HTTP请求中被认为是污点数据的包括:所有请求头信息,所有请求体信息,以及所有url中携带的参数信息。In the embodiment of the present invention, the request data carries tainted data. The tainted data refers to the data sent by the client or the front-end browser, and may also be the second part of the data sent by another server to the client or the front-end browser. The data sent after encapsulation. The tainted data in the HTTP request includes: all request header information, all request body information, and all parameter information carried in the URL.
S102:在响应所述请求数据之前,获取响应所述请求数据时需调用的函数。S102: Before responding to the request data, obtain a function to be called when responding to the request data.
具体地,在本发明实施例中,为响应所述请求数据,需调用与处理所述请求数据对应的函数。响应所述请求数据时需调用的函数可能有多个。Specifically, in the embodiment of the present invention, in order to respond to the request data, a function corresponding to processing the request data needs to be called. There may be multiple functions that need to be called in response to the requested data.
在本发明实施例中,预先将将可能传播污点数据的函数确定为目标函数,对所述污点函数进行插桩,插入数据流跟踪函数。在响应所述请求数据之前,获取响应所述请求数据时需调用的函数,判断该函数是否为目标函数。若该函数为目标函数,则该函数插桩有可执行数据流跟踪流程的数据流跟踪函数。In the embodiment of the present invention, a function that may propagate stain data is determined in advance as an objective function, and the stain function is instrumented to insert a data flow tracking function. Before responding to the request data, obtain the function that needs to be called when responding to the request data, and determine whether the function is the target function. If the function is the target function, the function instrumentation has a data flow tracking function that can execute the data flow tracking process.
S103:基于所述响应所述请求数据时需调用的函数,确定是否触发执行数据流跟踪流程。S103: Determine whether to trigger the execution of the data flow tracking process based on the function to be called when responding to the requested data.
上述步骤S103具体包括:基于所述响应所述请求数据时需调用的函数所属的阶段,以及所述阶段的函数对应的数据流跟踪触发条件,确定是否触发执行数据流跟踪流程。可选地,预设标记关键函数,所述关键函数为用户设定的容易发生漏洞的函数。判断所述响应所述请求数据时需调用的函数是否为关键函数,若是,则确定触发执行数据流跟踪流程。若不是,则即使所述函数插桩有数据流跟踪函数,也不触发执行数据流跟踪流程。The above step S103 specifically includes: determining whether to trigger the execution of the data flow tracking process based on the phase to which the function to be called in response to the request data belongs and the data flow tracking trigger condition corresponding to the function of the phase. Optionally, a pre-marked key function is preset, and the key function is a function prone to loopholes set by the user. It is determined whether the function to be called in response to the request data is a key function, and if so, it is determined to trigger the execution of the data flow tracking process. If not, even if the function instrumentation has a data flow tracking function, the execution of the data flow tracking process is not triggered.
可选地,因为几乎所有的函数均被插桩了,如果没有一个完整高效的控制机制,所有的方法都会陷入类似无限递归之中,类似无限递归,作为本发明的一个实施例,如图2所示,上述S103具体包括:Optionally, because almost all functions are instrumented, if there is no complete and efficient control mechanism, all methods will fall into a similar infinite recursion, similar to infinite recursion, as an embodiment of the present invention, as shown in Figure 2. As shown, the above S103 specifically includes:
A1:获取所述响应所述请求数据时调用的函数所属的阶段。A1: Obtain the stage to which the function called in response to the request data belongs.
A2:调用并执行所述函数所属的阶段对应的锁机制,所述锁机制预先存储在本地线程中,用于判断是否执行数据流跟踪流程。A2: Invoke and execute the lock mechanism corresponding to the stage to which the function belongs. The lock mechanism is pre-stored in the local thread and used to determine whether to execute the data flow tracking process.
A3:根据调用并执行所述锁机制的结果,确定是否触发执行所述数据流跟踪流程。A3: Determine whether to trigger the execution of the data flow tracking process according to the result of calling and executing the lock mechanism.
可选地,根据不同阶段的函数分别设置与阶段对应的锁机制,即属于一个阶段的函数有该阶段对应的锁机制。在本发明实施例中,响应所述请求数据时调用的函数所属的阶段包括来源阶段、传播阶段、标签阶段以及沉淀阶段,预先根据所述阶段分别建立锁机制,并以阶段特征名区别锁机制。Optionally, the lock mechanism corresponding to the stage is set according to the functions of different stages, that is, the function belonging to a stage has a lock mechanism corresponding to the stage. In the embodiment of the present invention, the stage to which the function called in response to the requested data belongs includes the source stage, the propagation stage, the label stage, and the precipitation stage. The lock mechanism is established in advance according to the stage, and the lock mechanism is distinguished by the stage feature name. .
对于来源阶段,需要确保污点数据流跟踪流程的唯一性:此来源阶段函数内部可能会调用其他来源函数,其他来源函数内部也已经被插桩,来源函数内部调用的其他来源函数如果能进入插桩逻辑中的数据流跟踪流程,则内部调用的其他来源函数也会发起一个污点跟踪流程,这样一来,同一个污点数据,会启动两个或多个污点跟踪流程。For the source phase, it is necessary to ensure the uniqueness of the tainted data flow tracking process: other source functions may be called inside the source phase function, and other source functions have been instrumented inside. If other source functions called inside the source function can be instrumented In the data flow tracking process in the logic, other source functions called internally will also initiate a taint tracking process, so that the same tainted data will start two or more taint tracking processes.
对于传播阶段,web应用程序会对用户输入的数据进行逻辑处理,这些处理过程会对数据做判断和修改操作,数据在这个过程中可能会不断进行状态变化。传播阶段是在来源阶段建立污点跟踪流程之后进入的环节,如果没有来源阶段建立的污点跟踪流程,则传播阶段不会进行相关污点数据的跟踪分析。同样的,该阶段函数内部可能存在大量的属于统一阶段的其他传播函数,运行到该阶段函数内部的同阶段其他函数时,也会尝试进入被插桩的跟踪分析逻辑,而污点跟踪分析逻辑在跟踪分析一个传播函数时,只需要关注当前传播函数处理了什么数据,处理结果的数据是什么,而不需要关心内部如何处理。内部处理的污点数据都是一个中间状态,应用程序不会对这些处于中间状态的数据做任何处理,所以,通过建立如下的锁机制,可以避免大量处于中间状态的污点数据也被跟踪起来,从而造成性能问题。传播阶段可能存在调用属于其他阶段的函数的情况。For the dissemination stage, the web application will logically process the data input by the user. These processes will make judgments and modify the data, and the data may continue to undergo state changes during this process. The dissemination stage is the link entered after the establishment of the taint tracking process in the source stage. If there is no taint tracking process established in the source stage, the tracking and analysis of related taint data will not be performed in the dissemination stage. Similarly, there may be a large number of other propagation functions belonging to the unified phase in the function at this stage. When running to other functions at the same stage inside the function at this stage, it will also try to enter the instrumented tracking analysis logic, and the taint tracking analysis logic is When tracing and analyzing a propagation function, you only need to pay attention to what data is processed by the current propagation function and what data is the result of the processing, but not how to process it internally. The internally processed tainted data is in an intermediate state, and the application will not do any processing on the intermediate state data. Therefore, by establishing the following lock mechanism, a large amount of tainted data in the intermediate state can be prevented from being tracked, thereby Cause performance problems. The propagation phase may call functions belonging to other phases.
对于标签阶段,web应用程序可能会对用户输入的数据进行一些验证以及安全处理,数据一旦进行了安全处理可能就不符合某些漏洞的上报条件,比如对数据进行HTML编码,这样如果数据直接返回到浏览器,就不会存在XSS的问题,但是web应用程序也可能在进行HTML编码操作之后又进行了HTML解码操作,这样一来,数据依然是存在XSS漏洞威胁的。因此在这一阶段需要对数据进行不同的打标签操作。具体打标签操作是在插桩逻辑中完成的。此阶段属于传播阶段的一种,但是插桩的跟踪分析逻辑不一样,在传播阶段的插桩逻辑主要负责污点持续跟踪,而标签阶段插桩逻辑主要负责给传播阶段持续跟踪的污点数据打上不同的处理标签,这些标签将在沉淀阶段作为是否存在漏洞的判断依据之一。标签阶段的锁机制和传播阶段使用相同锁机制以及对象锁,也就是说,传播阶段的锁将在标签阶段有效。For the labeling stage, the web application may perform some verification and security processing on the data entered by the user. Once the data is safely processed, it may not meet the reporting conditions of certain vulnerabilities, such as HTML encoding the data, so if the data is returned directly In the browser, there will be no XSS problem, but the web application may also perform HTML decoding after the HTML encoding operation. In this way, the data is still threatened by XSS vulnerabilities. Therefore, different labeling operations need to be performed on the data at this stage. The specific labeling operation is completed in the instrumentation logic. This stage belongs to the propagation stage, but the tracking analysis logic of the instrumentation is different. The instrumentation logic in the propagation stage is mainly responsible for the continuous tracking of taints, while the instrumentation logic in the labeling stage is mainly responsible for making different tainted data continuously tracked in the propagation stage. Processing tags, these tags will be used as one of the basis for judging whether there are loopholes in the precipitation stage. The lock mechanism in the label phase and the propagation phase use the same lock mechanism and object lock, that is, the lock in the propagation phase will be effective in the label phase.
对于沉淀阶段,进入该阶段的函数已经符合漏洞上报条件,沉淀函数如Java的PrintWriter.println(String str),将要展示的内容通过该函数打到前端之前,插桩在该函数中的代码会执行检测逻辑,判断该内容是否来自用户输入以及应用程序是否已经做了安全处理(是否有相关标签)。同样的,沉淀阶段函数有可能会调用其他沉淀阶段函数,如果不进行控制,则有可能会重复上报相同的漏洞,当前沉淀函数应该只报一个同类型漏洞。该阶段可能存在其他类型函数,但是其他类型函数的处理结果不会被分析。沉淀阶段为漏洞分析与上报阶段,该阶段内部调用的处于其他阶段的函数处理不会影响漏洞检测和上报流程,但是可能会影响下一个沉淀函数的漏洞上报,所以其调用的其他阶段处理函数不会被锁机制,而是正常进入其他阶段插桩的跟踪分析逻辑,但是其内部还是会遵循其他阶段的锁机制。For the precipitation phase, the function that enters this phase has already met the vulnerability reporting conditions. The precipitation function, such as Java PrintWriter.println(String str), will be executed before the content to be displayed is pushed to the front end through this function. The detection logic determines whether the content comes from user input and whether the application has been processed for security (whether there are related tags). Similarly, the precipitation phase function may call other precipitation phase functions. If it is not controlled, the same vulnerability may be reported repeatedly. The current precipitation function should only report one vulnerability of the same type. There may be other types of functions at this stage, but the processing results of other types of functions will not be analyzed. The precipitation phase is the vulnerability analysis and reporting phase. The function processing in other phases called internally in this phase will not affect the vulnerability detection and reporting process, but may affect the vulnerability reporting of the next precipitation function, so the processing functions in other phases called are not It will be locked, but it will normally enter the tracking analysis logic of other stages of instrumentation, but its internal will still follow the locking mechanism of other stages.
在本发明实施例中,由于每个被插装的函数是一个具有原子性的个体,一个被插桩的传播函数内部也有其他传播函数,但是数据流跟踪模块只关注这个传播函数对污点数据的处理结果,而不关心内部处理过程。因此,该传播函数应该是原子性的,其内部的传播函数不会进入数据流跟踪流程,然而,该传播函数内部的传播函数也是被插桩了的,所以要控制其内部传播函数不会进入数据流跟踪流程,设置了锁机制,通过该锁机制控制数据流跟踪流程的执行,避免对全部函数的调用都执行数据流跟踪流程,减少引入大量不必要的跟踪逻辑代码,减少内存的占用,从而减少性能开销,提高程序运行的效率。In the embodiment of the present invention, since each instrumented function is an atomic individual, there are other propagation functions inside an instrumented propagation function, but the data flow tracking module only pays attention to the effect of this propagation function on the tainted data. Deal with the results without caring about internal processing. Therefore, the propagation function should be atomic, and its internal propagation function will not enter the data flow tracking process. However, the internal propagation function of the propagation function is also instrumented, so it is necessary to control its internal propagation function not to enter The data flow tracking process is equipped with a lock mechanism, through which the execution of the data flow tracking process is controlled, avoiding the execution of the data flow tracking process for all function calls, reducing the introduction of a large number of unnecessary tracking logic codes, and reducing the memory usage. Thereby reducing performance overhead and improving the efficiency of program operation.
具体地,所述锁机制中包括锁对象,上述步骤A3的具体实现流程,详述如下:Specifically, the lock mechanism includes a lock object, and the specific implementation process of step A3 is described in detail as follows:
A31:获取执行所述锁机制时的锁对象的数值。A31: Obtain the value of the lock object when the lock mechanism is executed.
A32:根据所述锁对象的数值,确定是否触发执行所述数据流跟踪流程。具体地,若所述锁对象的数值为1,则确定需要执行所述已插入的数据流跟踪流程;若所述锁对象的数值不为1,则确定不需要执行所述已插入的数据流跟踪流程。具体地,所述锁对象的初始值为0。A32: Determine whether to trigger the execution of the data flow tracking process according to the value of the lock object. Specifically, if the value of the lock object is 1, it is determined that the inserted data flow tracking process needs to be executed; if the value of the lock object is not 1, it is determined that the inserted data flow does not need to be executed Track the process. Specifically, the initial value of the lock object is 0.
可选地,在所述对所述请求数据进行数据流跟踪的步骤之后,还包括将所述锁对象的数值初始化。Optionally, after the step of performing data flow tracking on the requested data, the method further includes initializing the value of the lock object.
在本发明实施例中,锁机制的本质是设置一个初始化为0的数字作为锁对象并存储在本地线程中,根据不同阶段的函数分别设置与阶段对应的锁机制。例如,针对来源阶段,以来源阶段特征命名以此区别是来源阶段锁对象,当程序运行进入来源阶段的函数时,当前函数中被插桩的跟踪分析逻辑函数会首先取出当前阶段函数的适用的锁对象,并将锁对象中的数值加1,然后跟踪分析逻辑会取出当前的锁对象在加1之后的数值,并根据锁对象数值判断是否进入跟踪分析逻辑,判断锁对象数值是否为1,只要不是1,就不进入后续跟踪分析逻辑。当前函数内部调用其他处于同一阶段的函数时,内部函数也会先进入内部被插桩的跟踪分析逻辑,同样的,内部函数的被插桩的跟踪分析逻辑也会对当前线程中的锁对象数值加1,接着判断加1之后的数值是不是1,如果不是1,则不进入跟踪分析逻辑。目前为止,锁机制实现了控制进入或不进入被插桩函数中的跟踪分析逻辑。但是在锁对象被重复加1之后,需要恢复到初始值(0);否则当前被插桩函数执行完成之后,后面其他所有同阶段的同类型被插桩函数都无法进入具体的跟踪分析逻辑了。具体地,在当前被插桩函数执行完成之后,被插入的跟踪分析逻辑需要取出当前锁对象,并将锁对象中的数值减1,即使是当前被插桩函数的内部函数中的被插桩的跟踪分析逻辑,也要在内部函数结束时,将锁对象数值减1,因为在进入内部函数时,跟踪分析逻辑已经将锁对象数值加1了。这样一来,当前函数内部无论调用了多少次同类型的函数,在当前函数结束后,锁对象数值都会恢复为0,之后进入下一个被插桩函数,运行着同样的锁机制。In the embodiment of the present invention, the essence of the lock mechanism is to set a number initialized to 0 as the lock object and store it in the local thread, and set the lock mechanism corresponding to the stage according to the functions of different stages. For example, for the source stage, the source stage is named after the characteristics of the source stage to distinguish it from the source stage lock object. When the program runs into the source stage function, the trace analysis logic function instrumented in the current function will first take out the applicable function of the current stage Lock the object, and add 1 to the value in the lock object, and then the tracking analysis logic will take out the value of the current lock object after adding 1, and judge whether to enter the tracking analysis logic according to the lock object value, and determine whether the lock object value is 1. As long as it is not 1, it does not enter the follow-up tracking analysis logic. When the current function calls other functions at the same stage, the internal function will first enter the internal instrumented tracking analysis logic. Similarly, the instrumented tracking analysis logic of the internal function will also affect the lock object value in the current thread. Add 1, and then determine whether the value after adding 1 is 1, if it is not 1, it does not enter the tracking analysis logic. So far, the lock mechanism implements the tracking analysis logic that controls entry or non-entry into the instrumented function. But after the lock object is repeatedly incremented by 1, it needs to be restored to the initial value (0); otherwise, after the current instrumented function is executed, all other instrumented functions of the same type at the same stage will not be able to enter the specific tracking analysis logic. . Specifically, after the execution of the currently instrumented function is completed, the inserted tracking analysis logic needs to take out the current lock object and reduce the value in the lock object by 1, even if it is the instrumented stub in the internal function of the current instrumented function In the tracking analysis logic, the value of the lock object should be reduced by 1 at the end of the internal function, because the tracking analysis logic has already increased the value of the lock object by 1 when entering the internal function. In this way, no matter how many times the same type of function is called within the current function, the lock object value will be restored to 0 after the current function ends, and then enter the next instrumented function, running the same lock mechanism.
S104:若确定需要执行所述已插入的数据流跟踪流程,则基于所述执行数据流跟踪流程,对所述请求数据进行数据流跟踪。S104: If it is determined that the inserted data flow tracking process needs to be executed, perform data flow tracking on the requested data based on the executing data flow tracking process.
在本发明实施例中,若确定需要执行所述已插入的数据流跟踪流程,则基于所述执行数据流跟踪流程,对所述请求数据进行数据流跟踪。应用程序处理完当前请求后会向前端发送响应信息,在请求响应信息返回之前,污点数据都可能反复进入来源,传播,标签和沉淀这四个阶段,直到请求响应完全结束,用于跟踪污点数据数据流跟踪才暂时停止。In the embodiment of the present invention, if it is determined that the inserted data flow tracking process needs to be executed, data flow tracking is performed on the requested data based on the executing data flow tracking process. After the application processes the current request, it will send response information to the front end. Before the request response information is returned, the tainted data may repeatedly enter the four stages of source, propagation, labeling and precipitation until the request response is completely completed, which is used to track the tainted data Data flow tracking is temporarily stopped.
本发明实施例中,通过获取请求数据,在响应所述请求数据之前,获取响应所述请求数据时需调用的函数,并基于所述响应所述请求数据时需调用的函数,确定是否触发执行数据流跟踪流程,若确定触发执行所述数据流跟踪流程,才执行数据流跟踪流程,对所述请求数据进行数据流跟踪,对全部函数的调用都执行数据流跟踪流程,减少引入大量不必要的跟踪逻辑代码,减少内存的占用,从而减少性能开销,提高程序运行的效率。In the embodiment of the present invention, by acquiring request data, before responding to the request data, the function to be called in response to the request data is acquired, and based on the function to be called in response to the request data, it is determined whether to trigger execution Data flow tracking process, if it is determined that the execution of the data flow tracking process is triggered, the data flow tracking process is executed, the data flow tracking is performed on the requested data, and the data flow tracking process is executed for all function calls, reducing the introduction of a large number of unnecessary The tracking logic code reduces memory usage, thereby reducing performance overhead and improving the efficiency of program operation.
应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本发明实施例的实施过程构成任何限定。It should be understood that the size of the sequence number of each step in the foregoing embodiment does not mean the order of execution, and the execution sequence of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiment of the present invention.
对应于上文实施例所述的数据流跟踪方法,图3示出了本申请实施例提供的数据流跟踪系统的结构框图,为了便于说明,仅示出了与本申请实施例相关的部分。Corresponding to the data flow tracking method described in the above embodiment, FIG. 3 shows a structural block diagram of a data flow tracking system provided in an embodiment of the present application. For ease of description, only parts related to the embodiment of the present application are shown.
参照图3,该数据流跟踪系统包括:数据获取单元31,函数确定单元32,数据流跟踪判断单元33,数据流跟踪单元34,其中:3, the data flow tracking system includes: a data acquisition unit 31, a function determination unit 32, a data flow tracking judgment unit 33, and a data flow tracking unit 34, wherein:
数据获取单元31,用于获取请求数据;The data acquisition unit 31 is configured to acquire requested data;
函数确定单元32,用于在响应所述请求数据之前,获取响应所述请求数据时需调用的函数;The function determining unit 32 is configured to obtain the function to be called in response to the request data before responding to the request data;
数据流跟踪判断单元33,用于基于所述响应所述请求数据时需调用的函数,确定是否触发执行数据流跟踪流程;The data flow tracking judgment unit 33 is configured to determine whether to trigger the execution of the data flow tracking process based on the function to be called when responding to the requested data;
数据流跟踪单元34,用于若确定触发执行所述数据流跟踪流程,则执行数据流跟踪流程,对所述请求数据进行数据流跟踪。The data flow tracking unit 34 is configured to, if it is determined that the execution of the data flow tracking process is triggered, execute the data flow tracking process, and perform data flow tracking on the requested data.
可选地,所述数据流跟踪判断单元33包括:Optionally, the data flow tracking and judging unit 33 includes:
阶段获取模块,用于获取所述响应所述请求数据时调用的函数所属的阶段;The phase acquisition module is used to acquire the phase to which the function called in response to the request data belongs;
锁机制调用模块,用于调用并执行所述函数所属的阶段对应的锁机制,所述锁机制预先存储在本地线程中,用于判断是否执行数据流跟踪流程;The lock mechanism calling module is used to call and execute the lock mechanism corresponding to the stage to which the function belongs, and the lock mechanism is pre-stored in the local thread for determining whether to execute the data flow tracking process;
数据流跟踪判断模块,用于根据调用并执行所述锁机制的结果,确定是否触发执行所述数据流跟踪流程。The data flow tracking judgment module is used to determine whether to trigger the execution of the data flow tracking process according to the result of calling and executing the lock mechanism.
可选地,所述锁机制中包括锁对象,所述数据流跟踪判断模块具体包括:Optionally, the lock mechanism includes a lock object, and the data flow tracking judgment module specifically includes:
数值获取子模块,用于获取执行所述锁机制时的锁对象的数值;The value acquisition sub-module is used to acquire the value of the lock object when the lock mechanism is executed;
数据流跟踪触发子模块,用于根据所述锁对象的数值,确定是否触发执行所述数据流跟踪流程。进一步地,若所述锁对象的数值为1,则确定需要执行所述已插入的数据流跟踪流程;若所述锁对象的数值不为1,则确定不需要执行所述已插入的数据流跟踪流程。The data flow tracking trigger sub-module is used to determine whether to trigger the execution of the data flow tracking process according to the value of the lock object. Further, if the value of the lock object is 1, it is determined that the inserted data flow tracking process needs to be executed; if the value of the lock object is not 1, it is determined that the inserted data flow does not need to be executed Track the process.
可选地,所述数据流跟踪判断模块还包括:Optionally, the data flow tracking and judging module further includes:
数据初始化子模块,用于在执行完所述数据流跟踪流程之后,将所述锁对象的数值初始化。The data initialization sub-module is used to initialize the value of the lock object after executing the data flow tracking process.
本发明实施例中,通过获取请求数据,在响应所述请求数据之前,获取响应所述请求数据时需调用的函数,并基于所述响应所述请求数据时需调用的函数,确定是否触发执行数据流跟踪流程,若确定触发执行所述数据流跟踪流程,才执行数据流跟踪流程,对所述请求数据进行数据流跟踪,对全部函数的调用都执行数据流跟踪流程,减少引入大量不必要的跟踪逻辑代码,减少内存的占用,从而减少性能开销,提高程序运行的效率。In the embodiment of the present invention, by acquiring request data, before responding to the request data, the function to be called in response to the request data is acquired, and based on the function to be called in response to the request data, it is determined whether to trigger execution Data flow tracking process, if it is determined that the execution of the data flow tracking process is triggered, the data flow tracking process is executed, the data flow tracking is performed on the requested data, and the data flow tracking process is executed for all function calls, reducing the introduction of a large number of unnecessary The tracking logic code reduces memory usage, thereby reducing performance overhead and improving the efficiency of program operation.
图4是本发明一实施例提供的服务器的示意图。如图4所示,该实施例的服务器4包括:处理器40、存储器41以及存储在所述存储器41中并可在所述处理器40上运行的计算机程序42,例如数据流跟踪程序。所述处理器40执行所述计算机程序42时实现上述各个数据流跟踪方法实施例中的步骤,例如图1所示的步骤101至104。或者,所述处理器40执行所述计算机程序42时实现上述各系统实施例中各模块/单元的功能,例如图3所示单元31至34的功能。Fig. 4 is a schematic diagram of a server provided by an embodiment of the present invention. As shown in FIG. 4, the server 4 in this embodiment includes a processor 40, a memory 41, and a computer program 42 stored in the memory 41 and running on the processor 40, such as a data flow tracking program. When the processor 40 executes the computer program 42, the steps in the foregoing embodiments of the data flow tracking method are implemented, such as steps 101 to 104 shown in FIG. 1. Alternatively, when the processor 40 executes the computer program 42, the functions of the modules/units in the foregoing system embodiments, such as the functions of the units 31 to 34 shown in FIG. 3, are realized.
示例性的,所述计算机程序42可以被分割成一个或多个模块/单元,所述一个或者多个模块/单元被存储在所述存储器41中,并由所述处理器40执行,以完成本发明。所述一个或多个模块/单元可以是能够完成特定功能的一系列计算机程序指令段,该指令段用于描述所述计算机程序42在所述服务器4中的执行过程。例如,所述计算机程序62可以被分割成数据获取单元、函数确定单元、数据流跟踪判断单元、数据流跟踪单元,各单元具体功能如下:Exemplarily, the computer program 42 may be divided into one or more modules/units, and the one or more modules/units are stored in the memory 41 and executed by the processor 40 to complete this invention. The one or more modules/units may be a series of computer program instruction segments capable of completing specific functions, and the instruction segments are used to describe the execution process of the computer program 42 in the server 4. For example, the computer program 62 can be divided into a data acquisition unit, a function determination unit, a data flow tracking judgment unit, and a data flow tracking unit. The specific functions of each unit are as follows:
数据获取单元,用于获取请求数据;Data acquisition unit for acquiring requested data;
函数确定单元,用于在响应所述请求数据之前,获取响应所述请求数据时需调用的函数;The function determining unit is configured to obtain the function to be called in response to the request data before responding to the request data;
数据流跟踪判断单元,用于基于所述响应所述请求数据时需调用的函数,确定是否触发执行数据流跟踪流程;The data flow tracking judgment unit is configured to determine whether to trigger the execution of the data flow tracking process based on the function to be called when responding to the requested data;
数据流跟踪单元,用于若确定触发执行所述数据流跟踪流程,则执行数据流跟踪流程,对所述请求数据进行数据流跟踪。The data flow tracking unit is configured to, if it is determined that the execution of the data flow tracking process is triggered, execute the data flow tracking process, and perform data flow tracking on the requested data.
所述服务器4可以是桌上型计算机、笔记本、掌上电脑及云端服务器等计算设备。所述服务器可包括,但不仅限于,处理器40、存储器41。本领域技术人员可以理解,图4仅仅是服务器4的示例,并不构成对服务器4的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如所述服务器还可以包括输入输出设备、网络接入设备、总线等。The server 4 may be a computing device such as a desktop computer, a notebook, a palmtop computer, and a cloud server. The server may include, but is not limited to, a processor 40 and a memory 41. Those skilled in the art can understand that FIG. 4 is only an example of the server 4, and does not constitute a limitation on the server 4. It may include more or less components than shown in the figure, or a combination of certain components, or different components, such as The server may also include input and output devices, network access devices, buses, and the like.
应当理解,在本申请实施例中,所称处理器402可以是中央处理单元(Central Processing Unit,CPU),该处理器还可以是其他通用处理器、数字信号处理器 (Digital Signal Processor,DSP)、专用集成电路 (Application Specific Integrated Circuit,ASIC)、现成可编程门阵列 (Field-Programmable Gate Array,FPGA) 或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。It should be understood that in the embodiment of the present application, the processor 402 may be a central processing unit (Central Processing Unit, CPU), which can also be other general-purpose processors, digital signal processors (Digital Signal Processors, DSPs), application-specific integrated circuits (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.
所述存储器401可以包括只读存储器和随机存取存储器,并向处理器402 提供指令和数据。存储器401的一部分或全部还可以包括非易失性随机存取存储器。例如,存储器401还可以存储设备类型的信息。The memory 401 may include a read-only memory and a random access memory, and provides instructions and data to the processor 402. A part or all of the memory 401 may also include a non-volatile random access memory. For example, the memory 401 may also store device type information.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将所述系统的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。实施例中的各功能单元、模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中,上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。另外,各功能单元、模块的具体名称也只是为了便于相互区分,并不用于限制本申请的保护范围。上述系统中单元、模块的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and conciseness of description, only the division of the above-mentioned functional units and modules is used as an example. In practical applications, the above-mentioned functions can be allocated to different functional units and modules as required. Module completion, that is, divide the internal structure of the system into different functional units or modules to complete all or part of the functions described above. The functional units and modules in the embodiments can be integrated into one processing unit, or each unit can exist alone physically, or two or more units can be integrated into one unit. The above-mentioned integrated units can be hardware-based Formal realization can also be realized in the form of software functional units. In addition, the specific names of the functional units and modules are only used to facilitate distinguishing each other, and are not used to limit the protection scope of the present application. For the specific working process of the units and modules in the foregoing system, reference may be made to the corresponding process in the foregoing method embodiment, which is not repeated here.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述或记载的部分,可以参见其它实施例的相关描述。In the above-mentioned embodiments, the description of each embodiment has its own emphasis. For parts that are not described in detail or recorded in an embodiment, reference may be made to related descriptions of other embodiments.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。A person of ordinary skill in the art may be aware that the units and algorithm steps of the examples described in combination with the embodiments disclosed herein can be implemented by electronic hardware or a combination of computer software and electronic hardware. Whether these functions are executed by hardware or software depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered as going beyond the scope of the present invention.
在本发明所提供的实施例中,应该理解到,所揭露的系统和方法,可以通过其它的方式实现。例如,以上所描述的系统实施例仅仅是示意性的,例如,所述模块或单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通讯连接可以是通过一些接口,系统或单元的间接耦合或通讯连接,可以是电性,机械或其它的形式。In the embodiments provided by the present invention, it should be understood that the disclosed system and method may be implemented in other ways. For example, the system embodiment described above is merely illustrative. For example, the division of the modules or units is only a logical function division. In actual implementation, there may be other division methods, for example, multiple units or components may be Combined or can be integrated into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, systems or units, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, the functional units in the various embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明实现上述实施例方法中的全部或部分流程,也可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一计算机可读存储介质中,该计算机程序在被处理器执行时,可实现上述各个方法实施例的步骤。其中,所述计算机程序包括计算机程序代码,所述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述计算机可读介质可以包括:能够携带所述计算机程序代码的任何实体或系统、记录介质、U盘、移动硬盘、磁碟、光盘、计算机存储器、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、电载波信号、电信信号以及软件分发介质等。需要说明的是,所述计算机可读介质包含的内容可以根据司法管辖区内立法和专利实践的要求进行适当的增减,例如在某些司法管辖区,根据立法和专利实践,计算机可读介质不包括是电载波信号和电信信号。If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium. Based on this understanding, the present invention implements all or part of the processes in the above-mentioned embodiments and methods, and can also be completed by instructing relevant hardware through a computer program. The computer program can be stored in a computer-readable storage medium. When the program is executed by the processor, the steps of the foregoing method embodiments can be implemented. Wherein, the computer program includes computer program code, and the computer program code may be in the form of source code, object code, executable file, or some intermediate forms. The computer-readable medium may include: any entity or system capable of carrying the computer program code, recording medium, U disk, mobile hard disk, magnetic disk, optical disk, computer memory, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electrical carrier signals, telecommunications signals, and software distribution media. It should be noted that the content contained in the computer-readable medium can be appropriately added or deleted according to the requirements of the legislation and patent practice in the jurisdiction. For example, in some jurisdictions, according to the legislation and patent practice, the computer-readable medium Does not include electrical carrier signals and telecommunication signals.
以上所述实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围,均应包含在本发明的保护范围之内。The above-mentioned embodiments are only used to illustrate the technical solutions of the present invention, not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that it can still implement the foregoing The technical solutions recorded in the examples are modified, or some of the technical features are equivalently replaced; these modifications or replacements do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention, and should be included in Within the protection scope of the present invention.

Claims (10)

  1. 一种数据流跟踪方法,其特征在于,包括:A data flow tracking method, characterized in that it comprises:
    获取请求数据;Get request data;
    在响应所述请求数据之前,获取响应所述请求数据时需调用的函数;Before responding to the request data, obtain the function to be called when responding to the request data;
    基于所述响应所述请求数据时需调用的函数,确定是否触发执行数据流跟踪流程;Determine whether to trigger the execution of the data flow tracking process based on the function to be called when responding to the requested data;
    若确定触发执行所述数据流跟踪流程,则数据流跟踪流程执行数据流跟踪流程,对所述请求数据进行数据流跟踪。If it is determined that the execution of the data flow tracking process is triggered, the data flow tracking process executes the data flow tracking process and performs data flow tracking on the requested data.
  2. 根据权利要求1所述的数据流跟踪方法,其特征在于,所述基于所述响应所述请求数据时需调用的函数,确定是否触发执行数据流跟踪流程数据流跟踪流程的步骤,包括:The data flow tracking method according to claim 1, wherein the step of determining whether to trigger the execution of the data flow tracking process based on the function to be called when responding to the requested data comprises:
    获取所述响应所述请求数据时调用的函数所属的阶段;Acquiring the stage to which the function called in response to the request data belongs;
    调用并执行所述函数所属的阶段对应的锁机制,所述锁机制预先存储在本地线程中,用于判断是否执行数据流跟踪流程;Calling and executing the lock mechanism corresponding to the stage to which the function belongs, the lock mechanism is stored in a local thread in advance, and is used to determine whether to execute the data flow tracking process;
    根据调用并执行所述锁机制的结果,确定是否触发执行所述数据流跟踪流程。According to the result of calling and executing the lock mechanism, it is determined whether to trigger the execution of the data flow tracking process.
  3. 根据权利要求2所述的数据流跟踪方法,其特征在于,所述锁机制中包括锁对象,所述根据调用并执行所述锁机制的结果,确定是否触发执行所述数据流跟踪流程的步骤,包括:The data flow tracking method according to claim 2, wherein the lock mechanism includes a lock object, and the step of determining whether to trigger the execution of the data flow tracking process is determined based on the result of calling and executing the lock mechanism ,include:
    获取执行所述锁机制时的锁对象的数值;Acquiring the value of the lock object when the lock mechanism is executed;
    根据所述锁对象的数值,确定是否触发执行所述数据流跟踪流程数据流跟踪流程。According to the value of the lock object, it is determined whether to trigger the execution of the data flow tracking process.
  4. 根据权利要求3所述的数据流跟踪方法,其特征在于,所述根据所述锁对象的数值,确定是否触发执行所述数据流跟踪流程数据流跟踪流程的步骤,具体包括:The data flow tracking method according to claim 3, wherein the step of determining whether to trigger execution of the data flow tracking process according to the value of the lock object specifically comprises:
    若所述锁对象的数值为1,则确定需要执行所述已插入的数据流跟踪流程;If the value of the lock object is 1, it is determined that the inserted data flow tracking process needs to be executed;
    若所述锁对象的数值不为1,则确定不需要执行所述已插入的数据流跟踪流程。If the value of the lock object is not 1, it is determined that the inserted data flow tracking process does not need to be executed.
  5. 根据权利要求3所述的数据流跟踪方法,其特征在于,所述数据流跟踪方法还包括:The data stream tracking method according to claim 3, wherein the data stream tracking method further comprises:
    在执行完所述数据流跟踪流程之后,将所述锁对象的数值初始化。After the data flow tracking process is executed, the value of the lock object is initialized.
  6. 一种数据流跟踪系统,其特征在于,所述数据流跟踪系统包括:A data flow tracking system, characterized in that, the data flow tracking system includes:
    数据获取单元,用于获取请求数据;Data acquisition unit for acquiring requested data;
    函数确定单元,用于在响应所述请求数据之前,获取响应所述请求数据时需调用的函数;The function determining unit is configured to obtain the function to be called in response to the request data before responding to the request data;
    数据流跟踪判断单元,用于基于所述响应所述请求数据时需调用的函数,确定是否触发执行数据流跟踪流程;The data flow tracking judgment unit is configured to determine whether to trigger the execution of the data flow tracking process based on the function to be called when responding to the requested data;
    数据流跟踪单元,用于若确定触发执行所述数据流跟踪流程,则执行数据流跟踪流程,对所述请求数据进行数据流跟踪。The data flow tracking unit is configured to, if it is determined that the execution of the data flow tracking process is triggered, execute the data flow tracking process, and perform data flow tracking on the requested data.
  7. 根据权利要求6所述的数据流跟踪系统,其特征在于,所述数据流跟踪判断单元包括:The data stream tracking system according to claim 6, wherein the data stream tracking and judging unit comprises:
    阶段获取模块,用于获取所述响应所述请求数据时调用的函数所属的阶段;The phase acquisition module is used to acquire the phase to which the function called in response to the request data belongs;
    锁机制调用模块,用于调用并执行所述函数所属的阶段对应的锁机制,所述锁机制预先存储在本地线程中,用于判断是否执行数据流跟踪流程;The lock mechanism calling module is used to call and execute the lock mechanism corresponding to the stage to which the function belongs, and the lock mechanism is pre-stored in the local thread for determining whether to execute the data flow tracking process;
    数据流跟踪判断模块,用于根据调用并执行所述锁机制的结果,确定是否触发执行所述数据流跟踪流程。The data flow tracking judgment module is used to determine whether to trigger the execution of the data flow tracking process according to the result of calling and executing the lock mechanism.
  8. 根据权利要求7所述的数据流跟踪系统,其特征在于,所述锁机制中包括锁对象,所述数据流跟踪判断模块具体包括:The data flow tracking system according to claim 7, wherein the lock mechanism includes a lock object, and the data flow tracking judgment module specifically includes:
    数值获取子模块,用于获取执行所述锁机制时的锁对象的数值;The value acquisition sub-module is used to acquire the value of the lock object when the lock mechanism is executed;
    数据流跟踪触发子模块,用于根据所述锁对象的数值,确定是否触发执行所述数据流跟踪流程。The data flow tracking trigger sub-module is used to determine whether to trigger the execution of the data flow tracking process according to the value of the lock object.
  9. 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1至5中任一项所述数据流跟踪方法的步骤。A computer-readable storage medium storing a computer program, wherein the computer program is executed by a processor to implement the data flow tracking method according to any one of claims 1 to 5 A step of.
  10. 一种服务器,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现如权利要求1至5中任一项所述数据流跟踪方法的步骤。A server comprising a memory, a processor, and a computer program stored in the memory and capable of running on the processor, wherein the processor executes the computer program as claimed in claims 1 to 5 The steps of any one of the data stream tracking methods.
PCT/CN2019/091919 2019-06-19 2019-06-19 Data flow tracking method and system, storage medium, and server WO2020252698A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201980097492.1A CN114127721A (en) 2019-06-19 2019-06-19 Data stream tracking method, system, storage medium and server
PCT/CN2019/091919 WO2020252698A1 (en) 2019-06-19 2019-06-19 Data flow tracking method and system, storage medium, and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/091919 WO2020252698A1 (en) 2019-06-19 2019-06-19 Data flow tracking method and system, storage medium, and server

Publications (1)

Publication Number Publication Date
WO2020252698A1 true WO2020252698A1 (en) 2020-12-24

Family

ID=74037217

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/091919 WO2020252698A1 (en) 2019-06-19 2019-06-19 Data flow tracking method and system, storage medium, and server

Country Status (2)

Country Link
CN (1) CN114127721A (en)
WO (1) WO2020252698A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113688395A (en) * 2021-07-29 2021-11-23 深圳开源互联网安全技术有限公司 Vulnerability detection method and device for web application program and computer readable storage medium
CN115277062A (en) * 2022-06-13 2022-11-01 深圳开源互联网安全技术有限公司 Malicious attack intercepting method, device and equipment and readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010134325A1 (en) * 2009-05-20 2010-11-25 日本電気株式会社 Dynamic data flow tracking method, dynamic data flow tracking program, dynamic data flow tracking device
CN103294598A (en) * 2013-05-28 2013-09-11 华为技术有限公司 Method and device for source code inspection
CN105243019A (en) * 2015-10-27 2016-01-13 北京神州绿盟信息安全科技股份有限公司 Method and apparatus for detecting python code bugs
CN107122660A (en) * 2017-03-29 2017-09-01 中国科学院信息工程研究所 A kind of Android application software user privacy information leakage detection method
CN108256338A (en) * 2018-02-27 2018-07-06 中南大学 A kind of Chrome rewritten based on extension API extends sensitive data tracking
CN109165507A (en) * 2018-07-09 2019-01-08 深圳开源互联网安全技术有限公司 Cross-site scripting attack leak detection method, device and terminal device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010134325A1 (en) * 2009-05-20 2010-11-25 日本電気株式会社 Dynamic data flow tracking method, dynamic data flow tracking program, dynamic data flow tracking device
CN103294598A (en) * 2013-05-28 2013-09-11 华为技术有限公司 Method and device for source code inspection
CN105243019A (en) * 2015-10-27 2016-01-13 北京神州绿盟信息安全科技股份有限公司 Method and apparatus for detecting python code bugs
CN107122660A (en) * 2017-03-29 2017-09-01 中国科学院信息工程研究所 A kind of Android application software user privacy information leakage detection method
CN108256338A (en) * 2018-02-27 2018-07-06 中南大学 A kind of Chrome rewritten based on extension API extends sensitive data tracking
CN109165507A (en) * 2018-07-09 2019-01-08 深圳开源互联网安全技术有限公司 Cross-site scripting attack leak detection method, device and terminal device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113688395A (en) * 2021-07-29 2021-11-23 深圳开源互联网安全技术有限公司 Vulnerability detection method and device for web application program and computer readable storage medium
CN113688395B (en) * 2021-07-29 2023-08-11 深圳开源互联网安全技术有限公司 Vulnerability detection method and device for web application program and computer readable storage medium
CN115277062A (en) * 2022-06-13 2022-11-01 深圳开源互联网安全技术有限公司 Malicious attack intercepting method, device and equipment and readable storage medium

Also Published As

Publication number Publication date
CN114127721A (en) 2022-03-01

Similar Documents

Publication Publication Date Title
RU2627107C2 (en) Code execution profiling
WO2017041657A1 (en) Application interface management method and device
US8990116B2 (en) Preventing execution of tampered application code in a computer system
CN111143087A (en) Interface calling method and device, storage medium and server
WO2020252698A1 (en) Data flow tracking method and system, storage medium, and server
US10198309B2 (en) Unexpected event detection during execution of an application
US20130282649A1 (en) Deterministic finite automation minimization
CN104866767A (en) Embedded module of novel security mechanism
CN113949560B (en) Network security identification method, device, server and storage medium
CN114297665A (en) Intelligent contract vulnerability detection method and device based on deep learning
WO2019214144A1 (en) Electronic device, major-class fund asset allocation strategy analysis method, and storage medium
CN111899018B (en) Order data processing method, device, server and storage medium
CN112632619A (en) Cross-link certificate storage method and device, terminal equipment and storage medium
WO2019223095A1 (en) Process operation monitoring method, terminal device and computer-readable storage medium
CN111176987A (en) Method and device for uniformly outputting front-end log, computer equipment and storage medium
US8898188B2 (en) String analysis based on three-valued logic
US9817670B2 (en) Framework to provide time bound execution of co-processor commands
CN110908869B (en) Application program data monitoring method, device, equipment and storage medium
CN109067726B (en) Identification method and device for station building system, electronic equipment and storage medium
CN112416916A (en) Data verification method and device, electronic equipment and readable storage medium
CN113467815A (en) Application repair method and device for hot update, terminal equipment and storage medium
CN111401020A (en) Interface loading method and system and computing equipment
CN110378117A (en) Control stream integrality detection method, apparatus and system
CN114553930B (en) System integration method, device, computer equipment and storage medium
US8429744B1 (en) Systems and methods for detecting malformed arguments in a function by hooking a generic object

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19933889

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19933889

Country of ref document: EP

Kind code of ref document: A1