Software safety code analyzer based on static analysis of source code and testing method therefor

A code analysis and software security technology, applied in software testing/debugging, etc., can solve problems such as high false positive rate, limited algorithm function, and difficulty for developers to distinguish security issues.

Inactive Publication Date: 2009-02-11
深圳北邮网络科技有限公司
View PDF6 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0013] Based on the above, the current mainstream static code analysis engines are basically based on suspicious API string matching, and some algorithms have also done a lot of work on context correlation, but in general, the shortcomings of these existing technologies are: : The functions that can be realized by each algorithm are still relatively limited
[0014] (1) Insufficiency of string matching: The rule matching technology based on string matching is currently the most common algorithm used in code analysis technology. Its main idea is to find out the corresponding code, and prompt the user
However, the false positive rate of this method is too high, and many APIs that have been tested are also considered dangerous. It is difficult for developers to distinguish where there are real security problems.
[0015] (2) Insufficiency of the current context association algorithm: some programs can achieve a certain degree of context association, such as RATS and BOON
These in-development security threats are easily exploited by hackers and not easily discovered by developers

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software safety code analyzer based on static analysis of source code and testing method therefor
  • Software safety code analyzer based on static analysis of source code and testing method therefor
  • Software safety code analyzer based on static analysis of source code and testing method therefor

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0074] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0075] see figure 1 , introduce the structural composition of the software security code analyzer SSCA based on source code static analysis technology of the present invention, mainly include following five functional modules:

[0076] 1. The code parser is responsible for lexical and grammatical analysis of the source program, and then abstracts enough information and converts it into an abstract syntax tree AST to represent, and then sends it to the code analysis engine to facilitate subsequent analysis; this module can also support Analyze project engineering files to obtain all source code information in the project;

[0077] 2. The code analysis engine is responsible for analyzing the structure and key features of the program according to the rule base, obta...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

This invention relates to one software analyzer and its test method based on source codes static analysis, wherein the analysis device comprises five function modules of code analysis device, codes analysis engine, safety risk report device, safety rules database and user interface; this invention gets programs safety risk to user according to the source program and grammar and meanings and delivers the safety leak to the user for audit and evaluation.

Description

technical field [0001] The present invention relates to a technology for detecting security loopholes in software source codes, specifically, a software security code analyzer based on source code static analysis technology and a detection method thereof, belonging to the technical field of software security in information security. Background technique [0002] At present, there are many researches on code analysis technology. The mainstream open source software includes: ITS4, BOON, CQual, MOPS, RATS, FlawFinder, etc. The following is a brief introduction to these software: [0003] ITS4: A tool for static detection of security vulnerabilities in C and C++ source code. Compared with other similar technologies, ITS4 has higher accuracy and can provide real-time feedback of detection results to developers during the programming process; at the same time, it can easily support the detection of C++ codes. ITS4 supports command line format and can run on Windows and Unix plat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36
Inventor 徐国爱张淼徐国胜梁婕陈爱国
Owner 深圳北邮网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap