Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Software safety code analyzer based on static analysis of source code and testing method therefor

A code analysis and software security technology, applied in software testing/debugging, etc., can solve problems such as danger, algorithm function limitations, and not easy for developers to discover

Inactive Publication Date: 2007-08-15
深圳北邮网络科技有限公司
View PDF0 Cites 239 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0013] Based on the above, the current mainstream static code analysis engines are basically based on suspicious API string matching, and some algorithms have also done a lot of work on context correlation, but in general, the shortcomings of these existing technologies are: : The functions that can be realized by each algorithm are still relatively limited
[0014] (1) Insufficiency of string matching: The rule matching technology based on string matching is currently the most common algorithm used in code analysis technology. Its main idea is to find out the corresponding code, and prompt the user
However, the false positive rate of this method is too high, and many APIs that have been tested are also considered dangerous. It is difficult for developers to distinguish where there are real security problems.
[0015] (2) Insufficiency of the current context association algorithm: some programs can achieve a certain degree of context association, such as RATS and BOON
These in-development security threats are easily exploited by hackers and not easily discovered by developers

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software safety code analyzer based on static analysis of source code and testing method therefor
  • Software safety code analyzer based on static analysis of source code and testing method therefor
  • Software safety code analyzer based on static analysis of source code and testing method therefor

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0074] In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings.

[0075] Referring to FIG. 1, the structure of the software security code analyzer SSCA based on the source code static analysis technology of the present invention is introduced, which mainly includes the following five functional modules:

[0076] 1. The code parser is responsible for lexical and grammatical analysis of the source program. Then abstract enough information and convert it into an abstract syntax tree AST to represent it, and then send it to the code analysis engine to facilitate subsequent analysis; this module can also support parsing project project files and obtain all source code information in the project;

[0077] 2. The code analysis engine is responsible for analyzing the structure and key features of the program according to the rule bas...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

This invention relates to one software analyzer and its test method based on source codes static analysis, wherein the analysis device comprises five function modules of code analysis device, codes analysis engine, safety risk report device, safety rules database and user interface; this invention gets programs safety risk to user according to the source program and grammar and meanings and delivers the safety leak to the user for audit and evaluation.

Description

technical field [0001] The invention relates to a technology for detecting security loopholes in software source codes, specifically, to a software security code analyzer based on static analysis technology of source codes and a detection method thereof, belonging to the technical field of software security in information security. Background technique [0002] At present, there are many researches on code analysis technology, and the mainstream open source software includes: ITS4, BOON, CQual, MOPS, RATS, FlawFinder, etc. The following is a brief introduction to these software: [0003] ITS4: A tool for statically detecting security vulnerabilities in C and C++ source code. Compared with other similar technologies, ITS4 has higher accuracy, and can feedback the detection results to developers in real time during the programming process; at the same time, it can easily support the detection of C++ code. ITS4 supports the command line format and can run on Windows and Unix ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F11/36
Inventor 徐国爱张淼徐国胜梁婕陈爱国
Owner 深圳北邮网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products