Code audit method and device

Abstract

The invention discloses a code audit method comprising the steps: tracking a variable in source codes to obtain all processing nodes of the variable; determining the parent processing node and the security attribute of each processing node; respectively comparing the security attribute of each processing node with the safety attribute of the parent processing node of each processing node and determining a processing node existing security vulnerability if the security attribute of the parent processing node of the processing node is not the subset of the safety attribute of the processing node. In addition, the invention further discloses a code audit device. In the invention, with the technical scheme that the processing logic of the variable is determined if the variable has vulnerability according to the processing nodes, the accuracy of code audit can be improved, so that the safety vulnerability existing in the source codes can be truly and accurately reflected.

Description

technical field [0001] The invention relates to information security technology, in particular to a method and device for code auditing. Background technique [0002] At present, the security of the program code used by the information system directly determines the security of the information system. Security loopholes in program codes are one of the main reasons for information systems to be unstable and vulnerable to attacks. When the security holes in the program code are exploited by the attacker, the attacker can gain access to important data, resources, or processes, and use these permissions to increase, change, or delete processes or control flows in the information system, resulting in the loss of important data. Problems such as leakage and system paralysis have caused huge losses to users of the information system, and they cannot obtain safe and reliable services. [0003] In the existing technology, keyword matching is a common technical means in code audit t...

AI Technical Summary

Problems solved by technology

In addition, the determination of characteristic characters in keyword matching technology mainly relies on the analysis of security vulnerabilities that have been discovered. The determination of characteristic characters is only limited to the security vulnerabilities that have been analyzed, and cannot be applied to a wide range of applications to a large extent.

Therefore, the feature characters cannot fully reflect the characteristics of a security vulnerability, and there are often false detections and missed detections of security vulnerabilities during use.

[0004] Through a brief analysis of the existing technology, it is not difficult to conclude that because the keyword matching technology matches the characteristic characters corresponding to security vulnerabilities, in the process of actual use, false detection or missed detection often occurs, so it not only has a great impact This affects the accuracy of the code audit, and it cannot accurately reflect the security vulnerabilities in the source code.

Images