Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for detecting Java source code insecure input loophole

A source code, secure technology, applied in computer security devices, instruments, electrical digital data processing and other directions, can solve problems such as few types of security vulnerabilities, unsupported security vulnerabilities, and inability to detect security vulnerabilities.

Inactive Publication Date: 2010-08-18
牛婷芝
View PDF0 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Static code detection methods include the popular data flow analysis method and the finite state set method. Among many java static detection tools, PMD and findbugs are mainly aimed at the detection of code quality, and there are few types of security vulnerabilities involved. checkstyle cannot detect security vulnerabilities at all; jslint mainly detects according to several rules about code quality proposed in the article, common security vulnerabilities such as SQL injection, cross-site scripting, etc. cannot be supported; there are relatively mature ones in the market now Static code scanning tools such as fortify, klockwork, etc., although these software can detect a wide range of types of vulnerabilities, and the accuracy rate is relatively high, but they are mediocre in terms of vulnerability false negative rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting Java source code insecure input loophole
  • Method for detecting Java source code insecure input loophole

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] According to the detection method of the present invention, the scanning process of the above-mentioned source code is specifically as follows: first, the source code is parsed into a standard AST tree, and then data flow and control flow analysis are performed on the AST tree. If our rule is defined as the initial api is execute, Terminate the api as getParameter, then when calling the parser, the specific parsing process is as follows:

[0024] ●First search for the code with the api name execute in the data flow results, and check one by one if you find more than one

[0025] ●Analyze the parameters of execute to get the query

[0026] ●Find the call list of the variable query in the data flow result, and find the definition statement String query=”SELECT*FROM student WHERE owner=”’+userName+”’AND studentname=”’+studentName+””’;

[0027] ●Analyze the definition statement and find that the query is related to the variables userName and studentName

[0028] ●Find the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The method provides a new method for detecting Java source code security loophole caused by insecure input. The method adopts the parsing and data and control flow analysis technology and achieves the purpose of detecting different types of loopholes by calling a security analyzer through security rules. Proved by tests, the method can be used for scanning various engineering source codes developed in java language and achieves higher accuracy rate.

Description

technical field [0001] The invention is used in the field of source code static detection security loopholes, especially for detecting loopholes caused by unsafe input in source codes developed with Java language. Background technique [0002] With the rapid development and continuous growth of China's software market in the past two years, the accompanying software security issues have also attracted more and more people's attention. There are many reasons for software security problems. Due to the tight development time and heavy workload, programmers may ignore code quality and software security-related issues during the development process; at the same time, with the continuous expansion of the software market, the quality of practitioners It is also constantly declining. Because programmers themselves do not have enough understanding of information security and network security, some serious loopholes will also appear during the development process. Based on the above c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/00G06F21/56
Inventor 牛婷芝
Owner 牛婷芝
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com