Program code verification method and device

A technology of program code and code, which is applied in the field of program code review methods and devices, can solve problems such as safety problems of dangerous function systems, and achieve the effects of shortening time, improving efficiency, and improving accuracy

Active Publication Date: 2014-02-12
SIEMENS AG
View PDF9 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Dangerous functions are called when their input parameters do not meet the specifications, which will bring security problems to the system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Program code verification method and device
  • Program code verification method and device
  • Program code verification method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0069] see figure 1 , the present embodiment provides a program code review method, including the following steps:

[0070] Step 10: Scan the source code of the program, and when a functional function is scanned, determine whether the input parameter of the functional function is passed to the dangerous function defined by the vulnerability model, and whether the input parameter is passed from the functional function to the dangerous function Whether the check function defined by the vulnerability model is missing on the path;

[0071]Here, it is determined whether the check function defined by the vulnerability model is missing on the path where the input parameter of the functional function is passed from the functional function to the dangerous function. The specific implementation method may be: the path of passing the input parameter from the functional function to the dangerous function Each function on the path is compared with the check function defined by the vulnera...

Embodiment 2

[0080] see figure 2 , the present embodiment provides a program code review method, including the following steps:

[0081] Step 20: Scan the source code of the program. When a functional function is scanned, go to step 21. When a checking function is scanned, go to step 22;

[0082] Step 21: Determine whether the input parameter of the functional function is passed to the dangerous function defined by the vulnerability model, and whether the input parameter lacks the inspection function defined by the vulnerability model on the path passed from the functional function to the dangerous function; When the input parameter of the function is passed to the dangerous function defined by the vulnerability model, and the path from the functional function to the dangerous function lacks the inspection function defined by the vulnerability model, the functional function is added as a new dangerous function to in the vulnerability model and determine that a security vulnerability has ...

Embodiment 3

[0103] This embodiment provides a program code review method, including the following steps:

[0104] Step 30: read the source function defined by the superclass in the vulnerability model, find the function of the subclass of the superclass in the source code, and determine the found function as the starting point of code scanning; and / or,

[0105] Read the source function defined by the interface in the vulnerability model, find the function of the class that uses the interface in the source code, and determine the found function as the starting point of code scanning;

[0106] Step 31: Start scanning the source code of the program from the determined starting point.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a program code verification method and device using a vulnerability model. The method includes: scanning a source code of a program; when a performance function is scanned, determining whether an input parameter of the performance function is transmitted or not to a dangerous function defined by the vulnerability model and whether a path where the input parameter is transmitted from the performance function to the dangerous function lacks or not a check function defined in the vulnerability model; if the input parameter of the performance function is transmitted to the dangerous function defined by the vulnerability model and the path where the input parameter is transmitted from the performance function to the dangerous function lacks the check function defined in the vulnerability model, adding the performance function as a new dangerous function into the vulnerability model, and determining a security vulnerability detected. The vulnerability model at least includes the dangerous function of the code scanned and definition information of the check function. Through the application of the method and device, code verification is more efficient and applicable.

Description

technical field [0001] The invention relates to the field of software security, in particular to a program code audit method and device. Background technique [0002] During the software development process, the source code of the software needs to be reviewed. The purpose of code review is to detect whether there are security vulnerabilities in the source code and issue an alarm message when a security vulnerability is detected. [0003] One of the security vulnerabilities is the input validation vulnerability, which is due to the fact that the external input parameters have not passed effective security checks (that is, checking whether the input parameters meet the set specifications and correcting the input parameters when they do not meet the specifications) ) is passed to the hazard function as an input parameter of the hazard function. A dangerous function, also known as a sink, is a function that performs a specific operation based on the input parameters passed in...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033
Inventor 汪涛
Owner SIEMENS AG
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap