Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for detecting defects of Java source codes

A defect detection and source code technology, applied in the field of Java source code defect detection, can solve the problems that the detection performance cannot be improved, and the security defects of the Java source code cannot be fully and accurately detected, so as to reduce the amount of program computation and improve the detection performance. Effect

Inactive Publication Date: 2014-09-03
STATE GRID CORP OF CHINA +3
View PDF5 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, none of the above three methods can fully and accurately detect security defects in Java source code, and the detection performance cannot be improved.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting defects of Java source codes
  • Method and device for detecting defects of Java source codes
  • Method and device for detecting defects of Java source codes

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0042] The detection method and device described in the embodiments of the present invention are aimed at Java bytecodes, and are used to detect SQL injection vulnerabilities and cross-site scripting vulnerabilities in unverified input vulnerabilities of Java source codes, and generate defect reports. Embodiments of the present invention will be further described in detail below in conjunction with the accompanying drawings, as figure 1 Shown is a ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and device for detecting defects of Java source codes. The method comprises the steps of firstly performing static analysis on syllable codes of a Java source program, and generating a function call graph; generating a relation database storing the basic information of the Java source program according to the function call graph; according to a preset loophole mode, performing pointer alias analysis and taint analysis on the Java source program in a relation database inquiring mode; generating a defect report according to the taint analysis result. The method and device can comprehensively and accurately defect the safety defects of the Java source codes, meanwhile, the amount of program operation is reduced, and the detection performance is improved.

Description

technical field [0001] The invention relates to the technical field of source code static analysis, in particular to a Java source code defect detection method and device. Background technique [0002] Static security detection of source code refers to analyzing the syntax, semantics, control flow and other information of the program to verify whether the code meets security without running the code. At present, static analysis mainly includes three methods: type inference, data flow analysis and constraint analysis: [0003] 1) Type inference method: Type inference is a process whose purpose is to ensure that each operation is performed on a set of objects with the correct number and type to ensure the validity of the operation. Type inference can check for type errors, choose the appropriate operation, and determine the necessary type conversion according to the situation. [0004] 2) Data flow analysis method: Data flow analysis is a technique used at compile time. It c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
Inventor 韩丽芳崔宝江侯婷婷刘楠高昆仑
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com