Method, device and system for detecting the safety of terminal source codes

A source code and terminal source technology, applied in the field of Internet security, can solve problems such as low detection efficiency, high false positive and false negative rates, and crashes, and achieve the effect of reducing false positive rates and false negative rates and improving detection efficiency

Active Publication Date: 2016-10-19
中国移动通信集团陕西有限公司
View PDF4 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, Fortify and Coverity have a high rate of false positives and false negatives, low detection efficiency, and frequent crashes during the scanning process.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for detecting the safety of terminal source codes
  • Method, device and system for detecting the safety of terminal source codes
  • Method, device and system for detecting the safety of terminal source codes

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0026] Such as figure 1 As shown, it is a flow chart of the main steps of the method for detecting terminal source code security in the embodiment of the present invention. The method mainly includes the following steps:

[0027] Step S101, obtaining the source code to be detected, performing lexical and grammatical analysis on the source code to be detected, and converting the source code to be detected into a control flow chart. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method, device and system for detecting the safety of terminal source codes. The method comprises following steps: obtaining source codes to be detected, performing morphology and grammar analysis on the source codes to be detected and converting the source codes to be detected into a control flow chart; according to a preset defect rule set, extracting defect point set of the preset defect from the control chart and establishing a program dependence chart for defect point of each preset defect; traversing the program dependence chart of defect point of each preset defect, determining that when unpurified data polluted points exist in the program dependence chart, further regarding the unpurified data polluted points as potential defect points. By means of the method, automatic analysis on source codes to be detected is fulfilled to detect existing and potential safety problems of application systems; the defect analysis false report rate is effectively reduced and the detection efficiency is increased.

Description

technical field [0001] The invention relates to the field of Internet security, in particular to a method, device and system for detecting terminal source code security. Background technique [0002] There may be security flaws (loopholes) in many places in the application system software. Code review is to conduct a comprehensive inspection of the source code of the application system, so as to realize the detection of the security of the application system. Existing solutions mainly use Fortify and Coverity to analyze source code defects through source code services to ensure the legal compliance of each online code. However, Fortify and Coverity have a high rate of false positives and false negatives, low detection efficiency, and frequent crashes during scanning. Contents of the invention [0003] In order to realize the automatic analysis of the source code to be detected, discover the existing and potential security problems of the application system, effectively re...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
Inventor 苏郁成方军
Owner 中国移动通信集团陕西有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap