Code audit method and device

A technology of code auditing and source code, applied in the field of information security maintenance, can solve problems such as low efficiency of code auditing work, missed detection, difficulty in combining contextual semantics, etc.

Active Publication Date: 2020-07-07
BEIJING CHUANGXIN JOURNEY NETWORK TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In related technologies, manually auditing the source code of the program wastes human resources and the personnel engaged in code auditing need to have high code error correction capabilities, so the efficiency of code auditing is low; automated code auditing automatically checks the source code of the program, which improves The efficiency of code auditing, automatic code auditing is difficult to combine context semantics, resulting in missed detection and false detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Code audit method and device
  • Code audit method and device
  • Code audit method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0063] The principle and spirit of the present invention will be described below with reference to several exemplary embodiments. It should be understood that these embodiments are given only to enable those skilled in the art to better understand and implement the present invention, rather than to limit the scope of the present invention in any way.

[0064] It should be noted that although expressions such as "first" and "second" are used herein to describe different modules, steps, data, etc. of the embodiments of the present invention, expressions such as "first" and "second" are only for A distinction is made between different modules, steps, data, etc., without implying a particular order or degree of importance. In fact, expressions such as "first" and "second" can be used interchangeably.

[0065] Embodiments of the present invention can be applied to electronic equipment such as terminal equipment, computer systems, and servers, which can operate together with many o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention relates to the technical field of information security maintenance, and provides a code auditing method and device, and the method comprises the steps: obtaining an abstract syntax tree based on a program source code file, with the abstract syntax tree comprising nodes for representing a syntax structure of the program source code file; based on a stain database, conducting grammatical structure analysis on the nodes to obtain a symbol structure, wherein the symbol structure comprise the first symbol structure marked by stain symbols and / or the second symbol structure not marked by the stain symbols; generating a symbol table based on the symbol structure calculation, with the symbol table comprising node symbols matched with the program source code; performing stain analysis on the symbol table to obtain a stain symbol table and a stain execution path table; traversing the stain symbol table and the stain execution path table to obtain potential vulnerabilities which comprise stain symbols with stain execution paths. According to the embodiment of the invention, the codes can be audited by combining context semantics, and code auditing efficiency and accuracy are improved.

Description

technical field [0001] The invention relates to the technical field of information security maintenance, in particular to a code audit method and device. Background technique [0002] Code audit is to check the security defects in the source code, check whether there are security risks in the source code of the program, or whether there are irregularities in the coding, and check and analyze the source code of the program one by one through automated tools or manual review, and find these sources. Security vulnerabilities caused by code defects, and provide code revision measures and suggestions. Code auditing is a source code analysis aimed at discovering program errors, security holes, and violations of program specifications. [0003] In related technologies, manually auditing the source code of the program wastes human resources and the personnel engaged in code auditing need to have high code error correction capabilities, so the efficiency of code auditing is low; aut...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36
CPCG06F11/3608G06F11/3628
Inventor 王昕
Owner BEIJING CHUANGXIN JOURNEY NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap