Code auditing method and device, electronic equipment and medium

A code auditing and source code technology, applied in the direction of code compilation, program code conversion, multi-programming device, etc., can solve the problems of reducing software development efficiency and high false alarm rate, reducing the consumption of human resources and time resources, reducing False positive rate and the effect of improving development efficiency

Active Publication Date: 2020-09-15
BEIJING BYTEDANCE NETWORK TECH CO LTD
View PDF16 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In this method of code auditing based on regular matching, the writing of regular expressions greatly relies on existing experience, resulting in a high rate of false positives in the results of code auditing, which reduces the efficiency of software development

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Code auditing method and device, electronic equipment and medium
  • Code auditing method and device, electronic equipment and medium
  • Code auditing method and device, electronic equipment and medium

Examples

Experimental program
Comparison scheme
Effect test

specific example

[0125] As a specific example, for the following code:

[0126] imageName:=c.Param("image")

[0127] image:="xxx"+imageName

[0128] exec. Command(" / bin / bash", "-c", image)

[0129] Among them, "imageName" is a potential taint variable, "exec.Command" is a potentially dangerous function, and the security processing result can be determined based on the purification analysis function corresponding to "exec.Command" and the data flow of "imageName", that is, "imageName" to Whether security processing is performed in the propagation path of "exec.Command".

[0130]Specifically, through the code "image:="xxx"+imageName", "imageName" is propagated to "image", and through the code "exec.Command(" / bin / bash", "-c", image)", So that "image" is propagated to "exec.Command", therefore, the security processing result is that security processing is not performed in the propagation path from "imageName" to "exec.Command", so "imageName" and "exec.Command" are determined is the vulnerabil...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a code auditing method and device, electronic equipment and a medium. The method comprises the following steps: based on a source code file of a target application, determininga function call graph corresponding to the target application program, wherein the function call graph comprises a target function and a called function of the target function; and obtaining a rule file, the rule file including vulnerability feature information, the vulnerability feature information including at least one of stain variable feature information and danger function feature information, and determining vulnerability information of the source code file based on the vulnerability feature information and the function call graph. The false alarm rate is reduced, and the development efficiency is improved.

Description

technical field [0001] The present disclosure relates to the technical field of software development, and in particular, the present disclosure relates to a code audit method, device, electronic equipment and media. Background technique [0002] With the continuous development of Internet technology, informatization has been integrated into all aspects of people's lives, and more and more people are involved in the software development technology industry and programming work. In the process of software development, various security loopholes may be introduced. Some security loopholes are relatively hidden and difficult to find with traditional black-box testing. Therefore, code auditing is becoming more and more important. [0003] In the prior art, there are mainly two ways of code auditing. The first is the manual code audit method. Usually, the code volume corresponding to the application program is relatively large, and the number of application programs is large. The ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36G06F8/41G06F9/54
CPCG06F11/3608G06F8/42G06F9/547Y02D10/00
Inventor 关舒文林培胜浮瑞娟
Owner BEIJING BYTEDANCE NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap