Supercharge Your Innovation With Domain-Expert AI Agents!

Node.js data flow tracking method and system based on IAST

A tracking system and data flow technology, applied in the direction of electrical digital data processing, instrumentation, platform integrity maintenance, etc.

Active Publication Date: 2021-06-01
SECZONE TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But at present, there is no way to track the Node.js data flow in IAST

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Node.js data flow tracking method and system based on IAST
  • Node.js data flow tracking method and system based on IAST
  • Node.js data flow tracking method and system based on IAST

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] In order to describe the technical content and structural features of the present invention in detail, further description will be given below in conjunction with specific embodiments and accompanying drawings.

[0020] An embodiment of the present invention provides an IAST-based Node.js data flow tracking method. During the security testing process of the application through the IAST test platform (Interactive Application Security Testing, interactive application security testing), Node. stage. In the input stage, the user’s input is obtained from the http request by calling some functions; in the propagation stage, if there is tainted data in the Node.js data, the tainted data will form new tainted data after passing through some functions; In the secure encoding phase, codec operations on Node.js data are implemented by calling codec functions; in the output phase, Node.js data is output by calling some functions, such as outputting Node.js data to a database or a ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a Node.js data flow tracking method and system based on IAST, which comprises the following steps of: (1) in an input stage, acquiring an http request parameter, converting the type of the parameter into a reference type, adding a self-defined stack attribute, and initializing a stack into a null array; (2) in a transmission stage, judging whether the type of the parameter is a reference type and has a self-defined stack attribute, if so, adding stack information of the current transmission stage in a null array, and if not, abandoning the stack information of the current transmission stage; (3) in a secure coding stage, converting the parameters from a reference type to a basic type; and (4) in an output stage, judging whether the parameter is a reference type and has a self-defined stack attribute, if so, judging that the tested application program has threats, and taking out stack information in all arrays. According to the invention, tracking of the Node.js data stream in the IAST process is realized. In addition, the invention also discloses a Node.js data flow tracking system and device based on the IAST and a computer readable storage medium.

Description

technical field [0001] The present invention relates to the technical field of software security testing, in particular to an IAST-based Node.js data flow tracking method, system, device and computer-readable storage medium. Background technique [0002] With the development of network technology, the number of interfaces of web applications is increasing. Node is a platform built on the Chrome JavaScript runtime to implement the construction of fast-responsive and easy-to-extend network applications. Node uses an event-driven, non-blocking I / O model. Because it is suitable for scenarios with high concurrency and intensive I / O interfaces, it has become an essential infrastructure for Web front-end development. [0003] In order to ensure the normal operation of the application, it needs to be tested before going online to avoid security threats. IAST (Interactive Application Security Testing, Interactive Application Security Testing) combines the advantages of SAST and DAS...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033Y02D30/50
Inventor 徐年生万振华王颉董燕李华
Owner SECZONE TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com