Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Vulnerability detection method, device, device and medium based on software dependency analysis

A vulnerability detection and dependency analysis technology, applied in computer security devices, instruments, computing, etc., can solve problems such as large impact range, no security test, and expanded hacker attack range, so as to improve efficiency, reduce manual intervention, and improve loopholes The effect of detection potency

Active Publication Date: 2022-07-05
CHINA ELECTRONICS TECH CYBER SECURITY CO LTD
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At the same time, when using these third-party open source dependencies, the following problems are often encountered: 1. Software developers often rarely conduct security tests on third-party open source dependencies; 2. Open source software that depends on libraries or packages Developers generally do not have a high awareness of security; 3. Open source software providers do not have extra budget for security testing; 4. Many of the main targets of hackers are these open source dependent libraries or dependent packages. As long as one is successfully attacked, the scope of influence will be big
At the same time, when many software developers maintain third-party open source dependent libraries or dependent packages, even if the dependencies are no longer applicable, they will not delete them. This will obviously expand the scope of hackers' attacks.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability detection method, device, device and medium based on software dependency analysis
  • Vulnerability detection method, device, device and medium based on software dependency analysis
  • Vulnerability detection method, device, device and medium based on software dependency analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] This embodiment provides a vulnerability detection method based on software dependency analysis, which analyzes the software dependencies (such as JAR packages, etc.) referenced in the target software and their calling functions, and uses the public vulnerability information database to query the software dependencies. The vulnerability information of the target software itself and the software dependencies are combined with the control flow graph and function call graph to determine whether the vulnerability of the software dependencies affects the target software.

[0048] like figure 1 As shown, the vulnerability detection method based on software dependency analysis in this embodiment includes:

[0049] Vulnerability information query: use the target software and its software version information to query the software dependencies associated in the vulnerability information database and the vulnerability information in the dependencies. The vulnerability information ...

Embodiment 2

[0063] This embodiment is on the basis of Embodiment 1:

[0064] This embodiment provides a vulnerability detection device based on software dependency analysis, including:

[0065] Vulnerability information query module: use the target software and its software version information to query the associated software dependencies in the vulnerability information database and the vulnerability information in the dependencies. The vulnerability information includes CVE vulnerabilities and vulnerability patch diff files in the software dependencies;

[0066] Data parsing module: parses the vulnerability patch diff file of software dependencies, confirms the specific location of the CVE vulnerability in the software dependency in the dependency code, and extracts the function calls affected by the CVE vulnerability through the source code file of the software dependency;

[0067] Vulnerability detection module: Based on the function call information generated by the data analysis mod...

Embodiment 3

[0074] This embodiment is on the basis of Embodiment 1:

[0075] This embodiment provides a computer device, including a memory and a processor, the memory stores a computer program, and the processor implements the steps of the software dependency analysis-based vulnerability detection method of Embodiment 1 when the processor executes the computer program. The computer program may be in the form of source code, object code, executable file, or some intermediate form.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a vulnerability detection method, device, equipment and medium based on software dependency analysis. The vulnerability detection method analyzes software dependencies and their calling functions referenced in target software, and uses a public vulnerability information database to query the software. The vulnerability information in the dependencies is combined with the control flow graph and the function call graph to jointly analyze the target software itself and the software dependencies to determine whether the vulnerabilities of the software dependencies affect the target software. The invention is driven by source code vulnerability detection based on software dependency analysis, comprehensively utilizes the information of the public vulnerability information base for query and derivation, obtains the third-party dependencies contained in the target software and the corresponding dependency vulnerability information, and combines the control flow Graphs, function call graphs, etc. conduct joint analysis on the target software and software dependencies, determine whether the vulnerabilities of the software dependencies have an impact on the target software, and find out the specific vulnerability points in the target software.

Description

technical field [0001] The invention relates to the technical field of electrical digital data processing, in particular to a method, device, device and medium for vulnerability detection based on software dependency analysis. Background technique [0002] In the new information environment, the scale of software is getting bigger and bigger, the complexity of software is getting higher and higher, and the third-party open source dependencies included in the software have a deeper and deeper impact on it. Third-party open source dependency libraries or dependency packages can help software developers share software development results. Reusing third-party open source software libraries or software packages enables software developers to focus on their technological innovation, accelerate the software development process, and promote the rapid development of technology. [0003] At the same time, when using these third-party open source dependencies, the following problems a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F21/572G06F2221/033
Inventor 刘杰毛得明和达韩烨饶志宏
Owner CHINA ELECTRONICS TECH CYBER SECURITY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com