Source code risk analysis method and device, electronic equipment and storage medium
A risk analysis and code technology, applied in the field of information security, can solve problems such as data download, application attacks, false positives, etc., to reduce false positives, improve accuracy, and increase analysis efficiency.
Pending Publication Date: 2022-02-18
HARBIN ANTIY TECH
View PDF0 Cites 6 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0002] Due to the different technical levels and security awareness of developers, the developed code may have some potential security vulnerabilities. Attackers can find these vulnerabilities through penetration testing, resulting in applications being attacked, servers being invaded, data being downloaded, Business is affected, etc.
Existing source code risk analysis methods usually have false positives and low accuracy, so there is a need for improvement
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0048] Embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.
[0049] It should be clear that the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.
[0050] On the one hand, the embodiment of the present invention provides a source code risk analysis method, such as figure 1 As shown, the method of this embodiment may include:
[0051] Step 101: Obtain the target source code to be analyzed;
[0052] In this step, the target source code can be provided in the form of a compressed package or in the form of a remote warehouse address. For the former, the compressed package can be decompressed to obtain the target source code. For the latter, it can be copied from th...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The embodiment of the invention discloses a source code risk analysis method and device, electronic equipment and a storage medium, and relates to the technical field of information security. The method can reduce false alarms and improve accuracy and analysis efficiency. The source code risk analysis method comprises the steps of obtaining a to-be-analyzed target source code; performing environment detection on the target source code to obtain target environment detection information; detecting the target source code by using a content analyzer with a corresponding rule base according to the target environment detection information; if the vulnerability exists, detecting the target source code by using a syntactic analyzer, a stain analyzer and / or a user-defined analyzer with a corresponding rule base according to the target environment detection information; and outputting a risk analysis report.
Description
technical field [0001] The present invention relates to the technical field of information security, in particular to a source code risk analysis method, device, electronic equipment and storage medium. Background technique [0002] Due to the different technical levels and security awareness of developers, the developed code may have some potential security vulnerabilities. Attackers can find these loopholes through penetration testing, resulting in applications being attacked, servers being invaded, data being downloaded, Business is affected and so on. Existing source code risk analysis methods usually have false positives and low accuracy, so there is a need for improvement. Contents of the invention [0003] In view of this, the embodiments of the present invention provide a source code risk analysis method, device, electronic device and storage medium with high accuracy. [0004] In the first aspect, the embodiment of the present invention provides a source code ri...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06F21/56
CPCG06F21/577G06F21/563
Inventor 苟孟洛陈灵锋
Owner HARBIN ANTIY TECH