Code auditing scheme based on Java bytecode technology

A code auditing and bytecode technology, which is applied in the field of code auditing solutions based on Java bytecode technology, can solve problems such as software at risk, analysis helplessness, and inability to audit third-party package code vulnerabilities, etc.

Pending Publication Date: 2022-05-24
TIANYI ELECTRONICS COMMERCE
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] At present, most code audit solutions are implemented at the source code level, that is, complete source code is required to perform code audit. This source code-based audit solution can only audit the code in its own project, and cannot audit third-party packages. code vulnerabilities, when a widely used vulnerability is discovered, this solution will be helpless in the analysis of third-party packages in the software
In addition, programmers may bypass audit rules by changing coding styles or using certain techniques, artificially creating software loopholes, and putting software at risk

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Code auditing scheme based on Java bytecode technology
  • Code auditing scheme based on Java bytecode technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0021] like Figure 1-2 , the present invention provides a code auditing scheme based on Java bytecode technology, taking ssrf vulnerability auditing as an example:

[0022] (1) ASM bytecode analysis: write Springboot project, custom interface SSRFService, which contains 4 methods: ssrf1, ssrf2, ssrf3, ssrf4, rewrite these 4 methods in the implementation class, where ssrf1 uses URL.openConnection () method (this method will lead to ssrf vulnerability), and the other three methods are implemented by methods that do not contain ssrf vulnerability. Package the project to generate a Jar package. Use ASM to analyze the bytecode to get all the method information, class information, and inheritance relationship. The inheritance relationship indicates which parent classes and implemented interfaces the class has.

[0023] (2) Obtain the call relationship: Use ASM to traverse the class files (bytecodes) in the Jar package, record the traversed methods and which sub-methods are calle...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a code auditing scheme based on a Java bytecode technology, which is simple as follows: scanning bytecodes in a Jar packet or a War packet through ASM to obtain a method calling relationship in the packet, and calling a child method by a parent method; performing inverse topological sorting on the method calling relationship to generate a directed acyclic graph (TAG) of the method relationship; analyzing the relationship between the return value of each method and the parameters, and performing stain marking on the parameters; analyzing whether the parameters of the child method are influenced by the parameters of the parent method or not, and obtaining a taint transmission relation; and finally, searching the whole method calling relation graph according to an input entry and a vulnerability method provided by a user, and finding out a method calling chain from the input entry to the vulnerability method.

Description

technical field [0001] The invention relates to the field of IT and software development, in particular to a code auditing scheme based on Java bytecode technology. Background technique [0002] At present, most code audit solutions are implemented at the source code level, that is, complete source code is required to perform code audit. This source code-based audit solution can only audit the code in its own project, and cannot audit third-party packages. code loopholes, when a widely used loophole is discovered, this solution will be helpless in the analysis of third-party packages in the software. In addition, programmers may bypass audit rules by changing coding styles or using certain techniques, artificially creating software loopholes, and putting software at risk. Contents of the invention [0003] The technical problem to be solved by the present invention is to overcome the defects of the prior art and provide a code auditing scheme based on Java bytecode techno...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06F8/75G06F8/41G06T11/20G06T11/40
CPCG06F21/577G06F8/75G06F8/42G06F2221/033G06T11/206G06T11/40
Inventor 郑振宇王振张氣箔张坤洋
Owner TIANYI ELECTRONICS COMMERCE
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap