A static detection method and apparatus for command injection vulnerabilities

CN121902168BActive Publication Date: 2026-06-30ELECTRIC POWER RES INST OF STATE GRID ZHEJIANG ELECTRIC POWER COMAPNY

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
ELECTRIC POWER RES INST OF STATE GRID ZHEJIANG ELECTRIC POWER COMAPNY
Filing Date
2026-03-25
Publication Date
2026-06-30

Smart Images

  • Figure CN121902168B_ABST
    Figure CN121902168B_ABST
Patent Text Reader

Abstract

This invention discloses a static detection method and apparatus for command injection vulnerabilities, aiming to address the shortcomings of existing Abstract Syntax Trees (ASTs) in detecting potential vulnerabilities during static analysis. The invention includes the following steps: parsing source code and generating a static single-assignment intermediate representation; locating the starting point, ending point, and secure nodes of the analysis; tracing and analyzing data flow within and between functions; and determining and generating a vulnerability report. The source code parsing includes constructing an Abstract Syntax Tree (AST) based on the source code using a compiler. The static single-assignment intermediate representation is transformed into a data flow path using an SSA (Single-Assignment Array) converter. The data flow path includes variable definition-use chains and use-definition chains, providing a precise semantic basis for subsequent data flow tracing. By converting all languages ​​to SSA-IR, the black-box state of projects collaborating on different languages ​​in static analysis can be avoided, enabling continuous tracing of variable data flow paths and thus accurately locating the command injection vulnerability.
Need to check novelty before this filing date? Find Prior Art