32 results about "Code audit" patented technology

The invention discloses a fine-grained source code vulnerability detection method based on a graph neural network, which comprises the following steps: A, for all source codes of software, extractinga code attribute graph of a function in the source codes, and performing vectorization representation on the code attribute graph, the vectorization representation comprising vectorization representation of node attributes and graph structures; B, extracting code features by using a graph attention network, and processing all statements to obtain a final data set; and C, training a vulnerability detection model, and determining a final model through the effect on the test set. The source code vulnerability detection method provided by the invention has the advantages that the automation degreeis higher; dependence on domain expert knowledge is reduced, code auditing cost is greatly saved, code auditing efficiency is improved, grammar and semantic information in source codes are better reserved, meanwhile, vectorized representation of statements can be learned purposefully through a graph attention network, and vulnerability detection of a finer-grained statement level is achieved.

A system for meta-indexing, search, compliance, and test framework for software development is provided, comprising an indexing service configured to create a dataset by processing and indexing source code of a project provided by a developer, perform a code audit on the indexed source code, store results from the code audit in the dataset, gather additional information relating to the provided project, store the additional information in the dataset, and store the dataset into memory; and a monitoring service configured to continuously monitor the project for at least source code changes and make changes to the dataset as needed.

The invention discloses a method for performing automated security detection on an android application. The method comprises the steps of performing dex file interception on the android application through a specific android system; and then performing security detection on a source code of the android application based on a vulnerability rule base by utilizing specific findbugs. The technical scheme has the beneficial effects that code audit and vulnerability mining are fused integrally by the method, and a shelled application can be subjected to security detection; when the Android application is detected, the application does not need to be subjected to decompilation, debugging, code audit and penetration testing manually, and by utilizing the technical scheme, efficient and quick security analysis can be realized; automated security testing of massive applications can be realized; and developers are assisted to locate vulnerability key code snippets, the developers are facilitated to solve potential security hazards, and the security reinforcement efficiency of the developers is improved.

The embodiment of the invention discloses an application security auditing method and device, electronic equipment and a storage medium, and the method comprises the steps: scanning an application code, and obtaining a first code scanning result; configuring an auxiliary auditing rule for code auditing; screening the first code scanning result according to the auxiliary auditing rule to obtain a second code scanning result for manual auditing; and when a code auditing result for the second code scanning result is received, outputting the code auditing result. Therefore, the auxiliary auditingof the manual auditing is realized, the manual auditing time and a large amount of false alarms are reduced, and the application security auditing efficiency is improved.

The invention discloses a static code analyzing system and method capable of being debugged online. The method comprises four main parts of an online code managing module, a static code auditing module, an online code interpreter and a user operating interface. According to the method, a user is allowed to conduct version control on project codes through the online code managing module, the staticcode auditing module can automatically conduct safety analysis on the project codes, and possible defect codes and defects types are listed. The user can browse and edit codes on the user operating interface, and method tracing and breakpoint setting operations can be conducted on the codes on the user operating interface, so that the project defect and the repairing method can be quickly determined.

The invention provides a code auditing method and device, electronic equipment and a medium. The method comprises the following steps: based on a source code file of a target application, determininga function call graph corresponding to the target application program, wherein the function call graph comprises a target function and a called function of the target function; and obtaining a rule file, the rule file including vulnerability feature information, the vulnerability feature information including at least one of stain variable feature information and danger function feature information, and determining vulnerability information of the source code file based on the vulnerability feature information and the function call graph. The false alarm rate is reduced, and the development efficiency is improved.

An embodiment of the present invention is directed to a code audit tool that intelligently analyzes and profiles code, such as Python code, based on a variety of previously unmeasured factors and metrics including a set of software dimensions, such as Algorithmic Complexities; Software Sizing Metrics; Anti-Pattern Implementations; Maintainability Metrics; Dependency Mappings; Runtime Metrics; Testing Metrics; and Security Metrics. Once this analysis is complete, a standardized report card or other scoring interface may be generated. This may include analytical findings as well as suggestions and recommend steps so that developers can make informed decisions, enhance their code bases and improve the score assigned to their code.

The invention relates to the technical field of artificial intelligence, and provides a code auditing method and device. The code auditing method comprises the following steps: acquiring a to-be-detected first code fragment; processing the first code snippet to obtain a first code attribute graph corresponding to the first code snippet; inputting the first code attribute graph into a code auditingmodel, wherein the code auditing model is a machine learning model obtained by training based on N second code attribute graphs corresponding to N second code snippets and N third code attribute graphs corresponding to N third code snippets; wherein the second code snippets are code snippets with bugs, and the third code snippets are code snippets obtained after bugs in the second code snippets are repaired; and obtaining an output of the code auditing model to obtain a detection result of auditing the first code snippet. The invention further provides a training method and device of the codeauditing module, electronic equipment and a medium.

The invention discloses a code scanning result processing method and a device, computer equipment and a storage medium. The method comprises the steps of pulling system scanning data of a report management center in a timed task mode, and the system scanning data comprise version data and vulnerability data; performing aging verification on the version data to obtain a verification result; if theverification result is that the verification is passed, obtaining vulnerability data corresponding to the version data; performing quantitative analysis on the vulnerability data, and performing calculation to obtain a risk coefficient of the vulnerability data; if the risk coefficient is smaller than or equal to a preset coefficient threshold, generating necessary parameters of system scanning data by using PORTAL; performing code scanning on the necessary parameters in a code auditing mode, and obtaining a code scanning processing result. According to the code scanning result processing method, the comprehensive integrity of vulnerability repair can be guaranteed, and the efficiency and safety of code scanning processing result processing are improved.

The invention discloses a code auditing method for particle swarm optimization based on bubble sort. The method includes: initializing a particle swarm; testing a path and calculating a fitness function value; on the basis of using a feasible rule for constraint solution, dividing the particle swarm into feasible particles and infeasible particles, and putting the feasible particles and the infeasible particles into two vessels; retaining infeasible particles low in violation degree on the basis of the bubble sort, and putting the retained infeasible particles in the feasible particle swarm to solve the problem that a global optimal point is positioned close to a constrained boundary; finally working out a shortest path of defected codes to avoid the problem of proneness to fall into premature convergence when particle swarm optimization is applicable to code audit aiming at paths.

The invention relates to the field of code auditing, in particular to a vulnerability analysis method and device for a source code package, a terminal and a storage medium, and the method comprises the following steps: obtaining jar package information in a source code; judging an introduction mode of the jar packet according to the jar packet information; and warning the risk information of the jar packet according to a preset scheme based on the introduction mode of the jar packet. According to the method and the device, a code auditor can intuitively find the risk information hidden in the jar package of the source code, so that a developer is urged to replace or upgrade by using another jar package, and the unpredictable risk existing in the process of using the source code is reduced.

The invention relates to the field of source code auditing, in particular to a code auditing method and device, a terminal and a storage medium, a plurality of servers are provided for processing code auditing tasks, and the method comprises the steps of obtaining current to-be-processed task information; obtaining working condition information of each server; selecting a to-be-processed server according to a preset rule based on the working condition information; and sending the current task information to be processed to the server to be processed. According to the method, the multiple servers are set for code auditing at the same time, and if a new code auditing task occurs, which server is allocated to execute code auditing is determined according to the working condition information of each server, so the code auditing efficiency is improved.

A system for enforcing compliance and testing for software development, comprising an indexing service configured to create a dataset by processing and indexing source code of a project by a developer, perform a code audit on the indexed source code, store results from the code audit in the dataset, gather additional information relating to the provided project, store the additional information in the dataset, and store the dataset into memory; and a monitoring service configured to continuously monitor the project for source code changes and make changes to the dataset as needed. Further comprising an enforcement module to automatically verify code and other media related to the software development process by ensuring obligations from a rules database are met and where not able to automate the compliance check forward to an appropriate authority, receive back the manually reviewed compliance check, then produce and implement automated recommendations for compliance adherence.

The invention discloses a code auditing method and device based on a knowledge graph, is used for meeting the code auditing requirement of a distributed system, and is suitable for a multi-level and multi-granularity code auditing scene. The method comprises the steps of obtaining a to-be-audited first code segment from a source code library of a distributed system; extracting first knowledge having a logical relationship with a first entity corresponding to the first code segment from a first knowledge graph corresponding to a source code library, wherein the first knowledge comprises a second entity having a logical relationship with the first entity and a logical relationship between the first entity and the second entity; wherein the first knowledge graph is used for describing a logicrelationship between entities corresponding to different code segments included in a source code library; and generating a first audit report, wherein the first audit report is used for describing the first knowledge.

The invention discloses an automatic code auditing method, system and device and a storage medium, and the method comprises the steps: traversing a to-be-audited code package directory, and obtaininga to-be-audited code package; creating a to-be-audited code packet queue, and adding the obtained to-be-audited code packet into the to-be-audited code packet queue; calling a code auditing tool to audit the to-be-audited code packets in the to-be-audited code packet queue to generate an auditing report; and outputting the auditing report to an output directory, and uploading the auditing report to a server. According to the invention, the to-be-audited code packet is obtained by traversing the to-be-audited code packet directory, and the to-be-audited code packet queue is created, so that mistakes and omissions are avoided; automatic code auditing is achieved by calling a code auditing tool, the achieving method is simple, the cost is low, and the method is suitable for the situations that independent research and development capacity of entrepreneurship companies and small enterprises is insufficient, and budget investment is insufficient. The method can be widely applied to the technical field of information security.

The invention discloses a code auditing method and device, equipment and a computer readable storage medium. The method comprises the steps of obtaining an operation instruction for a target object ina preset code auditing system; operating the target object according to the operation instruction, and taking a preset code auditing system containing the operated target object as a target code auditing system; performing code auditing based on the target code auditing system to obtain an auditing result; wherein the type of the target object comprises a to-be-judged input set, a dangerous operation set and a safe processing operation set; wherein the types of the operation instructions comprise addition, deletion and modification. In the present application, a target object in a preset codeauditing system can be operated by means of an operation instruction; and the preset code auditing system containing the operated target object is used as the target code auditing system, so that a user can flexibly adjust the preset code auditing system according to needs, the adaptability of the code auditing system is enhanced, and the expandability of code auditing is improved.