Code static detection method based on abstract syntax tree

The invention discloses a code static detection method based on an abstract syntax tree. The method comprises the following steps: constructing a rule extension template for different language environments; constructing a rule bank based on the base class rules of the rule extension template; performing rule registration by adopting a registration list mechanism; nesting the rule bank into an opensource platform; and performing code scanning and analysis based on the abstract syntax tree. Customization of mainstream development language scanning rules is supported, the method can be rapidly integrated into open source software, code scanning is conducted through an automatic means, unsafe, unclear and fuzzy codes in a program are found out, defects and problems in the software or system development and design process are reduced, and the software quality is guaranteed. 本发明公开了一种基于抽象语法树的代码静态检测方法，对不同语言环境构建规则扩展模板；基于规则扩展模板的基类规则构建规则库；采用注册列表机制进行规则注册；将规则库嵌套到开源平台中；基于抽象语法树进行代码扫描与分析。本发明支持主流开发语言扫描规则的定制，可以快速集成到开源软件中，通过自动化