Source code vulnerability detection method and device
The invention discloses a source code vulnerability detection method and device.The method comprises the steps that source codes of software are analyzed through a preset source code vulnerability analysis engine and based on a preset vulnerability rule base, and a first vulnerability detection resu...
Gespeichert in:
| Hauptverfasser: | , , , , , |
|---|---|
| Format: | Patent |
| Sprache: | chi ; eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | The invention discloses a source code vulnerability detection method and device.The method comprises the steps that source codes of software are analyzed through a preset source code vulnerability analysis engine and based on a preset vulnerability rule base, and a first vulnerability detection result is obtained; matching each vulnerability in the first vulnerability detection result with a preset misinformation vulnerability library to obtain suspected misinformation vulnerabilities in the first vulnerability detection result; for each suspected false alarm vulnerability, analyzing whether dynamic factors having direct influence on the vulnerability exist or not through a preset auxiliary manual auditing module to obtain a false alarm analysis result corresponding to each suspected false alarm vulnerability; and generating a second vulnerability detection result according to the false alarm analysis result. According to the method, the accuracy of source code vulnerability detection is improved, and compare |
|---|