Application vulnerability detection method and device based on taint analysis and medium

Application vulnerability detection method and device based on taint analysis and medium

The invention provides an application vulnerability detection method and device based on taint analysis and a medium, and the method comprises the steps: carrying out lexical and grammatical analysis processing on an original code of an application to obtain equivalent intermediate representation da...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: ZUO PENG, ZHANG CHONGMO, MEN ZHUKANG, YUE ZHEN, XU SHIQIANG, SUN HAIFENG
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention provides an application vulnerability detection method and device based on taint analysis and a medium, and the method comprises the steps: carrying out lexical and grammatical analysis processing on an original code of an application to obtain equivalent intermediate representation data; traversing the abstract syntax tree to extract a data dependency relationship and a method calling dependency relationship, and forming a propagation path tree corresponding to the application program; collecting vulnerabilities of the application program, marking the vulnerabilities as entrances of pollution data, and setting propagation rules; inputting the pollution data to the entrance, so that the pollution data is propagated along each propagation path in the propagation path tree according to a propagation rule, and obtaining an output result at the exit of each propagation path; judging whether an output result obtained at the outlet is matched with a vulnerability detection rule or not; and if yes, det