CN-115048646-B - Application program detection method and device

CN115048646BCN 115048646 BCN115048646 BCN 115048646BCN-115048646-B

Abstract

The application provides a detection method and device for an application program; the cloud technology comprises the steps of carrying out input verification detection on source codes of application programs to obtain user input and comparison content of the application programs, carrying out context content identification processing on the comparison content to obtain types of the comparison content, carrying out context condition identification processing on the user input to obtain code assignment behaviors of the user input, and determining hidden functions in the application programs based on the types of the comparison content and the code assignment behaviors of the user input. The application can accurately detect the hidden function in the application program to ensure the safety of the application program in the use process.

Inventors

GUO JING
GAN XIANG
ZHENG XING
PENG JING
LIU YU
FAN YUHE
TANG WENTAO
SHEN JUNLI

Assignees

腾讯科技（深圳）有限公司

Dates

Publication Date: 20260505
Application Date: 20210308

Claims (13)

1. A method for detecting an application, the method comprising: performing input verification detection on source codes of application programs to obtain user input and comparison contents of the application programs; Performing context content identification processing on the comparison content to obtain the type of the comparison content; performing context condition identification processing on the user input to obtain code assignment behaviors of the user input, wherein the code assignment behaviors of the user input comprise the number of logic conditions input by the user and the number of branches generated by the logic conditions; Based on the type of the comparison content and the code assignment behavior entered by the user, a hidden function in the application is determined.
2. The method of claim 1, wherein the type of comparison content comprises a hard-coded string, a confidential string; the step of performing context content identification processing on the comparison content to obtain the type of the comparison content comprises the following steps: Determining that the type of the comparison content is a confidential string when the comparison content contains a subset of specified strings, the user input is equal to a value included in the comparison content, and each value included in the comparison content corresponds to a different execution result of the application program; And when the user input is equal to the value included in the comparison content, the source of the value included in the comparison content is one, and the execution results of the application programs are identical, determining that the type of the comparison content is a hard-coded character string.
3. The method of claim 1, wherein said performing a context condition recognition process on said user input results in code assignment behavior for said user input, comprising: Determining a logical condition in the context of the user input and a number of the logical conditions; The user input is validated against each of the logical conditions to determine the number of branches generated by the logical condition.
4. The method of claim 1, wherein the determining hidden functions in the application based on the type of the comparison content and the code assignment behavior of the user input comprises: Determining an allocation mode corresponding to the code allocation behavior according to the number relation between the number of the logic conditions input by the user and the number of branches of the logic conditions; Based on the dispatch mode and the type of the comparison content, a hidden function in the application is determined.
5. The method of claim 4, wherein the step of determining the position of the first electrode is performed, The dispatch mode comprises one-to-two dispatch, many-to-two dispatch and many-to-many dispatch; The determining a hidden function in the application program based on the dispatch mode and the type of the comparison content comprises the following steps: when the allocation mode is one-to-two allocation and the type of the comparison content is a hard-coded character string, determining that a hidden function in the application program is a secret access key; When the allocation mode is a many-to-two allocation mode, the sources of the values included in the comparison content are a plurality of, and at least one of the types of the values included in the comparison content is a hard-coded character string, determining that the hidden function in the application program is a main password; when the dispatch mode is a many-to-many dispatch, the source of the value included in the comparison content is a plurality of values, and at least one of the types of the value included in the comparison content is a confidential string, determining that the hidden function in the application program is a confidential command.
6. The method according to claim 1, wherein the method further comprises: performing interface identification processing on the comparison content in the application program to obtain interface information included in a function used by the comparison content; Determining a source of a value included in the comparison content according to the interface information; wherein the comparison content comprises a value from at least one of a file operation, a database operation, a sharing module, a network request, and a broadcast.
7. The method of claim 1, wherein the performing input verification detection on the source code of the application program to obtain the user input and comparison content of the application program comprises: Creating a control flow graph of the application program based on the source code of the application program; traversing the control flow graph to determine functions used in source code of the application; Determining user input in source codes of the application program according to the corresponding relation between the function and the user input; And determining the comparison content in the source code of the application program according to the corresponding relation between the function and the comparison content.
8. The method according to claim 1, wherein the method further comprises: Performing backward slicing processing on the source code of the application program to obtain logic conditions in the context input by the user; Performing verification processing on the user input aiming at each logic condition to obtain a verification result; and when the verification result representation is not matched with any logic condition through the user input, determining that a hidden function exists in the application program.
9. The method of claim 8, wherein the back-slicing the source code of the application to obtain the logical conditions in the context of the user input comprises: acquiring target information to be tracked in the application program, and determining a slicing rule corresponding to the target information; and performing backward slicing processing on the source code of the application program according to the slicing rule to obtain logic conditions in the context of the user input corresponding to the target information.
10. An apparatus for detecting an application, the apparatus comprising: the input verification detection module is used for carrying out input verification detection on the source code of the application program to obtain user input and comparison content of the application program; The context content identification module is used for carrying out context content identification processing on the comparison content to obtain a source of the comparison content; The context content recovery module is used for carrying out context condition identification processing on the user input to obtain code assignment behaviors of the user input, wherein the code assignment behaviors of the user input comprise the number of logic conditions input by the user and the number of branches generated by the logic conditions; And the behavior discovery and verification module is used for determining hidden functions in the application program based on the source of the comparison content and the code assignment behavior input by the user.
11. An electronic device, the electronic device comprising: a memory for storing executable instructions; A processor for implementing the method for detecting an application program according to any one of claims 1 to 9 when executing executable instructions stored in said memory.
12. A computer readable storage medium storing executable instructions which, when executed by a processor, implement the method of detecting an application of any one of claims 1 to 9.
13. A computer program product comprising computer instructions which, when executed by a processor, implement the method of detecting an application as claimed in any one of claims 1 to 9.

Description

Application program detection method and device Technical Field The present application relates to computer software testing technology and cloud technology, and in particular, to a method and apparatus for detecting an application program. Background Stain analysis is a technique that tracks and analyzes the flow of stain information in a program. In vulnerability analysis, the data of interest (typically from external inputs to the program) is marked as taint data using taint analysis techniques, and then by tracking the flow of information related to the taint data, it is known whether they can affect some critical program operations, thereby mining program vulnerabilities. Related stain analysis techniques typically discover related vulnerabilities of data streams of applications by tracking security related data streams, focusing on data streams related to network communications, while related static analysis tools focus only on related vulnerabilities of applications and are not capable of applications that include hidden behaviors. Thus, there is a great security risk to the user for these applications. Therefore, an effective scheme for improving the security of the application program is lacking in the related art. Disclosure of Invention The embodiment of the application provides a detection method and device for an application program, electronic equipment and a computer readable storage medium, which can accurately detect a hidden function in the application program so as to ensure the safety of the application program in the use process. The technical scheme of the embodiment of the application is realized as follows: The embodiment of the application provides a detection method of an application program, which comprises the following steps: the method comprises the steps of performing input verification detection on source codes of application programs to obtain user input and comparison content of the application programs, performing context content identification processing on the comparison content to obtain types of the comparison content, performing context condition identification processing on the user input to obtain code assignment behaviors of the user input, and determining hidden functions in the application programs based on the types of the comparison content and the code assignment behaviors of the user input. The embodiment of the application provides a detection device for an application program, which comprises the following components: The system comprises an input verification detection module, a context content identification module, a context content restoration module and a behavior discovery and verification module, wherein the input verification detection module is used for carrying out input verification detection on a source code of an application program to obtain user input and comparison content of the application program, the context content identification module is used for carrying out context content identification processing on the comparison content to obtain the type of the comparison content, the context content restoration module is used for carrying out context condition identification processing on the user input to obtain code assignment behavior of the user input, and the behavior discovery and verification module is used for determining a hidden function in the application program based on the type of the comparison content and the code assignment behavior of the user input. In the above scheme, the type of the comparison content comprises a hard-coded character string and a confidential character string, the behavior discovery and verification module is further used for determining that the type of the comparison content is the confidential character string when the comparison content comprises a subset of specified character strings, the user input is equal to the value contained in the comparison content and the value contained in each comparison content corresponds to different execution results of the application program, and determining that the type of the comparison content is the hard-coded character string when the user input is equal to the value contained in the comparison content, the source of the value contained in the comparison content is one and the execution results of the application program are the same. In the scheme, the code dispatching behavior of the user input comprises the number of logic conditions of the user input and the number of branches generated by the logic conditions, the context content recovery module is further used for determining the logic conditions in the context of the user input and the number of the logic conditions, and verifying the user input for each logic condition to determine the number of branches generated by the logic conditions. In the above scheme, the behavior discovery and verification module is further configured to determine a dispatch mode corresponding to the code dispatch behavior acc