Search

CN-115357894-B - Application program vulnerability detection method and system with custom verification function

CN115357894BCN 115357894 BCN115357894 BCN 115357894BCN-115357894-B

Abstract

The invention discloses a method and a system for detecting the loophole of an application program with a self-defined verification function, wherein the detection method comprises the steps of inserting an application program to be detected by adopting a IAST inserting tool so as to weave loophole detection logic into the application program; the method comprises the steps of obtaining position information of a JSON analysis function return object in an application program, extracting and storing mapping relations of field names, field types and field values in the JSON object returned by JSON analysis stain data of the JSON analysis function to obtain a tracking data set, analyzing a verification function to obtain verification parameters matched with a verification rule model in the current verification function, binding the verification parameters with relevant field names in the tracking data set, marking fields bound with characteristic field parameters in the tracking data set as default safety data, and automatically filtering out vulnerability information when a field pointed by a vulnerability detection result belongs to the field bound with the verification parameters according to the method, so that false alarm and missing report are avoided, and accuracy of a detection result is ensured.

Inventors

  • LIU HAITAO
  • WAN ZHENHUA
  • WANG JIA
  • LI HUA
  • DONG YAN

Assignees

  • 深圳开源互联网安全技术有限公司

Dates

Publication Date
20260512
Application Date
20220704

Claims (8)

  1. 1. The utility model provides an application program vulnerability detection method with self-defined verification function, characterized in that, application program carries out data storage and parameter transmission based on JSON frame, and be provided with the verification function that is used for carrying out self-defined verification to the taint data of user input in the application program, the verification function regards JSON object integral data and the characteristic word that needs verification as input parameter, the detection method includes: inserting an application program to be detected by adopting IAST inserting tools so as to weave vulnerability detection logic into the application program, wherein the vulnerability detection logic carries out vulnerability detection by tracking the propagation path of taint data in the application program; Acquiring the position information of a returned object of a JSON analytic function in the current application program; After the stain data for testing enters the application program, extracting and storing the mapping relation of field names, field types and field values in the JSON objects returned by the stain data by the JSON analysis function so as to obtain a tracking data set; Analyzing the verification function to obtain verification parameters matched with a verification rule model in the current verification function; binding the verification parameters with related field names in the tracking data set; Marking a field bound with the verification parameter in the tracking data set as default security data; The method for analyzing the verification function comprises the following steps: Inserting the verification function by using IAST inserting tools, and acquiring the verification parameters from the verification parameter list of the verification function according to the preset rule of the verification function when the stain data passes through the verification function, or And calculating the verification parameters according to an empirical algorithm.
  2. 2. The method for detecting the vulnerability of the application program with the custom verification function according to claim 1, wherein the JSON parsing function in the application program is instrumented by the IAST instrumentation tool to obtain the location information of the returned object of the JSON parsing function.
  3. 3. The method for detecting the loophole of the application program with the custom verification function according to claim 2, wherein a function library comprising a plurality of JSON analysis functions with known analysis types is created, whether any JSON function in the application program exists in the function library is judged, and if yes, the JSON function is directly inserted through the IAST inserting tool; If not, deducing the JSON analysis function used as the analysis JSON object according to the parameter entering and returning values of each JSON class function in the application program.
  4. 4. An application program vulnerability detection system with a self-defined verification function is characterized in that the application program stores data and transmits parameters based on a JSON framework, and the application program is provided with the verification function for carrying out self-defined verification on stain data input by a user, wherein the verification function takes integral data of a JSON object and characteristic words to be verified as input parameters, and the detection system comprises: The vulnerability detection module is used for inserting an application program to be detected by adopting IAST inserting tools so as to weave vulnerability detection logic into the application program, and the vulnerability detection logic carries out vulnerability detection by tracking the propagation path of the taint data in the application program; the position information acquisition module is used for acquiring the position information of a JSON analysis function return object in the current application program; The data set generation module is used for extracting and storing the mapping relation of the field name, the field type and the field value in the JSON object returned by the taint data after the taint data for testing enters the application program, so as to obtain a tracking data set; the verification parameter obtaining module is used for analyzing the verification function to obtain verification parameters matched with the verification rule model in the current verification function; a binding module for binding the verification parameter with a related field name in the tracking dataset; a marking module for marking a field bound with the verification parameter in the tracking data set as default security data; The verification parameter obtaining module is used for inserting the verification function by adopting IAST inserting tools, obtaining the verification parameter from the verification parameter list position of the verification function according to the preset rule of the verification function when the stain data passes through the verification function, or calculating the verification parameter according to an empirical algorithm.
  5. 5. The system of claim 4, wherein the location information obtaining module inserts the JSON parsing function in the application program through IAST insert tool to obtain the location information of the returned object of the JSON parsing function.
  6. 6. The system for detecting vulnerabilities of an application with a customized authentication function of claim 5, wherein the location information obtaining module comprises a function library creation module, a matching module, a instrumentation module, and an inference module; The function library creation module is used for creating a function library comprising a plurality of JSON analysis functions with known analysis types; The matching module is used for matching any JSON class function in the current application program with the function in the function library so as to confirm the JSON analysis function in the application program; the inference module is used for inferring a JSON analysis function used for analyzing the JSON object according to the parameter entering and returning values of each JSON class function in the application program when the matching module confirms that any JSON class function in the current application program is not matched with the function in the function library; And the stake inserting module is used for inserting the JSON analytic function by adopting a IAST stake inserting tool.
  7. 7. An application vulnerability detection system with a custom validation function, comprising: one or more processors; a memory; And one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the programs including instructions for performing the application vulnerability detection method with the custom validation function of any one of claims 1-3.
  8. 8. A computer readable storage medium comprising a computer program executable by a processor to perform the method of application vulnerability detection with a custom validation function of any one of claims 1 to 3.

Description

Application program vulnerability detection method and system with custom verification function Technical Field The present invention relates to the field of application security detection technologies, and in particular, to a method and a system for detecting vulnerabilities of an application with a custom verification function. Background As the program scale becomes larger and the functions become more complex, the number of holes becomes larger and the damage caused by the holes becomes more serious. The common security hole is caused by that the stain data input by the user is directly entered into the sensitive function without security verification or encoding. So the IAST tools commonly found on the market are all used for judging whether the security hole exists or not through tracking the data stream propagation process of the taint data. In an actual application scene, a verification function supporting user definition is arranged in an application program to verify input data, and a field verified by the verification function is a security field, so that when vulnerability information in a vulnerability detection result points to the security field, the vulnerability information can be automatically filtered, and the detection accuracy is improved. The custom verification function is generally divided into two types, namely, verification of taint data, wherein the verification function is incorporated into a single characteristic character string (such as a logged user name and the like, a mailbox account and the like) in the taint data, and for the verification function, in an application program with a plurality of input operations, even if the plurality of input operations contain the same content, the characteristic parameters about the same field need to be respectively defined for each operation. The second kind of custom verification function is used for application programs for data storage and parameter transmission based on the JSON framework, the verification function takes integral data of the JSON object and characteristic words to be verified as input parameters, namely, after a user inputs request data, integral data of the taint data object and characteristic words to be verified (namely, taint data key) are input into the verification function, and the verification function can dynamically acquire specific fields from the taint data object by utilizing the taint data key for verification. For the first custom verification function, since the incoming verification function is a single specific field, the existing IAST tools can well identify the verified field of the verification function, thereby defining it as a security field. However, for the second custom verification function, since the whole JSON object is used as the output parameter, the IAST tool cannot identify the feature field which is currently verified, if security marking is to be performed, only the whole JSON object can be marked as security, and obviously, the accuracy of the detection result cannot be ensured, and if security marking is not performed, false alarm occurs. Disclosure of Invention The invention aims to provide the application program vulnerability detection method and the system with the custom verification function for solving the technical problems, so that characteristic fields verified by the number of experiences confirmation letter can be effectively identified in the vulnerability detection process of data storage and parameter transmission of the JSON framework, and false alarm is avoided. In order to achieve the above object, the present invention discloses an application program vulnerability detection method with a custom verification function, wherein the application program stores data and transmits parameters based on a JSON frame, and the application program is provided with the verification function for custom verifying stain data input by a user, the verification function uses integral data of a JSON object and feature words to be verified as input parameters, and the detection method comprises: inserting an application program to be detected by adopting IAST inserting tools so as to weave vulnerability detection logic into the application program, wherein the vulnerability detection logic carries out vulnerability detection by tracking the propagation path of taint data in the application program; Acquiring the position information of a returned object of a JSON analytic function in the current application program; After the stain data for testing enters the application program, extracting and storing the mapping relation of field names, field types and field values in the JSON objects returned by the stain data by the JSON analysis function so as to obtain a tracking data set; Analyzing the verification function to obtain verification parameters matched with a verification rule model in the current verification function; binding the verification parameters with related field na