CN-121997332-A - Intelligent contract security detection method of distributed propulsor based on abstract syntax tree

Abstract

The invention discloses an abstract syntax tree-based intelligent contract security detection method of a distributed predictor, which relates to the technical field of intelligent contract security detection of blockchain, and comprises the steps of obtaining a source code, converting the source code into a Token stream, carrying out grammar analysis processing on the Token stream to obtain an abstract syntax tree, traversing the abstract syntax tree, identifying node types and carrying out stream analysis processing to obtain a relationship map, and carrying out pattern matching detection processing through a distributed predictor security detection rule base according to the relationship map to obtain a vulnerability detection result. The method and the system can realize the accurate detection and positioning of specific scene vulnerabilities such as data input verification, authority control, exception handling and the like in the intelligent contracts of the distributed predictors, and improve cross-platform compatibility and detection efficiency.

Inventors

• WU KEWEI
• WU YIN
• GOU XIAOGANG
• TANG QINGTAO

Assignees

• 成都卓视智通科技有限公司
• 北京卓视智通科技有限责任公司

Dates

Publication Date

20260508

Application Date

20251226

Claims (10)

1. 1. An abstract syntax tree-based intelligent contract security detection method for a distributed propulsor, which is characterized by comprising the following steps: s1, acquiring a source code, converting the source code into a Token stream, and performing syntax analysis on the Token stream to obtain an abstract syntax tree; S2, traversing the abstract syntax tree, identifying node types and executing stream analysis processing to obtain a relationship map; And S3, executing pattern matching detection processing through a distributed predictor security detection rule base according to the relation graph to obtain a vulnerability detection result.
2. 2. The method for intelligent contract security detection of a distributed predictor based on an abstract syntax tree according to claim 1, wherein, The node types comprise function statement nodes, variable definition nodes, function call nodes, condition judgment nodes, circulation control nodes, return statement nodes and expression nodes; The flow analysis processing comprises control flow tracking processing and data flow tracking processing, wherein the control flow tracking processing is used for identifying the relation between program execution path branches and confluence, and the data flow tracking processing is used for identifying flow direction transition of variable values in assignment, transmission and operation processes and parameter transmission and return value transmission chains for cross-procedure call.
3. 3. The method for intelligent contract security detection of a distributed predictor based on an abstract syntax tree according to claim 1, wherein the distributed predictor security detection rule base comprises: data input verifies the detection rule, right control detection rule and abnormal handling detection rule.
4. 4. The method for intelligent contract security detection of a distributed predictor based on an abstract syntax tree according to claim 3, Matching a signature verification function name mode to detect the existence of a data source signature verification function, and matching an input data range verification expression to detect data format validity verification logic; Matching a white list mapping table definition mode to detect a predictor node address white list mechanism, and matching a permission modifier declaration to detect function call permission modifier compliance; The exception handling detection rules include matching timeout determination and retry logic combination patterns to detect data timeout retry mechanisms and matching error code integrity to detect error code definition integrity.
5. 5. The intelligent contract safety detection system of the distributed predictor based on the abstract syntax tree is characterized by comprising an analysis module, a traversing module and a detection module; The parsing module is used for acquiring a source code, converting the source code into a Token stream, and performing syntax analysis on the Token stream to obtain an abstract syntax tree; The traversing module is used for traversing the abstract syntax tree, identifying node types and executing stream analysis processing to obtain a relationship map; and the detection module is used for executing pattern matching detection processing through the distributed predictor security detection rule base according to the relation graph to obtain a vulnerability detection result.
6. 6. The distributed propulsor intelligent contract security inspection system based on abstract syntax trees according to claim 5, wherein, The node types comprise function statement nodes, variable definition nodes, function call nodes, condition judgment nodes, circulation control nodes, return statement nodes and expression nodes; The flow analysis processing comprises control flow tracking processing and data flow tracking processing, wherein the control flow tracking processing is used for identifying the relation between program execution path branches and confluence, and the data flow tracking processing is used for identifying flow direction transition of variable values in assignment, transmission and operation processes and parameter transmission and return value transmission chains for cross-procedure call.
7. 7. The abstract syntax tree based distributed propulsor intelligent contract security checking system according to claim 5, wherein said distributed propulsor security checking rule base comprises: data input verifies the detection rule, right control detection rule and abnormal handling detection rule.
8. 8. The distributed propulsor intelligent contract security inspection system based on an abstract syntax tree according to claim 7, wherein, Matching a signature verification function name mode to detect the existence of a data source signature verification function, and matching an input data range verification expression to detect data format validity verification logic; Matching a white list mapping table definition mode to detect a predictor node address white list mechanism, and matching a permission modifier declaration to detect function call permission modifier compliance; The exception handling detection rules include matching timeout determination and retry logic combination patterns to detect data timeout retry mechanisms and matching error code integrity to detect error code definition integrity.
9. 9. A computer device comprising a processor coupled to a memory, the memory having stored therein at least one computer program that is loaded and executed by the processor to cause the computer device to implement a distributed predictor intelligent contract security detection method based on an abstract syntax tree as claimed in any of claims 1 to 4.
10. 10. A computer readable storage medium, wherein at least one computer program is stored in the computer readable storage medium, and the at least one computer program is loaded and executed by a processor, so that a computer implements a distributed propulsor intelligent contract security detection method based on an abstract syntax tree according to any one of claims 1 to 4.

Description

Intelligent contract security detection method of distributed propulsor based on abstract syntax tree Technical Field The invention relates to the technical field of intelligent contract safety detection of blockchains, in particular to a distributed predictor intelligent contract safety detection method based on an abstract syntax tree. Background With the deep application of blockchain technology, the deployment scale of intelligent synthesis in distributed predictor scenarios continues to expand. The distributed predictor intelligent contract needs to interact with an off-chain data source at high frequency, and the process faces multiple security challenges such as data integrity verification, data source validity verification, predictor node authority control, exception handling mechanism deletion and the like. In the prior art, intelligent contract vulnerability detection mainly depends on methods such as dynamic analysis, symbol execution, fuzzy test and the like. However, there are significant drawbacks to the specific scenario of a distributed predictor intelligence contract. In the first aspect, the traditional static analysis tool has the limitation of platform suitability, and takes an ethernet virtual machine bytecode analysis tool as an example, the tool depends on an instruction set of a bottom layer bytecode, cannot directly analyze an intelligent contract of an enterprise operating system written in a C language or a C++ language, has insufficient restoring capability for complex grammar characteristics such as template element programming, multiple inheritance and the like, and leads to the loss of semantic information of a high-level language. In the second aspect, the specific vulnerability detection capability of the distributed pre-predictor is lost, a data source signature verification rule is not designed for a pre-predictor data input verification link, a white list calling rule is not designed for a pre-predictor node authority management mechanism, and a timeout retry and error code completeness rule is not designed for a data exception processing flow, so that typical vulnerability failure report rates such as data source forging, node authority abuse, data timeout unprocessed and the like are at a higher level. In the third aspect, the analysis precision of the code structure is insufficient, the existing tool does not fully use the layering analysis capability of the abstract syntax tree on the function call relationship, the control flow transfer and the data flow propagation, the recognition difficulty on deep logic loopholes such as hidden unauthorized function call and overflow of the span data type in the nested call chain is high, and the deep security audit requirement before the intelligent contract deployment of the distributed pre-props machine is difficult to meet. In summary, the existing intelligent contract security detection technology has the problems of insufficient data input verification, permission control loopholes, abnormal processing defects and the like in the distributed predictor scene, and a static analysis method based on source code structure analysis is needed to realize accurate analysis and loophole detection of intelligent contracts, ensure the security and reliability of the distributed predictor in the processes of data acquisition, processing and execution, and avoid risks such as asset loss, data tampering and the like caused by loopholes. Disclosure of Invention Aiming at the defects of the prior art, the invention particularly aims at the problems of insufficient detection capability of specific loopholes such as data input verification, authority control, exception handling and the like in a distributed pre-cursor scene in intelligent contract security detection, and particularly provides an abstract syntax tree-based intelligent contract security detection method of the distributed pre-cursor, which comprises the following steps: 1) In a first aspect, the present invention provides a distributed predictor intelligent contract security detection method based on an abstract syntax tree, and the specific technical scheme is as follows: s1, acquiring a source code, converting the source code into a Token stream, and performing syntax analysis on the Token stream to obtain an abstract syntax tree; S2, traversing the abstract syntax tree, identifying node types and executing stream analysis processing to obtain a relationship map; And S3, executing pattern matching detection processing through a distributed predictor security detection rule base according to the relation graph to obtain a vulnerability detection result. The intelligent contract security detection method of the distributed prophetic machine based on the abstract syntax tree has the following beneficial effects: The source codes are obtained and converted into Token streams for grammar analysis processing, the abstract grammar tree is directly generated based on the source codes