Search

CN-122020652-A - SDK security detection method, device, apparatus, storage medium and program product

CN122020652ACN 122020652 ACN122020652 ACN 122020652ACN-122020652-A

Abstract

The embodiment of the application discloses a method, a device, equipment, a storage medium and a program product for SDK safety detection, wherein in the method, electronic equipment acquires function information of a target application program and component information of each function, the target application program is a demonstration application program generated according to an SDK to be detected, acquires traversal configuration information of each function, and traverses each function and each component of the function according to the traversal configuration information, the component information and the function information after the target application program runs to obtain a safety detection result of the SDK to be detected. According to the embodiment of the application, the function and the component of the target application program are automatically traversed according to the acquired function information, component information and traversing configuration information in the running process of the target application program, so that the automatic traversal of SDK security detection is realized, a tester does not need to manually identify a service function and manually traverse, and the detection efficiency of SDK dynamic detection is further improved.

Inventors

  • XIAO XIN
  • WU XIAOWEI
  • XU RUIZHI
  • LIN CANRONG
  • ZHOU MA
  • ZHANG TAO

Assignees

  • 华为技术有限公司

Dates

Publication Date
20260512
Application Date
20241112

Claims (11)

  1. 1. An SDK security detection method, applied to an electronic device, the method comprising: acquiring function information of a target application program and component information of each function, wherein the target application program is a demonstration application program generated according to an SDK to be detected; acquiring traversal configuration information of each function; After the target application program runs, traversing each function and each component of the function according to the traversing configuration information, the component information and the function information to obtain a security detection result of the SDK to be detected.
  2. 2. The method according to claim 1, wherein acquiring the function information of the target application and the component information of each function includes: Identifying each label interface of the target application program to obtain user interface entry information corresponding to each function and component information of each component on the user interface; wherein each of the label interfaces integrates at least one of the functions of the SDK to be detected; the function information includes the user interface entry information.
  3. 3. The method of claim 1, wherein after obtaining the traversal configuration information for each of the functions, the method further comprises: Generating a user interface traversal control tree according to the traversal configuration information and the component information; and displaying the user interface traversal control tree.
  4. 4. The method of claim 3, wherein after displaying the user interface traversal control tree, the method further comprises: Acquiring an adjustment operation aiming at the user interface traversal control tree; and responding to the adjustment operation, and obtaining the adjusted traversal configuration information.
  5. 5. The method of claim 1, wherein the traversal configuration information comprises at least one of a range of traversal elements, a precondition to trigger a functional action, and a traversal priority.
  6. 6. The method according to any one of claims 1 to 5, wherein traversing each of the functions and the components of the functions according to the traversal configuration information, the component information, and the function information, obtaining a security detection result of the SDK to be detected, comprises: Traversing each function and each component of the function according to the traversing configuration information, the component information and the function information; And in the traversal process, triggering the functions of the components according to the component information, and obtaining the security detection result by recording the behaviors of the target application program.
  7. 7. The method of claim 6, wherein obtaining the security detection result by recording behavior of the target application program comprises: and recording at least one of personal information collection behavior, authority use behavior and sensitive calling behavior of the target application program, and intercepting an authority bullet frame interface to obtain the security detection result.
  8. 8. An SDK security detection apparatus, applied to an electronic device, comprising: The information acquisition module is used for acquiring the function information of a target application program and the component information of each function, wherein the target application program is a demonstration application program generated according to the SDK to be detected; The configuration information acquisition module is used for acquiring traversal configuration information of each function; and the detection module is used for traversing each function and each component of the function according to the traversing configuration information, the component information and the function information after the target application program runs, and obtaining a security detection result of the SDK to be detected.
  9. 9. An electronic device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the method of any one of claims 1 to 7 when executing the computer program.
  10. 10. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the method according to any one of claims 1 to 7.
  11. 11. A computer program product, characterized in that the computer program product, when run on an electronic device, causes the electronic device to implement the method of any one of claims 1 to 7.

Description

SDK security detection method, device, apparatus, storage medium and program product Technical Field The present application relates to the field of software technologies, and in particular, to an SDK security detection method, an SDK security detection apparatus, an electronic device, a computer readable storage medium, and a computer program product. Background A software development kit (Software Development Kit, SDK) is a collection of documents, libraries, example code, and tools that are used to assist a developer in developing a software application. Through carrying out safety detection on the SDK, a developer can be helped to know the safety condition of the SDK, and potential safety problems can be found and processed in time. SDK security detection is the process of security analysis and evaluation of SDKs. The SDK security detection means may include static analysis and dynamic detection. Static analysis refers to scanning for code execution logic and application programming interface (Application Programming Interface, API) calls, etc. in the SDK enclosure. Dynamic detection refers to generating an Application program (App) that can be run by the SDK, and then triggering the behavior of the SDK by actually running the Application program, and monitoring the behavior of the SDK. At present, in the process of dynamically detecting the SDK, a tester is required to manually traverse the functional interface of the application program corresponding to the SDK, and the detection efficiency is quite low. Disclosure of Invention The embodiment of the application provides an SDK security detection method, an SDK security detection device, electronic equipment, a computer-readable storage medium and a computer program product, which can solve the problem of low detection efficiency of the existing SDK dynamic detection. In a first aspect, an embodiment of the present application provides a method for detecting SDK security, where an electronic device obtains function information of a target application and component information of each function, where the target application is a presentation application generated according to an SDK to be detected, obtains traversal configuration information of each function, and traverses each function and a component of the function according to the traversal configuration information, the component information, and the function information after the target application is running, to obtain a security detection result of the SDK to be detected. According to the technical scheme, in the operation process of the target application program, the function and the component of the target application program are automatically traversed according to the acquired function information, component information and traversing configuration information, so that automatic traversal of SDK safety detection is realized, a tester does not need to manually identify service functions and manually traverse, and further the detection efficiency of SDK dynamic detection is improved. In a possible implementation manner of the first aspect, acquiring function information of the target application program and component information of each function includes: Identifying each label interface of the target application program to obtain user interface entry information corresponding to each function and component information of each component on the user interface, wherein each label interface integrates at least one function of the SDK to be detected, and the function information comprises the user interface entry information. In this implementation, when the presentation application is developed according to the SDK to be detected, each tab interface is made to integrate at least one function, i.e., the design of the application interface is normalized. Therefore, the function information and the component information of the SDK to be detected can be automatically identified from each label interface, and a tester is not required to manually comb the function scene and related components of the SDK, so that the labor cost is reduced, and the detection efficiency of the dynamic detection of the SDK is improved. In a possible implementation manner of the first aspect, after obtaining the traversal configuration information of each function, the method further includes generating a user interface traversal control tree according to the traversal configuration information and the component information, and displaying the user interface traversal control tree. Thus, the traversal process can be visualized by generating and displaying the user interface traversal control tree, so that the testers can know related information such as the traversal sequence, the traversal range and the like in time. In a possible implementation manner of the first aspect, after displaying the user interface traversal control tree, the method further includes obtaining an adjustment operation for the user interface travers