32 results about "Code audit" patented technology

A system for meta-indexing, search, compliance, and test framework for software development is provided, comprising an indexing service configured to create a dataset by processing and indexing source code of a project provided by a developer, perform a code audit on the indexed source code, store results from the code audit in the dataset, gather additional information relating to the provided project, store the additional information in the dataset, and store the dataset into memory; and a monitoring service configured to continuously monitor the project for at least source code changes and make changes to the dataset as needed.

The invention discloses a method for performing automated security detection on an android application. The method comprises the steps of performing dex file interception on the android application through a specific android system; and then performing security detection on a source code of the android application based on a vulnerability rule base by utilizing specific findbugs. The technical scheme has the beneficial effects that code audit and vulnerability mining are fused integrally by the method, and a shelled application can be subjected to security detection; when the Android application is detected, the application does not need to be subjected to decompilation, debugging, code audit and penetration testing manually, and by utilizing the technical scheme, efficient and quick security analysis can be realized; automated security testing of massive applications can be realized; and developers are assisted to locate vulnerability key code snippets, the developers are facilitated to solve potential security hazards, and the security reinforcement efficiency of the developers is improved.

The embodiment of the invention discloses an application security auditing method and device, electronic equipment and a storage medium, and the method comprises the steps: scanning an application code, and obtaining a first code scanning result; configuring an auxiliary auditing rule for code auditing; screening the first code scanning result according to the auxiliary auditing rule to obtain a second code scanning result for manual auditing; and when a code auditing result for the second code scanning result is received, outputting the code auditing result. Therefore, the auxiliary auditingof the manual auditing is realized, the manual auditing time and a large amount of false alarms are reduced, and the application security auditing efficiency is improved.

The invention discloses a static code analyzing system and method capable of being debugged online. The method comprises four main parts of an online code managing module, a static code auditing module, an online code interpreter and a user operating interface. According to the method, a user is allowed to conduct version control on project codes through the online code managing module, the staticcode auditing module can automatically conduct safety analysis on the project codes, and possible defect codes and defects types are listed. The user can browse and edit codes on the user operating interface, and method tracing and breakpoint setting operations can be conducted on the codes on the user operating interface, so that the project defect and the repairing method can be quickly determined.

The invention provides a code auditing method and device, electronic equipment and a medium. The method comprises the following steps: based on a source code file of a target application, determininga function call graph corresponding to the target application program, wherein the function call graph comprises a target function and a called function of the target function; and obtaining a rule file, the rule file including vulnerability feature information, the vulnerability feature information including at least one of stain variable feature information and danger function feature information, and determining vulnerability information of the source code file based on the vulnerability feature information and the function call graph. The false alarm rate is reduced, and the development efficiency is improved.

The invention relates to the field of code auditing, in particular to a vulnerability analysis method and device for a source code package, a terminal and a storage medium, and the method comprises the following steps: obtaining jar package information in a source code; judging an introduction mode of the jar packet according to the jar packet information; and warning the risk information of the jar packet according to a preset scheme based on the introduction mode of the jar packet. According to the method and the device, a code auditor can intuitively find the risk information hidden in the jar package of the source code, so that a developer is urged to replace or upgrade by using another jar package, and the unpredictable risk existing in the process of using the source code is reduced.

The invention relates to the field of source code auditing, in particular to a code auditing method and device, a terminal and a storage medium, a plurality of servers are provided for processing code auditing tasks, and the method comprises the steps of obtaining current to-be-processed task information; obtaining working condition information of each server; selecting a to-be-processed server according to a preset rule based on the working condition information; and sending the current task information to be processed to the server to be processed. According to the method, the multiple servers are set for code auditing at the same time, and if a new code auditing task occurs, which server is allocated to execute code auditing is determined according to the working condition information of each server, so the code auditing efficiency is improved.

A system for enforcing compliance and testing for software development, comprising an indexing service configured to create a dataset by processing and indexing source code of a project by a developer, perform a code audit on the indexed source code, store results from the code audit in the dataset, gather additional information relating to the provided project, store the additional information in the dataset, and store the dataset into memory; and a monitoring service configured to continuously monitor the project for source code changes and make changes to the dataset as needed. Further comprising an enforcement module to automatically verify code and other media related to the software development process by ensuring obligations from a rules database are met and where not able to automate the compliance check forward to an appropriate authority, receive back the manually reviewed compliance check, then produce and implement automated recommendations for compliance adherence.

The invention discloses an automatic code auditing method, system and device and a storage medium, and the method comprises the steps: traversing a to-be-audited code package directory, and obtaininga to-be-audited code package; creating a to-be-audited code packet queue, and adding the obtained to-be-audited code packet into the to-be-audited code packet queue; calling a code auditing tool to audit the to-be-audited code packets in the to-be-audited code packet queue to generate an auditing report; and outputting the auditing report to an output directory, and uploading the auditing report to a server. According to the invention, the to-be-audited code packet is obtained by traversing the to-be-audited code packet directory, and the to-be-audited code packet queue is created, so that mistakes and omissions are avoided; automatic code auditing is achieved by calling a code auditing tool, the achieving method is simple, the cost is low, and the method is suitable for the situations that independent research and development capacity of entrepreneurship companies and small enterprises is insufficient, and budget investment is insufficient. The method can be widely applied to the technical field of information security.

The invention discloses a code auditing method and device, equipment and a computer readable storage medium. The method comprises the steps of obtaining an operation instruction for a target object ina preset code auditing system; operating the target object according to the operation instruction, and taking a preset code auditing system containing the operated target object as a target code auditing system; performing code auditing based on the target code auditing system to obtain an auditing result; wherein the type of the target object comprises a to-be-judged input set, a dangerous operation set and a safe processing operation set; wherein the types of the operation instructions comprise addition, deletion and modification. In the present application, a target object in a preset codeauditing system can be operated by means of an operation instruction; and the preset code auditing system containing the operated target object is used as the target code auditing system, so that a user can flexibly adjust the preset code auditing system according to needs, the adaptability of the code auditing system is enhanced, and the expandability of code auditing is improved.