CN120408627A

CN120408627A - SDK dynamic security compliance detection method, device, equipment and storage medium

Info

Publication number: CN120408627A
Application number: CN202510269011.8A
Authority: CN
Inventors: 龙超
Original assignee: Shenzhen Hexun Huagu Information Technology Co ltd
Current assignee: Shenzhen Hexun Huagu Information Technology Co ltd
Priority date: 2025-03-07
Filing date: 2025-03-07
Publication date: 2025-08-01

Abstract

The present application relates to an SDK dynamic security compliance detection method, which includes: obtaining a file to be detected; performing a file integrity check on the file to be detected, and assigning a unique identifier to the file to be detected when the file to be detected passes the integrity check; creating a detection task for the file to be detected based on the unique identifier, and sending the detection task to a detection engine; calling a static detection module through the detection engine to perform static detection on the file to be detected and obtain a static detection result; sending the detection task to a dynamic detection device through the detection engine, so that the dynamic detection device dynamically detects the file to be detected according to the detection task; receiving the dynamic detection result from the dynamic detection device; and generating a detection report based on the static detection result and the dynamic detection result.

Description

SDK dynamic safety compliance detection method, device, equipment and storage medium

Technical Field

The present application relates to the field of security detection technologies, and in particular, to a method, an apparatus, a device, and a storage medium for detecting dynamic security compliance of an SDK.

Background

With the rapid development of mobile internet and smart phone applications, the importance of security and compliance by the software development industry has reached an unprecedented level. User privacy and data protection have become central concerns for businesses, particularly in applications involving the processing of sensitive information (e.g., personal identification information, financial data, etc.). In the face of ever-updated laws and regulations (e.g., general Data Protection Regulations (GDPR), california consumer privacy laws (CCPA), etc.), businesses must ensure that the third party SDKs (software development kits) they use meet stringent security and compliance standards. This need has spawned an urgent need for efficient and reliable compliance detection methods to ensure that businesses remain compliant and protect user data in rapidly changing regulatory environments.

In the related art, safety compliance detection relies on static analysis tools or manual inspection. However, these methods have limitations in that static analysis is difficult to capture security vulnerabilities at run time, manual inspection is time consuming and laborious, is prone to negligence, and is inflexible enough to provide real-time monitoring and feedback in the face of rapidly changing compliance requirements.

Therefore, it is necessary to provide a method, a device, an apparatus and a storage medium for detecting dynamic security compliance of an SDK.

Disclosure of Invention

The application provides a method, a device and a storage medium for detecting dynamic safety compliance of an SDK (software development kit), which can monitor the behavior of the SDK in real time during the running of software and rapidly identify potential safety hazards and compliance risks. The method can adapt to the latest compliance requirement through continuous learning and detection mode updating, thereby remarkably improving the safety and the compliance detection efficiency of the SDK.

In a first aspect, the present application provides a method for detecting dynamic security compliance of an SDK, the method comprising:

Acquiring a file to be detected;

Performing file integrity check on the file to be detected, and distributing a unique identifier for the file to be detected when the file to be detected passes the integrity check;

Creating a detection task of the file to be detected based on the unique identifier, and sending the detection task to a detection engine;

invoking a static detection module through the detection engine to carry out static detection on the file to be detected, and obtaining a static detection result;

the detection task is sent to dynamic detection equipment through the detection engine, so that the file to be detected is dynamically detected through the dynamic detection equipment according to the detection task;

receiving a dynamic detection result from the dynamic detection device;

And generating a detection report based on the static detection result and the dynamic detection result, wherein the detection report comprises one or more of an SDK safety compliance detection conclusion, a detected problem and a problem processing suggestion of the file to be detected.

In some embodiments, the performing file integrity check on the file to be detected includes:

carrying out hash calculation on the file to be detected to obtain a hash value;

judging whether the hash value is consistent with the hash value of the original file or not;

If yes, determining that the file to be detected passes the integrity check.

In some embodiments, the invoking, by the detection engine, the static detection module to perform static detection on the file to be detected, to obtain a static detection result includes:

Extracting source codes and resource files of the files to be detected through the static detection module;

performing code structure analysis based on the source code and the resource file to obtain a code structure detection result;

Performing security vulnerability detection based on the source code and the resource file to obtain a security vulnerability detection result;

And determining a static detection result based on the code structure detection result and the security hole detection result, wherein the static detection result comprises the detected problem holes and the problem hole severity rating score.

In some embodiments, the dynamically detecting, by the dynamic detecting device, the file to be detected according to the detection task includes:

the file to be detected is deployed in the dynamic detection equipment, and the application to be detected is determined;

Controlling the dynamic detection equipment to run a detection program through an API (application program interface) by using the detection engine;

monitoring the running condition of the application to be detected by using the detection program, and collecting running data;

and carrying out anomaly identification based on the operation data, and determining the dynamic detection result according to the anomaly identification result, wherein the dynamic detection result comprises the detected quantity of abnormal behaviors and the detected quantity of data stream leakage.

In some embodiments, the method further comprises:

Based on the static detection result and the dynamic detection result, carrying out comprehensive evaluation through a weighted decision model to obtain a comprehensive detection report, wherein the comprehensive detection report comprises a score of each detection dimension, a comprehensive detection score and recommended measures;

and displaying the comprehensive detection report by means of a visual analysis chart.

In some embodiments, the method further comprises:

Receiving feedback advice of a user on the comprehensive detection report;

And optimizing the detection flow based on the feedback suggestion, wherein the optimization mode comprises optimizing at least one of a method for executing static detection and a method for executing dynamic detection.

In some embodiments, the comprehensively evaluating through a weighted decision model based on the static detection result and the dynamic detection result to obtain a comprehensive detection report includes:

determining the composite detection score based on the static detection result and the dynamic detection result by a weighted decision model comprising:

Wherein, S is a comprehensive detection score, W ₁ is a weight coefficient of static detection, W ₂ is a weight coefficient of dynamic detection, m1 is a problem vulnerability number in a static detection result, P1 is a problem vulnerability severity rating score in a static detection result, N1 is a total number of detection items of static detection, m2 is a behavioural anomaly number in a dynamic detection result, N2 is a data stream exposure number in a dynamic detection result, and N2 is a total number of detection items of dynamic detection.

In a second aspect, the present application provides an SDK dynamic security compliance detection apparatus, the apparatus comprising:

the acquisition module is used for acquiring the file to be detected;

The integrity checking module is used for checking the file integrity of the file to be detected and distributing a unique identifier to the file to be detected when the file to be detected passes the integrity check;

The task module is used for creating a detection task of the file to be detected based on the unique identifier and sending the detection task to a detection engine;

The static detection module is used for calling the static detection module through the detection engine to carry out static detection on the file to be detected, and obtaining a static detection result;

the dynamic detection module is used for sending the detection task to dynamic detection equipment through the detection engine so as to dynamically detect the file to be detected according to the detection task through the dynamic detection equipment;

the receiving module is used for receiving the dynamic detection result from the dynamic detection equipment;

And the report generation module is used for generating a detection report based on the static detection result and the dynamic detection result, wherein the detection report comprises one or more of an SDK safety compliance detection conclusion, a detected problem and a problem processing suggestion of the file to be detected.

In a third aspect, an electronic device is provided, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;

a memory for storing a computer program;

And the processor is used for realizing the steps of the SDK dynamic safety compliance detection method according to any one of the embodiments of the first aspect when executing the program stored in the memory.

In a fourth aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the SDK dynamic security compliance detection method according to any of the embodiments of the first aspect.

Compared with the prior art, the technical scheme provided by the embodiment of the application has the advantages that (1) compared with the traditional detection tool which can only process specific applications or formats, the method can effectively cover most application programs in the mainstream application market. The method and the device ensure the safety and reliability of the application, reduce the risk of safety accidents caused by undetected potential vulnerabilities, promote the trust feeling of users on the safety of the application, and (2) realize static detection and dynamic detection of one-stop service, save labor cost and improve detection efficiency. By combining static detection and dynamic detection on a unified platform, the flow of applying security detection is simplified. In conventional methods, static and dynamic analysis using different tools and procedures, respectively, is often required, increasing human effort and operational complexity. The application not only reduces operation steps, but also can reduce human intervention through automatic task scheduling, thereby obviously reducing labor cost, and (3) can shorten the detection time of a single APK file from 1 more hours to 20-30 minutes through an optimization algorithm and efficient resource management. This significant improvement means that the developer can get feedback in a shorter time, thereby speeding up the iterative and update process of the application. In addition, the increase in detection speed also makes mass application auditing feasible, which is particularly important for application markets that require frequent updates and quick online. The system has the advantages that the efficiency is improved, the platform also ensures the detection quality, so that the quick detection does not sacrifice the quality, the energy consumption is obviously reduced through an optimization algorithm and a parallel processing technology, compared with the traditional one-by-one detection method, the power and the computing resources required by the system operation can be effectively reduced, and (5) potential safety hazards can be timely identified and processed through accurate dynamic detection and static analysis, the malicious software and the non-compliant application are prevented from flowing into the market, the leakage and the abuse of user data are fundamentally reduced, the privacy and the information safety of users are protected, and the healthy development of the whole digital ecological environment is indirectly promoted.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.

In order to more clearly illustrate the embodiments of the invention or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, and it will be obvious to a person skilled in the art that other drawings can be obtained from these drawings without inventive effort.

FIG. 1 is an overall block diagram of a method for detecting dynamic safety compliance of an SDK according to an embodiment of the present application;

fig. 2 is a schematic flow chart of an SDK dynamic security compliance detection method according to an embodiment of the present application;

FIG. 3 is a schematic flow chart of a static detection method according to an embodiment of the present application;

FIG. 4 is a schematic flow chart of a dynamic detection method according to an embodiment of the present application;

fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

Fig. 1 is an overall structure diagram of an SDK dynamic security compliance detection system according to an embodiment of the present application. As shown in fig. 1, the main functional components include MinIO service, detection engine and mobile phone device, which are respectively used for implementing file integrity check, static detection and dynamic detection in the present application. It should be noted that the modules in fig. 1 are for exemplary purposes, and those skilled in the art may replace the modules with other modules that can implement the corresponding functions without departing from the main concept of the present application. For example, the mobile phone may be replaced by a tablet computer, and the detection engine service may include various services, for example, hook technology, and the like, and accordingly, minIO services may be replaced by other services.

MinIO the service comprises a file uploading management module, a task distribution management module and a load balancing module.

MinIO services may be used to complete file storage and management when a user requests to upload a file to MinIO via an API call, minIO feeding back the file upload status to the detection engine.

The detection engine comprises a static detection module, a dynamic detection module and a data management module. The detection engine is used for receiving MinIO transmitted files, analyzing the files through the static detection module to generate a static detection report, simultaneously, executing analysis on the mobile phone through the dynamic detection module to generate a dynamic detection report, and storing all results into the database.

The handset device includes a depth custom ROM and a device management APK. The mobile phone equipment is provided with a ROM which is subjected to deep customization to support dynamic detection, and the equipment management APK is responsible for network connection, abnormal maintenance and application management and reports the running state to a detection engine.

The user may initiate file detection by the communication hospital detection platform, and upload the file to be detected to the communication hospital detection platform. The communication hospital detection platform distributes detection tasks to MinIO services through task distribution services, and simultaneously stores files to be detected to the ftp file server for downloading, so that only the detection tasks are distributed, the transmission of the files can be reduced, and the detection efficiency is improved.

MinIO after receiving the detection task, the service firstly performs file integrity check on the file to be detected, and when the file passes the check, the detection task is sent to the detection engine.

After receiving the detection task, the detection engine downloads the file to be detected from the ftp file server and performs static detection. And when static detection is carried out, the detection task can be sent to the mobile phone for dynamic detection, and the static detection and the dynamic detection are carried out in a parallel mode, so that the detection efficiency can be improved.

After the mobile phone performs dynamic detection, the mobile phone reports the dynamic detection result to a detection engine service, the detection engine service returns the dynamic detection result and the static detection result to MinIO service together, and MinIO service gathers various detection results and returns the detection results to a task distribution service and further reports the task distribution service to a communication hospital detection platform so as to provide the detection results for users.

Multiple users can execute multiple detection tasks at the same time, so that the detection efficiency can be improved.

Fig. 2 is a schematic flow chart of an SDK dynamic security compliance detection method according to an embodiment of the present application. As shown in fig. 2, the SDK dynamic security compliance detection method may include the following operations:

Step 201, a file to be detected is acquired.

The files to be detected refer to SDK files or application files to be detected, including source codes, binary files, configuration files and the like. For example, an APK file of an android application or an installation package of a certain SDK.

The document to be detected is the object to be detected, the object being to check its security and compliance.

In some embodiments, the file to be inspected may be loaded into the inspection system from the target storage location through the file input interface. For example, file acquisition may be performed by selecting a file upload, an automatic import, or the like.

Step 202, performing file integrity check on the file to be detected, and allocating a unique identifier to the file to be detected when the file to be detected passes the integrity check.

The file integrity check refers to verifying the integrity of a file to be detected, and ensuring that the file is not tampered or damaged in the process of transmission or storage. Common inspection methods include checksum, hash value calculation, and the like. For example, the MD5 hash value or the SHA-256 hash value of the file is calculated, the hash value is compared with a pre-stored hash value, and if the hash value and the hash value are consistent, the file is not tampered.

In some embodiments, the file integrity checking of the file to be detected includes performing hash calculation on the file to be detected to obtain a hash value, judging whether the hash value is consistent with the hash value of the original file, and if so, determining that the file to be detected passes the integrity checking.

The hash value of an original file refers to the hash value of a known file stored in a database or other reliable source, and may be considered the hash value of the original version of the file. A hash calculation may be performed to store the original hash value prior to file upload or transmission.

The unique identifier is a globally unique identifier allocated to the file to be detected, and UUID (universal unique identifier) or other form of unique ID may be used to ensure traceability and uniqueness of the detection task.

In some embodiments, a unique identifier (UUID) is generated for a file that passes the integrity check and associated with the file, which may be used for tracking and recording of subsequent detection tasks.

And 203, creating a detection task of the file to be detected based on the unique identification, and sending the detection task to a detection engine.

The detection task is a specific task generated by a pointer to-be-detected file, and comprises static detection, dynamic detection and the like, and all detection steps and targets of the task are included. Such as creating a task for file "APK-123456789" that includes subtasks such as static analysis, dynamic behavior monitoring, etc.

The detection engine refers to a core component for performing various detection tasks.

In some embodiments, the detection task may be created from the unique identification of the file and detailed information of the task (file path, detection item, etc.) may be sent to the detection engine for processing.

And 204, calling a static detection module to perform static detection on the file to be detected through the detection engine to obtain a static detection result.

Static detection refers to analyzing a source code or a binary file of a file to be detected, and the file is not operated and is used for finding out the problems of security holes, privacy risks and the like in the code. For example, by analyzing the source code of an SDK, the static detection module may find that SQL injection holes exist.

In some embodiments, the static detection module is called by the detection engine to perform static detection operations such as grammar analysis and vulnerability scanning on the file to be detected, and a static detection result is generated.

For more explanation of static detection, see description of fig. 3.

Step 205, sending, by the detection engine, the detection task to a dynamic detection device, so as to dynamically detect, by the dynamic detection device, the file to be detected according to the detection task.

The dynamic detection device refers to a device or an environment which simulates the execution of a file to be detected and monitors the behavior of the file in real time in an operation environment.

The dynamic detection device refers to a device with a depth custom ROM, device management APK, such as the handset of fig. 1. In some embodiments, the dynamic detection device may be any other device with a dynamic detection function, which is not limited in this embodiment.

In some embodiments, the detection engine sends a detection task to the dynamic detection device, starts the execution of the file to be detected, monitors the running behavior of the file in real time, such as memory leakage, data leakage, malicious behavior, and the like, and performs dynamic detection to obtain a dynamic detection result.

For more explanation of dynamic detection, see description of fig. 4.

Step 206, receiving a dynamic detection result from the dynamic detection device.

The dynamic detection result refers to a result obtained by simulating the behavior of the execution file and monitoring the file in the dynamic detection process. The dynamic detection results comprise runtime anomalies, resource usage of the application, and the like. For example, in dynamic detection of a certain APK file, it may be found that the application has unauthorized access when accessing a certain sensitive API.

The detection engine can acquire real-time monitoring data and analysis results from dynamic detection equipment, and store and mark related problems.

Step 207, generating a detection report based on the static detection result and the dynamic detection result.

The detection report is a summary of the security and compliance status of the document to be detected, including conclusions of static and dynamic detection, description of problems, processing advice, and the like. For example, the report may include SQL injection problems found in static detection, memory leak problems found in dynamic detection, and privacy risks indicated in compliance analysis.

In some embodiments, the static detection results and the dynamic detection results may be combined to generate a comprehensive report.

Wherein the detection report comprises one or more of the SDK security compliance detection conclusion of the file to be detected, the detected problem and the problem processing suggestion.

The DK safety compliance detection conclusion refers to the overall performance of the summarized SDK to be detected in terms of safety and compliance.

The detected problems refer to specific security or compliance issues, including code vulnerabilities, privacy disclosure, and the like.

Problem handling suggestions are pointers to solutions or improvements provided to the discovered problems.

Fig. 3 is a schematic flow chart of a static detection method according to an embodiment of the present application. As shown in fig. 3, the flow may include the following operations.

And step 301, extracting source codes and resource files of the files to be detected through the static detection module.

The static detection module is a tool module for analyzing program code without executing the program, and may include a code parser, a syntax parser, and the like.

Source code refers to the original code text of a program, is a code file written by a developer, and is usually written in a programming language, such as Java, python, and the like. Resource files are various non-code files used with source code, such as images, configuration files, layout files, and the like. For example, in an android application, the source code files may include a java or kt file, while the resource files may include xml layout files, picture files, and the like.

In some embodiments, the static detection module may read the contents of the file to be detected, parse the file structure, extract and sort the source code files and the resource files, and store the extracted source code and resource files into a particular data structure for subsequent analysis.

And step 302, performing code structure analysis based on the source code and the resource file to obtain a code structure detection result.

The code structure analysis refers to structural analysis of source codes, and is used for knowing the hierarchical structure of the codes, the relationship among modules, the dependency relationship and the like.

The code structure detection result refers to code organization information obtained through structure analysis, and the code organization information comprises classes, methods, relation diagrams of modules and the like.

For example, parsing the source code of an android application can find that it contains multiple Activity classes, each containing several methods and references to UI elements.

In some embodiments, a parser may be used to parse the source code, generate an Abstract Syntax Tree (AST), analyze the AST, extract code structure information, such as class and method definitions, module organization, and finally generate a code structure detection report, and record detailed information of the code structure.

And step 303, performing security hole detection based on the source code and the resource file to obtain a security hole detection result.

The security hole detection result refers to specific security problems found in the detection process and detailed information thereof, including the type, influence range, code position and the like of the hole.

For example, in the source code of an android application, detection may find that there is unprocessed user input in a certain Activity class, which may lead to an SQL injection attack.

In some embodiments, source code and resource files may be scanned and analyzed, common security vulnerabilities detected using a rules engine or machine learning model, detailed information for each vulnerability, including the type, location, and possible impact of the vulnerability, and security vulnerability detection reports generated listing all detected security vulnerabilities.

Step 304, determining a static detection result based on the code structure detection result and the security hole detection future result.

The static detection result is a comprehensive code structure detection result and a security hole detection result, and forms an integral static analysis report of the file to be detected. Wherein the static detection result comprises a detected problem vulnerability and a problem vulnerability severity rating score.

The problem loopholes are security problems found in the detection process, including specific loopholes and detailed descriptions thereof.

The problem vulnerability severity rating score is a score for the severity of each vulnerability, and standard scoring systems, such as CVSS scoring, may be used. For example, an SQL injection vulnerability may be rated as high severity, rated as 9.0 (10 cents full).

Fig. 4 is a flow chart of a dynamic detection method according to an embodiment of the present application. As shown in fig. 4, the flow may include the following operations.

And step 401, deploying the file to be detected on the dynamic detection equipment, and determining the application to be detected.

A state detection device refers to hardware or a virtualization device dedicated to executing an application, monitoring its behavior, collecting operational data. The dynamic detection device can simulate the running environment of the application and capture the behavior of the application program in real time. For example, the cell phone shown in fig. 1.

The application to be detected refers to a target application program deployed in the dynamic detection device, typically application software or service to be analyzed.

In some embodiments, a file to be detected (such as an APK file) may be transmitted to the dynamic detection device, and the file may be installed and started on the device to determine the operating environment and functions of the application.

And step 402, controlling the dynamic detection equipment to run a detection program through an API (application program interface) by using the detection engine.

An API interface is a standardized interface for communication between different software systems, allowing one system to call the functions of another system.

The dynamic detection device running detection program refers to a series of detection task programs running on the dynamic detection device, and the programs can collect data, monitor application behaviors and the like in the application running process.

For example, the detection engine starts a monitor on the device through the API interface to start real-time tracking of the execution of the application.

In some embodiments, the detection program (such as memory monitoring, API call tracking, etc.) to be executed can be selected through the control interface of the detection engine, and the corresponding program on the device is started by using the API interface to monitor various data of the application in the running process for behavior analysis.

And step 403, monitoring the running condition of the application to be detected by using the detection program, and collecting running data.

The running condition refers to the behavior characteristics of the application to be detected in the executing process, such as memory occupation, CPU utilization rate, file access condition and the like.

Run data refers to various types of data collected during the running of an application including, but not limited to, log information, network requests, file operations, memory accesses, and the like.

After the detection program starts to run, the running behavior of the application can be monitored in real time, and all relevant running data about the application, such as network requests, memory use conditions, file operations, API calls and the like, are collected.

And step 404, performing anomaly identification based on the operation data, and determining the dynamic detection result according to the anomaly identification result.

The dynamic detection result comprises the number of detected abnormal behaviors and the number of data stream leakage. Abnormal behavior refers to behavior found in the dynamic detection process, such as illegal memory access, file tampering, etc., which does not conform to expectations. Data stream leakage refers to the act of unauthorized disclosure or propagation of sensitive data (e.g., personal information, account passwords, etc.) during the running of an application. For example, it is detected that an application has sent private information of a large number of users to an external server at runtime, or that a memory leak has occurred.

The common sense refers to analysis of application running data, and detection of abnormal or suspicious behavior different from expected behavior, such as memory overflow, illegal access, abnormal network request, etc.

The dynamic detection result is based on the analysis result of anomaly identification, and whether the potential security threat exists in the application or the behavior is not in accordance with the expected situation is determined. For example, if it is detected that an application attempts to access an unauthorized system resource, or a memory overflow exception occurs, it may be determined that a security risk exists.

In some embodiments, the collected operation data can be subjected to anomaly detection, an anomaly mode is identified by using a rule base or a machine learning model, the difference between the applied behavior and the normal operation mode is compared, possible security holes or anomaly behaviors are identified, a dynamic detection result report is generated according to anomaly type and severity, and all detected anomaly behaviors and influences thereof are recorded.

In some embodiments, the method further comprises comprehensively evaluating through a weighted decision model based on the static detection result and the dynamic detection result to obtain a comprehensive detection report, wherein the comprehensive detection report comprises a score of each detection dimension, a comprehensive detection score and recommended measures, and displaying the comprehensive detection report through a visual analysis chart.

The score of a detection dimension refers to the score after evaluation for each detection dimension (e.g., code security, application performance, data privacy, etc.). The score reflects the degree of risk in each aspect. For example, a detection dimension may be "memory leak detection" with a score of 8/10, indicating a moderately high risk in this regard.

The comprehensive detection score refers to a total score obtained after comprehensively evaluating all detection dimensions, and represents the overall safety, compliance or performance condition. For example, a composite score of 85/100 may be used to indicate that the system is safer overall, but there is still room for improvement.

The suggestion measures are to provide targeted improvement suggestions according to the comprehensive detection result, and help users to repair or improve the found problems. For example, if a memory leak problem is detected, the recommended action may include optimizing portions of memory management in the code, or enhancing monitoring of memory usage.

The step of comprehensively evaluating through a weighted decision model based on the static detection result and the dynamic detection result to obtain a comprehensive detection report comprises the following steps:

In some embodiments, the composite detection score may be determined by a weighted decision model shown in equation (1) below based on the static detection result and the dynamic detection result.

Visual analysis charts are a method for displaying data in a graphical mode, and include bar charts, pie charts, radar charts and the like. The chart may allow the user to intuitively understand the content of the inspection report and identify potential problems with the system. For example, the score proportion of each detection dimension can be displayed through a pie chart, and the result of comprehensive evaluation is displayed through a radar chart, so that a user can conveniently conduct comparative analysis on the score of each dimension.

Further, feedback suggestions of the user on the comprehensive detection report can be received, and the detection flow is optimized based on the feedback suggestions, wherein the optimization mode comprises at least one of a method for executing static detection and a method for executing dynamic detection.

User feedback refers to suggestions, suggestions or questions about the detection report that are presented by the user according to the use experience, detection result and actual requirements of the user after the user receives the comprehensive detection report. Feedback may be about detection accuracy, ease of reporting, rationality of the detection dimension, etc. For example, the user may feedback that "static detection did not capture a particular vulnerability" or that the report format was difficult to understand.

Feedback advice refers to user improvement opinion provided for comprehensive test reports, including opinion regarding test procedures, algorithms, user interfaces, etc. For example, user feedback may indicate that static detection does not cover a particular security breach or that the response time of some dynamic detection is long.

The detection flow optimization refers to adjusting and improving the existing static detection and dynamic detection methods to improve the accuracy, efficiency or user experience. For example, the static detection method can be optimized to more accurately capture the loopholes, or the response speed of dynamic detection can be improved.

Static detection optimization may include improving the accuracy and coverage of static detection by improving the rule base of the static analysis tool or enhancing its ability to detect specific vulnerabilities (e.g., increasing the ability to identify new types of vulnerabilities).

Dynamic detection optimization may include improving the response speed of the dynamic detection system or improving its ability to monitor complex behavior, such as timely detection of memory leaks, malicious code behavior, etc.

As shown in fig. 5, an embodiment of the present application provides an electronic device including a processor 111, a communication interface 112, a memory 113, and a communication bus 114, wherein the processor 111, the communication interface 112, and the memory 113 perform communication with each other through the communication bus 114,

A memory 113 for storing a computer program;

In one embodiment of the present application, the processor 111 is configured to implement the method for detecting the dynamic security compliance of the SDK provided in any one of the foregoing method embodiments when executing the program stored in the memory 113, where the method includes:

Acquiring a file to be detected;

receiving a dynamic detection result from the dynamic detection device;

The embodiment of the application also provides an SDK dynamic safety compliance detection device, which comprises:

the acquisition module is used for acquiring the file to be detected;

The embodiment of the application also provides a computer readable storage medium, on which a computer program is stored, the computer program implementing the steps of the SDK dynamic security compliance detection method provided in any one of the method embodiments described above when being executed by a processor.

It should be noted that in this document, relational terms such as "first" and "second" and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.

The foregoing is only a specific embodiment of the invention to enable those skilled in the art to understand or practice the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. A method for detecting dynamic safety compliance of an SDK, the method comprising:

Acquiring a file to be detected;

receiving a dynamic detection result from the dynamic detection device;

2. The method of claim 1, wherein the performing a file integrity check on the file to be detected comprises:

If yes, determining that the file to be detected passes the integrity check.

3. The method according to claim 1, wherein the calling, by the detection engine, a static detection module to perform static detection on the file to be detected, to obtain a static detection result, includes:

4. A method according to claim 3, wherein said dynamically detecting, by the dynamic detection device, the file to be detected according to the detection task comprises:

5. The method according to claim 4, wherein the method further comprises:

6. The method of claim 5, wherein the method further comprises:

Receiving feedback advice of a user on the comprehensive detection report;

7. The method of claim 5, wherein the comprehensively evaluating by a weighted decision model based on the static detection result and the dynamic detection result to obtain a comprehensive detection report comprises:

8. An SDK dynamic security compliance detection device, the device comprising:

the acquisition module is used for acquiring the file to be detected;

9. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;

a memory for storing a computer program;

a processor for implementing the steps of the SDK dynamic security compliance detection method of any one of claims 1 to 7 when executing a program stored on a memory.

10. A computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the steps of the SDK dynamic security compliance detection method according to any of claims 1-7.