CN115186260A - Applet risk detection method and device - Google Patents
Applet risk detection method and device Download PDFInfo
- Publication number
- CN115186260A CN115186260A CN202210646665.4A CN202210646665A CN115186260A CN 115186260 A CN115186260 A CN 115186260A CN 202210646665 A CN202210646665 A CN 202210646665A CN 115186260 A CN115186260 A CN 115186260A
- Authority
- CN
- China
- Prior art keywords
- data
- applet
- request
- network request
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 39
- 238000012790 confirmation Methods 0.000 claims abstract description 70
- 238000000034 method Methods 0.000 claims abstract description 50
- 230000014509 gene expression Effects 0.000 claims description 24
- 230000008569 process Effects 0.000 claims description 21
- 238000012545 processing Methods 0.000 claims description 20
- 230000003068 static effect Effects 0.000 claims description 5
- 238000010200 validation analysis Methods 0.000 claims 1
- 230000006870 function Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 239000000243 solution Substances 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Virology (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the specification provides a small program risk detection method and device. According to the method of the embodiment, before the applet sends the network request to the external applet server, the client identifies whether the request data carried by the network request comprises the private data, when the request data comprises the private data, the identification result is generated and then sent to the external server, and finally the network request is processed according to the risk confirmation result returned by the server. The method and the device can improve the safety of risk detection.
Description
The invention relates to a case-divisional application, which has the original application number of 202110323887.8 and the application date of 2021, 3 months and 26 days, and is named as a small program risk detection method and a small program risk detection device.
Technical Field
One or more embodiments of the present disclosure relate to the field of computer technology, and more particularly, to a method and apparatus for detecting a risk of an applet.
Background
The applet is an application that can be used without downloading and installation, and generally needs to be loaded and run in a host application program, and the host application program provides a service interface for the applet, which can realize various service functions. When the small program calls the service interfaces, the private data of the user can be obtained. If the user privacy data is sent to the applet service end in the process of data communication between the applet and the applet service end through the network interface, the risk of leakage of the user privacy data can be caused.
In the prior art, whether the applet has the risk of revealing user privacy data is judged by safely scanning the static code of the applet. This approach is less reliable. Based on this, there is a need to provide a more reliable applet risk detection method.
Disclosure of Invention
One or more embodiments of the present specification describe applet risk detection methods and apparatus to improve reliability.
According to a first aspect, a method for detecting an applet risk is provided, which is applied to a client side, and includes: carrying out a tangent plane on an external network interface provided by a host application program in advance in a Hook mode or a static code replacement mode, and routing an execution logic corresponding to the external network interface called by the applet to a safety tangent plane module preset in the host application program when the applet calls the external network interface to send a network request to an external applet server;
a security tangent plane module in the host application program receives a network request sent by the applet to an external applet server;
a security tangent plane module in the host application program identifies whether the request data carried by the network request comprises privacy data;
when the request data comprises privacy data, a security tangent plane module in the host application program generates an identification result;
a security tangent plane module in the host application program sends the identification result to an external server so that the server can carry out risk confirmation on the network request according to the identification result;
a safety tangent plane module in the host application program receives a risk confirmation result returned by the server and processes the network request according to the risk confirmation result;
the identifying whether the request data carried by the network request includes privacy data includes:
identifying whether the request data carried by the network request meets a preset character string rule, and if so, determining that the data request comprises private data; otherwise, determining that the data request does not include the private data;
wherein the string rule comprises: string matching logic and/or regular expressions;
when the character string rule comprises character string matching logic, if the request data is the same as the character string included in the character string rule, determining that the request data comprises private data;
when the character string rule comprises a regular expression, the regular expression specifies a character string format, and if the request data conforms to the character string format, the request data is determined to comprise the private data.
Before the step of identifying whether the request data carried by the network request includes private data, the method further includes:
and interpreting request data carried by the network request by using a data state machine interpreter, determining an interpretation result as the request data carried by the network request, and identifying whether the request data carried by the network request comprises private data or not.
Wherein the generating the recognition result comprises:
acquiring at least one of the following information: the data type of the private data, the identity information of the applet, the identity information of the host application program, the identity information of the client and the address information of the applet server carried in the network request; wherein the host application is an application which the applet depends on to run;
and determining the acquired at least one information as the identification result.
Wherein the processing the network request according to the risk confirmation result includes:
when the risk confirmation result indicates that the risk exists, the network request is not processed;
and when the risk confirmation result indicates that no risk exists, sending the network request to the applet server through a preset external network interface according to the address information of the applet server carried in the network request.
According to a second aspect, there is provided an applet risk detection method, applied to a server, comprising:
acquiring an identification result sent by a client; the identification result is used for representing that the request data carried by the network request sent by the small program to the external small program server side comprises privacy data;
performing risk confirmation on the network request according to the identification result;
and sending a risk confirmation result to the client so that the client processes the network request according to the risk confirmation result.
Wherein,
the recognition result comprises: a data type of the private data and identity information of the applet;
the risk confirmation of the network request according to the identification result comprises:
determining a data type which is preset for the applet and needs to be intercepted according to the identity information of the applet included in the identification result;
and determining whether the data type is the data type which needs to be intercepted and is set for the applet or not according to the data type of the private data included in the identification result, if so, confirming that the network request has risks, and otherwise, confirming that the network request does not have risks.
Wherein,
the recognition result comprises: the data type of the private data, the identity information of the applet, the identity information of the host application program, the identity information of the client and the address information of the applet server carried in the network request; the host application program is an application program dependently operated by the small program;
the risk confirmation of the network request according to the identification result comprises:
determining the number of times that the applet sends the private data of the data type to the external applet server in the host application program of the client according to the data type of the private data, the identity information of the applet, the identity information of the host application program, the identity information of the client and the address information of the applet server carried in the network request, which are included in the identification result;
and determining whether the frequency reaches a preset frequency threshold, if so, determining that the network request has risks, otherwise, determining that the network request has no risks.
According to a third aspect, there is provided an applet risk detection apparatus, at a client, comprising:
a receiving unit configured to receive a network request sent by an applet to an external applet server; when the small program calls the external network interface to send a network request to an external small program service end, the small program calls an execution logic corresponding to the external network interface to route to a safety tangent plane module preset in the host application program, so that the receiving unit receives the network request sent by the small program to the external small program service end;
the identification unit is configured to identify whether the request data carried by the network request comprises privacy data;
a generation unit configured to generate a recognition result when the request data includes private data;
a sending unit configured to send the identification result to an external server so that the server performs risk confirmation on the network request according to the identification result;
the processing unit is configured to receive a risk confirmation result returned by the server and process the network request according to the risk confirmation result;
the identification unit is configured to identify whether request data carried by the network request meets a preset character string rule, and if so, determine that the data request comprises private data; otherwise, determining that the data request does not include the private data;
wherein the string rule comprises: string matching logic and/or regular expressions;
when the character string rule comprises character string matching logic, if the request data is the same as the character string included in the character string rule, determining that the request data comprises private data;
when the string rule includes a regular expression, the regular expression specifies a string format, and if the request data conforms to the string format, it is determined that the request data includes private data.
According to a fourth aspect, there is provided another applet risk detection apparatus implemented in the third aspect, located in a server, and including:
an acquisition unit configured to acquire an identification result transmitted by a client; the identification result is used for representing that the request data carried by the network request sent by the small program to the external small program server side comprises privacy data;
a risk confirmation unit configured to perform risk confirmation on the network request according to the identification result;
a sending unit configured to send a risk confirmation result to the client, so that the client processes the network request according to the risk confirmation result.
According to a fifth aspect, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of the embodiments of the present description.
According to a sixth aspect, there is provided a computing device comprising a memory and a processor, the memory having stored therein executable code that, when executed by the processor, performs the method of any embodiment of the present description.
In the method and the device for detecting the risk of the applet, if the applet sends a network request to an external applet server side in the running process, before the applet sends the network request to the applet server side, a client side directly detects the network request sent by the applet to the applet server side, whether private data are included in request data carried by the network request is identified, when the request data include the private data, an identification result is sent to the external server to carry out risk confirmation, and the client side processes the network request according to the risk confirmation result. And, the string rule includes: string matching logic and/or regular expressions; when the character string rule comprises character string matching logic, if the request data is the same as the character string included in the character string rule, determining that the request data comprises private data; when the string rule includes a regular expression, the regular expression specifies a string format, and if the request data conforms to the string format, it is determined that the request data includes private data. Therefore, the risk of privacy data leakage can be reduced, and the reliability of applet risk detection is improved.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present specification, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a schematic diagram of a system architecture provided by one embodiment of the present description;
FIG. 2 is a flow diagram of a method for applet risk detection provided in one embodiment of the present description;
FIG. 3 is a flow chart of a method for applet risk detection provided in another embodiment of the present description;
FIG. 4 is a schematic diagram of an applet risk detection apparatus provided in one embodiment of the present specification;
FIG. 5 is a schematic view of an applet risk detection apparatus provided in another embodiment of the present specification;
fig. 6 is a schematic view of an applet risk detection apparatus provided in a further embodiment of the present description.
Detailed Description
The scheme provided by the specification is described below with reference to the accompanying drawings.
In the prior art, by safely scanning a static code of an applet, if the fact that the applet calls a sensitive service interface is detected, the fact that the applet has the risk of revealing user privacy data is judged; if it is detected that the applet does not have a call to a sensitive business interface, it is determined that the applet does not risk revealing user privacy data. However, the fact that the applet calls the sensitive service interface is that the applet cannot be determined to have a risk based on the fact that the applet calls the sensitive service interface because the applet usually has a normal service scene requirement. In addition, in the actual operation process of the small program, the private data of the user can be combined based on the return results of the plurality of service interfaces by calling the plurality of service interfaces, and then the private data is sent to the small program server side through the network interface. It can be seen that the applet can still send out private data, although it does not call the sensitive service interface.
When the applet sends data to the applet server, the data are sent to the applet server through the external network interface provided by the host application. The method and the device for detecting the risk of the applet can detect whether the data comprises the privacy data or not before the applet calls the external network interface to send the data to the applet server so as to reduce the risk of leakage of the privacy data and improve the reliability of risk detection of the applet.
Specific implementations of the above concepts are described below.
To facilitate understanding of the present specification, a system architecture to which the present specification applies will be described first. As shown in fig. 1, the system architecture mainly includes a client, a server, and more than one applet server (2 applet servers are taken as an example in fig. 1).
The client side is provided with application programs which can be used as host application programs of all the small programs, all the small programs can realize service functions by depending on service interfaces provided by the host application programs, and network interaction is carried out between the external network interfaces provided by the host application programs and the corresponding small program service sides. For example, the host application is "pay for treasure", and the applets are "birds and dishes", "trips", "hungry", and the like.
The client may be an intelligent device located at the user end. Such as a mobile phone, a tablet computer, a notebook computer, etc.
The server may be a server that provides services for the host application or for the client.
The applet server is a server for providing services for the applet. One applet server may provide services for more than one applet included in the host application.
The methods for detecting the risk of the applet executed on both sides of the client and the server are described below.
Fig. 2 shows a flow diagram of an applet risk detection method performed by a client according to one embodiment. It is to be appreciated that the method can be performed by any computing, processing capable apparatus, device, platform, cluster of devices. Referring to fig. 2, hereinafter, specific implementations include:
step 200: receiving a network request sent by the applet to an external applet server;
step 202: identifying whether the request data carried by the network request comprises privacy data;
step 204: when the request data comprises the private data, generating an identification result;
step 206: sending the identification result to an external server so that the server can carry out risk confirmation on the network request according to the identification result;
step 208: and receiving a risk confirmation result returned by the server, and processing the network request according to the risk confirmation result.
In the applet risk detection method shown in fig. 2, in an operating process of an applet, if a situation that the applet sends a network request to an external applet server exists, before the applet sends the network request to the applet server, a client directly detects the network request sent by the applet to the applet server, whether requested data carried by the network request includes privacy data is identified, and when the requested data includes the privacy data, an identification result is sent to the external server for risk confirmation, and the client processes the network request according to the risk confirmation result. Therefore, the risk of privacy data leakage can be reduced, and the reliability of applet risk detection is improved.
The manner in which the various steps shown in fig. 2 are performed is described below.
In step 200, before the applet sends the network request to the external applet service end in the client, the network request is sent to a processing module, and the processing module receives the network request sent by the applet to the external applet service end.
In this embodiment of the present specification, the processing module is preset in the host application, and is configured to intercept and intercept the network request before the applet sends the network request to the external applet server, so that the processing module processes the network request before the network request is sent to the applet server, and then determines whether to send the network request to the applet server according to a processing result.
In one embodiment of the present description, the processing module may be implemented by a secure profile module. When the applet sends the network request to the applet server, the network request is realized by calling the external network interface provided by the host application. Based on this, in a specific implementation, a Hook function (Hook function) manner or a static code replacement manner may be used to perform a tangent plane on the external network interface, so that when the applet calls the external network interface, the applet routes execution logic corresponding to the external network interface called by the applet to a security tangent plane module, and the security tangent plane module executes a series of processing on a network request. The security section module performs a series of processing on the network request, which is the applet risk detection method performed by the client in the embodiment of the present description.
The section, namely, the Aspect-oriented Programming (AOP), is a Programming paradigm that dynamically adds functions to a program without modifying source codes by means of pre-compiling, run-time dynamic proxy or injection. Therefore, the risk detection is carried out on the applet through the security tangent plane module, and the network request can be monitored and controlled when the applet sends the network request to the outside.
With respect to step 202, it is identified whether the requested data carried by the network request includes private data.
When the applet sends a network request to the applet server, the private data may be sent to the applet server, which may cause the leakage of the private data.
For the identification of the private data, a string rule may be preset, and the string rule is used to determine which data are the private data, specifically, this step 202 may include: identifying whether the request data carried by the network request meets a preset character string rule, and if so, determining that the data request comprises private data; otherwise, determining that the data request does not include the private data.
Wherein, the string rule may include but is not limited to: string matching logic, regular expression.
When the string rule includes string matching logic, if the request data is the same as the string included in the string rule, it is indicated that private data is included in the request data.
When the current string rule includes a regular expression, the regular expression may specify a string format, indicating that private data is included in the requested data if the requested data conforms to the string format. For example, the identification card number belongs to the privacy data, and a regular expression may be used to define a string format of the identification card number so as to identify whether the request data includes the identification card number. Wherein, the regular expression may be: ^ 1-9 \ d {5} (18 not present 19| ([ 23] \ d)) \ d {2} ((0[1-9) | (10 not 11 not 12)) ([ 0-2] [1-9 ]) |10 space 20 computer 30 31) \ d {3} [0-9Xx ] $ verifies the character string in the request data, and if one character string in the request data meets the regular expression, the request data includes the identity card code, and the identity card code is privacy data specified in the character string rule, so that the request data includes the privacy data.
It should be noted that the string rule may be set by the client itself, or may be set by the server and issued to the client, or acquired in other manners, which is not limited in this embodiment of the specification.
By presetting the character string rules, when a network request sent by the applet is received, whether private data is carried in request data carried by the network request can be quickly identified by using the character string rules, and the identification efficiency is improved. In addition, along with the continuous change of business requirements, the character string rules can be updated so as to ensure the accuracy of private data identification and further reduce the risk of private data leakage.
In an embodiment of the present specification, if the format of the request data carried in the network request is some specific format, for example, json format, the meaning of the request data may not be determined directly, and therefore, after step 200 and before step 202, further comprising: and interpreting the request data carried by the network request by using a data state machine interpreter, determining an interpretation result as the request data carried by the network request, and executing step 202.
The data state machine interpreter is used for interpreting the request data, so that the actual meaning of the request data can be determined, the interpretation result can be directly identified by the private data in the subsequent process, the accuracy of private data identification can be improved, and the risk of private data leakage is further reduced.
With respect to step 204, when the requested data includes private data, a recognition result is generated.
In this embodiment, if the private data is included in the request data, the client may directly intercept the network request. However, there are many types of private data, and there is a normal business requirement for the applet to send some private data to the applet server, so the server needs to comprehensively judge whether there is a risk in the network request.
When the request data includes the private data, the first way is to send the request data to the server as the identification result, and the server determines whether the network request is risky directly according to the request data. The second way is to leave the request data locally at the client and send only the information related to the private data to the server as the identification result.
In order to ensure that the server can perform risk confirmation according to the identification result, specifically, the generating the identification result may include:
acquiring at least one of the following information: the data type of the private data, the identity information of the applet, the identity information of the host application program, the identity information of the client and the address information of the applet server carried in the network request; wherein the host application is an application that the applet depends on to run;
and determining the acquired at least one information as the identification result.
For example, the data type of the private data may be an identification number, a mobile phone number, GPS location information, and the like. Identity information of the applet, identity information of the host application, identity information of the client may be a name or a unique identification code. The address information of the applet server may be a URL or the like.
It should be noted that what contents are included in the identification result sent by the client to the server may be determined by pre-negotiation between the client and the server.
In this embodiment of the present specification, if it is determined that the requested data does not include the private data after the private data is identified in step 202, the client may send the network request to the applet server through the external network interface according to the address information of the applet server carried in the network request.
With respect to step 208, after receiving the risk confirmation result returned by the server, the network request may be processed according to the risk confirmation result.
In this embodiment of the present specification, the risk confirmation result includes two types, one is that there is a risk, and the other is that there is no risk, and then, the processing of the network request by the client according to the risk confirmation result also includes two types, specifically:
when the risk confirmation result indicates that the risk exists, the network request is not processed;
and when the risk confirmation result shows that no risk exists, sending the network request to the applet server through a preset external network interface according to the address information of the applet server carried in the network request.
When the risk confirmation result has a risk, the client cannot allow the applet to send the network request to the applet server in order to reduce the risk of leakage of the private data. Since the applet does not send the network request to the applet server through the external network interface, the applet is obtained by the security tangent plane module performing tangent plane to the external network interface to obtain the network request, and the network request can not be processed when the risk confirmation result indicates that the risk exists. Or, the user is prompted on a client display interface that the applet has the condition of uploading the private data.
When the risk confirmation result does not have the risk, the network request can be allowed to be sent to the applet service end, and the applet does not send the network request to the applet service end through the external network interface, and the network request is obtained by a security tangent plane module performing tangent plane on the external network interface, so that when the risk is determined to be absent, the network request is sent to the applet service end through the external network interface by the security tangent plane module according to the address information of the applet service end carried by the network request.
In the embodiment of the specification, only the character string rule is preset in the client to identify whether the request data includes the private data, the risk of the network request is not confirmed, and the server comprehensively judges the risk of the network request, so that the memory occupation of the client can be reduced, and the resource consumption of the client is reduced. In addition, whether the request data comprise the privacy data or not is identified in the client instead of being sent to the server for identification, so that the risk detection of the applet can be realized under the condition that the request data do not leave the client, and the risk of privacy data leakage can be further reduced.
Fig. 3 shows a flow diagram of an applet risk detection method performed by a server according to one embodiment. It is to be appreciated that the method can be performed by any apparatus, device, platform, cluster of devices having computing and processing capabilities. Referring to fig. 3, hereinafter, specific implementations include:
step 300: acquiring an identification result sent by a client; the identification result is used for representing that the request data carried by the network request sent by the small program to the external small program server side comprises privacy data;
step 302: performing risk confirmation on the network request according to the identification result;
step 304: and sending a risk confirmation result to the client so that the client processes the network request according to the risk confirmation result.
In the applet risk detection method shown in fig. 3, when the identification result sent by the client is obtained, it indicates that the request data carried by the network request sent by the applet in the client to the external applet server includes private data, and the server may perform risk confirmation on the network request according to the identification result and send the risk confirmation result to the client. The server can comprehensively judge whether the network request has risks or not, and the risk confirmation result of the network request is more accurate, so that the risk of privacy data leakage can be reduced, and the reliability of applet risk detection is improved.
In this embodiment of the present specification, when the server performs risk confirmation on the network request according to the identification result, at least two ways may be included, but are not limited to:
the method I comprises the following steps: and confirming the risk of the network request according to the data type of the private data.
When the risk of the network request is confirmed by the first mode, the data type of at least the privacy data is included in the identification result. The type of data to be intercepted may be preset in the server, for example, the type of data to be intercepted includes: identity card number, mobile phone number, etc. And when the data type of the private data included in the identification result is a preset data type needing to be intercepted, confirming that the network request has risk.
When different applets send network requests to an external applet server, the request data of the applets carry privacy data of a certain data type, and normal business scene requirements exist, so that the data types needing to be intercepted can be set for the different applets respectively, and the flexibility of applet risk detection is met.
Specifically, the recognition result may include: the data type of the private data and the identity information of the applet.
Then step 302 may include: determining the type of data which is preset for the applet and needs to be intercepted according to the identity information of the applet in the identification result; and determining whether the data type is the data type which needs to be intercepted and is set for the applet or not according to the data type of the private data included in the identification result, if so, confirming that the network request has risks, otherwise, confirming that the network request does not have risks.
The second method comprises the following steps: and confirming the risk of the network request according to the times of sending the private data to the outside by the applet.
When the risk of the network request is confirmed by the second mode, the identification result at least comprises identity information of the small program. The server may preset a threshold number of times and record the number of times each applet sends private data to the outside. After receiving the identification result sent by the client, the server increases the number of times of sending the private data to the outside once in the record according to the identity information of the small program included in the identification result, determines whether the number of times after the increase once reaches a set number threshold, and if so, confirms that the network request has risks, otherwise, confirms that the network request does not have risks.
In order to further improve the flexibility of the applet risk detection, when the server confirms the network request risk according to the identification result, any one of the following confirmation rules can be adopted: the number of times the applet sends the private data in the same client, the number of times the applet sends the private data in the same host application, the number of times the applet sends the private data of the same data type to the same applet server, the number of times the applet sends the private data of the same data type in the same host application of the same client, the number of times the applet sends the private data of the same data type to the same applet server, and the like.
Preferably, the recognition result includes: the data type of the private data, the identity information of the applet, the identity information of the host application program, the identity information of the client and the address information of the applet server carried in the network request; the host application program is an application program which is dependently operated by the small program;
then step 302 may include: determining the number of times that the applet sends the private data of the data type to the external applet server in the host application program of the client according to the data type of the private data, the identity information of the applet, the identity information of the host application program, the identity information of the client and the address information of the applet server carried in the network request, which are included in the identification result; and determining whether the number of times reaches a preset number threshold, if so, determining that the network request has risks, otherwise, determining that the network request does not have risks.
In another aspect, an applet risk detection apparatus is also provided, where the apparatus is located in a client. Fig. 4 shows an applet risk detection apparatus of one embodiment. It is to be appreciated that the apparatus can be implemented by any apparatus, device, platform, and cluster of devices having computing and processing capabilities. As shown in fig. 4, the apparatus 40 includes:
a receiving unit 41 configured to receive a network request sent by the applet to the external applet server;
an identifying unit 42 configured to identify whether the request data carried by the network request includes private data;
a generating unit 43 configured to generate a recognition result when the private data is included in the request data;
a sending unit 44 configured to send the identification result to an external server, so that the server performs risk confirmation on the network request according to the identification result;
and the processing unit 45 is configured to receive a risk confirmation result returned by the server, and process the network request according to the risk confirmation result.
In a possible implementation manner, the identifying unit 42 is configured to identify whether request data carried by the network request meets a preset character string rule, and if so, determine that the data request includes private data; otherwise, determining that the data request does not include the private data; wherein the string rule comprises: string matching logic and/or regular expressions;
when the character string rule comprises character string matching logic, if the request data is the same as the character string included in the character string rule, determining that the request data comprises private data;
when the string rule includes a regular expression, the regular expression specifies a string format, and if the request data conforms to the string format, it is determined that the request data includes private data.
In one possible embodiment, as shown in fig. 5, the apparatus 40 may further include: an interpreting unit 46 configured to, before the identifying unit identifies whether the requested data carried by the network request includes the private data, interpret the requested data carried by the network request by using a data state machine interpreter, determine an interpretation result as the requested data carried by the network request, and trigger the identifying unit to perform the operation of identifying whether the requested data carried by the network request includes the private data.
In a possible embodiment, the generating unit 43 is configured to obtain at least one of the following information: the data type of the private data, the identity information of the applet, the identity information of the host application program, the identity information of the client and the address information of the applet server carried in the network request; wherein the host application is an application which the applet depends on to run; determining the obtained at least one information as the identification result;
and/or the presence of a gas in the gas,
the processing unit 45 is configured to not process the network request when the risk confirmation result indicates that a risk exists; and when the risk confirmation result indicates that no risk exists, sending the network request to the applet server through a preset external network interface according to the address information of the applet server carried in the network request.
In another embodiment, based on the implementation manner of the above embodiment of the apparatus shown in fig. 4 or fig. 5, there is also provided an applet risk detection apparatus, where the apparatus is located in a server. Fig. 6 shows an applet risk detection apparatus of one embodiment. It is to be appreciated that the apparatus can be implemented by any apparatus, device, platform, and cluster of devices having computing and processing capabilities. As shown in fig. 6, the applet risk detecting means 60 includes:
an acquisition unit 61 configured to acquire the identification result transmitted by the client; the identification result is used for representing that the request data carried by the network request sent by the small program to the external small program server side comprises privacy data;
a risk confirmation unit 62 configured to perform risk confirmation on the network request according to the identification result;
a sending unit 63 configured to send a risk confirmation result to the client, so that the client processes the network request according to the risk confirmation result.
In a possible implementation, the recognition result includes: a data type of the private data and identity information of the applet;
the risk confirming unit 62 is configured to determine a data type which is set in advance for the applet and needs to be intercepted according to the identity information of the applet included in the identification result; determining whether the data type is the data type which needs to be intercepted and is set for the applet or not according to the data type of the private data included in the identification result, if so, confirming that the network request has risks, otherwise, confirming that the network request does not have risks;
or the like, or a combination thereof,
the recognition result comprises: the data type of the private data, the identity information of the applet, the identity information of the host application program, the identity information of the client and the address information of the applet server carried in the network request; the host application program is an application program dependently operated by the small program;
the risk confirming unit 62 is configured to determine, according to the data type of the private data, the identity information of the applet, the identity information of the host application program, the identity information of the client, and the address information of the applet server carried in the network request, the number of times that the applet sends the private data of the data type to the external applet server in the host application program of the client; and determining whether the frequency reaches a preset frequency threshold, if so, determining that the network request has risks, otherwise, determining that the network request has no risks.
An embodiment of the present specification provides a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of the embodiments of the specification.
One embodiment of the present specification provides a computing device comprising a memory and a processor, the memory having stored therein executable code, the processor implementing a method in accordance with any one of the embodiments of the specification when executing the executable code.
It is to be understood that the illustrated structure of the embodiments of the present specification does not constitute a specific limitation to the applet risk detection apparatus. In other embodiments of the description, the applet risk detection device may include more or fewer components than those shown, or combine certain components, or split certain components, or arrange different components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
For the information interaction, execution process and other contents between the modules in the above-mentioned apparatus and system, because the same concept is based on the embodiment of the method in this specification, specific contents may refer to the description in the embodiment of the method in this specification, and are not described herein again.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in this disclosure may be implemented in hardware, software, hardware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The above-mentioned embodiments, objects, technical solutions and advantages of the present invention are further described in detail, it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.
Claims (10)
1. The applet risk detection method is applied to a client and comprises the following steps:
carrying out tangent plane on an external network interface provided by a host application program in advance in a Hook mode or a static code replacement mode, and when an applet calls the external network interface to send a network request to an external applet service end, routing an execution logic corresponding to the external network interface called by the applet to a safety tangent plane module preset in the host application program;
a security tangent plane module in the host application program receives a network request sent by the applet to an external applet server;
a security tangent plane module in the host application program identifies whether the request data carried by the network request comprises privacy data;
when the request data comprises privacy data, a security tangent plane module in the host application program generates an identification result;
a security tangent plane module in the host application program sends the identification result to an external server so that the server can carry out risk confirmation on the network request according to the identification result;
a security tangent plane module in the host application program receives a risk confirmation result returned by the server and processes the network request according to the risk confirmation result;
the identifying whether the request data carried by the network request includes privacy data includes:
identifying whether the request data carried by the network request meets a preset character string rule, and if so, determining that the data request comprises private data; otherwise, determining that the data request does not include the private data;
wherein the string rule comprises: string matching logic and/or regular expressions;
when the character string rule comprises character string matching logic, if the request data is the same as the character string included in the character string rule, determining that the request data comprises private data;
when the string rule includes a regular expression, the regular expression specifies a string format, and if the request data conforms to the string format, it is determined that the request data includes private data.
2. The method of claim 1, further comprising, before the identifying whether private data is included in the request data carried by the network request:
and interpreting request data carried by the network request by using a data state machine interpreter, determining an interpretation result as the request data carried by the network request, and identifying whether the request data carried by the network request comprises privacy data.
3. The method of claim 1, wherein the generating recognition results comprises:
acquiring at least one of the following information: the data type of the private data, the identity information of the applet, the identity information of the host application program, the identity information of the client and the address information of the applet server carried in the network request; wherein the host application is an application which the applet depends on to run;
and determining the acquired at least one information as the identification result.
4. The method of claim 1, wherein the processing the network request according to the risk validation result comprises:
when the risk confirmation result indicates that the risk exists, the network request is not processed;
and when the risk confirmation result indicates that no risk exists, sending the network request to the applet server through a preset external network interface according to the address information of the applet server carried in the network request.
5. The applet risk detection method implemented on the basis of the method according to any one of claims 1 to 4, applied to a server, comprising:
acquiring an identification result sent by a client; the identification result is used for representing that the request data carried by the network request sent by the small program to the external small program server side comprises privacy data;
performing risk confirmation on the network request according to the identification result;
and sending a risk confirmation result to the client so that the client processes the network request according to the risk confirmation result.
6. The method of claim 5, wherein,
the recognition result comprises: a data type of the private data and identity information of the applet;
the risk confirmation of the network request according to the identification result comprises:
determining the type of data which is preset for the applet and needs to be intercepted according to the identity information of the applet in the identification result;
and determining whether the data type is the data type which needs to be intercepted and is set for the applet or not according to the data type of the private data included in the identification result, if so, confirming that the network request has risks, and otherwise, confirming that the network request does not have risks.
7. The method of claim 5, wherein,
the recognition result comprises: the data type of the private data, the identity information of the applet, the identity information of the host application program, the identity information of the client and the address information of the applet server carried in the network request; the host application program is an application program dependently operated by the small program;
the risk confirmation of the network request according to the identification result comprises:
determining the number of times that the applet sends the private data of the data type to the external applet server in the host application program of the client according to the data type of the private data, the identity information of the applet, the identity information of the host application program, the identity information of the client and the address information of the applet server carried in the network request, which are included in the identification result;
and determining whether the frequency reaches a preset frequency threshold, if so, determining that the network request has risks, otherwise, determining that the network request has no risks.
8. The small program risk detection device is positioned at a client and comprises:
the receiving unit is configured to receive a network request sent by the small program to an external small program server side; when the small program calls the external network interface to send a network request to an external small program service end, the small program calls an execution logic corresponding to the external network interface to route to a safety tangent plane module preset in the host application program, so that the receiving unit receives the network request sent by the small program to the external small program service end;
the identification unit is configured to identify whether the request data carried by the network request comprises privacy data;
a generation unit configured to generate a recognition result when the request data includes the private data;
a sending unit configured to send the identification result to an external server so that the server performs risk confirmation on the network request according to the identification result;
the processing unit is configured to receive a risk confirmation result returned by the server and process the network request according to the risk confirmation result;
the identification unit is configured to identify whether request data carried by the network request meets a preset character string rule, and if so, determine that the data request comprises private data; otherwise, determining that the data request does not include the private data;
wherein the string rules include: string matching logic and/or regular expressions;
when the character string rule comprises character string matching logic, if the request data is the same as the character string included in the character string rule, determining that the request data comprises private data;
when the string rule includes a regular expression, the regular expression specifies a string format, and if the request data conforms to the string format, it is determined that the request data includes private data.
9. The applet risk detection apparatus implemented by the apparatus according to claim 8, located in a server, comprising:
an acquisition unit configured to acquire an identification result transmitted by a client; the identification result is used for representing that the request data carried by the network request sent by the small program to the external small program server side comprises privacy data;
a risk confirmation unit configured to perform risk confirmation on the network request according to the identification result;
a sending unit, configured to send a risk confirmation result to the client, so that the client processes the network request according to the risk confirmation result.
10. A computing device comprising a memory having executable code stored therein and a processor that, when executing the executable code, implements the method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210646665.4A CN115186260A (en) | 2021-03-26 | 2021-03-26 | Applet risk detection method and device |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110323887.8A CN112948835B (en) | 2021-03-26 | 2021-03-26 | Applet risk detection method and device |
| CN202210646665.4A CN115186260A (en) | 2021-03-26 | 2021-03-26 | Applet risk detection method and device |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110323887.8A Division CN112948835B (en) | 2021-03-26 | 2021-03-26 | Applet risk detection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115186260A true CN115186260A (en) | 2022-10-14 |
Family
ID=76226827
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210646665.4A Pending CN115186260A (en) | 2021-03-26 | 2021-03-26 | Applet risk detection method and device |
| CN202110323887.8A Active CN112948835B (en) | 2021-03-26 | 2021-03-26 | Applet risk detection method and device |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110323887.8A Active CN112948835B (en) | 2021-03-26 | 2021-03-26 | Applet risk detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN115186260A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115659340A (en) * | 2022-12-09 | 2023-01-31 | 支付宝(杭州)信息技术有限公司 | Counterfeit applet identification method and device, storage medium and electronic equipment |
| WO2024131587A1 (en) * | 2022-12-19 | 2024-06-27 | 抖音视界有限公司 | Data discovery method and apparatus, and device and storage medium |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113297609A (en) * | 2021-07-27 | 2021-08-24 | 支付宝(杭州)信息技术有限公司 | Method and device for monitoring privacy acquisition behaviors for small programs |
| CN114706733B (en) * | 2022-05-30 | 2022-09-20 | 支付宝(杭州)信息技术有限公司 | Section program abnormity monitoring method and device |
| CN114861230B (en) * | 2022-07-07 | 2022-11-01 | 支付宝(杭州)信息技术有限公司 | Privacy protection method and device in terminal equipment |
| CN115277142A (en) * | 2022-07-18 | 2022-11-01 | 支付宝(杭州)信息技术有限公司 | Safety protection method and device, storage medium and electronic equipment |
Family Cites Families (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9197417B2 (en) * | 2009-04-24 | 2015-11-24 | Microsoft Technology Licensing, Llc | Hosted application sandbox model |
| CN109388963A (en) * | 2017-08-08 | 2019-02-26 | 武汉安天信息技术有限责任公司 | A kind of mobile terminal user's private data means of defence and device |
| CN108900473A (en) * | 2018-06-04 | 2018-11-27 | 麒麟合盛网络技术股份有限公司 | A kind of data monitoring method, device and system |
| CN110826006B (en) * | 2019-11-22 | 2021-03-19 | 支付宝(杭州)信息技术有限公司 | Abnormal collection behavior identification method and device based on privacy data protection |
| CN111400705B (en) * | 2020-03-04 | 2023-03-14 | 支付宝(杭州)信息技术有限公司 | Application program detection method, device and equipment |
| CN111478910B (en) * | 2020-04-09 | 2022-06-17 | 北京金堤科技有限公司 | User identity authentication method and device, electronic equipment and storage medium |
| CN111881387B (en) * | 2020-07-21 | 2024-04-26 | 北京百度网讯科技有限公司 | Data processing method, device, equipment and medium for small program |
| CN112149404A (en) * | 2020-09-18 | 2020-12-29 | 支付宝(杭州)信息技术有限公司 | Method, device and system for identifying risk content of user privacy data |
| CN112182623B (en) * | 2020-10-13 | 2022-05-13 | 支付宝(杭州)信息技术有限公司 | Method and device for protecting user privacy |
| CN112199731A (en) * | 2020-11-17 | 2021-01-08 | 支付宝(杭州)信息技术有限公司 | Data processing method, device and equipment |
| CN112287376B (en) * | 2020-11-20 | 2024-05-28 | 支付宝(杭州)信息技术有限公司 | Method and device for processing privacy data |
| CN112528268B (en) * | 2020-12-04 | 2023-09-19 | 平安科技(深圳)有限公司 | Cross-channel applet login management method and device and related equipment |
-
2021
- 2021-03-26 CN CN202210646665.4A patent/CN115186260A/en active Pending
- 2021-03-26 CN CN202110323887.8A patent/CN112948835B/en active Active
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115659340A (en) * | 2022-12-09 | 2023-01-31 | 支付宝(杭州)信息技术有限公司 | Counterfeit applet identification method and device, storage medium and electronic equipment |
| WO2024131587A1 (en) * | 2022-12-19 | 2024-06-27 | 抖音视界有限公司 | Data discovery method and apparatus, and device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112948835B (en) | 2022-07-19 |
| CN112948835A (en) | 2021-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112948835B (en) | Applet risk detection method and device | |
| CN110633160A (en) | Interface calling method and device, computer equipment and storage medium | |
| CN109039751B (en) | Method, device, computer equipment and storage medium for configuring route | |
| CN107368339B (en) | Container entrance program operation method, system, device and storage medium | |
| CN113010892B (en) | Method and device for detecting malicious behavior of small program | |
| CN112699034B (en) | Virtual login user construction method, device, equipment and storage medium | |
| CN111355800B (en) | Service processing method, device, equipment and storage medium | |
| CN110704131B (en) | Method and device for calling native application by HTML5 application | |
| CN111309407A (en) | Processing method and device for integrated third-party library | |
| CN113691618A (en) | Message notification method, device, message center and storage medium | |
| CN112199151B (en) | Application program running method and device | |
| CN113742235A (en) | Method and device for checking codes | |
| CN113221098A (en) | Processing method and device for interface call request | |
| CN116501336A (en) | Component integration method, device, equipment and storage medium | |
| CN111475226B (en) | Electronic device, micro-service calling method, and computer-readable storage medium | |
| CN114489754A (en) | Configurable service management method and device | |
| CN114301970A (en) | Service calling method and device, electronic equipment and storage medium | |
| CN112000313A (en) | Request response method, device, equipment and storage medium | |
| KR102286029B1 (en) | Method for authentication, user terminal and authentication server for executing the same | |
| CN113901377B (en) | Service calling method, device, storage medium and equipment of legacy system | |
| CN118118527A (en) | Service calling method, device, electronic equipment and storage medium | |
| CN115174665B (en) | Login state determining method, device, equipment and storage medium | |
| CN111125676B (en) | Joint authorization method and device | |
| CN111984427A (en) | Non-intrusive Web system mutual exclusion lock implementation method | |
| CN114118073A (en) | Data tracking method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |