| CPC G06F 21/577 (2013.01) [G06F 2221/033 (2013.01)] | 3 Claims |
|
1. A method for intercepting dirty data, comprising the following steps:
starting a vulnerability detection task of an application program, and at the same time loading the application program and an underlying code for communication between the application program and a database;
acquiring the underlying code, editing a detection logic code, and coding the detection logic code into the underlying code to obtain an underlying detection code;
acquiring an original request of the application program, and initiating a replay request with active Interactive Application Security Testing (IAST) so that the application program responds to the replay request;
acquiring a data stream in responding to the replay request by the application program so that the application program carries the data stream and performs network communication with the database, and triggering the underlying detection code to start an execution program;
detecting whether a type of a structured query language of the data stream is a create, drop or alter type according to the underlying detection code;
constructing and sending an exception structured query language to the database if the structured query language of the data stream is of the create, drop or alter type, and
returning error information to the application program according to the received exception structured query language, and stopping writing the data stream into the database according to the error information, wherein the error information obtained by constructing the exception structured query language does not affect a normal connection between the application program and the database;
wherein the detecting whether the type of the structured query language of the data stream is
the create, drop or alter type comprises the following steps:
judging whether the replay request is a replay request of the active interactive application security testing according to a header tag of the replay request; and parsing the data stream and acquiring the structured query language of the data stream if the replay request is the replay request of the active interactive application security testing or stopping the execution program of the underlying detection code if the replay request is not the replay request of the active interactive application security testing, wherein the replay request constructed by the active interactive application security testing based on the original request will be marked specifically on a basis of the original request, that is, a specific header tag is added to the original request for the replay request; and
judging whether the structured query language is of the create, drop or alter type according to a buffer data result of the structured query language; and constructing the exception structured query language if the structured query language is of the create, drop or alter type or stopping the execution of the underlying detection code if the structured query language is not of the create, drop or alter type; wherein the buffer data result is obtained when the structured query language is transmitted to the database and converted into a buffer type, the whole buffer has specific data results that can be used to identify the structured query language, so as to judge whether a statement is a structured query language of the create, drop or alter type;
wherein the constructing the exception structured query language comprises the following steps:
acquiring all digit values of the data stream corresponding to the structured query language of the create, drop or alter type, and altering one or more of the digit values to obtain the exception structured query language;
wherein obtaining the error information comprises the following steps:
acquiring syntax of the exception structured query language and defining it as error syntax; and
loading the error syntax into a return information to get the error information.
|