Security scanning method and apparatus for mini program, and electronic device

US 10,846,402 B2
Filed: 01/08/2020
Issued: 11/24/2020
Est. Priority Date: 10/09/2017
Status: Active Grant

First Claim

Patent Images

1. A security scanning method for a mini program, comprising:

obtaining a target mini program to be released;

invoking a security scanning strategy combination to perform multi-dimensional security scanning on the target mini program, wherein the multi-dimensional security scanning comprises malicious code scanning on the target mini program, security loophole scanning on the target mini program, and security loophole scanning on a server interface of the target mini program;

wherein the security loophole scanning on the target mini program comprises one or more loophole scanning programs including;

determining whether the target mini program includes a sensitive information leaking loophole,determining whether the target mini program includes an HTML code loophole,determining whether the target mini program includes a JS code loophole, anddetermining whether the target mini program includes an unauthorized external resource reference loophole; and

when the target mini program passes the multi-dimensional security scanning, releasing the target mini program to a server.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and devices, including computer programs encoded on computer storage media, for security scanning a mini program are provided. One of the methods includes: obtaining a target mini program to be released, invoking a security scanning strategy combination to perform multi-dimensional security scanning on the target mini program; and when the target mini program passes the multi-dimensional security scanning, releasing the target mini program to a server. The multi-dimensional security scanning may include malicious code scanning on the target mini program, security loophole scanning on the target mini program, and security loophole scanning on a server interface of the target mini program.

16 Citations

20 Claims

1. A security scanning method for a mini program, comprising:
- obtaining a target mini program to be released;
  
  invoking a security scanning strategy combination to perform multi-dimensional security scanning on the target mini program, wherein the multi-dimensional security scanning comprises malicious code scanning on the target mini program, security loophole scanning on the target mini program, and security loophole scanning on a server interface of the target mini program;
  
  wherein the security loophole scanning on the target mini program comprises one or more loophole scanning programs including;
  
  determining whether the target mini program includes a sensitive information leaking loophole,determining whether the target mini program includes an HTML code loophole,determining whether the target mini program includes a JS code loophole, anddetermining whether the target mini program includes an unauthorized external resource reference loophole; and
  
  when the target mini program passes the multi-dimensional security scanning, releasing the target mini program to a server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein the malicious code scanning on the target mini program comprises one or more of:
    - determining whether the target mini program includes a payload;
      
      determining whether a malicious invoking function is present in functions invoked by the target mini program, wherein the malicious invoking function is an unauthorized invoking function for the target mini program; and
      
      determining whether content invoked by the target mini program includes non-compliant content.
  - 3. The method according to claim 2, wherein the determining whether the target mini program includes a payload comprising:
    - parsing codes and data in a load of the target mini program; and
      
      comparing the parsed codes and data with samples of known payloads.
  - 4. The method according to claim 2, wherein the determining whether content invoked by the target mini program includes non-compliant content comprises:
    - parsing media and text content invoked by the target mini program; and
      
      comparing the parsed media and text content with non-compliant content samples.
  - 5. The method according to claim 1, wherein the security loophole scanning on the target mini program comprises:
    - performing a comparison with a loophole database by one or more loophole scanners corresponding to the one or more loophole scanning programs.
  - 6. The method according to claim 1, wherein the security loophole scanning on a server interface of the target mini program comprises:
    - parsing the server interface of the target mini program; and
      
      performing interface loophole scanning on the parsed server interface.
  - 7. The security scanning method according to claim 1, further comprising:
    - blocking a release flow of the target mini program responsive to the target mini program not passing the multi-dimensional security scanning.

8. A security scanning device for a mini program, comprising one or more processors and a non-transitory computer-readable memory coupled to the one or more processors and configured with instructions executable by the one or more processors to perform operations comprising:
- obtaining a target mini program to be released;
  
  invoking a security scanning strategy combination to perform multi-dimensional security scanning on the target mini program, wherein the multi-dimensional security scanning comprises malicious code scanning on the target mini program, security loophole scanning on the target mini program, and security loophole scanning on a server interface of the target mini program;
  
  wherein the security loophole scanning on the target mini program comprises one or more loophole scanning programs including;
  
  determining whether the target mini program includes a sensitive information leaking loophole,determining whether the target mini program includes an HTML code loophole,determining whether the target mini program includes a JS code loophole, anddetermining whether the target mini program includes an unauthorized external resource reference loophole; and
  
  when the target mini program passes the multi-dimensional security scanning, releasing the target mini program to a server.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The device according to claim 8, wherein the malicious code scanning on the target mini program comprises one or more of:
    - determining whether the target mini program includes a payload;
      
      determining whether a malicious invoking function is present in functions invoked by the target mini program, wherein the malicious invoking function is an unauthorized invoking function for the target mini program; and
      
      determining whether content invoked by the target mini program includes non-compliant content.
  - 10. The device according to claim 9, wherein the determining whether the target mini program includes a payload comprises:
    - parsing codes and data in a load of the target mini program; and
      
      comparing the parsed codes and data with samples of known payloads.
  - 11. The device according to claim 9, wherein the determining whether content invoked by the target mini program includes non-compliant content comprises:
    - parsing media and text content invoked by the target mini program; and
      
      comparing the parsed media and text content with non-compliant content samples.
  - 12. The device according to claim 8, wherein the security loophole scanning on the target mini program comprises:
    - performing comparison with a loophole database by one or more loophole scanners corresponding to the one or more loophole scanning programs.
  - 13. The device according to claim 8, wherein the security loophole scanning on a server interface of the target mini program comprises:
    - parsing the server interface of the target mini program; and
      
      performing interface loophole scanning on the parsed server interface.
  - 14. The device according to claim 8, wherein the operations further comprise:
    - blocking a release flow of the target mini program responsive to the target mini program not passing the multi-dimensional security scanning.

15. A non-transitory computer-readable storage medium for security scanning for a mini program, storing instructions executable by one or more processors to cause the one or more processors to perform operations comprising:
- obtaining a target mini program to be released;
  
  invoking a security scanning strategy combination to perform multi-dimensional security scanning on the target mini program, wherein the multi-dimensional security scanning comprises malicious code scanning on the target mini program, security loophole scanning on the target mini program, and security loophole scanning on a server interface of the target mini program;
  
  wherein the security loophole scanning on the target mini program comprises one or more of;
  
  determining whether the target mini program includes a sensitive information leaking loophole;
  
  determining whether the target mini program includes an HTML code loophole;
  
  determining whether the target mini program includes a JS code loophole; and
  
  determining whether the target mini program includes an unauthorized external resource reference loophole; and
  
  when the target mini program passes the multi-dimensional security scanning, releasing the target mini program to a server.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable storage medium according to claim 15, wherein the malicious code scanning on the target mini program comprises one or more of:
    - determining whether the target mini program includes a payload;
      
      determining whether a malicious invoking function is present in functions invoked by the target mini program, wherein the malicious invoking function is an unauthorized invoking function for the target mini program; and
      
      determining whether content invoked by the target mini program includes non-compliant content.
  - 17. The non-transitory computer-readable storage medium according to claim 16, wherein the determining whether the target mini program includes a payload comprises:
    - parsing codes and data in a load of the target mini program; and
      
      comparing the parsed codes and data with samples of known payloads.
  - 18. The non-transitory computer-readable storage medium according to claim 16, wherein the determining whether content invoked by the target mini program includes non-compliant content comprises:
    - parsing media and text content invoked by the target mini program; and
      
      comparing the parsed media and text content with non-compliant content samples.
  - 19. The non-transitory computer-readable storage medium according to claim 15, wherein the security loophole scanning on a server interface of the target mini program comprises:
    - parsing the server interface of the target mini program; and
      
      performing interface loophole scanning on the parsed server interface.
  - 20. The non-transitory computer-readable storage medium according to claim 15, wherein the operations further comprise:
    - blocking a release flow of the target mini program responsive to the target mini program not passing the multi-dimensional security scanning.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Advanced New Technologies Company Limited (Ant Group Co., Ltd.)
Original Assignee
Advanced New Technologies Company Limited (Ant Group Co., Ltd.)
Inventors
Zhao, Hao, Cao, Shijie, Shang, Shanhu, Liu, Peng
Primary Examiner(s)
Bayou, Yonas A

Application Number

US16/737,766
Publication Number

US 20200143051A1
Time in Patent Office

321 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/54   by adding security routines...

G06F 21/556   involving covert channels, ...

G06F 21/562   Static detection

G06F 21/564   by virus signature recognition

G06F 21/566   Dynamic detection, i.e. det...

Security scanning method and apparatus for mini program, and electronic device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security scanning method and apparatus for mini program, and electronic device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links