Knowledge Graph Based Semi-automatic Code Auditing System

摘要

Aiming at detecting various vulnerabilities in Web application system based on PHP language, a semi-automatic code auditing system based on knowledge graph is proposed. Firstly, the abstract syntax tree of each file in the Web application system is constructed to extract the taint variables and function information from the abstract syntax tree and construct the global variable information. Secondly, the data flow information of each taint variable is analyzed accurately. Finally, the knowledge graph and code auditing technology are combined to construct and display the vulnerability information of the Web application system in the form of graph. Experiments and analysis results show that this detection method can well construct and display the data flow information of each taint variable and help auditors find common vulnerabilities in Web application systems more quickly.