The present invention discloses a code audit method, comprising the steps of: tracing a variable in source codes to acquire the processing nodes that process the variable; determining the parent processing nodes of the processing nodes as well as the security attribute of the processing nodes; individually comparing the security attribute of the processing nodes and the security attribute of their parent processing nodes and, in case the security attribute of the parent processing node of a processing node is not a subset of the security attribute of the processing node, determining that there are security vulnerabilities in the processing node. In addition, the present invention further discloses a code audit device. Since the technical solution of the present invention determines whether there are any vulnerabilities in the processing nodes according to their logic for variable processing, it can improve the accuracy of the code audit and truly, accurately reflect any security vulnerabilities in the source codes.
展开▼