Research And Implementation Of Vulnerability Detection In Python Scripts

With the rapid development of artificial intelligence and machine learning,Python is widely used in web crawlers,machine learning,data analysis and other fields.Python has a powerful third-party library,which makes Python more and more important in programming languages.However,due to the insecurities of the system,there is no guarantee that Python scripts will be trusted throughout their lifecycle.When the system is attacked,Python scripts on computers may be tampered with.Therefore,vulnerabilities in Python scripts are need to studied.This paper studies two aspects of integrity verification and vulnerability detection.To this end,this paper studies two aspects of integrity verification and vulnerability detection.In this article,integrity verification and vulnerability detection are based on two Python scripts,an original Python script and a current Python script.Once the original Python script has been changed during its lifetime,it is called the current Python script.The research content and innovations of this paper are as follows:(1)When the original Python script is trusted,check whether the current Python script is semantically consistent with the original Python script through the integrity verification.The integrity verification in this article is a loose integrity verification,which is more inclined to similarity detection than cryptographic integrity verification.Here,a similarity detection method combining UNIX diff instruction and abstract syntax tree is proposed.Experiments show that this method can effectively avoid the shortcomings caused by the similarity detection of tree structure.(2)When the original Python script is trusted and its integrity has been compromised,vulnerability detection of the current Python script is required.In this regard,the well-expanded Python vulnerability detection tool Bandit is analyzed,summarizing its advantages and disadvantages,and improving its shortcomings by combining taint analysis with Bandit.Experiments show that the scheme can reduce the false positive rate of the vulnerability without affecting the performance of the Bandit.(3)When the original Python script is not trusted,the current Python script is detected directly.In this regard,feature matrix based Python clone code vulnerability detection method is proposed.First,for different types of vulnerabilities,extract the corresponding key features,and perform program slicing forwardly or backwardly of Python scripts according to different key features.Then,using the abstract syntax tree based on the code block,the code is converted into vectors to construct feature matrix.Finally,using the machine learning method,the feature matrix is dimension reduced and the similarity is calculated.Experiments show that the program can effectively detect vulnerabilities in Python programs.