CN111046393A - Vulnerability information uploading method and device, terminal equipment and storage medium - Google Patents
Vulnerability information uploading method and device, terminal equipment and storage medium Download PDFInfo
- Publication number
- CN111046393A CN111046393A CN201911287053.5A CN201911287053A CN111046393A CN 111046393 A CN111046393 A CN 111046393A CN 201911287053 A CN201911287053 A CN 201911287053A CN 111046393 A CN111046393 A CN 111046393A
- Authority
- CN
- China
- Prior art keywords
- information
- identification information
- vulnerability
- management system
- vulnerability information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
- Stored Programmes (AREA)
Abstract
The application is suitable for the technical field of software testing, and provides a vulnerability information uploading method, a vulnerability information uploading device, terminal equipment and a storage medium.
Description
Technical Field
The application belongs to the technical field of software testing, and particularly relates to a vulnerability information uploading method and device, terminal equipment and a storage medium.
Background
A Bug (Bug) refers to a Bug in software. At present, when a tester uses a mobile phone to test mobile phone software (Application), if finding that the App has Bug, the tester needs to upload relevant information of the Bug through a computer, and when uploading, the tester needs to analyze the Bug, and then submits Bug information to a corresponding storage location of a Bug management system, so that the submission efficiency is low.
In summary, the problem of low submission efficiency exists when the Bug information is submitted to the Bug management system at present.
Disclosure of Invention
The embodiment of the application provides a vulnerability information uploading method and device, terminal equipment and a storage medium, and can solve the problem that the existing vulnerability information is submitted to a Bug management system, so that the submitting efficiency is low.
In a first aspect, an embodiment of the present application provides a vulnerability information uploading method, including:
recognizing vulnerability information, and determining identification information according to the vulnerability information;
calling a target interface according to the identification information;
and uploading the vulnerability information to a management system through the target interface.
In an embodiment, before identifying the vulnerability information, the method includes:
receiving an interface calling request;
and if the interface calling request is legal, opening the calling authority of the server-side interface, and receiving the vulnerability information according to the server-side interface.
In an embodiment, the invoking a target interface according to the identification information includes:
if the identification information is invalid information, generating valid identification information, and establishing a mapping relation between the valid identification information and the vulnerability information;
and calling a first target interface to establish connection with the management system, and uploading the effective identification information and the vulnerability information.
In an embodiment, the invoking the target interface according to the identification information further includes:
if the identification information is valid information, judging whether valid identification information which is the same as the identification information exists in the management system;
if the effective identification information which is the same as the identification information does not exist in the management system, calling a first target interface to establish connection with the management system, and uploading the vulnerability information.
In an embodiment, after determining whether there is valid identification information that is the same as the identification information in the management system if the identification information is valid information, the method further includes:
if the effective identification information which is the same as the identification information exists in the management system, calling a second target interface to establish connection with the management system, and acquiring first data according to the identification information, wherein the first data comprises historical vulnerability information of vulnerabilities corresponding to the identification information;
generating second data according to the first data and the vulnerability information;
and uploading the second data to the management system through the second target interface.
In an embodiment, after the uploading the vulnerability information to a management system through the target interface, the method further includes:
and deleting the vulnerability information.
In an embodiment, the vulnerability information further carries description information, and the description information is used for describing the current vulnerability information.
In a second aspect, an embodiment of the present application provides a vulnerability information uploading apparatus, including:
the identification module is used for identifying the vulnerability information and determining identification information according to the vulnerability information;
the calling module is used for calling a target interface according to the identification information;
and the uploading module is used for uploading the vulnerability information to a management system through the target interface.
In a third aspect, an embodiment of the present application provides a terminal device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor, when executing the computer program, implements the vulnerability information uploading method according to any of the above first aspects.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the vulnerability information uploading method according to any of the first aspects is implemented.
In a fifth aspect, an embodiment of the present application provides a computer program product, which, when running on a terminal device, causes the terminal device to execute the vulnerability information uploading method described in any of the above first aspects.
It is understood that the beneficial effects of the second aspect to the fifth aspect can be referred to the related description of the first aspect, and are not described herein again.
Compared with the prior art, the embodiment of the application has the advantages that: after the server identifies the vulnerability information, the corresponding identification information can be determined according to the vulnerability information, the corresponding target interface in the management system is automatically called according to the identification information, the vulnerability information is uploaded to the corresponding storage position in the management system, and the efficiency of submitting the vulnerability information by the server is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic flow chart of an implementation of a vulnerability information uploading method provided in an embodiment of the present application;
fig. 2 is a schematic flowchart of another implementation flow of a vulnerability information uploading method provided in an embodiment of the present application;
fig. 3 is a schematic flowchart of another implementation flow of the vulnerability information uploading method provided in the embodiment of the present application;
fig. 4 is a schematic flow chart of still another implementation of the vulnerability information uploading method provided in the embodiment of the present application;
fig. 5 is a schematic structural diagram of a vulnerability information uploading apparatus according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a terminal device according to an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It should also be understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
Furthermore, in the description of the present application and the appended claims, the terms "first," "second," "third," and the like are used for distinguishing between descriptions and not necessarily for describing or implying relative importance.
The vulnerability information uploading method provided by the embodiment of the application can be applied to terminal devices such as a mobile phone, a tablet computer, a notebook computer, an ultra-mobile personal computer (UMPC), a netbook and the like, and the specific type of the terminal device is not limited at all by the embodiment of the application.
Referring to fig. 1, fig. 1 is a schematic flowchart of a vulnerability information uploading method provided in an embodiment of the present application.
The details are as follows:
s101: and identifying vulnerability information, and determining identification information according to the vulnerability information.
In the application, the Bug (Bug) information may be related information when an error occurs in hardware, system software (such as an operating system) or application software (such as word processing software) of a computer, a mobile phone or other electronic devices, for example, system error information (such as information of generating an error code or a blue screen), functional error information, information of performance problems, information of configuration errors, and the like, which is not limited thereto. For convenience of description, the vulnerability information uploading method in this embodiment is applied to a server, and the server may be a server device. The vulnerability information comprises one or more of vulnerability screenshots, log information and description information.
Specifically, the Bug information may be a screenshot of the Bug, for example, when the Bug is found in the running or testing process of the mobile phone APP, the current Bug is recorded through the mobile phone screenshot; the Bug information can also be a text description of the Bug, for example, when the Bug is found in the running or testing process of the mobile phone APP, the text description of the Bug is input through an input device of the mobile phone to record the Bug; the Bug information can also be a screenshot and a text description of the Bug, for example, when the Bug is found in the running or testing process of the mobile phone APP, the current Bug is recorded by screen capturing of the mobile phone and adding the text description on the basis of the screenshot. It can be understood that the vulnerability information further includes log information, and the log information may be a test log generated during a test. The description information is used for describing the vulnerability, and the difference between the display effect and the expected effect when the vulnerability is found in the running or testing process of the mobile phone APP is represented through the description information. The method is convenient for developers to know the situation of the vulnerability after seeing the description information, and the description information can be that when the Bug is found in the running or testing process of the mobile phone APP, after the screenshot of the current display interface is generated through the screen capture operation, the text description content of the current vulnerability is input by the testers through the input device of the mobile phone.
In application, the identification information is unique identification information, the identification information is used for identifying the current vulnerability and is a unique identification of the vulnerability, and a tester can input the identification information in an input box on an interface of the electronic equipment for confirming and submitting the vulnerability information, for example, a virtual operation key is also displayed on the interface of the electronic equipment, and effective identification information is automatically generated according to the virtual operation input description information or the form of the identification information when the server side judges that the received identification information is invalid information, which is not limited. The identification information may include, but is not limited to, numbers, letters, or other symbols, and combinations of the numbers, letters, and other symbols.
In application, the electronic device uses the identification information as a field of the vulnerability information, and the vulnerability information carries the identification information. After the server receives the vulnerability information, the corresponding identification information can be determined by analyzing the identification information field of the vulnerability information. Here, the electronic device may encrypt the vulnerability information to form a data frame or a data packet, then send the data frame or the data packet to the server, and decrypt and extract the data frame or the data packet by the server to obtain the identification information carried in the vulnerability information.
In application, the vulnerabilities are in one-to-one correspondence with the identification information, and different vulnerabilities correspond to different identification information.
In an embodiment, the vulnerability information sent by the electronic device includes attachments, identification information, description information and log information of vulnerability screenshots.
S102: and calling a target interface according to the identification information.
The target interface is a data interface for the server to upload the vulnerability information to the management system, and the data interface comprises a plurality of target interfaces, for example, the target interfaces comprise an updated vulnerability information interface and a newly-built vulnerability information interface, wherein when the server finds the same identification information in the management system according to the identification information, a calling request for calling the updated vulnerability information interface is sent to the management system, and when the server finds the same identification information in the management system, a calling request for calling the newly-built vulnerability information interface is sent to the management system.
S103: and uploading the vulnerability information to a management system through the target interface.
In application, when the server calls the update vulnerability information interface, the server can search the historical vulnerability information which contains the identification information and exists in the management system according to the identification information through the update vulnerability interface, and obtains the storage position of the historical vulnerability information, for example, the historical vulnerability information is stored in the management system in a data packet mode, and then the current vulnerability information is uploaded to the data packet and is stored in the management system together with the historical vulnerability information. Or; when the server side calls the newly-built vulnerability information interface, the server side establishes a corresponding storage space in the management system according to the newly-built vulnerability information interface, and uploads the current vulnerability information to the storage space to be distinguished from other vulnerability information.
In application, the management system is a vulnerability information management system and is used for collecting, tracking, distributing and the like vulnerability information. Such as the management system may be a JIRA system.
In this embodiment, after the server identifies the vulnerability information, the server may determine corresponding identification information according to the vulnerability information, automatically call a corresponding target interface in the management system according to the identification information, upload the vulnerability information to a corresponding storage location in the management system, and improve the efficiency of submitting the vulnerability information by the server.
Referring to fig. 2, in an embodiment, step S101 includes, before:
s201, receiving an interface calling request.
In application, the interface calling request may be an interface calling request sent by a first terminal; the first terminal includes, but is not limited to, a mobile phone, a tablet computer, and a notebook computer. For convenience of explanation, the first terminal in this embodiment is explained by taking a mobile phone as an example. The interface calling request refers to that the mobile phone automatically generates a calling request of the server interface if bug information is found or a tester confirms to upload the bug information in the running process of the APP in the mobile phone. In the application, when the mobile phone detects a specific operation step in the running process of the software APP, for example, when the running of the self screenshot software or screenshot operation, double-click on a screen, and long-press on a corresponding entity or virtual key are detected, an operation instruction whether to feed back vulnerability information is automatically displayed on a mobile phone interface, and a calling request for calling a server interface is sent or not sent according to the operation instruction of a tester; or, in the running process of the APP software in the mobile phone, if the vulnerability information is found, the mobile phone directly captures the current vulnerability information, generates corresponding description information according to the vulnerability information, and uploads the description information to the server, which is not limited.
S202, if the interface calling request is legal, opening the calling authority of the server-side interface, and receiving the vulnerability information according to the server-side interface.
In the application, the interface calling request can be transmitted in a wireless message form or a data packet form, when the server receives the interface calling request of the first terminal, the server analyzes the interface calling request and acquires the carried request information, if the carried request information is consistent with the format of the preset request information, the current interface calling request is considered to be legal, the calling authority of the server interface is opened, the first terminal can call the server interface after the calling authority is opened, and then information interaction is performed with the server through the interface. The preset request information may be a preset special character, a preset number, a preset combination form or the like, and if the request information obtained after the analysis is "a 11" and the format of the request information is the same as or consistent with that of the preset request information, it is determined that the current interface call request is legal, and the call authority of the server interface is opened.
In application, the server interface is an HTTP interface, and the mobile phone can upload vulnerability information, such as Bug found during running of the APP software, and perform screenshot to generate a screenshot attachment; in other applications, the tester may also use a mobile phone to read the internal information of the server through the server interface, which is not limited herein.
In this embodiment, when the server determines that the interface call request is legal, the server automatically opens the call permission of the server interface, establishes a connection with the first terminal through the server interface, receives vulnerability information submitted by the first terminal, reduces operation steps of a tester, and improves the submission efficiency of the vulnerability information.
Referring to fig. 3, in an embodiment, step S102 includes:
s301: and if the identification information is invalid information, generating effective identification information, and establishing a mapping relation between the effective identification information and the vulnerability information.
In the application, if the identification information is empty or the identification information cannot be analyzed by the server, the current identification information is considered to be invalid information. For example, when the tester uploads the vulnerability information, the tester does not add identification information to the current vulnerability, that is, the identification information is determined to be null, and at this time, the server determines that the identification information is invalid information.
In application, the effective identification information may be generated according to a preset rule, for example, the effective identification information is a combination of a character and a number. After the identification information carried by the uploaded loophole information is judged to be invalid information, effective identification information is automatically generated and written into an identification information field, illustratively, when the identification information carried by the uploaded loophole information is determined to be empty by the server, a character string in a character plus number form is automatically generated, and then the character string is written into the identification information field corresponding to the loophole information.
The preset rule may be that effective identification information is generated according to an identification information set preset in the management system, a plurality of unique identification information are preset in the identification information set, if the identification information in the identification information set of the management system does not establish an association relationship with the vulnerability, one of the identification information which does not establish the association relationship can be selected as the effective identification information, and the association relationship between the effective identification information and the current vulnerability is established.
In the application, if the format of the identification information obtained by analysis meets the preset requirement, it is determined that the identification information is valid information, the identification information can be set for the tester to classify different types of vulnerabilities, for example, a vulnerability includes a display vulnerability, a response vulnerability and a flash quit vulnerability, the corresponding type of the display vulnerability can be an a type, the format of the identification information of the vulnerability can be an a11, the type of the response vulnerability can be a B type, the format of the identification information of the response vulnerability can be a B11, the type of the flash quit vulnerability can be a C type, the format of the identification information of the flash quit vulnerability can be a C11, and so on, the method is not limited. The server side can obtain a corresponding format according to the analyzed identification information, and judges whether the identification information is effective information or not according to the format.
S302: and calling a first target interface to establish connection with the management system, and uploading the effective identification information and the vulnerability information.
In application, the first target interface is an interface for calling newly-added vulnerability information in the management system, and is used for adding the newly-added vulnerability information and effective identification information in the management system. The Bug information further includes log information generated when the Bug information is generated in an uploading mode, and description information used for describing the Bug information, and if the Bug is found by running the mobile phone APP, the mobile phone performs screen capture operation on the generated Bug to generate a screenshot attachment, which is not limited to the screenshot attachment.
In this embodiment, by analyzing the identification information given when the vulnerability information is generated, when the identification information is judged to be invalid, the effective identification information is automatically generated and a mapping relation is established with the vulnerability, so that a subsequent tester can search according to the effective identification information, then the server side automatically calls the first target interface, a storage space is newly built in the management system, and the current vulnerability information is automatically uploaded into the storage space, so that the vulnerability information submission efficiency is improved.
Referring to fig. 4, in an embodiment, step S102 includes:
s401, if the identification information is valid information, judging whether valid identification information which is the same as the identification information exists in the management system.
S402, if the effective identification information which is the same as the identification information does not exist in the management system, calling a first target interface to establish connection with the management system, and uploading the vulnerability information.
In application, if the identification information can be analyzed by a server, the identification information is determined to be valid information. Illustratively, if the identification information obtained by analyzing the current vulnerability is A11, the corresponding format is letter plus number, the letter plus number is matched with the preset format, and then whether the corresponding vulnerability exists in the target system is determined according to the analyzed letter and number. For example, when the tester uploads the vulnerability information, the tester adds the identification information "a 22" to the current vulnerability, and then the server searches for effective identification information that is the same as the current identification information from all the identification information stored in the management system, for example, if the management system only has a vulnerability with identification information "a 11", a vulnerability with identification information "B11", and a vulnerability with identification information "C11". That is, the server cannot find the identification information "a 22" in the management system, it is determined that there is no valid identification information in the management system that is the same as the current identification information, and it is determined that the current bug is a newly added bug, and then the first target interface is invoked to upload the bug information to the storage location corresponding to the management system, if a new storage space is established in the management system, the current bug information is stored.
In this embodiment, when the identification information is determined to be valid information, further after the same identification information is not found in the management system through the identification information, the first target interface is automatically called, a storage space is newly built in the management system, and the current vulnerability information is automatically uploaded to the storage space, so that vulnerability information submission efficiency is improved.
Referring to fig. 4, in an embodiment, after determining whether there is valid identification information that is the same as the identification information in the management system if the identification information is valid information, the method further includes:
s501, if the effective identification information which is the same as the identification information exists in the management system, calling a second target interface to establish connection with the management system, and obtaining first data according to the identification information, wherein the first data comprises historical vulnerability information of vulnerabilities corresponding to the identification information.
In application, the second target interface is an interface for calling the updated existing vulnerability information in the management system, namely an updated vulnerability information interface, and is used for updating the existing vulnerability information in the management system.
S502, generating second data according to the first data and the vulnerability information.
In an application, the second data may be information obtained by combining all information (including historical vulnerability information) in the first data with current vulnerability information. Illustratively, first data is stored in the management system in a data packet form, the data packet includes historical log information and historical description information of the vulnerability, after the first data is acquired, current log information and historical log information are merged, current description information and historical description information are merged, and the merged data packet is second data. The server side can obtain corresponding first data through the second target interface according to the identification information.
S503, uploading the second data to the management system through the second target interface.
In application, the second target interface is used for the server to search historical vulnerability information containing the identification information in the management system through the second target interface, obtain a storage position of the historical vulnerability information, and upload second data to the storage position.
In another embodiment, the current vulnerability information may also be directly uploaded to a data packet of the first data to form second data, and the second data is stored in the management system, so that the time for acquiring the first data is reduced, and the submission efficiency of the vulnerability information is improved, which is not limited herein.
In other applications, when the first data and the current vulnerability information are merged to generate the second data, if the description information about the vulnerability in the historical vulnerability information is the same as the description information about the vulnerability in the current vulnerability information, the description information about the historical vulnerability information or the description information about the current vulnerability information may be directly deleted, which is not limited.
In this embodiment, the identification information is analyzed, when the identification information is determined to be valid information and the same valid identification information exists in the management system, first data including historical vulnerability information is correspondingly obtained according to the identification information, the current vulnerability information and the first data are combined to generate second data, and the second data are uploaded to the management system, so that vulnerability information submission efficiency is improved.
In an embodiment, after the uploading the vulnerability information to a management system through the target interface, the method further includes:
and deleting the vulnerability information.
In application, after the vulnerability information is uploaded to a management system by the server, the vulnerability information can be directly deleted, so that the occupied space of the vulnerability information in the server is reduced.
In other applications, when the server uploads the vulnerability information to the management system, if the vulnerability of the mobile phone APP is repaired or solved, the server queries the corresponding vulnerability information according to the identification information and deletes the vulnerability information, so that the operation that the vulnerability information needs to be generated again through the mobile phone after the vulnerability information uploading failure is reduced, or the operation that a developer needs to log in the management system for many times when querying the vulnerability information is avoided.
In this embodiment, when the uploaded vulnerability information is repaired, the server may delete the uploaded vulnerability information, and has an effect of sorting the vulnerability information in the management system.
As shown in fig. 5, the present embodiment further provides a vulnerability information uploading apparatus 100, which includes:
and the identification module 10 is used for identifying the vulnerability information and determining the identification information according to the vulnerability information.
And the calling module 20 is configured to call a target interface according to the identification information.
And the uploading module 30 is used for uploading the vulnerability information to a management system through the target interface.
In an embodiment, the vulnerability information uploading apparatus 100 further includes:
the receiving module is used for receiving an interface calling request;
and the opening module is used for opening the calling authority of the server-side interface if the interface calling request is legal and receiving the vulnerability information according to the server-side interface.
In one embodiment, the calling module 20 is further configured to:
if the identification information is invalid information, generating valid identification information, and establishing a mapping relation between the valid identification information and the vulnerability information;
and calling a first target interface to establish connection with the management system, and uploading the effective identification information and the vulnerability information.
In one embodiment, the calling module 20 is further configured to:
if the identification information is valid information, judging whether valid identification information which is the same as the identification information exists in the management system;
if the effective identification information which is the same as the identification information does not exist in the management system, calling a first target interface to establish connection with the management system, and uploading the vulnerability information.
In one embodiment, the calling module 20 is further configured to:
if the effective identification information which is the same as the identification information exists in the management system, calling a second target interface to establish connection with the management system, and acquiring first data according to the identification information, wherein the first data comprises historical vulnerability information of vulnerabilities corresponding to the identification information;
generating second data according to the first data and the vulnerability information;
and uploading the second data to the management system through the second target interface.
In an embodiment, the vulnerability information uploading apparatus 100 further includes:
and the deleting module is used for deleting the vulnerability information.
In an embodiment, the vulnerability information further carries description information, and the description information is used for describing the current vulnerability information.
In this embodiment, after the server identifies the vulnerability information, the server may determine corresponding identification information according to the vulnerability information, automatically call a corresponding target interface in the management system according to the identification information, upload the vulnerability information to a corresponding storage location in the management system, and improve the efficiency of submitting the vulnerability information by the server.
An embodiment of the present application further provides a terminal device, where the terminal device includes: at least one processor, a memory, and a computer program stored in the memory and executable on the at least one processor, the processor implementing the steps of any of the various method embodiments described above when executing the computer program.
The embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the steps in the above-mentioned method embodiments may be implemented.
The embodiments of the present application provide a computer program product, which when running on a terminal device, enables the terminal device to implement the steps in the above method embodiments when executed.
Fig. 6 is a schematic diagram of a terminal device 80 according to an embodiment of the present application. As shown in fig. 6, the terminal device 80 of this embodiment includes: a processor 803, a memory 801 and a computer program 802 stored in the memory 801 and executable on the processor 803. The processor 803 implements the steps in the various method embodiments described above, such as the steps S101 to S103 shown in fig. 1, when executing the computer program 802. Alternatively, the processor 803 realizes the functions of the modules/units in the above-described device embodiments when executing the computer program 802.
Illustratively, the computer program 802 may be partitioned into one or more modules/units that are stored in the memory 801 and executed by the processor 803 to accomplish the present application. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of the computer program 802 in the terminal device 80. For example, the computer program 802 may be divided into an identification module, a calling module, and an uploading module, and each module has the following specific functions:
and the receiving module is used for identifying the vulnerability information and determining the identification information according to the vulnerability information.
And the calling module is used for calling the target interface according to the identification information.
And the uploading module is used for uploading the vulnerability information to a management system through the target interface.
The terminal device 80 may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The terminal device may include, but is not limited to, a processor 803 and a memory 801. Those skilled in the art will appreciate that fig. 6 is merely an example of a terminal device 80, and does not constitute a limitation of terminal device 80, and may include more or fewer components than shown, or some components in combination, or different components, e.g., the terminal device may also include input-output devices, network access devices, buses, etc.
The Processor 803 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage 801 may be an internal storage unit of the terminal device 80, such as a hard disk or a memory of the terminal device 80. The memory 801 may also be an external storage device of the terminal device 80, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, provided on the terminal device 80. In one embodiment, the memory 801 may also include both internal and external memory units of the terminal device 80. The memory 801 is used to store the computer programs and other programs and data required by the terminal device. The memory 801 may also be used to temporarily store data that has been output or is to be output.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow in the method of the embodiments described above can be realized by a computer program, which can be stored in a computer-readable storage medium and can realize the steps of the embodiments of the methods described above when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.
Claims (10)
1. A vulnerability information uploading method is characterized by comprising the following steps:
recognizing vulnerability information, and determining identification information according to the vulnerability information;
calling a target interface according to the identification information;
and uploading the vulnerability information to a management system through the target interface.
2. The vulnerability information uploading method of claim 1, wherein the identifying vulnerability information, before, comprises:
receiving an interface calling request;
and if the interface calling request is legal, opening the calling authority of the server-side interface, and receiving the vulnerability information according to the server-side interface.
3. The vulnerability information uploading method of claim 1, wherein the invoking a target interface according to the identification information comprises:
if the identification information is invalid information, generating valid identification information, and establishing a mapping relation between the valid identification information and the vulnerability information;
and calling a first target interface to establish connection with the management system, and uploading the effective identification information and the vulnerability information.
4. The vulnerability information uploading method of claim 1, wherein the invoking a target interface according to the identification information further comprises:
if the identification information is valid information, judging whether valid identification information which is the same as the identification information exists in the management system;
if the effective identification information which is the same as the identification information does not exist in the management system, calling a first target interface to establish connection with the management system, and uploading the vulnerability information.
5. The vulnerability information uploading method according to claim 4, wherein after determining whether valid identification information identical to the identification information exists in the management system if the identification information is valid information, further comprising:
if the effective identification information which is the same as the identification information exists in the management system, calling a second target interface to establish connection with the management system, and acquiring first data according to the identification information, wherein the first data comprises historical vulnerability information of vulnerabilities corresponding to the identification information;
generating second data according to the first data and the vulnerability information;
and uploading the second data to the management system through the second target interface.
6. The vulnerability information uploading method of any of claims 1 to 5, wherein after uploading the vulnerability information to a management system through the target interface, further comprising:
and deleting the vulnerability information.
7. The vulnerability information uploading method according to claim 5, wherein the vulnerability information further carries description information, and the description information is used for describing the current vulnerability information.
8. The vulnerability information uploading device is characterized by comprising:
the identification module is used for identifying the vulnerability information and determining identification information according to the vulnerability information;
the calling module is used for calling a target interface according to the identification information;
and the uploading module is used for uploading the vulnerability information to a management system through the target interface.
9. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911287053.5A CN111046393B (en) | 2019-12-14 | 2019-12-14 | Vulnerability information uploading method and device, terminal equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911287053.5A CN111046393B (en) | 2019-12-14 | 2019-12-14 | Vulnerability information uploading method and device, terminal equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111046393A true CN111046393A (en) | 2020-04-21 |
| CN111046393B CN111046393B (en) | 2022-08-02 |
Family
ID=70236435
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911287053.5A Active CN111046393B (en) | 2019-12-14 | 2019-12-14 | Vulnerability information uploading method and device, terminal equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111046393B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112637151A (en) * | 2020-12-11 | 2021-04-09 | 深圳市英威腾电气股份有限公司 | Data message transmission method, terminal device, server and storage medium |
| CN113221122A (en) * | 2021-05-21 | 2021-08-06 | 珠海金山网络游戏科技有限公司 | Vulnerability reproduction method and device |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102769536A (en) * | 2011-12-16 | 2012-11-07 | 北京安天电子设备有限公司 | Method and system capable of presenting bug fix situation of LAN terminal |
| CN106302011A (en) * | 2016-08-11 | 2017-01-04 | 优酷信息技术(杭州)有限公司 | Method of testings based on multiterminal and terminal |
| CN107368413A (en) * | 2017-07-12 | 2017-11-21 | 网易有道信息技术(北京)有限公司 | A kind of method and apparatus for submitting vulnerability information |
| CN107957941A (en) * | 2016-10-17 | 2018-04-24 | 腾讯科技(深圳)有限公司 | Mobile terminal memory overflow treating method and apparatus |
| CN108874968A (en) * | 2018-06-07 | 2018-11-23 | 平安科技(深圳)有限公司 | Risk management data processing method, device, computer equipment and storage medium |
| CN109086608A (en) * | 2018-07-20 | 2018-12-25 | 西安四叶草信息技术有限公司 | A kind of detection file uploads method, terminal device and the server of loophole |
| US20190020674A1 (en) * | 2017-07-12 | 2019-01-17 | Symantec Corporation | Systems and methods for detecting vulnerabilities on servers |
| US20190166150A1 (en) * | 2017-11-28 | 2019-05-30 | International Business Machines Corporation | Automatically Assessing a Severity of a Vulnerability Via Social Media |
| CN110348219A (en) * | 2019-06-13 | 2019-10-18 | 晶晨半导体(上海)股份有限公司 | Version comparison method, system, computer equipment and readable storage medium storing program for executing |
-
2019
- 2019-12-14 CN CN201911287053.5A patent/CN111046393B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102769536A (en) * | 2011-12-16 | 2012-11-07 | 北京安天电子设备有限公司 | Method and system capable of presenting bug fix situation of LAN terminal |
| CN106302011A (en) * | 2016-08-11 | 2017-01-04 | 优酷信息技术(杭州)有限公司 | Method of testings based on multiterminal and terminal |
| CN107957941A (en) * | 2016-10-17 | 2018-04-24 | 腾讯科技(深圳)有限公司 | Mobile terminal memory overflow treating method and apparatus |
| CN107368413A (en) * | 2017-07-12 | 2017-11-21 | 网易有道信息技术(北京)有限公司 | A kind of method and apparatus for submitting vulnerability information |
| US20190020674A1 (en) * | 2017-07-12 | 2019-01-17 | Symantec Corporation | Systems and methods for detecting vulnerabilities on servers |
| US20190166150A1 (en) * | 2017-11-28 | 2019-05-30 | International Business Machines Corporation | Automatically Assessing a Severity of a Vulnerability Via Social Media |
| CN108874968A (en) * | 2018-06-07 | 2018-11-23 | 平安科技(深圳)有限公司 | Risk management data processing method, device, computer equipment and storage medium |
| CN109086608A (en) * | 2018-07-20 | 2018-12-25 | 西安四叶草信息技术有限公司 | A kind of detection file uploads method, terminal device and the server of loophole |
| CN110348219A (en) * | 2019-06-13 | 2019-10-18 | 晶晨半导体(上海)股份有限公司 | Version comparison method, system, computer equipment and readable storage medium storing program for executing |
Non-Patent Citations (4)
| Title |
|---|
| SNEHAL CHOPADE: "Effective bug triage with Prim"s algorithm for feature selection", 《IEEE》 * |
| 何金栋: "Weblogic_SSRF漏洞检测系统的设计和实现", 《通讯世界》 * |
| 张嘉元: "一种基于匹配的Android系统漏洞检测方法", 《电信科学》 * |
| 邓之珺: "基于多特征分析的漏洞自动化识别研究", 《中国优秀硕士学位论文全文数据库(信息科技辑)》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112637151A (en) * | 2020-12-11 | 2021-04-09 | 深圳市英威腾电气股份有限公司 | Data message transmission method, terminal device, server and storage medium |
| CN112637151B (en) * | 2020-12-11 | 2023-05-05 | 深圳市英威腾电气股份有限公司 | Data message transmission method, terminal device, server and storage medium |
| CN113221122A (en) * | 2021-05-21 | 2021-08-06 | 珠海金山网络游戏科技有限公司 | Vulnerability reproduction method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111046393B (en) | 2022-08-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110008045B (en) | Method, device and equipment for aggregating microservices and storage medium | |
| CN110221982B (en) | Performance test method, device and equipment of business system and readable storage medium | |
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| CN110225104B (en) | Data acquisition method and device and terminal equipment | |
| CN110266517B (en) | External service calling method and device based on gateway and terminal equipment | |
| CN110377462B (en) | Interface testing method and device and terminal equipment | |
| CN110474900B (en) | Game protocol testing method and device | |
| CN111046393B (en) | Vulnerability information uploading method and device, terminal equipment and storage medium | |
| CN112506798A (en) | Performance test method, device, terminal and storage medium of block chain platform | |
| CN111190551B (en) | Redis data migration system, migration method, migration device and terminal | |
| CN112363938A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN112948224B (en) | Data processing method, device, terminal and storage medium | |
| CN113032834A (en) | Database table processing method, device, equipment and storage medium | |
| CN108228611B (en) | Document information copying method and device | |
| CN115022201B (en) | Data processing function test method, device, equipment and storage medium | |
| CN110020166B (en) | Data analysis method and related equipment | |
| CN115934537A (en) | Interface test tool generation method, device, equipment, medium and product | |
| CN115643094A (en) | Threat information fusion method and device, electronic equipment and storage medium | |
| CN112379967B (en) | Simulator detection method, device, equipment and medium | |
| CN111865726B (en) | Service message testing method, device, computer system and storage medium | |
| CN111949510B (en) | Test processing method, device, electronic equipment and readable storage medium | |
| CN111190824B (en) | Monitoring method, device, terminal equipment and storage medium | |
| CN111045983B (en) | Nuclear power station electronic file management method, device, terminal equipment and medium | |
| CN110532186B (en) | Method, device, electronic equipment and storage medium for testing by using verification code | |
| CN111143149B (en) | Method and device for back displaying request data, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221220 Address after: 518000 b1-13, Nanshan Zhiyuan Park, No. 1001, Xueyuan Avenue, Taoyuan Street, Nanshan District, Shenzhen, Guangdong Patentee after: Youbixuan software technology (Shenzhen) Co.,Ltd. Address before: 518000 16th and 22nd Floors, C1 Building, Nanshan Zhiyuan, 1001 Xueyuan Avenue, Nanshan District, Shenzhen City, Guangdong Province Patentee before: Shenzhen Youbixuan Technology Co.,Ltd. |