CN111338940A - Code processing method, device and system - Google Patents
Code processing method, device and system Download PDFInfo
- Publication number
- CN111338940A CN111338940A CN202010107258.7A CN202010107258A CN111338940A CN 111338940 A CN111338940 A CN 111338940A CN 202010107258 A CN202010107258 A CN 202010107258A CN 111338940 A CN111338940 A CN 111338940A
- Authority
- CN
- China
- Prior art keywords
- code
- code data
- scanning
- data
- project
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Abstract
The invention discloses a code processing method, a device and a system, wherein the method comprises the following steps: responding to the change of project code data of the code hosting platform, and acquiring code data of the project; scanning the code data according to a predetermined scanning rule; and generating a code analysis report according to the scanning result so as to facilitate subsequent analysis. By the invention, the safety problem in the code can be found in real time.
Description
Technical Field
The invention relates to the field of data processing, in particular to a code processing method, device and system.
Background
With the advent of the information age, autonomous research and development systems in internet companies are numerous. Each project group needs to manage its own code. Code Version Management tools, such as Version Control System (VCS) and Software Configuration Management (SCM) systems, are important productivity tools indispensable to Software development projects, and mainly function to enable project members to manage codes in projects and track historical information of a certain file. In the process of project development, the demand is changed frequently, and even in the process of demand production, codes are changed constantly. By using a set of code version management system, the user can clearly know what is released each time the user tests and releases the code, and the change of the code can be better tracked.
The company level uniform professional security code quality assurance capability generally comes from the commercialized products of external companies. Currently, an enterprise typically uses a code hosting platform (e.g., svn, git, or clearase) for code hosting or purchasing a static code scanning tool such as fortify (an application security testing technology).
The code hosting platform only provides functions of branch management, submission, updating and the like of the codes and does not provide guarantee of the safety quality of the codes; and the code scanning module has no source code, so that the expansion and development are inconvenient.
That is, these external products have poor extensibility and high cost, and cannot guarantee the confidentiality of the code of the enterprise itself, and developers cannot know the security problem of the latest code in real time.
Disclosure of Invention
The present invention is directed to a code processing method, apparatus and system to solve at least one of the above-mentioned problems.
According to a first aspect of the present invention, there is provided a code processing method, the method comprising: responding to the change of project code data of the code hosting platform, and acquiring code data of the project; scanning the code data according to a predetermined scanning rule; and generating a code analysis report according to the scanning result so as to facilitate subsequent analysis.
Specifically, the scan rule is generated as follows: and generating the scanning rule according to the code security policy and the code data.
Preferably, before the code data of the item is acquired, the method further comprises: and the code hosting platform carries out syntax check on the code data.
Preferably, before the code data of the item is acquired, the method further comprises: code data for the item sent from the code hosting platform is received.
According to a second aspect of the present invention, there is provided a code processing apparatus, the apparatus comprising: the code acquisition unit is used for responding to the change of the project code data of the code hosting platform and acquiring the code data of the project; a scanning unit for scanning the code data according to a predetermined scanning rule; and the report generating unit is used for generating a code analysis report according to the scanning result so as to facilitate subsequent analysis.
Specifically, the scanning rule in the scanning unit is generated as follows: and generating the scanning rule according to the code security policy and the code data.
Preferably, the above apparatus further comprises: and the code receiving unit is used for receiving the code data of the item sent by the code hosting platform.
According to a third aspect of the present invention, there is provided a code processing system, the system comprising: the code hosting platform comprises the following components: a code receiving unit for receiving project code data submitted by a user; a syntax checking unit for performing syntax checking on the code data; and the code sending unit is used for sending the code data to the code processing device when the grammar checking result is correct.
According to a fourth aspect of the present invention, there is provided an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the code processing method when executing the program.
According to a fifth aspect of the present invention, the present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the code processing method described above.
According to the technical scheme, when the project code data of the code hosting platform are changed, the code data of the project are obtained, the code data are scanned according to the preset scanning rule, and then the code analysis report is generated according to the scanning result, so that the subsequent analysis is facilitated, and the safety problem existing in the code can be found in real time.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow diagram of a code processing method according to an embodiment of the invention;
FIG. 2 is a block diagram of a code processing system according to an embodiment of the present invention;
FIG. 3 is a block diagram of the structure of a code hosting platform 1 according to an embodiment of the present invention;
fig. 4 is a block diagram of the structure of the code processing apparatus 2 according to the embodiment of the present invention;
fig. 5 is a detailed structural block diagram of the code processing apparatus 2 according to the embodiment of the present invention;
FIG. 6 is an exemplary diagram of an architecture of a code processing system according to an embodiment of the present invention;
FIG. 7 is a code processing flow based on the architecture shown in FIG. 6 according to an embodiment of the invention;
FIG. 8 is a schematic diagram of an electronic device according to an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Current company level security code quality assurance capabilities are generally derived from the commercialized products of external companies. However, these external products have poor extensibility and high cost, and cannot guarantee the confidentiality of the code of the enterprise itself, and developers cannot know the security problem of the latest code in real time. Based on this, the embodiment of the present invention provides a code processing scheme to solve the above problem.
Fig. 1 is a flowchart of a code processing method according to an embodiment of the present invention, as shown in fig. 1, the method including:
The code data change may be that a user (or called a worker) uploads a new code.
The scan rules may be generated or set by a code security policy and code data.
In the embodiment of the invention, the scanning rules can be set by a user according to the code security policy and specific code data in a self-defined way, and specific rules can be added or closed for different codes so as to realize personalized scanning rules.
And 103, generating a code analysis report according to the scanning result so as to facilitate subsequent analysis.
When the project code data of the code hosting platform changes, the code data of the project are acquired, the code data are scanned according to a preset scanning rule, and then a code analysis report is generated according to the scanning result, so that the subsequent analysis is facilitated, and the safety problem existing in the code can be found in real time.
Based on similar inventive concepts, an embodiment of the present invention further provides a code processing system, and fig. 2 is a block diagram of the system, and as shown in fig. 2, the system includes: a code hosting platform 1 and a code processing apparatus 2, preferably, the code processing apparatus 2 can be used to implement the flow in the above method embodiment.
In the system, a code hosting platform 1 receives codes uploaded by a user, when the codes are new codes, the code hosting platform stores the new codes into a corresponding project, code data of the corresponding project are changed, at the moment, the code hosting platform carries out grammar verification (namely code feasibility verification) on code data of the project, when the verification is successful, the code data of the project are sent to a code processing device for scanning operation, the code processing device generates a code analysis report according to the scanning operation result, so that subsequent code analysis is facilitated, and the user can find out safety problems existing in the codes in real time.
Fig. 3 is a block diagram of a code hosting platform 1, and as shown in fig. 3, the code hosting platform 1 includes: a code receiving unit 11, a syntax checking unit 12, and a code transmitting unit 13, wherein:
a code receiving unit 11 for receiving project code data submitted from a user;
a syntax checking unit 12 for performing syntax checking on the code data;
a code transmitting unit 13, configured to transmit the code data to the code processing apparatus when the syntax checking result is correct.
Fig. 4 is a block diagram showing the structure of a code processing apparatus, and as shown in fig. 4, the code processing apparatus 2 includes: a code acquisition unit 21, a scanning unit 22, and a report generation unit 23, wherein:
the code acquisition unit 21 is configured to acquire code data of the item in response to a change in the item code data of the code hosting platform.
A scanning unit 22 for scanning the code data according to a predetermined scanning rule.
The scan rules may be generated based on the code security policy and the code data.
And a report generating unit 23, configured to generate a code analysis report according to the scanning result, so as to facilitate subsequent analysis.
According to the embodiment of the invention, when the project code data of the code hosting platform changes, the code acquiring unit 21 acquires the code data of the project, the scanning unit 22 scans the code data according to the preset scanning rule, and then the report generating unit 23 generates the code analysis report according to the scanning result, so that the subsequent analysis is facilitated, and the safety problem existing in the code can be found in real time.
In one embodiment, as shown in fig. 5, the code processing apparatus 2 may further include: a code receiving unit 24, configured to receive code data of the item sent from the code hosting platform.
In another embodiment, when the project code data of the code hosting platform changes, the scanning unit 22 may directly access the project code data of the code hosting platform to perform an automatic scanning operation on the code data.
Fig. 6 is a diagram of an example architecture of a code processing system according to an embodiment of the present invention, as shown in fig. 6, the system including: the system comprises a client, a code hosting platform and a code scanning module. And the developer uploads the new personal code to the project group code of the code hosting platform, the code scanning module periodically checks the project group code, and when the project group code is found to be changed, the project group code is scanned.
In one embodiment, after a developer uploads code to a code hosting platform, the code hosting platform periodically pushes project code to a code scanning module for security scanning, and a code security analysis report is generated.
Fig. 7 is a code processing flow based on the architecture shown in fig. 6, and as shown in fig. 7, the flow includes:
701, a developer self-defines a scanning rule by modifying a scanning configuration file;
In actual operation, if a user has a requirement for adding a new scanning rule, the scanning configuration file can be modified, and the purpose of customizing the increase and decrease rules without modifying the codes of the scanning module is achieved. The code scanning module can dynamically add or close a specific rule by reading the scanning configuration file, so that the user can conveniently realize the capability of identifying a new future vulnerability.
In practical operation, the units may be arranged in combination or in a single arrangement, and the present invention is not limited thereto.
FIG. 8 is a schematic diagram of an electronic device according to an embodiment of the invention. The electronic device shown in fig. 8 is a general-purpose data processing apparatus comprising a general-purpose computer hardware structure including at least a processor 801 and a memory 802. The processor 801 and the memory 802 are connected by a bus 803. The memory 802 is adapted to store one or more instructions or programs that are executable by the processor 801. The one or more instructions or programs are executed by the processor 801 to implement the steps in the code processing method described above.
The processor 801 may be a stand-alone microprocessor or a collection of one or more microprocessors. Thus, the processor 801 implements the processing of data and the control of other devices by executing commands stored in the memory 802 to thereby execute the method flows of embodiments of the present invention as described above. The bus 803 connects the above components together, and also connects the above components to a display controller 804 and a display device and an input/output (I/O) device 805. Input/output (I/O) devices 805 may be a mouse, keyboard, modem, network interface, touch input device, motion sensing input device, printer, and other devices known in the art. Typically, input/output (I/O) devices 805 are connected to the system through an input/output (I/O) controller 806.
The memory 802 may store, among other things, software components such as an operating system, communication modules, interaction modules, and application programs. Each of the modules and applications described above corresponds to a set of executable program instructions that perform one or more functions and methods described in embodiments of the invention.
Embodiments of the present invention also provide a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the steps of the code processing method.
In summary, the embodiment of the present invention provides a code processing scheme, and through a self-research system, the cost is controllable, and the subsequent operation, maintenance and expansion are convenient; moreover, the user can define the scanning rule and set a uniform security quality assurance mechanism and security policy of an enterprise, an analysis report can be generated by scanning the code, and the problem in the code can be found in real time; and the problem of enterprise code asset leakage caused by dependence on external products in the prior art is avoided.
The preferred embodiments of the present invention have been described above with reference to the accompanying drawings. The many features and advantages of the embodiments are apparent from the detailed specification, and thus, it is intended by the appended claims to cover all such features and advantages of the embodiments which fall within the true spirit and scope thereof. Further, since numerous modifications and changes will readily occur to those skilled in the art, it is not desired to limit the embodiments of the invention to the exact construction and operation illustrated and described, and accordingly, all suitable modifications and equivalents may be resorted to, falling within the scope thereof.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. A method of code processing, the method comprising:
responding to the change of project code data of the code hosting platform, and acquiring code data of the project;
scanning the code data according to a predetermined scanning rule;
and generating a code analysis report according to the scanning result so as to facilitate subsequent analysis.
2. The method of claim 1, wherein the scan rule is generated by:
and generating the scanning rule according to the code security policy and the code data.
3. The method of claim 1, wherein prior to obtaining code data for the item, the method further comprises:
and the code hosting platform carries out syntax check on the code data.
4. The method of claim 1, wherein prior to obtaining code data for the item, the method further comprises:
code data for the item sent from the code hosting platform is received.
5. A code processing apparatus, characterized in that the apparatus comprises:
the code acquisition unit is used for responding to the change of the project code data of the code hosting platform and acquiring the code data of the project;
a scanning unit for scanning the code data according to a predetermined scanning rule;
and the report generating unit is used for generating a code analysis report according to the scanning result so as to facilitate subsequent analysis.
6. The apparatus of claim 5, wherein the scan rule in the scan unit is generated by:
and generating the scanning rule according to the code security policy and the code data.
7. The apparatus of claim 5, further comprising:
and the code receiving unit is used for receiving the code data of the item sent by the code hosting platform.
8. A code processing system, the system comprising: a code hosting platform and a code processing apparatus of any one of claims 5-7,
wherein the code hosting platform comprises:
a code receiving unit for receiving project code data submitted by a user;
a syntax checking unit for performing syntax checking on the code data;
and the code sending unit is used for sending the code data to the code processing device when the grammar checking result is correct.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the code processing method according to any of claims 1 to 4 are implemented when the processor executes the program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the code processing method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010107258.7A CN111338940A (en) | 2020-02-21 | 2020-02-21 | Code processing method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010107258.7A CN111338940A (en) | 2020-02-21 | 2020-02-21 | Code processing method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111338940A true CN111338940A (en) | 2020-06-26 |
Family
ID=71181736
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010107258.7A Pending CN111338940A (en) | 2020-02-21 | 2020-02-21 | Code processing method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111338940A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111967008A (en) * | 2020-09-04 | 2020-11-20 | 苏州浪潮智能科技有限公司 | Code safety automatic scanning method and device based on multi-CPU (Central processing Unit) architecture container cloud |
| CN113176882A (en) * | 2021-04-29 | 2021-07-27 | 广州嘉为科技有限公司 | Method, system, equipment and medium for realizing rule checking code of application server |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106681783A (en) * | 2016-12-13 | 2017-05-17 | 深圳市恒扬数据股份有限公司 | Detection method and system for SVN code |
| CN109359028A (en) * | 2018-08-22 | 2019-02-19 | 平安科技(深圳)有限公司 | Code quality monitoring method, device, computer equipment and storage medium |
| CN109902005A (en) * | 2019-02-19 | 2019-06-18 | 广州云测信息技术有限公司 | A kind of method and system of automatic test |
| US10379994B1 (en) * | 2017-01-31 | 2019-08-13 | Amazon Technologies, Inc. | Methods and systems for smart code scanning, analysis and reporting |
| CN110674035A (en) * | 2019-09-12 | 2020-01-10 | 上海麦克风文化传媒有限公司 | Automatic code scanning method, system, device and storage medium |
| CN110716866A (en) * | 2019-09-06 | 2020-01-21 | 中国平安财产保险股份有限公司 | Code quality scanning method and device, computer equipment and storage medium |
-
2020
- 2020-02-21 CN CN202010107258.7A patent/CN111338940A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106681783A (en) * | 2016-12-13 | 2017-05-17 | 深圳市恒扬数据股份有限公司 | Detection method and system for SVN code |
| US10379994B1 (en) * | 2017-01-31 | 2019-08-13 | Amazon Technologies, Inc. | Methods and systems for smart code scanning, analysis and reporting |
| CN109359028A (en) * | 2018-08-22 | 2019-02-19 | 平安科技(深圳)有限公司 | Code quality monitoring method, device, computer equipment and storage medium |
| CN109902005A (en) * | 2019-02-19 | 2019-06-18 | 广州云测信息技术有限公司 | A kind of method and system of automatic test |
| CN110716866A (en) * | 2019-09-06 | 2020-01-21 | 中国平安财产保险股份有限公司 | Code quality scanning method and device, computer equipment and storage medium |
| CN110674035A (en) * | 2019-09-12 | 2020-01-10 | 上海麦克风文化传媒有限公司 | Automatic code scanning method, system, device and storage medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111967008A (en) * | 2020-09-04 | 2020-11-20 | 苏州浪潮智能科技有限公司 | Code safety automatic scanning method and device based on multi-CPU (Central processing Unit) architecture container cloud |
| CN111967008B (en) * | 2020-09-04 | 2023-01-10 | 苏州浪潮智能科技有限公司 | Code safety automatic scanning method and device based on multi-CPU (Central processing Unit) architecture container cloud |
| CN113176882A (en) * | 2021-04-29 | 2021-07-27 | 广州嘉为科技有限公司 | Method, system, equipment and medium for realizing rule checking code of application server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2018113596A1 (en) | Method of processing application reviewing operation permission, device, and data storage medium | |
| US10698797B2 (en) | Mobile application program testing method, server, terminal, and storage medium | |
| CN110381101B (en) | API gateway control system, control method, equipment and medium | |
| CN112685029A (en) | Visual template generation method, device, equipment and storage medium | |
| CN111338940A (en) | Code processing method, device and system | |
| US10095512B2 (en) | Program development support device, non-transitory storage medium storing thereon computer-readable program development support program, and program development support method | |
| CN113330419A (en) | Equipment application installation method and device | |
| CN111813382A (en) | Intangible asset management system and method | |
| CN110727575B (en) | Information processing method, system, device and storage medium | |
| CN111562942B (en) | Gitlab-based mobile APP continuous integration device and method | |
| CN113238739A (en) | Plug-in development and data acquisition method, device, electronic equipment and medium | |
| EP4137937A1 (en) | Industrial automation project library cross sharing | |
| CN115630835A (en) | Activity-based workflow general parameter configuration method and system | |
| CN114138270A (en) | User interface display method and device, equipment and storage medium | |
| CN109189370B (en) | Software component generation method, device, equipment and computer readable storage medium | |
| CN113495723A (en) | Method and device for calling functional component and storage medium | |
| CN112328503A (en) | Task acceptance method for software development working platform | |
| US20200293631A1 (en) | Systems and methods for third-party library management | |
| CN111176718A (en) | Script online method and device, storage medium and electronic equipment | |
| CN113032004A (en) | Method, apparatus and program product for managing development jobs in a development environment | |
| CN115526580B (en) | Node state determining method and device, electronic equipment and storage medium | |
| CN113779791B (en) | Simulation system, simulation method, simulation device and electronic equipment | |
| EP4057086A1 (en) | Industrial automation smart object inheritance break and singleton creation | |
| CN117908977A (en) | Application system access method and system | |
| CN116360733A (en) | SSD test case deployment control method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20220929 Address after: 12 / F, 15 / F, 99 Yincheng Road, Pudong New Area pilot Free Trade Zone, Shanghai, 200120 Applicant after: Jianxin Financial Science and Technology Co.,Ltd. Address before: 25 Financial Street, Xicheng District, Beijing 100033 Applicant before: CHINA CONSTRUCTION BANK Corp. Applicant before: Jianxin Financial Science and Technology Co.,Ltd. |
|
| TA01 | Transfer of patent application right |