CN111639020B - Program bug reproduction method, system, device, electronic equipment and storage medium thereof - Google Patents

Program bug reproduction method, system, device, electronic equipment and storage medium thereof Download PDF

Info

Publication number
CN111639020B
CN111639020B CN202010374880.4A CN202010374880A CN111639020B CN 111639020 B CN111639020 B CN 111639020B CN 202010374880 A CN202010374880 A CN 202010374880A CN 111639020 B CN111639020 B CN 111639020B
Authority
CN
China
Prior art keywords
request
label
target
identity
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010374880.4A
Other languages
Chinese (zh)
Other versions
CN111639020A (en
Inventor
刘恒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Seashell Housing Beijing Technology Co Ltd
Original Assignee
Seashell Housing Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Seashell Housing Beijing Technology Co Ltd filed Critical Seashell Housing Beijing Technology Co Ltd
Priority to CN202010374880.4A priority Critical patent/CN111639020B/en
Publication of CN111639020A publication Critical patent/CN111639020A/en
Application granted granted Critical
Publication of CN111639020B publication Critical patent/CN111639020B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Abstract

The invention discloses a program bug reproduction method, a system, a device, an electronic device and a storage medium thereof, wherein the method comprises the following steps: the processing module receives a request with a label sent by a request end, and the processing module sends the label to an authentication module so that the authentication module judges whether a role state corresponding to the label is prestored according to a preset corresponding relation, and if the role state corresponding to the label is prestored in the authentication module, the current state in the role states is sent to the processing module; and the processing module judges that if the current state is authorized, the target identity is used for accessing the server to execute the request. The method and the device have the advantages that the program bug problem can be reproduced under the condition that the target identity identification corresponds to the password, and the technical problem that in the prior art, a customer service cannot log in a system to reproduce the problem on the premise that the personal information of the broker is not exposed is solved.

Description

Program bug reproduction method, system, device, electronic equipment and storage medium thereof
Technical Field
The present invention relates to the field of computers, and in particular, to a method, a system, an apparatus, an electronic device, and a storage medium thereof for reproducing program vulnerabilities.
Background
Currently, troubleshooting system problems is difficult to conclude from a pure code perspective due to the complexity of the system. In order to efficiently and quickly troubleshoot problems, a common method is to duplicate system problems, that is, a customer service performs a request operation for a problem with the identity login system of a broker to confirm a link of the problem and then searches for a bug corresponding to a code, but private information (i.e., an account number and a password) of the broker is exposed by using the identity login system of the broker.
Therefore, the inventor finds that at least the following problems exist in the prior art, and the technical problem that the customer service cannot log in the system to reproduce the problems on the premise of not exposing the password of the broker account is solved.
Disclosure of Invention
The application provides a program bug reproduction method, which aims to realize reproduction of a program bug problem under the condition that a target identity is not required to be obtained and corresponds to a password, and is helpful for solving the technical problem that a customer service cannot log in a system to reproduce problems on the premise of not exposing personal information of brokers in the prior art.
The method comprises the following steps:
a processing module of a target system receives a request with a label sent by a request end, wherein the label is a unique identifier of the request end;
the processing module sends the label to an authentication module so that the authentication module judges whether a role state corresponding to the label is prestored according to a preset corresponding relationship, wherein the role state comprises a binding relationship between a target identity and an executive user identity and a current state, the corresponding relationship is whether the label has a mapping relationship with the executive user identity in the role state, and the current state is the authority of whether the request end with the label can execute the request by the target identity,
if the role state corresponding to the label is prestored in the authentication module, the current state in the role states is sent to the processing module;
the processing module receives the current state and determines whether the current state is capable of enforcing the requested rights with the target identity,
and if the current state is the authority that the request end with the label can execute the request by the target identity, acquiring the target identity from the authentication module and accessing a server by the target identity to execute the request.
In an embodiment, the receiving, by the processing module, the current state and determining whether the current state can execute the requested right with the target identity further includes:
and if the current state is that the request end with the executive user identity can not execute the request with the target identity, the processing module accesses the server with the executive user identity to execute the request.
In an embodiment, before the step of receiving, by the processing module, the request with the tag sent by the request end, the method further includes:
and the authentication module binds the target identity with the executive user identity according to the preset operation of the user, and generates the role state after configuring the current state.
In one embodiment, the authentication module comprises the configuration module and the service module;
the configuration module binds the target identity with the executive user identity according to the preset operation of a user, generates the role state after configuring the current state, sends the role state to the service module, so that the service module judges whether the role state corresponding to the label is prestored according to the preset corresponding relation after receiving the label of the processing module, and sends the current state in the role state to the processing module if the role state corresponding to the label is prestored in the service module.
In one embodiment, before the processing module executes the requesting step with the target identity access server, the method further includes:
the processing module sends the target address of the request to the authentication module so that the authentication module judges whether the executing user identity has the authority of accessing the target address according to a preset authority rule, wherein the request has the target address,
if the executing user identification has the authority of accessing the target address, returning the judgment result that the executing user identification has the authority of accessing the target address to the processing module so that the processing module executes the subsequent steps by using the target identification.
In an embodiment, the sending, by the processing module, the requested destination address to the authentication module, so that the authentication module determines, according to a preset authority rule, whether the executing user identity identifier has an authority to access the destination address further includes:
and if the executing user identity does not have the authority of accessing the target address, returning the judgment result that the executing user identity does not have the authority of accessing the target address to the processing module and stopping executing the subsequent steps.
In one embodiment, the system comprises a request end with an API logic layer and an authentication module;
the API logic layer receives a request with a label sent by the request end of a target system, wherein the label is a unique identifier of the request end;
the API logic layer sends the label to the authentication module so that the authentication module judges whether the role state corresponding to the label is prestored according to a preset corresponding relation, wherein the role state comprises a binding relation between a target identity and an execution user identity and a current state, the corresponding relation is whether the label has a mapping relation with the execution user identity in the role state, and the current state is the authority of whether the request end with the label can execute the request by the target identity,
if the role state corresponding to the label is prestored in the authentication module, the current state in the role states is sent to the API logic layer;
the API logic layer receives the current state and determines whether the current state is capable of enforcing the requested right with the target identity,
and if the current state is the authority that the request end with the label can execute the request by the target identity, acquiring the target identity from the authentication module and accessing a server by the target identity to execute the request. .
In an embodiment, the API logic layer is further configured to access the server to execute the request with the executive user id if the current status is that the requesting end with the executive user id cannot execute the request with the target id.
In an embodiment, the configuration module is further configured to bind the target identity with an executing user identity according to a predetermined operation of a user, and generate the role state after configuring the current state.
In an embodiment, the configuration module binds the target identity identifier and the executive user identity identifier according to a predetermined operation of a user, configures the current state and then generates the role state, and the configuration module sends the role state to the SaaS session service platform, so that the SaaS session service platform receives the tag of the processing module and then sends the role state to the processing module, so that the SaaS session service platform judges whether the role state corresponding to the tag is pre-stored according to a preset corresponding relationship, and if the role state corresponding to the tag is pre-stored in the SaaS session service platform, the current state in the role state is sent to the API logic layer.
In an embodiment, the API logic layer sends a target address of the request to the SaaS session service platform, so that the SaaS session service platform determines, according to a preset permission rule, whether the executing user identifier has a permission to access the target address, where the request has the target address,
and if the executing user identity has the authority of accessing the target address, returning a judgment result that the executing user identity has the authority of accessing the target address to the API logic layer so that the API logic layer executes the subsequent steps by using the target identity.
In an embodiment, the API logic is further configured to, if the executive user id does not have the right to access the target address, return a determination that the executive user id does not have the right to access the target address to the processing module and stop performing subsequent steps.
In one embodiment, the present application provides a program bug reproduction apparatus, including:
a receiving module, configured to receive, by a processing module of a target system, a request with a tag sent by the request end, where the tag is a unique identifier of the request end;
the sending module is used for sending the label to the authentication module by the processing module;
a judging module, configured to judge, by the authentication module, whether the role state corresponding to the tag is pre-stored according to a preset corresponding relationship, where the role state includes a binding relationship between a target identity and an executive user identity, and a current state, where the corresponding relationship is whether the tag has a mapping relationship with the executive user identity in the role state, and the current state is a permission whether the request end having the tag can execute the request with the target identity, and if the role state corresponding to the tag is pre-stored in the authentication module, send the current state in the role state to the processing module; the processing module is further used for receiving the current state and judging whether the current state can execute the requested authority by the target identity;
and the execution module is used for acquiring the target identity from the authentication module and executing the request by accessing the server with the target identity if the current state is the authority that the request end with the label can execute the request by the target identity.
In an embodiment, the determining module is configured to access the server to execute the request with the executive user identifier if the current state is that the requesting end with the executive user identifier cannot execute the request with the target identifier.
In one embodiment, the apparatus further comprises:
and the configuration module is used for binding the target identity with the identity of the executing user according to the preset operation of the user, and generating the role state after configuring the current state.
In an embodiment, the apparatus further comprises a service module;
the configuration module binds the target identity with an executive user identity according to the preset operation of a user, and generates the role state after configuring the current state;
the sending module is further configured to send the role state to the service module, so that the service module sends the role state to the processing module after receiving the tag of the processing module;
the judging module is also used for enabling the service module to judge whether the role state corresponding to the label is prestored according to a preset corresponding relation;
the sending module is further configured to send the current state of the role states to the processing module if the role states corresponding to the tags are pre-stored in the service module.
In an embodiment, the sending module is configured to enable the processing module to send the destination address of the request to the authentication module;
the judging module is used for judging whether the identity identifier of the executing user has the authority to access the target address or not according to a preset authority rule by the authentication module, wherein the request has the target address;
and the execution module is used for returning a judgment result that the execution user identity has the authority of accessing the target address to the processing module if the execution user identity has the authority of accessing the target address, so that the processing module executes the subsequent steps by using the target identity.
In an embodiment, the sending module is further configured to, if the executive user id does not have the authority to access the target address, return a determination result that the executive user id does not have the authority to access the target address to the processing module and stop executing subsequent steps.
In one embodiment, the present application provides an electronic device, the apparatus comprising: a processor and a memory;
the memory has stored therein an application executable by the processor for causing the processor to perform the steps of the program vulnerability rendering method as claimed.
In one embodiment, the present application provides a computer-readable storage medium on which a computer program is stored, which when executed by a processor, implements the steps of the program vulnerability reproduction method.
Based on the above embodiment, the program bug problem can be reproduced without acquiring the password corresponding to the target identity, which is helpful for solving the technical problem that the customer service cannot log in the system to reproduce the problem without exposing the personal information of the broker in the prior art.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
FIG. 1 is a flowchart 100 illustrating a bug replication method according to the present invention;
FIG. 2 is a timing diagram illustrating a program bug replication method according to the present invention;
FIG. 3 is a diagram illustrating the content of the role status data according to the present invention;
FIG. 4 is a block diagram of a bug replication device according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In order to enable customer service to reproduce system problems under the condition of revealing user information, a 'customer-substitute' mechanism is provided, the customer service can operate the system through identity information of the customer service, and the problem fed back by a broker when the broker uses an application program is reproduced. Under the mechanism, the identity information of the customer service needs to be authenticated, and the problems in the system are reproduced according to a specific authentication result.
Fig. 1 is a schematic diagram of a process 100 of the program bug reproduction method of the present invention, and fig. 2 is a schematic timing diagram of the program bug reproduction method of the present invention. As shown in fig. 1 and fig. 2, in an embodiment, the present application provides a program bug reproduction method, including:
s101, a processing module of a target system receives a request with a label sent by a request end, wherein the label is a unique identifier of the request end.
In this step, a specific step of receiving the request with the tag is provided, and it should be noted that the requesting end may be any request sent by any end. The processing module may be understood as a gateway, i.e. a logical layer of the API, and the target system is a system passing through the gateway. For example, in a house transaction system (i.e., the target system), a request to a server in the house transaction system passes through the processing module, a broker installs a client through a mobile phone, the client can send the request, and a customer service can also send the request through the client of the broker, in this step, the request of the client in the broker can be received, and the request of the client of the customer service can also be received, the request in this step has the tag, and the tag can be understood as a unique identifier of the request end, namely SaaS token, and is used for identity verification of the SaaS session service. That is, if the requestor is customer service and the request is sent, the tag is the label of the customer service. If the request is sent by a broker, then the tag is that of the broker. It should be noted that if the request is sent by another terminal, the tag is the tag of another terminal, and even if the request does not have the tag, the requests without the tag may be received and processed by the processing module, but since the request does not have the tag, the processing module will not send the tag to the authentication module, and there will be no subsequent processing, and the following processing steps are only directed to the manner with the tag for subsequent processing.
S102, the processing module sends the label to an authentication module so that the authentication module judges whether a role state corresponding to the label is prestored according to a preset corresponding relationship, wherein the role state comprises a binding relationship between a target identity and an executive user identity and a current state, the corresponding relationship is whether the label has a mapping relationship with the executive user identity in the role state, and the current state is the authority of whether the request end with the label can execute the request by the target identity,
and if the role state corresponding to the label is prestored in the authentication module, sending the current state in the role states to the processing module.
This step provides a specific implementation of obtaining the current state after the processing module receives the request. The processing module sends the label to the authentication module, and the authentication module judges the label and judges whether the label has the corresponding relation with the executive user identity mark. The corresponding relationship may be understood that the tag may be the same as the executing user id, or the tag and the executing user id have a corresponding relationship, and then both of the above two cases may be understood that the tag and the executing user id have a mapping relationship, that is, the corresponding relationship exists. In the house trading system, the executive user identification can be understood as the identification of the customer service identification, and correspondingly, the target identification can be understood as the identification of the broker. Then, the executing of the binding relationship between the user identity and the target identity in the authentication module is completed through a previous binding operation, and a specific binding process will be described in detail later, which is not described herein again. In addition to the binding relationship, the role state in this embodiment further includes the current state, where the current state is configured by a manager with higher authority, and when the current state is true, the subsequent processing of executing the request with the target identity may be performed, and then the current state is returned to the processing module. Otherwise, when the current state is false, the subsequent processing of executing the request with the target identity may not be performed. It should be further noted that the role status includes the executive user id, the target id, the binding relationship between the executive user id and the target id, and the current status.
S103, the processing module receives the current state and judges whether the current state can execute the authority of the request by the target identity, if the current state is the authority of the request end with the label which can execute the request by the target identity, the processing module obtains the target identity from the authentication module and accesses the server to execute the request by the target identity.
In this step, a specific implementation manner is provided in which the processing module determines to execute the request executed by the target id access server after receiving the current state. And when the current state is the authority that the request end with the label can execute the request by the target identity, acquiring the target identity from the authentication module and accessing a server by the target identity to execute the request. It is noted that the target id is understood to be the id of the broker, and the request is executed with the target id later, i.e. with the id of the broker.
The present embodiment is explained below by using a house transaction system, and it should be noted that the house transaction system is only used for better explaining the present application, and is not a specific limitation to the present application.
In the house transaction system, a broker can perform related operations such as uploading house photos, certificates, customer information and the like in the house transaction system for clients (house buyers or house buyers and other business clients) through own mobile terminals. In the actual operation process, the house trading system has certain program bugs, so that the house trading system cannot be normally used, in order to repair the bugs, the broker writes the problems and the operation process into a report and sends the report to a research and development staff, and the research and development staff can operate the house trading system again according to the operation process of the broker in the report by using the identity of the broker so as to reproduce the problems encountered by the broker. In the above process, the customer service needs to know the account number of the broker to log in the house trading system and use the identity of the broker to reproduce the problem, but the privacy information (i.e. the account number and the password) of the broker is undoubtedly leaked to the customer service. The embodiment can realize that the customer service performs problem reproduction in the identity of the broker under the condition that the account number of the broker is not disclosed to the customer service.
In this embodiment, a "substitute" mechanism is provided, first, a processing module is established, which can be understood as a gateway, such as a logical layer of API, and when any of the requesting terminals sends a request to the house transaction system, the processing module receives the request, which can be a request of a broker, a request of a customer service, or even a request of any other requesting terminal in the house transaction system, because all operations related to the house transaction system can be understood as a request to the server of the house transaction system, such as a customer service entering an account password to log in, querying customer information in the house transaction system, etc., which are implemented in the form of the request, and the requests pass through the processing module, the processing module can classify and identify the request after receiving the request, the processing module can screen out the request with the label and send the label to the authentication module, the label is a unique identifier of the request end, namely a SaaS token, the label can be a broker, a customer service or other request ends, but the label can describe the identity of the request end no matter the request end of any person. The processing module sends the label to the authentication module no matter who the identity of the label is, if the request does not have the label, the request does not belong to the scope discussed in the application, and by combining with the problem of program vulnerability recurrence of the house trading system, when the customer service wants to recur the broker problem, the customer service logs in the house trading system with the identity (namely, the account password) of the customer service, then the account password of the customer service forms the label of the customer service, and the operation of logging in forms a request and loads the label to be sent to the processing module. It is noted that similarly, when brokers and others are operating the house trading system, their requesting ends may also transmit their own corresponding identity of the tag. The authentication module judges the identity corresponding to the tag according to the corresponding relationship after receiving the tag, whether the identity of the tag corresponds to the executive user identity, the executive user identity is in the house transaction system, namely the customer service identity needing to reappear the program bug, the corresponding relationship is a mapping relationship preset in the authentication module, namely whether the tag and the executive user identity correspond to the same identity, and the tag can be in the same form as the executive user identity or in different forms as long as the tag and the executive user identity correspond to each other and can be identified as the same identity. In the house transaction system, the identity of the requesting end may be confirmed through the above determination, and the binding relationship between the user identity and the target identity and the current state are also prestored in the authentication module, so that when the authentication module determines that the binding relationship and the current state (i.e., the role state) are prestored, the current state is sent to the processing module, the role state is a setting that is realized by a predetermined operation of the user before the authentication module receives the tag, and the user is a manager with a higher authority in the house transaction system, which will be described in detail later, and thus details are not repeated here, and the tenant center in fig. 2 is used for configuring the role device. And after receiving the current state, the processing module judges whether the current state can execute the authority of the request by using the target identity, and when the current state is the authority of executing the request by using the target identity, the processing module acquires the target identity from the authentication module and accesses a server to execute the request by using the target identity. It should be noted that the target identity may be returned together with the current state before the current state is determined, or may be obtained from the authentication module after the current state is determined, where the target identity is an identifier of a broker, and then the processing module obtains the identifier of the broker and requests the server to execute the request by using the identifier of the broker. In addition, the target identity or the executing user identity may be identified in a ucid manner. To sum up, the request from the request end with the customer service identifier (i.e. executing the user identifier) finally accesses the server with the identifier of the broker (i.e. the target identifier) and executes the request, because the recurrence of the bug is the corresponding operation of one or more requests, the recurrence of the bug with the broker identity can be completed by one or more of the requests. In the process, the operation in the house trading system can be repeated by the identity of the broker without the customer service acquiring the account number and the password of the broker, so that the technical problem that the customer service cannot log in the system to reproduce the problem without exposing the personal information of the broker in the prior art is solved. I.e. the first dashed box in fig. 2 indicates the corresponding step.
In an embodiment, the receiving, by the processing module, the current state and determining whether the current state can execute the requested right with the target identity further includes:
and if the current state is that the request end with the executive user identity can not execute the request with the target identity, the processing module accesses the server with the executive user identity to execute the request.
In this embodiment, an implementation manner is provided when the current state is that the request end having the executive user id cannot execute the request with the target id, where in this embodiment, the request may not be a request to be subjected to program bug recurrence, or the tag may not correspond to the executive user id, or a senior manager sets the current state as that the request cannot be executed with the target id, and the processing module accesses the server to execute the request with the executive user id of the request end. This embodiment corresponds to a subsequent process in the case where reproduction is not performed or the right is not permitted. I.e. the step corresponding to the last dashed box in fig. 2.
Fig. 3 is a schematic diagram of the content of the character state data according to the present invention. As shown in fig. 3, in an embodiment, before the step of receiving, by the processing module, the request with the tag sent by the request end, the method further includes:
and the authentication module binds the target identity with the executive user identity according to the preset operation of the user, and generates the role state after configuring the current state.
In this embodiment, a specific implementation of configuring the role status is provided. As shown in fig. 3, the configuration of the guest-replacement state authority is realized by clicking the button of the guest-replacement state. In addition, the target id is recorded in the report, so the user writes the target id into a configuration process to establish that the executing user id is bound to the target id. The binding process and the customer-representative state may be understood as a one-time application process, for example, a customer service needs to perform a customer-representative with the identity of a broker, and then applies to the authentication module, in the application process, the identity of the executing user corresponding to the customer service is automatically submitted to the authentication module, and in addition, the target identity corresponding to the broker (i.e., the uid in fig. 3) is also submitted to the authentication module according to a report, and is bound by a higher-level manager, and the current state is configured. I.e. the corresponding steps before the request end sends the request to the API logic layer in fig. 2.
In one embodiment, the authentication module comprises the configuration module and the service module;
the configuration module binds the target identity with the executive user identity according to the preset operation of a user, generates the role state after configuring the current state, sends the role state to the service module, so that the service module judges whether the role state corresponding to the label is prestored according to the preset corresponding relation after receiving the label of the processing module, and sends the current state in the role state to the processing module if the role state corresponding to the label is prestored in the service module.
In this embodiment, a specific implementation manner is provided in which the authentication module includes the configuration module and the service module. The configuration module is used for the previous configuration application and then sending the configured role state to the service module, wherein the service module can be understood as a SaaS session service.
In one embodiment, before the processing module executes the requesting step with the target identity access server, the method further includes:
the processing module sends the target address of the request to the authentication module so that the authentication module judges whether the executing user identity has the authority of accessing the target address according to a preset authority rule, wherein the request has the target address,
if the executing user identification has the authority of accessing the target address, returning the judgment result that the executing user identification has the authority of accessing the target address to the processing module so that the processing module executes the subsequent steps by using the target identification.
A specific implementation is provided in this embodiment when the request has the target address. When the server is accessed by the target identity (namely, a broker) to execute the request, the requesting end which is actually operating is the executing user identity (namely, a customer service), although the executing user identity is allowed to execute the request by the target identity, some of the executing user identity is not completely granted the authority of the requesting end, such as the salary of the broker, the personal information of the broker and the secret information of important customers, the authority configuration is carried out on the request with a target address, when the customer service acquires the secret information of the salary of the broker and the like, the authority judgment is carried out on the target address of the request, and the information under the target address can be acquired if the customer service has the authority. The destination address may be understood as a URL. I.e. the corresponding steps in the second dashed box in fig. 2.
In an embodiment, the sending, by the processing module, the requested destination address to the authentication module, so that the authentication module determines, according to a preset authority rule, whether the executing user identity identifier has an authority to access the destination address further includes:
and if the executing user identity does not have the authority of accessing the target address, returning the judgment result that the executing user identity does not have the authority of accessing the target address to the processing module and stopping executing the subsequent steps.
In this embodiment, a specific implementation is provided in which the access to the target address does not have a right, that is, if the determination result is that no right exists, the processing module will stop executing the subsequent step of accessing the server with the target identity to execute the request. I.e. the corresponding steps in the third dashed box in fig. 2.
In one embodiment, the present application provides a program vulnerability representation system, which includes an API logic layer of a target system program, and an authentication module;
the API logic layer receives a request with a label sent by the request end of a target system, wherein the label is a unique identifier of the request end;
the API logic layer sends the label to the authentication module so that the authentication module judges whether the role state corresponding to the label is prestored according to a preset corresponding relation, wherein the role state comprises a binding relation between a target identity and an execution user identity and a current state, the corresponding relation is whether the label has a mapping relation with the execution user identity in the role state, and the current state is the authority of whether the request end with the label can execute the request by the target identity,
if the role state corresponding to the label is prestored in the authentication module, the current state in the role states is sent to the API logic layer;
the API logic layer receives the current state and determines whether the current state is capable of enforcing the requested right with the target identity,
and if the current state is the authority that the request end with the label can execute the request by the target identity, acquiring the target identity from the authentication module and accessing a server by the target identity to execute the request.
In an embodiment, the API logic layer is further configured to access the server to execute the request with the executive user id if the current status is that the requesting end with the executive user id cannot execute the request with the target id.
In an embodiment, the configuration module is further configured to bind the target identity with an executing user identity according to a predetermined operation of a user, and generate the role state after configuring the current state.
In an embodiment, the configuration module binds the target identity identifier and the executive user identity identifier according to a predetermined operation of a user, configures the current state and then generates the role state, and the configuration module sends the role state to the SaaS session service platform, so that the SaaS session service platform receives the tag of the processing module and then sends the role state to the processing module, so that the SaaS session service platform judges whether the role state corresponding to the tag is pre-stored according to a preset corresponding relationship, and if the role state corresponding to the tag is pre-stored in the SaaS session service platform, the current state in the role state is sent to the API logic layer.
In an embodiment, the API logic layer sends a target address of the request to the SaaS session service platform, so that the SaaS session service platform determines, according to a preset permission rule, whether the executing user identifier has a permission to access the target address, where the request has the target address,
and if the executing user identity has the authority of accessing the target address, returning a judgment result that the executing user identity has the authority of accessing the target address to the API logic layer so that the API logic layer executes the subsequent steps by using the target identity.
In an embodiment, the API logic is further configured to, if the executive user id does not have the right to access the target address, return a determination that the executive user id does not have the right to access the target address to the processing module and stop performing subsequent steps.
FIG. 4 is a block diagram of a bug replication device according to the present invention. As shown in fig. 4, in an embodiment, the present application further provides a program bug reproduction apparatus, including:
a receiving module 101, in which a processing module of a target system program receives a request with a tag sent by the request end, where the tag is a unique identifier of the request end;
a sending module 102, configured to send the tag to the authentication module by the processing module;
a judging module 103, configured to judge, by the authentication module, whether the role state corresponding to the tag is pre-stored according to a preset corresponding relationship, where the role state includes a binding relationship between a target identity and an executing user identity, and a current state, where the corresponding relationship is whether the tag has a mapping relationship with the executing user identity in the role state, and the current state is a permission whether the requesting end having the tag can execute the request with the target identity, and if the role state corresponding to the tag is pre-stored in the authentication module, send the current state in the role state to the processing module; the processing module is further used for receiving the current state and judging whether the current state can execute the requested authority by the target identity;
an executing module 104, configured to, if the current state is that the requesting end having the tag can execute the request with the target identity, obtain the target identity from the authenticating module and access the server with the target identity to execute the request.
In an embodiment, the determining module 103 is further configured to, if the current state is that the requesting end having the executing user identity cannot execute the request with the target identity, access the server to execute the request with the executing user identity by the processing module.
In one embodiment, the apparatus further comprises:
a configuration module 105, configured to bind the target identity with an executing user identity according to a predetermined operation of a user, and configure the current state to generate the role state.
In an embodiment, the apparatus further comprises a service module;
the configuration module 105 is further configured to bind the target identity with an executing user identity according to a predetermined operation of a user, and generate the role state after configuring the current state;
the sending module 102 is further configured to send the role status to the service module, so that the service module sends the role status to the processing module after receiving the tag of the processing module;
the judging module 103 is further configured to enable the service module to judge whether the role state corresponding to the tag is pre-stored according to a preset corresponding relationship;
the sending module 102 is further configured to send the current state of the role states to the processing module if the role states corresponding to the tags are pre-stored in the service module.
In an embodiment, the sending module 102 is configured to enable the processing module to send the requested destination address to the authentication module;
the judging module 103 is configured to judge, by the authentication module, according to a preset authority rule, whether the executing user identity has an authority to access the target address, where the request has the target address;
the executing module 104 is configured to, if the executing user id has the right to access the target address, return a determination result that the executing user id has the right to access the target address to the processing module, so that the processing module executes subsequent steps with the target id.
In an embodiment, the sending module 102 is further configured to, if the executing user id does not have the authority to access the target address, return the determination result that the executing user id does not have the authority to access the target address to the processing module, and stop executing the subsequent steps.
In one embodiment, the present application further provides an electronic device, the apparatus comprising: a processor and a memory;
the memory stores an application program executable by the processor for causing the processor to perform the steps of the program bug reproduction method.
In one embodiment, the present application provides a computer-readable storage medium, on which a computer program is stored, wherein the computer program is configured to implement the steps of the program vulnerability representation method when executed by a processor.
In practical applications, the computer readable medium may be included in the apparatus/device/system described in the above embodiments, or may exist alone without being assembled into the apparatus/device/system. The above-mentioned computer-readable storage medium carries one or more programs which, when executed, implement the image data processing method of the described data.
According to embodiments disclosed herein, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example and without limitation: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing, without limiting the scope of the present disclosure. In the embodiments disclosed herein, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (10)

1. A method for program bug replication, the method comprising:
a processing module of a target system program receives a request with a label sent by a request end, wherein the label is a unique identifier of the request end;
the processing module sends the label to an authentication module so that the authentication module judges whether a role state corresponding to the label is prestored according to a preset corresponding relationship, wherein the role state comprises a binding relationship between a target identity and an executive user identity and a current state, the corresponding relationship is whether the label has a mapping relationship with the executive user identity in the role state, and the current state is the authority of whether the request end with the label can execute the request by the target identity,
if the role state corresponding to the label is prestored in the authentication module, the current state in the role states is sent to the processing module;
the processing module receives the current state and determines whether the current state is capable of enforcing the requested rights with the target identity,
and if the current state is the authority that the request end with the label can execute the request by the target identity, acquiring the target identity from the authentication module and accessing a server by the target identity to execute the request.
2. The program vulnerability replication method of claim 1, wherein the processing module receiving the current state and determining whether the current state can execute the requested privilege with the target identity further comprises:
and if the current state is that the request end with the executive user identity can not execute the request with the target identity, the processing module accesses the server with the executive user identity to execute the request.
3. The program vulnerability reproduction method according to claim 1 or 2, wherein before the step of receiving the request with the tag sent by the request terminal, the processing module further comprises:
and the authentication module binds the target identity with the executive user identity according to the preset operation of the user, and generates the role state after configuring the current state.
4. The program vulnerability reproduction method of claim 3, wherein the authentication module comprises a configuration module and a service module;
the configuration module binds the target identity with the executive user identity according to the preset operation of a user, generates the role state after configuring the current state, sends the role state to the service module, so that the service module judges whether the role state corresponding to the label is prestored according to the preset corresponding relation after receiving the label of the processing module, and sends the current state in the role state to the processing module if the role state corresponding to the label is prestored in the service module.
5. The program vulnerability reproduction method of claim 1, wherein before the processing module performs the requesting step with the target identity access server, the method further comprises:
the processing module sends the target address of the request to the authentication module so that the authentication module judges whether the executing user identity has the authority of accessing the target address according to a preset authority rule, wherein the request has the target address,
if the executing user identification has the authority of accessing the target address, returning the judgment result that the executing user identification has the authority of accessing the target address to the processing module so that the processing module executes the subsequent steps by using the target identification.
6. The method for program vulnerability discovery according to claim 5, wherein the processing module sending the requested destination address to the authentication module, so that the authentication module determines whether the executing user ID has the authority to access the destination address according to a preset authority rule further comprises:
and if the executing user identity does not have the authority of accessing the target address, returning the judgment result that the executing user identity does not have the authority of accessing the target address to the processing module and stopping executing the subsequent steps.
7. The program vulnerability representation system is characterized by comprising an API logic layer of a target system program and an authentication module;
the API logic layer receives a request with a label sent by a request end of a target system, wherein the label is a unique identifier of the request end;
the API logic layer sends the label to the authentication module so that the authentication module judges whether a role state corresponding to the label is prestored according to a preset corresponding relation, wherein the role state comprises a binding relation between a target identity and an execution user identity and a current state, the corresponding relation is whether the label has a mapping relation with the execution user identity in the role state, and the current state is the authority of whether the request end with the label can execute the request by the target identity,
if the role state corresponding to the label is prestored in the authentication module, the current state in the role states is sent to the API logic layer;
the API logic layer receives the current state and determines whether the current state is capable of enforcing the requested right with the target identity,
and if the current state is the authority that the request end with the label can execute the request by the target identity, acquiring the target identity from the authentication module and accessing a server by the target identity to execute the request.
8. A program vulnerability replication apparatus, the apparatus comprising:
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving a request with a label sent by a request end, and the label is a unique identifier of the request end;
the sending module is used for sending the label to the authentication module by the processing module;
a judging module, configured to judge, by the authentication module, whether a role state corresponding to the tag is pre-stored according to a preset correspondence, where the role state includes a binding relationship between a target identity and an executive user identity, and a current state, where the correspondence is whether a mapping relationship exists between the tag and the executive user identity in the role state, and the current state is a permission whether the request end having the tag can execute the request with the target identity, and if the role state corresponding to the tag is pre-stored in the authentication module, send the current state in the role state to the processing module; the processing module is further used for receiving the current state and judging whether the current state can execute the requested authority by the target identity;
and the execution module is used for acquiring the target identity from the authentication module and executing the request by accessing the server with the target identity if the current state is the authority that the request end with the label can execute the request by the target identity.
9. An electronic device, characterized in that the electronic device comprises: a processor and a memory;
the memory has stored therein an application executable by the processor for causing the processor to perform the steps of the program bug reproduction method of any of claims 1 to 6.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the program vulnerability reproduction method of any of claims 1 to 6.
CN202010374880.4A 2020-05-06 2020-05-06 Program bug reproduction method, system, device, electronic equipment and storage medium thereof Active CN111639020B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010374880.4A CN111639020B (en) 2020-05-06 2020-05-06 Program bug reproduction method, system, device, electronic equipment and storage medium thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010374880.4A CN111639020B (en) 2020-05-06 2020-05-06 Program bug reproduction method, system, device, electronic equipment and storage medium thereof

Publications (2)

Publication Number Publication Date
CN111639020A CN111639020A (en) 2020-09-08
CN111639020B true CN111639020B (en) 2021-07-02

Family

ID=72329097

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010374880.4A Active CN111639020B (en) 2020-05-06 2020-05-06 Program bug reproduction method, system, device, electronic equipment and storage medium thereof

Country Status (1)

Country Link
CN (1) CN111639020B (en)

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100915803B1 (en) * 2006-12-05 2009-09-07 한국전자통신연구원 Application Program Launching Method and System for Improving Security of Embedded Linux Kernel
CN103309804B (en) * 2013-04-08 2015-12-02 中国电子科技集团公司第十研究所 Robotization code regulation checks platform
WO2018081583A1 (en) * 2016-10-27 2018-05-03 Infinitekey, Inc. System and method for authenticating and authorizing devices
CN109241726B (en) * 2017-07-10 2021-05-11 上海策赢网络科技有限公司 User authority control method and device
CN108932426B (en) * 2018-06-27 2022-05-03 平安科技(深圳)有限公司 Unauthorized vulnerability detection method and device
CN110276184A (en) * 2019-06-28 2019-09-24 北京金山云网络技术有限公司 A kind of cloud computing resources authorization method and device
CN110474897A (en) * 2019-08-06 2019-11-19 合肥泓泉档案信息科技有限公司 A kind of file permission management system
CN110598380B (en) * 2019-08-23 2021-08-31 浙江大搜车软件技术有限公司 User right management method, device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN111639020A (en) 2020-09-08

Similar Documents

Publication Publication Date Title
US11019068B2 (en) Quorum-based access management
JP6559694B2 (en) Automatic SDK acceptance
TWI336043B (en) Delegated administration of a hosted resource
US7975288B2 (en) Method and apparatus for imposing quorum-based access control in a computer system
US11924247B1 (en) Access control policy simulation and testing
US20210243037A1 (en) Method for information processing in digital asset certificate inheritance transfer, and related device
US20200162359A1 (en) Systems and methods for checking compatibility of saas apps for different browsers
CN110661776B (en) Sensitive data tracing method, device, security gateway and system
US20210397680A1 (en) Systems and methods for dynamically enforcing digital rights management via embedded browser
CN104572263A (en) Page data interaction method, related device and system
CN114301714B (en) Multi-tenant authority control method and system
CN111669351B (en) Authentication method, service server, client and computer readable storage medium
CN109286620B (en) User right management method, system, device and computer readable storage medium
CN109842616B (en) Account binding method and device and server
CN114666168A (en) Decentralized identity certificate verification method and device, and electronic equipment
CN110138798B (en) Cloud desktop management method, device and equipment and readable storage medium
US9355232B2 (en) Methods for governing the disclosure of restricted data
CN101702724A (en) Safe control method and device of network access
CN111639020B (en) Program bug reproduction method, system, device, electronic equipment and storage medium thereof
US11244693B2 (en) Systems and methods for watermarking audio of SaaS applications
CN116389140A (en) Identity authentication method and device, electronic equipment and storage medium
CN111030816A (en) Authentication method and device for access platform of evidence obtaining equipment and storage medium
US20080022004A1 (en) Method And System For Providing Resources By Using Virtual Path
CN115203671A (en) Account login method, device, equipment and storage medium
US20220150277A1 (en) Malware detonation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20201027

Address after: 100085 Floor 102-1, Building No. 35, West Second Banner Road, Haidian District, Beijing

Applicant after: Seashell Housing (Beijing) Technology Co.,Ltd.

Address before: 300 280 Tianjin Economic and Technological Development Zone Nangang Industrial Zone Office Building C Block 1, Room 112, Unit 05

Applicant before: BEIKE TECHNOLOGY Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant