CN113127351A - Third-party component detection method, system and computer equipment - Google Patents
Third-party component detection method, system and computer equipment Download PDFInfo
- Publication number
- CN113127351A CN113127351A CN202110426126.5A CN202110426126A CN113127351A CN 113127351 A CN113127351 A CN 113127351A CN 202110426126 A CN202110426126 A CN 202110426126A CN 113127351 A CN113127351 A CN 113127351A
- Authority
- CN
- China
- Prior art keywords
- component
- party component
- risk
- detection
- party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 141
- 238000000034 method Methods 0.000 claims abstract description 40
- 230000000903 blocking effect Effects 0.000 claims abstract description 30
- 238000011897 real-time detection Methods 0.000 claims abstract description 10
- 238000004364 calculation method Methods 0.000 claims description 30
- 238000012545 processing Methods 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 abstract description 7
- 238000010586 diagram Methods 0.000 description 11
- 238000011161 development Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 5
- 238000004806 packaging method and process Methods 0.000 description 3
- 230000000644 propagated effect Effects 0.000 description 3
- 230000008439 repair process Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000003252 repetitive effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 239000010979 ruby Substances 0.000 description 1
- 229910001750 ruby Inorganic materials 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
- G06F11/3636—Software debugging by tracing the execution of the program
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
Abstract
The invention belongs to the technical field of information security detection, and provides a third-party component detection method, a third-party component detection system and computer equipment, wherein the method comprises the following steps: configuring a first detection task and a second detection task, wherein the first detection task is used for real-time detection, and the second detection task is used for emergency detection; when a file of software or application to be issued is compiled and packaged, starting a first detection task; identifying and judging whether the third-party component has risks or not according to the detected information data of the third-party component, and recording the information data related to the third-party component; and when the third-party component is judged to have risks, a blocking instruction is sent to the issuing system in real time so as to carry out real-time blocking. The invention realizes more intelligent and comprehensive detection process and reduces the human input cost.
Description
Technical Field
The invention belongs to the technical field of information security detection, is particularly suitable for the field of housekeeping services, and more particularly relates to a third-party component detection method, a third-party component detection system and computer equipment.
Background
In recent years, with the age-old population times and the "second-birth" times, the demand for home services is increasing and various home services are increasing, and users mainly search for home service staff through offline or online home service systems. The home services include a month-sister service, a nurse service, and the like.
However, with the continuous development of the internet and the obvious advantages of java (a computer programming language) development, more and more companies are in project development, and in order to improve efficiency and development convenience and reduce repeated development, a plurality of programmers often refer to a third-party jar (a third-party component) component dependency package. At present, an open-source product exists, namely, a single jar is detected in the open-source product, general companies do not develop or pay attention to jar detection, and therefore the security of java projects has a plurality of unknown properties, and the effective evaluation of the overall security of the projects is also lacked. In addition, in the prior art, when a component bug occurs, version information is collected through a script or an agent and the like to promote repair, and the problems that component faults or problems are difficult to find in time, the fault or bug repair cycle is long, real-time blocking cannot be performed and the like exist.
Therefore, it is necessary to provide a third party component detection method to solve the above problems.
Disclosure of Invention
Technical problem to be solved
The invention aims to solve the technical problems that the faults or problems of components in the prior art are difficult to find in time, the fault or leak repair cycle is long, real-time blocking cannot be performed and the like.
(II) technical scheme
In order to solve the above technical problem, an aspect of the present invention provides a third party component detection method for performing security detection on a related component that is to be relied on in software or an application published by a publishing system, the method including: configuring a first detection task and a second detection task, wherein the first detection task is used for real-time detection, and the second detection task is used for emergency detection; when a file of software or application to be issued is compiled and packaged, starting a first detection task; identifying and judging whether the third-party component has risks or not according to the detected information data of the third-party component, and recording the information data related to the third-party component; and when the third-party component is judged to have risks, a blocking instruction is sent to the issuing system in real time so as to carry out real-time blocking.
According to a preferred embodiment of the invention, the third party component comprises a login component, a transaction component and an authentication component.
According to a preferred embodiment of the present invention, the identifying and determining whether the third party component is at risk comprises: judging whether the third-party component is a risk component or not according to a preset judgment rule; calculating a risk value of the third party component in the case that the third party component is a risk component, wherein the risk value is a risk utilization cost; and when the calculated risk value is within a first set range, blocking the third-party component in real time.
According to the preferred embodiment of the invention, the calculation parameters are determined, the weight coefficients corresponding to the calculation parameters are set, and the calculation parameters and the corresponding weight coefficients are subjected to weighted calculation to obtain the risk utilization cost of the third-party component.
According to the preferred embodiment of the invention, the calculation parameters comprise an attack vector, an attack complexity, a maturity of utilization codes, a repairability, an importance of the system and a network environment parameter of the corresponding system of the third-party component.
According to a preferred embodiment of the present invention, the predetermined judgment rule includes: comparing and matching the detected name and version of the third-party component with the name and version range of the risk component in the risk library; and when the name of the third-party component is the same as the name of the risk component in the risk library and/or the version of the third-party component is within the risk version range of the risk library, judging that the third-party component is the risk component.
According to a preferred embodiment of the present invention, further comprising: and when the third-party component is blocked in real time, prompt information is sent to business personnel at the same time, wherein the prompt information comprises a risk level, a risk value, a version range with risk and a safety version.
According to a preferred embodiment of the present invention, comprises: and when the risk value of the third-party component is within a second set range, carrying out emergency detection recording on the third-party component, and carrying out emergency detection identification on each third-party component according to the recorded information data related to each third-party component so as to start a second detection task when a trigger event occurs, wherein the trigger event comprises component, software or application upgrading, and vulnerability, permission or compliance problems occur depending on other software or applications of the third-party component.
A second aspect of the present invention provides a third-party component detection system for securely detecting a relevant component to be relied upon in software or an application published by a publication system, the system comprising: the system comprises a configuration module, a detection module and a processing module, wherein the configuration module is used for configuring a first detection task and a second detection task, the first detection task is used for real-time detection, and the second detection task is used for emergency detection; the detection module starts a first detection task when a file of software or application to be issued is compiled and packaged; the identification judgment module is used for identifying and judging whether the third-party component has risks or not according to the detected information data of the third-party component and recording the information data related to the third-party component; and the blocking module is used for sending a blocking instruction to the issuing system in real time when judging that the third-party component has risks so as to carry out real-time blocking.
According to a preferred embodiment of the invention, the third party component comprises a login component, a transaction component and an authentication component.
According to the preferred embodiment of the present invention, the system further comprises a setting module, wherein the setting module is used for setting a predetermined judgment rule; judging whether the third-party component is a risk component or not according to the preset judgment rule; calculating a risk value of the third party component in the case that the third party component is a risk component, wherein the risk value is a risk utilization cost; and when the calculated risk value is within a set range, blocking the third-party component in real time.
According to a preferred embodiment of the present invention, the risk management system further includes a determination module, where the determination module is configured to determine the calculation parameters, set the weight coefficients corresponding to the calculation parameters, and perform weighted calculation on the calculation parameters and the corresponding weight coefficients to obtain the risk utilization cost of the third-party component.
According to the preferred embodiment of the present invention, the calculation parameters include an attack vector, an attack complexity, a maturity and a repairability of the utilization code of the third-party component.
According to a preferred embodiment of the present invention, the predetermined judgment rule includes: comparing and matching the detected name and version of the third-party component with the name and version range of the risk component in the risk library; and when the name of the third-party component is the same as the name of the risk component in the risk library and/or the version of the third-party component is within the risk version range of the risk library, judging that the third-party component is the risk component.
According to a preferred embodiment of the present invention, further comprising: and when the third-party component is blocked in real time, prompt information is sent to business personnel at the same time, wherein the prompt information comprises a risk level, a risk value, a version range with risk and a safety version.
According to a preferred embodiment of the present invention, comprises: and when the risk value of the third-party component is within a second set range, carrying out emergency detection identification on the third-party component, and carrying out emergency detection identification on the third-party component according to the recorded information data related to the third-party component so as to start a second detection task when a trigger event occurs, wherein the trigger event comprises component, software or application upgrading, and vulnerability problems or permission problems occur depending on other software or applications of the third-party component.
A third aspect of the invention proposes a computer device comprising a processor and a memory for storing a computer executable program, the processor performing the third party component detection method when the computer program is executed by the processor.
A fourth aspect of the present invention provides a computer program product, storing a computer executable program, wherein the computer executable program, when executed, implements the third-party component detection method.
(III) advantageous effects
Compared with the prior art, the method can detect the third-party component in the software or application to be released in real time, can more effectively and accurately judge the risk condition of the third-party component, can block the risk component in real time, and can quickly position the third-party component which has no problem and is likely to have safety risk in the future so as to quickly perform emergency treatment; the component detection method can be further optimized; the intelligent and comprehensive detection process is realized, and the human input cost is reduced.
Drawings
Fig. 1 is a flowchart of an example of a third-party component detection method according to embodiment 1 of the present invention.
Fig. 2 is a schematic diagram of an example of a third party component detection method to which embodiment 1 of the present invention is applied;
fig. 3 is a flowchart of another example of the third party component detecting method of embodiment 1 of the present invention.
Fig. 4 is a flowchart of another example of the third party component detecting method of embodiment 1 of the present invention.
Fig. 5 is a schematic diagram of an example of a third-party component detection system of embodiment 2 of the present invention.
Fig. 6 is a schematic diagram of another example of a third party component detection system of embodiment 2 of the present invention;
fig. 7 is a schematic diagram of still another example of the third party component detection system of embodiment 2 of the present invention.
Fig. 8 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
FIG. 9 is a schematic diagram of a computer program product of an embodiment of the invention.
Detailed Description
In describing particular embodiments, specific details of structures, properties, effects, or other features are set forth in order to provide a thorough understanding of the embodiments by one skilled in the art. However, it is not excluded that a person skilled in the art may implement the invention in a specific case without the above-described structures, performances, effects or other features.
The flow chart in the drawings is only an exemplary flow demonstration, and does not represent that all the contents, operations and steps in the flow chart are necessarily included in the scheme of the invention, nor does it represent that the execution is necessarily performed in the order shown in the drawings. For example, some operations/steps in the flowcharts may be divided, some operations/steps may be combined or partially combined, and the like, and the execution order shown in the flowcharts may be changed according to actual situations without departing from the gist of the present invention.
The block diagrams in the figures generally represent functional entities and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different network and/or processing unit devices and/or microcontroller devices.
The same reference numerals denote the same or similar elements, components, or parts throughout the drawings, and thus, a repetitive description thereof may be omitted hereinafter. It will be further understood that, although the terms first, second, third, etc. may be used herein to describe various elements, components, or sections, these elements, components, or sections should not be limited by these terms. That is, these phrases are used only to distinguish one from another. For example, a first device may also be referred to as a second device without departing from the spirit of the present invention. Furthermore, the term "and/or", "and/or" is intended to include all combinations of any one or more of the listed items.
In order to further optimize the component detection method, the invention provides a third-party component detection method, which carries out real-time detection on the third-party component in the software or application to be issued, carries out judgment processing twice, carries out real-time blocking on the determined risk component, and can also carry out quick positioning on the third-party component which has no problem and is possible to have safety risk in the future so as to carry out quick emergency processing. Therefore, the invention realizes a more intelligent and comprehensive detection process and reduces the human input cost.
In order that the objects, technical solutions and advantages of the present invention will become more apparent, the present invention will be further described in detail with reference to the accompanying drawings in conjunction with the following specific embodiments.
In describing particular embodiments, specific details of structures, properties, effects, or other features are set forth in order to provide a thorough understanding of the embodiments by one skilled in the art. However, it is not excluded that a person skilled in the art may implement the invention in a specific case without the above-described structures, performances, effects or other features.
The flow chart in the drawings is only an exemplary flow demonstration, and does not represent that all the contents, operations and steps in the flow chart are necessarily included in the scheme of the invention, nor does it represent that the execution is necessarily performed in the order shown in the drawings. For example, some operations/steps in the flowcharts may be divided, some operations/steps may be combined or partially combined, and the like, and the execution order shown in the flowcharts may be changed according to actual situations without departing from the gist of the present invention.
The block diagrams in the figures generally represent functional entities and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different network and/or processing unit devices and/or microcontroller devices.
The same reference numerals denote the same or similar elements, components, or parts throughout the drawings, and thus, a repetitive description thereof may be omitted hereinafter. It will be further understood that, although the terms first, second, third, etc. may be used herein to describe various elements, components, or sections, these elements, components, or sections should not be limited by these terms. That is, these phrases are used only to distinguish one from another. For example, a first device may also be referred to as a second device without departing from the spirit of the present invention. Furthermore, the term "and/or", "and/or" is intended to include all combinations of any one or more of the listed items.
Fig. 1 is a flowchart of an example of a third-party component detection method according to embodiment 1 of the present invention.
As shown in fig. 1, the third-party component detection method includes the following steps:
step S101, configuring a first detection task and a second detection task, wherein the first detection task is used for real-time detection, and the second detection task is used for emergency detection.
Step S102, when compiling and packaging the file of the software or application to be issued, starting a first detection task.
Step S103, identifying and judging whether the third-party component has risks or not according to the detected information data of the third-party component, and recording the information data related to the third-party component.
And step S104, when the third-party component is judged to have risks, a blocking instruction is sent to the issuing system in real time so as to carry out real-time blocking.
In this example, the third-party component detection method of the present invention is used to perform security detection on related components to be relied upon in software or applications published by a publication system.
First, in step S101, a first detection task and a second detection task are configured, where the first detection task is used for real-time detection, and the second detection task is used for emergency detection.
Fig. 2 is a schematic diagram of an example of a third-party component detection method to which embodiment 1 of the present invention is applied.
As shown in fig. 2, a file of software or application to be distributed in the CI/DI distribution system is detected in real time at a specific time node, and stored or recorded related information data of a third-party component is detected in emergency at other specific time nodes, and the CI/DI distribution system is controlled by a control instruction to perform real-time blocking or early warning, so as to block the problematic third-party component in real time.
Specifically, for example, in a security detection service module of the CI/DI distribution system, detection tasks are configured according to different business project requirements, types, functions, numbers and the like of third-party components.
In this example, the configured detection tasks include a first detection task and a second detection task, so that the third-party components and the like on which each business project depends are detected in real time, and the third-party components with faults or problems are blocked in real time.
Specifically, the first detection task is used for detecting a file of software or application to be released in real time, and the second detection task is used for performing emergency detection on the corresponding software or application when a trigger event occurs.
Preferably, the triggering event includes component, software or application upgrade, vulnerability problem, permission problem, compliance problem, etc. of other software or application depending on the third party component.
It should be noted that the above description is only given by way of example, and the present invention is not limited thereto.
Next, in step S102, when compiling and packaging the file of the software or application to be distributed, a first detection task is started.
In this example, corresponding detection time nodes are set for different detection tasks, such as compilation and package sending time, software or application upgrade time, and the like.
Specifically, all software or application files to be released are detected in real time, and whether a first detection task is started or not is judged.
Further, when the security detection service module detects that the software or the application file to be issued is compiled and sent, the first detection task is started.
Further, the content of the first detection task includes whether the software or application file to be published depends on third-party components, the number of the third-party components that depend, information data of the third-party components that depend, the project in which the software or application to be published is located and its associated system, and so on.
Specifically, the information data of the depended third-party component includes a name and a version of the third-party component, dependency relationship information with corresponding software or application, an item where the third-party component is located and an associated system thereof, and the like.
It should be noted that the above description is only given by way of example, and the present invention is not limited thereto.
Next, in step S103, according to the detected information data of the third-party component, identifying and determining whether the third-party component has a risk, and recording the information data related to the third-party component.
Specifically, the information data of the third-party component on which the software or the application depends is extracted from the real-time detection information data, and whether the risk exists in the third-party component is identified and judged according to the extracted information data.
For example, the third party component is a JavaScript or Ruby programming language component.
It should be noted that the above is described as an example, and the limitation of the present invention is not understood, and in other examples, the identification analysis may be performed on programming language components such as NET, Java, JavaScript, PHP, Python, Ruby, and the like.
And further, judging whether the third-party component is a risk component or not according to a preset judgment rule.
Specifically, the predetermined judgment rule includes comparison with a risk component in a risk library.
In this example, according to the business project type in the home service scenario and the business requirement of APP of the home service product, an internet public vulnerability library (CVE, NVD, VulnDB, NPM public services, etc.) is pulled, and a risk library is set, which includes the name of the risk component, the risk version range, the risk level, the risk value range corresponding to each risk level, etc.
Specifically, the name and version of the detected third-party component are compared and matched with the name and risk version range of the third-party component in the risk library.
Preferably, the comparison and matching is performed through an API and judgment rules, and the quick response is performed through an API interface to interface with various forms of publishing systems or building delivery systems.
Specifically, when the name of the third-party component is the same as the name of the risk component in the risk library, and/or when the version of the third-party component falls within the risk version range of the risk library, the third-party component is judged to be the risk component. Therefore, one-time judgment processing is completed, and the air danger component can be effectively identified.
It should be noted that the object of the one-time judgment processing may be performed on one or more third-party components in one software or application to be released simultaneously, or may be performed on one or more third-party components in multiple software or applications to be released simultaneously.
Fig. 2 is a flowchart showing another example of the third party component detecting method of embodiment 1 of the present invention.
As shown in fig. 3, a step S301 of calculating a risk value of a third party component is further included.
In step S301, a risk value of the third party component is calculated for the secondary determination process.
Specifically, in the case that the third-party component is judged to be a risk component, a risk value of the third-party component is calculated, and the risk value is a risk utilization cost.
Further, determining calculation parameters for calculating the risk utilization cost of the third-party component, setting weight coefficients corresponding to the calculation parameters, and performing weighting calculation on the calculation parameters and the corresponding weight coefficients to obtain the risk utilization cost of the third-party component.
Specifically, the calculation parameters include an attack vector, an attack complexity, a maturity degree and a repairability degree of the utilization code of the third-party component, a system self importance degree of a system to which the third-party component is applied, and a network environment parameter of a corresponding system.
More specifically, the importance of the system is set according to the system types including a core system, an important system, a general system, and an internal system.
Further, the network environment parameters include the internet, a service network, a local network, a physical network, and the like.
Preferably, the risk value (i.e., risk utilization cost) of the third party component is given by the following formula.
Vul=CVSS*a+SW*b+SA*c,
Wherein Vul refers to the risk utilization cost of the third-party component; the CVSS refers to at least two parameters of an attack vector, an attack complexity, a maturity degree and a repairability degree of a utilized code of a third-party component; SW refers to the importance of each system that depends on the third party risk component; SA refers to the network environment parameters of each system; a, b, and c are weight coefficients corresponding to CVSS, SW, and SA, respectively.
Preferably, a is 0.55-0.75, b is 0.25-0.35, and c is 0.15-0.25.
It should be noted that, in the present invention, the risk calculation for the third-party component includes a part for calculating the standard with reference to the CVSS, a part for depending on the importance of the software or application of the third-party component, a part for the corresponding system to be affected by the environmental factors, and the like.
Further, the predetermined judgment rule further includes comparing the calculated risk value with a first set range indicating a risk threshold range that needs to be blocked and a second set range indicating a risk threshold range that has a potential risk or may have a risk within a specific time.
Specifically, the third-party component is blocked in real time when the calculated risk value is within a first set range. Therefore, secondary judgment processing is completed, and the risk condition of the third-party component can be judged more effectively and more accurately.
And when the risk value of the third-party component is within a second set range, carrying out emergency detection identification on the third-party component, and carrying out emergency detection identification on the third-party component according to the recorded information data related to the third-party component so as to start a second detection task when a trigger event occurs.
Further, the risk value and other risk information data of the third-party component are recorded for setting the next detection task or determining the detection time and the like.
It should be noted that the above description is only given by way of example, and the present invention is not limited thereto.
Next, in step S104, when it is determined that the third-party component is at risk, a blocking instruction is sent to the issuing system in real time to perform real-time blocking.
Specifically, according to the results of the two judgment processes, when the third-party component is judged to be a component which needs to be blocked in real time, the safety detection service module sends a blocking instruction to the issuing system in real time, and the issuing system blocks the software or application to be issued in real time so as to realize real-time blocking.
Furthermore, the security risk and the open source authorization change are tracked and synchronized in real time, so that a third component with problems can be determined in real time, and various open source licenses can be tracked in real time to effectively avoid the problem of non-compliant authorization.
Preferably, when the third-party component is blocked in real time, prompt information is sent to business personnel at the same time, and the prompt information comprises a risk level, a risk value, a risk version range and a safety version.
Therefore, the risk condition of the third-party component can be judged more effectively and more accurately through calculating the risk value of the third-party component and two times of risk judgment processing, and the detection method can be optimized.
It should be noted that the above description is only given by way of example, and the present invention is not limited thereto.
In addition, the procedures of the above-described method are only for illustrating the present invention, and the order and number of the steps are not particularly limited. In other examples, the steps in the method may be further split into two (for example, the step S103 is split into S103 and S401, see fig. 4 specifically), three, or some steps may be combined into one step, and the adjustment is performed according to an actual example. The foregoing is illustrative only and is not to be construed as limiting the invention.
Compared with the prior art, the method can detect the third-party component in the software or application to be issued in real time, can more effectively and accurately judge the risk condition of the third-party component, can block the risk component in real time, and can quickly position the third-party component which has no problem and is likely to have safety risk in the future so as to quickly perform emergency treatment; the component detection method can be further optimized; the intelligent and comprehensive detection process is realized, and the human input cost is reduced.
Example 2
Embodiments of systems of the present invention are described below, which may be used to perform method embodiments of the present invention. Details described in the system embodiments of the invention should be considered supplementary to the above-described method embodiments; reference is made to the above-described method embodiments for details not disclosed in the system embodiments of the invention.
Referring to fig. 5 to 7, a third party component detection system 500 of embodiment 2 of the present invention will be explained.
According to a second aspect of the present invention, the present invention further provides a third party component detection system 500 for performing security detection on a related component to be relied on in software or an application published by a publishing system, the third party component detection system 500 comprising: a configuration module 501, configured to configure a first detection task and a second detection task, where the first detection task is used for real-time detection, and the second detection task is used for emergency detection; the detection module 502 starts a first detection task when compiling and packaging a file of software or application to be issued; the identification judging module 503 is configured to identify and judge whether the third-party component has a risk according to the detected information data of the third-party component, and record information data related to the third-party component; and the blocking module 504 is used for sending a blocking instruction to the issuing system in real time when the third-party component is judged to have the risk so as to carry out real-time blocking.
Preferably, the third party component comprises a login component, a transaction component and an authentication component.
As shown in fig. 6, the device further includes a setting module 601, where the setting module 601 is configured to set a predetermined determination rule; judging whether the third-party component is a risk component or not according to the preset judgment rule; calculating a risk value of the third party component in the case that the third party component is a risk component, wherein the risk value is a risk utilization cost; and when the calculated risk value is within a set range, blocking the third-party component in real time.
As shown in fig. 7, the risk assessment system further includes a determining module 701, where the determining module 701 is configured to determine calculation parameters, set weight coefficients corresponding to the calculation parameters, and perform weighted calculation on the calculation parameters and the corresponding weight coefficients to obtain the risk utilization cost of the third-party component.
Preferably, the calculation parameters include an attack vector, an attack complexity, maturity and repairability of the third-party component.
Preferably, the predetermined judgment rule includes: comparing and matching the detected name and version of the third-party component with the name and version range of the risk component in the risk library; and when the name of the third-party component is the same as the name of the risk component in the risk library and/or the version of the third-party component is within the risk version range of the risk library, judging that the third-party component is the risk component.
Preferably, the method further comprises the following steps: and when the third-party component is blocked in real time, prompt information is sent to business personnel at the same time, wherein the prompt information comprises a risk level, a risk value, a version range with risk and a safety version.
Preferably, the method comprises the following steps: and when the risk value of the third-party component is within a second set range, carrying out emergency detection identification on the third-party component, and carrying out emergency detection identification on the third-party component according to the recorded information data related to the third-party component so as to start a second detection task when a trigger event occurs, wherein the trigger event comprises component, software or application upgrading, and vulnerability problems or permission problems occur depending on other software or applications of the third-party component.
In embodiment 2, the same portions as those in embodiment 1 are not described.
Compared with the prior art, the method can detect the third-party component in the software or application to be issued in real time, can more effectively and accurately judge the risk condition of the third-party component, can block the risk component in real time, and can quickly position the third-party component which has no problem and is likely to have safety risk in the future so as to quickly perform emergency treatment; the intelligent and comprehensive detection process is realized, and the human input cost is reduced.
Example 3
The following describes an embodiment of the computer apparatus of the present invention, which may be considered as a concrete physical implementation of the above-described embodiments of the method and system of the present invention. Details described in relation to the computer device embodiment of the present invention should be considered supplementary to the method or system embodiment described above; for details not disclosed in the computer device embodiments of the invention, reference may be made to the above-described method or system embodiments.
Fig. 8 is a schematic structural diagram of a computer device according to an embodiment of the present invention, the computer device including a processor and a memory, the memory storing a computer-executable program, the processor executing the method of fig. 1 when the computer program is executed by the processor.
As shown in fig. 8, the computer device is in the form of a general purpose computing device. The processor can be one or more and can work together. The invention also does not exclude that distributed processing is performed, i.e. the processors may be distributed over different physical devices. The computer device of the present invention is not limited to a single entity, and may be a sum of a plurality of entity devices.
The memory stores a computer executable program, typically machine readable code. The computer readable program may be executed by the processor to enable a computer device to perform the method of the invention, or at least some of the steps of the method.
The memory may include volatile memory, such as Random Access Memory (RAM) and/or cache memory, and may also be non-volatile memory, such as read-only memory (ROM).
Optionally, in this embodiment, the computer device further includes an I/O interface, which is used for data exchange between the computer device and an external device. The I/O interface may be a local bus representing one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, and/or a memory storage device using any of a variety of bus architectures.
It should be understood that the computer device shown in fig. 8 is only one example of the present invention, and elements or components not shown in the above examples may also be included in the computer device of the present invention. For example, some computer devices also include display units such as display screens, and some computer devices also include human-computer interaction elements such as buttons, keyboards, and the like. The computer device can be considered to be covered by the present invention as long as the computer device can execute the computer readable program in the memory to implement the method of the present invention or at least part of the steps of the method.
FIG. 9 is a schematic diagram of a computer program product of an embodiment of the invention. As shown in fig. 9, a computer-executable program is stored in the computer program product, and when the computer-executable program is executed, the method of the present invention is implemented. The computer program product may comprise a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. The computer program product may be transmitted, propagated, or transported by a computer to be used by or in connection with an instruction execution system, apparatus, or device. The program code embodied in the computer program product may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
From the above description of the embodiments, those skilled in the art will readily appreciate that the present invention can be implemented by hardware capable of executing a specific computer program, such as the system of the present invention, and electronic processing units, servers, clients, mobile phones, control units, processors, etc. included in the system. The invention may also be implemented by computer software for performing the method of the invention, e.g. control software executed by a microprocessor, an electronic control unit, a client, a server, etc. It should be noted that the computer software for executing the method of the present invention is not limited to be executed by one or a specific hardware entity, and can also be realized in a distributed manner by non-specific hardware. For computer software, the software product may be stored in a computer readable storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or may be distributed over a network, as long as it enables the computer device to perform the method according to the present invention.
While the foregoing detailed description has described the objects, aspects and advantages of the present invention in further detail, it should be appreciated that the present invention is not inherently related to any particular computer, virtual machine, or computer apparatus, as various general purpose devices may implement the present invention. The invention is not to be considered as limited to the specific embodiments thereof, but is to be understood as being modified in all respects, all changes and equivalents that come within the spirit and scope of the invention.
Claims (18)
1. A third party component detection method for securely detecting a related component that is to be relied upon in software or an application published by a publication system, the method comprising:
configuring a first detection task and a second detection task, wherein the first detection task is used for real-time detection, and the second detection task is used for emergency detection;
when a file of software or application to be issued is compiled and packaged, starting a first detection task;
identifying and judging whether the third-party component has risks or not according to the detected information data of the third-party component, and recording the information data related to the third-party component;
and when the third-party component is judged to have risks, a blocking instruction is sent to the issuing system in real time so as to carry out real-time blocking.
2. The third party component detection method of claim 1, wherein the third party component comprises a login component, a transaction component, and an authentication component.
3. The method for detecting the third-party component according to claim 1 or 2, wherein the identifying and judging whether the third-party component is at risk comprises:
judging whether the third-party component is a risk component or not according to a preset judgment rule;
calculating a risk value of the third party component in the case that the third party component is a risk component, wherein the risk value is a risk utilization cost;
and when the calculated risk value is within a first set range, blocking the third-party component in real time.
4. The third-party component detecting method according to claim 3,
determining calculation parameters, setting weight coefficients corresponding to the calculation parameters, and performing weighted calculation on the calculation parameters and the corresponding weight coefficients to obtain the risk utilization cost of the third-party component.
5. The method according to claim 4, wherein the calculation parameters include an attack vector, an attack complexity, a maturity degree and a repairability degree of the utilization code of the third-party component, a system intrinsic importance degree of a system to which the third-party component is applied, and a network environment parameter of a corresponding system.
6. The method according to claim 3, wherein the predetermined judgment rule comprises:
comparing and matching the detected name and version of the third-party component with the name and version range of the risk component in the risk library;
and when the name of the third-party component is the same as the name of the risk component in the risk library and/or the version of the third-party component is within the risk version range of the risk library, judging that the third-party component is the risk component.
7. The third-party component detection method according to claim 1 or 6, further comprising:
and when the third-party component is blocked in real time, prompt information is sent to business personnel at the same time, wherein the prompt information comprises a risk level, a risk value, a version range with risk and a safety version.
8. The third-party component detection method according to claim 1, comprising:
when the risk value of the third-party component is within a second set range, carrying out emergency detection recording on the third-party component, and carrying out emergency detection recording on the third-party component
And according to the recorded information data related to each third-party component, carrying out emergency detection identification on each third-party component so as to start a second detection task when a trigger event occurs, wherein the trigger event comprises component, software or application upgrading, and vulnerability problems, permission problems or compliance problems occur in other software or applications depending on the third-party component.
9. A third party component detection system for securely detecting a related component that is to be relied upon in software or applications published by a publication system, the system comprising:
the system comprises a configuration module, a detection module and a processing module, wherein the configuration module is used for configuring a first detection task and a second detection task, the first detection task is used for real-time detection, and the second detection task is used for emergency detection;
the detection module starts a first detection task when a file of software or application to be issued is compiled and packaged;
the identification judgment module is used for identifying and judging whether the third-party component has risks or not according to the detected information data of the third-party component and recording the information data related to the third-party component;
and the blocking module is used for sending a blocking instruction to the issuing system in real time when judging that the third-party component has risks so as to carry out real-time blocking.
10. The third party component detection system of claim 9, wherein the third party component comprises a login component, a transaction component, and an authentication component.
11. The third-party component detection system according to claim 9 or 10, further comprising a setting module for setting a predetermined judgment rule;
judging whether the third-party component is a risk component or not according to the preset judgment rule;
calculating a risk value of the third party component in the case that the third party component is a risk component, wherein the risk value is a risk utilization cost;
and when the calculated risk value is within a first set range, blocking the third-party component in real time.
12. The system according to claim 11, further comprising a determination module, wherein the determination module is configured to determine the calculation parameters, set a weight coefficient corresponding to each calculation parameter, and perform weighted calculation on each calculation parameter and the corresponding weight coefficient to obtain the risk utilization cost of the third-party component.
13. The third-party component detection system of claim 12, wherein the computation parameters include an attack vector, an attack complexity, a maturity and a repairability of the third-party component.
14. The third-party component detection system according to claim 11, wherein the predetermined judgment rule includes:
comparing and matching the detected name and version of the third-party component with the name and version range of the risk component in the risk library;
and when the name of the third-party component is the same as the name of the risk component in the risk library and/or the version of the third-party component is within the risk version range of the risk library, judging that the third-party component is the risk component.
15. The third-party component detection system according to claim 9 or 14, further comprising:
and when the third-party component is blocked in real time, prompt information is sent to business personnel at the same time, wherein the prompt information comprises a risk level, a risk value, a version range with risk and a safety version.
16. The third-party component detection system of claim 9, comprising:
when the risk value of the third-party component is within a second set range, carrying out emergency detection identification on the third-party component, and
and according to the recorded information data related to the third-party component, carrying out emergency detection identification on the third-party component so as to start a second detection task when a trigger event occurs, wherein the trigger event comprises component, software or application upgrading, and vulnerability problems or permission problems occur in other software or applications depending on the third-party component.
17. A computer device comprising a processor and a memory, the memory for storing a computer executable program, characterized in that:
the computer program, when executed by the processor, performs the third party component detection method of any of claims 1-8.
18. A computer program product storing a computer executable program, wherein the computer executable program, when executed, implements the third party component detection method as claimed in any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110426126.5A CN113127351A (en) | 2021-04-20 | 2021-04-20 | Third-party component detection method, system and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110426126.5A CN113127351A (en) | 2021-04-20 | 2021-04-20 | Third-party component detection method, system and computer equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113127351A true CN113127351A (en) | 2021-07-16 |
Family
ID=76778452
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110426126.5A Pending CN113127351A (en) | 2021-04-20 | 2021-04-20 | Third-party component detection method, system and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113127351A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113778509A (en) * | 2021-08-13 | 2021-12-10 | 国网河北省电力有限公司电力科学研究院 | Method for determining version of open source component, storage medium and electronic device |
| CN115277141A (en) * | 2022-07-18 | 2022-11-01 | 中国工商银行股份有限公司 | Detection method, system and device of third-party system and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109753807A (en) * | 2019-01-09 | 2019-05-14 | 国家保密科技测评中心 | Safety detection method and device |
| CN111104676A (en) * | 2019-12-06 | 2020-05-05 | 携程旅游信息技术(上海)有限公司 | Security detection method, system, device and readable storage medium for third-party component |
| CN112434305A (en) * | 2020-12-07 | 2021-03-02 | 北京中科微澜科技有限公司 | Patch-based vulnerability detection method and device, storage medium and electronic equipment |
-
2021
- 2021-04-20 CN CN202110426126.5A patent/CN113127351A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109753807A (en) * | 2019-01-09 | 2019-05-14 | 国家保密科技测评中心 | Safety detection method and device |
| CN111104676A (en) * | 2019-12-06 | 2020-05-05 | 携程旅游信息技术(上海)有限公司 | Security detection method, system, device and readable storage medium for third-party component |
| CN112434305A (en) * | 2020-12-07 | 2021-03-02 | 北京中科微澜科技有限公司 | Patch-based vulnerability detection method and device, storage medium and electronic equipment |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113778509A (en) * | 2021-08-13 | 2021-12-10 | 国网河北省电力有限公司电力科学研究院 | Method for determining version of open source component, storage medium and electronic device |
| CN115277141A (en) * | 2022-07-18 | 2022-11-01 | 中国工商银行股份有限公司 | Detection method, system and device of third-party system and electronic equipment |
| CN115277141B (en) * | 2022-07-18 | 2024-03-08 | 中国工商银行股份有限公司 | Detection method, system and device of third party system and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11042647B1 (en) | Software assurance system for runtime environments | |
| Cheng et al. | Orpheus: Enforcing cyber-physical execution semantics to defend against data-oriented attacks | |
| US9692778B1 (en) | Method and system to prioritize vulnerabilities based on contextual correlation | |
| Wang et al. | Malicious firmware detection with hardware performance counters | |
| Vekris et al. | Towards Verifying Android Apps for the Absence of {No-Sleep} Energy Bugs | |
| Lee et al. | Design and implementation of the secure compiler and virtual machine for developing secure IoT services | |
| TW201250512A (en) | Threat level assessment of applications | |
| CN109918285B (en) | Security identification method and device for open source software | |
| CN113127351A (en) | Third-party component detection method, system and computer equipment | |
| Noor et al. | Countering cyber threats for industrial applications: An automated approach for malware evasion detection and analysis | |
| US20200265145A1 (en) | Method and system for providing a scanning appliance to identify security risks and vulnerabilities in software design prior to the software's implementation | |
| US20190361788A1 (en) | Interactive analysis of a security specification | |
| Bognar et al. | Mind the gap: Studying the insecurity of provably secure embedded trusted execution architectures | |
| US8176560B2 (en) | Evaluation of tamper resistant software system implementations | |
| Amankwah et al. | Bug detection in Java code: An extensive evaluation of static analysis tools using Juliet Test Suites | |
| Kang et al. | CIA-level driven secure SDLC framework for integrating security into SDLC process | |
| US20230195863A1 (en) | Application identity account compromise detection | |
| US7784034B1 (en) | System, method and computer program product for hooking a COM interface | |
| CN110674491B (en) | Method and device for real-time evidence obtaining of android application and electronic equipment | |
| Beksultanova et al. | Analysis tools for smart contract security | |
| US8726246B2 (en) | Static analysis of validator routines | |
| Pomorova et al. | Assessment of the source code static analysis effectiveness for security requirements implementation into software developing process | |
| CN113935847A (en) | Online process risk processing method, device, server and medium | |
| Wang et al. | Modeling and vulnerable points analysis for e-commerce transaction system with a known attack | |
| KR20140037442A (en) | Method for pre-qualificating social network service contents in mobile environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |