CN113486362B - Vulnerability restoration method and device for server and computer equipment - Google Patents

Vulnerability restoration method and device for server and computer equipment Download PDF

Info

Publication number
CN113486362B
CN113486362B CN202110944700.6A CN202110944700A CN113486362B CN 113486362 B CN113486362 B CN 113486362B CN 202110944700 A CN202110944700 A CN 202110944700A CN 113486362 B CN113486362 B CN 113486362B
Authority
CN
China
Prior art keywords
vulnerability
component
repair
user
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110944700.6A
Other languages
Chinese (zh)
Other versions
CN113486362A (en
Inventor
毛佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei Yifeng Digital Technology Co ltd
Shenzhen Lian Intellectual Property Service Center
Original Assignee
Hubei Yifeng Digital Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei Yifeng Digital Technology Co ltd filed Critical Hubei Yifeng Digital Technology Co ltd
Priority to CN202110944700.6A priority Critical patent/CN113486362B/en
Publication of CN113486362A publication Critical patent/CN113486362A/en
Application granted granted Critical
Publication of CN113486362B publication Critical patent/CN113486362B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Stored Programmes (AREA)

Abstract

The application relates to an artificial intelligence technology and discloses a vulnerability restoration method, device and computer equipment of a server, wherein the method comprises the following steps: acquiring security vulnerability information of each server, and carrying out semantic analysis/grammar analysis based on the security vulnerability information to obtain names of vulnerabilities to be repaired of each server; further obtaining the CVE number of the loophole; searching a component update version number corresponding to the CVE number according to the CVE number of the vulnerability; downloading a component installation package in a yum database, and upgrading a component corresponding to the vulnerability by using the component installation package; searching a dependency component corresponding to the component in a preset dependency database, wherein the component is a component corresponding to the vulnerability; and sending a downloading request to a preset dependent database to download the dependent component installation package, and upgrading the dependent component by using the dependent component installation package to finish repairing. The vulnerability restoration method, device and computer equipment of the server provided by the application solve the technical problems of complicated vulnerability restoration process and long time consumption in the prior art.

Description

Vulnerability restoration method and device for server and computer equipment
Technical Field
The present application relates to the field of bug fixes, and in particular, to a bug fix method, device and computer equipment for a server.
Background
The plug-in of the server may have some unexpected problems in the design process, which results in the plug-in being tested for problems, i.e., vulnerabilities, after a period of operation. The traditional bug repairing method is that a bug scanning tool detects a bug, and then an operation and maintenance person logs in a server and upgrades to the latest version through a yum method or source codes. The whole process needs operation and maintenance personnel to inquire the corresponding solution version of the component to be upgraded, download the corresponding installation file, and then upgrade to the latest version. In the process, as some holes are not only the repairing component itself, but also other components are required to be installed to solve the dependence problem, the whole process is tedious and takes a long time.
Disclosure of Invention
The application mainly aims to provide a method, a device and computer equipment for repairing a vulnerability of a server, and aims to solve the technical problems of complicated vulnerability repairing process and long time consumption in the prior art.
The application provides a vulnerability restoration method of a server, which comprises the following steps:
acquiring security vulnerability information of each server, and performing semantic analysis/grammar analysis based on the security vulnerability information to obtain names of vulnerabilities required to be repaired of each server;
Obtaining the CVE number of the vulnerability according to the name of the vulnerability;
searching a component update version number corresponding to the CVE number in a CVE database according to the CVE number of the vulnerability;
downloading a component installation package corresponding to the component update version number in a yum database according to the component update version number, and upgrading a component corresponding to the vulnerability by utilizing the component installation package;
searching a dependency component corresponding to the component in a preset dependency database, wherein the component is the component corresponding to the vulnerability;
and sending a downloading request to the preset dependent database to download a dependent component installation package, and upgrading the dependent component by utilizing the dependent component installation package to finish the repair of the vulnerability.
Further, after the obtaining the security hole information of each server and performing semantic analysis/grammar analysis based on the security hole information to obtain the name of the hole to be repaired of each server, the method further includes:
judging whether the current time is a repair time preset by a user;
if the current time is not the repair time preset by the user, acquiring the repair habit of the user; the repairing habit comprises repairing loopholes exceeding a first set number of times and loopholes with repairing time smaller than the first set time;
Obtaining the name of the corresponding vulnerability according to the repairing habit;
and if the current time is the repair time preset by the user, acquiring the name of the vulnerability of the server with the authority of the user.
Further, after the obtaining the security hole information of each server and performing semantic analysis/grammar analysis based on the security hole information to obtain the name of the hole to be repaired of each server, the method further includes:
obtaining historical repair data of the loopholes, and extracting loopholes repaired for more than a second set number of times to form a loophole set;
acquiring dimensions of all vulnerabilities in the vulnerability set; the dimension comprises the type of the vulnerability and a server to which the vulnerability belongs;
taking the dimension with the largest occurrence number as a target dimension, and sending a selection window like a user;
judging whether the user selects the target dimension;
if not, receiving a new repair dimension selected by a user;
and acquiring the name of the vulnerability corresponding to the new repair dimension selected by the user.
Further, before obtaining the CVE number of the vulnerability according to the name of the vulnerability, the method further includes:
acquiring a log of the repair process of the vulnerability and judging whether a record of repair failure exists or not;
If the record of restoration failure does not exist, judging whether the user selects the minimum upgrade version;
if the user does not select the minimum upgrading version, downloading a latest component installation package corresponding to the vulnerability in a yum database according to the vulnerability, and upgrading the component corresponding to the vulnerability by utilizing the latest component installation package; the latest component installation package is capable of upgrading the component corresponding to the vulnerability to the latest version;
if the user selects the minimum upgrade version, executing the step of acquiring the CVE number of the vulnerability corresponding to the repair dimension;
if the record of repair failure exists, judging whether a new repair document is received or not;
if a new repair document is received, word segmentation is carried out on the repair document to obtain keywords;
searching and downloading a corresponding component installation package in the yum database according to the keywords, and upgrading a component corresponding to the vulnerability by utilizing the component installation package;
if a new repair document is not received, the repair is paused and the vulnerability and the reason why the vulnerability is paused and repaired are displayed at the front end.
Further, before searching the component update version number corresponding to the CVE number in the CVE database according to the CVE number of the vulnerability, the method further includes:
Transmitting a window with updated or non-updated options to a user in a first preset time period so as to enable the user to select; wherein, the window is an operation instruction to the CVE database;
judging whether an instruction of selecting updating or not updating by a user is received or not;
if the instruction of the user is not received, synchronously updating the CVE database according to the red cap official network;
if a user instruction is received, judging whether the instruction is updated or not;
if the instruction is update, synchronously updating the CVE database according to a red cap official network;
if the instruction is not updated, stopping updating the CVE database.
Further, after sending a download request to the preset dependency database to download a dependency component installation package and upgrading the dependency component by using the dependency component installation package, the method further includes:
judging whether the bug is successfully repaired;
if the bug repair fails, rolling the bug back to a state before repair and marking the bug;
sending instructions for marking repair failures to the dependency database and the yum database so as to mark the component installation packages and the dependency component installation packages corresponding to the loopholes;
When the component installation packages and the dependent component installation packages corresponding to the loopholes are marked for more than a third set number of times, generating instructions for processing the component installation packages and the dependent component installation packages so that a user can perform manual processing;
if the vulnerability is successfully repaired, judging whether an application failure signal sent by a server corresponding to the vulnerability is received or not;
and if a signal of application failure sent by the server corresponding to the vulnerability is received, generating an instruction whether to roll back or not for the user to select.
Further, if the bug repair fails, rolling back the bug to a state before repair, further including:
recording the log and the repair result of the repair process of the vulnerability; when the repair result is that the repair fails, the repair result also comprises a failure reason;
correlating the log and the repair result of the repair process with the name of the vulnerability, and storing the log and the repair result in a redis database;
and deleting the name of the vulnerability stored in the redis database before the second set time and the log and the repair result of the repair process corresponding to the name of the vulnerability in a third preset time period.
The application also provides a device for repairing the loopholes of the server, which comprises the following steps:
the acquisition module is used for acquiring the security vulnerability information of each server and carrying out semantic analysis/grammar analysis based on the security vulnerability information to obtain the names of vulnerabilities to be repaired of each server;
the CVE number module is used for obtaining the CVE number of the vulnerability according to the name of the vulnerability;
the first searching module is used for searching a component update version number corresponding to the CVE number in a CVE database according to the CVE number of the vulnerability;
the first upgrading module is used for downloading a component installation package corresponding to the component update version number in a yum database according to the component update version number and upgrading a component corresponding to the vulnerability by utilizing the component installation package;
the second searching module is used for searching a dependency component corresponding to the component in a preset dependency database, wherein the component is a component corresponding to the vulnerability;
and the second upgrading module is used for sending a downloading request to the preset dependent database to download a dependent component installation package, upgrading the dependent component by utilizing the dependent component installation package and finishing the repair of the vulnerability.
The application also provides a computer device comprising a memory storing a computer program and a processor implementing the steps of the above method when executing the computer program.
The application also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the above method.
The beneficial effects of the application are as follows: the names of the loopholes corresponding to the servers are obtained through analysis, the CVE numbers of the loopholes are automatically obtained according to the loopholes names, component update versions corresponding to the CVE numbers are searched in a CVE database, corresponding component installation packages are downloaded in a yum database to primarily repair the loopholes, and dependent component installation packages corresponding to the dependent components are downloaded in a preset dependent database to thoroughly repair the loopholes. The login user can complete thorough repair of all servers by clicking the repair button, operation and maintenance personnel are not required to log in a single server, and the version of the component to be upgraded and other components for solving the dependency problem are manually searched and downloaded, so that time is saved.
Drawings
Fig. 1 is a flowchart of a vulnerability restoration method of a server according to an embodiment of the present application.
Fig. 2 is a schematic structural diagram of a bug fixing device of a server according to an embodiment of the present application.
Fig. 3 is a schematic diagram illustrating an internal structure of a computer device according to an embodiment of the application.
The achievement of the objects, functional features and advantages of the present application will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
As shown in fig. 1, the present application provides a vulnerability restoration method of a server, including:
s1, obtaining security vulnerability information of each server, and carrying out semantic analysis/grammar analysis based on the security vulnerability information to obtain names of vulnerabilities to be repaired of each server;
s2, obtaining the CVE number of the vulnerability according to the name of the vulnerability;
s3, searching a component update version number corresponding to the CVE number in a CVE database according to the CVE number of the vulnerability;
s4, downloading a component installation package corresponding to the component update version number in a yum database according to the component update version number, and upgrading a component corresponding to the vulnerability by utilizing the component installation package;
s5, searching a dependency component corresponding to the component in a preset dependency database, wherein the component is the component corresponding to the vulnerability;
s6, sending a downloading request to the preset dependent database to download a dependent component installation package, and upgrading the dependent component by utilizing the dependent component installation package to finish the repair of the vulnerability.
The embodiment of the application can acquire and process the related data based on the artificial intelligence technology. Among these, artificial intelligence (Artificial Intelligence, AI) is the theory, method, technique and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend and extend human intelligence, sense the environment, acquire knowledge and use knowledge to obtain optimal results.
As described in step S1, the present solution provides a vulnerability restoration platform, which performs vulnerability scanning on all connected linux servers, where the scanning includes timing scanning and real-time scanning, and displays vulnerabilities to be restored in a scanning result, so as to facilitate user selection. And setting scanning time by a manager in the timing scanning, and performing vulnerability scanning on all linux servers when the scanning time set by the manager is reached. Or all the connected linux servers send security vulnerability information to a vulnerability repairing platform, wherein the security vulnerability information comprises vulnerability components and vulnerability risk levels of vulnerabilities in the servers. Vulnerability risk level is measured according to security vulnerability harm and influence scope. For example, the current industry generally classifies vulnerabilities into four vulnerability risk classes, low, medium, high, and urgent. Here, the damage and the influence range of the loopholes can be sequentially promoted, and the repair requirement of the response can be sequentially promoted. And carrying out syntax analysis and semantic analysis on the security vulnerability information, wherein the syntax analysis and the semantic analysis are analysis methods based on artificial intelligence technology, and extracting security key information from the security vulnerability information, wherein the security key information comprises vulnerability names, types and the like. Therefore, after a user logs in the vulnerability restoration platform and clicks a restoration instruction, the vulnerability restoration platform restores the vulnerability to be restored.
As described in the above steps S2-S3, after the user selects the repair dimension, the names of the vulnerabilities in the selected repair dimension are obtained, so that the CVE numbers of the vulnerabilities can be obtained through the names of the vulnerabilities (Common Vulnerabilities Exposures, general vulnerability disclosure, and the CVE numbers of the vulnerabilities are associated with the vulnerability names). Searching an updated version number corresponding to the CVE number in a CVE database according to the obtained CVE number of the vulnerability; the CVE database is mainly used for storing CVE numbers, the corresponding relation between the CVE numbers and the components, recording vulnerability names and the minimum update version numbers of the corresponding components, and updating the CVE database by manual clicking of a user or setting timing update, wherein the updating of the CVE database is synchronous from red cap authorities.
As described in the above step S4, according to the component update version number obtained from the CVE database, the component installation package corresponding to the component update version number is downloaded in the yum (Yellow dog Updater, modified, front-end software package manager) database, and before the component installation package is downloaded, the number of times the component installation package is marked (when the bug corresponding to the component installation package fails to repair a plurality of times, the component installation package is marked) may be determined first, and when the number of times marked exceeds a certain number of times, the component installation package may repair to cause repair failure, at this time, the downloading may be paused, and the reason of the pause may be presented to the user at the front end, waiting for the user to perform manual processing. yum database is mainly to provide complete component installation packages, and as with CVE database, yum database is updated by manual clicking by a user, or set timing update, yum database is updated to synchronize component installation packages from red cap authorities to add new component installation packages to yum database. After the component installation package corresponding to the component update version number is downloaded, the component corresponding to the vulnerability is updated by using the component installation package, and the component is updated to the version corresponding to the component installation package, so that the primary repair of the corresponding vulnerability is completed.
As described in the above steps S5-S6, the process of repairing the bug is to update through yum command, yum command itself will automatically install the dependent components needed to update the bug component, and some component bugs need to update other related components besides the component itself, but these components are not strong dependencies of the current component, and these components will not be updated when yum command is to update; for example, linux kernel local authority-raising (dirty cow) loopholes (CVE-2016-5195), and inquiring a CVE database according to a CVE number finds that only the perf component needs to be updated, but after the updating is finished, loopholes are scanned, and the perf component loopholes still exist, and at the moment, the python-perf component needs to be updated to complete the complete restoration of the loopholes. Therefore, the scheme presets a dependency database, stores the name of the dependency component corresponding to the component installation package of the yum database and the installation package of the corresponding dependency component (the non-strongly dependent component of which the component vulnerability needs to be additionally upgraded, such as the non-strongly dependent component python-perf of the perf component), and completes the thorough repair of the corresponding vulnerability by searching and downloading the dependency component installation package corresponding to the dependency component in the preset dependency database. For example, after upgrading the perf component, downloading a python-perf component installation package in a preset dependent database, upgrading the python-perf component, and completing thorough repair of the vulnerability without manually performing secondary repair by operation and maintenance personnel, thereby being convenient and quick and saving time.
In one embodiment, before the obtaining the name of the bug to be repaired by each server, the method further includes:
s011, acquiring login information of a user;
s012, determining the authority of the user according to the login information of the user, and obtaining all servers with the authority of the user.
As described in the above steps S011-S012, before the step of receiving the instruction of clicking the repair by the user, the user information is further required to be obtained, after the user logs in the vulnerability repair platform, the user information (such as account number, user name, etc.) is obtained, and according to the user information, the authority of the user can be determined, that is, the user can see which linux servers, which vulnerabilities can be seen on the vulnerability repair platform, or which vulnerabilities or linux servers can be operated, etc. After the authority of the user is obtained, all linux servers under the authority of the user are obtained so as to automatically repair the loopholes later.
In one embodiment, after the obtaining the security hole information of each server and performing semantic analysis/syntax analysis based on the security hole information to obtain the name of the hole that each server needs to repair, the method further includes:
s013, judging whether the current time is the repair time preset by the user;
S014, if the current time is not the repair time preset by the user, acquiring the repair habit of the user; the repairing habit comprises repairing loopholes exceeding a first set number of times and loopholes with repairing time smaller than the first set time;
s015, obtaining the name of the corresponding vulnerability according to the repair habit;
s016, if the current time is the repair time preset by the user, acquiring the name of the vulnerability of the server with the authority of the user.
As described in the above steps S013-S016, after obtaining all linux servers with authority of the login user, it is further required to determine whether the current repair time is preset for the user (the preset repair time is usually set to be a time period that is not commonly used by the linux server, and is specifically set according to the user' S needs, and is not limited herein), and if the current time is not the repair time preset for the user, the repair habit of the user is obtained; the repairing habit comprises repairing holes exceeding a first set time and having a repairing time smaller than the first set time, wherein the holes corresponding to the repairing habit are holes with frequent problems, or the holes which do not affect other operations of a user can be quickly repaired due to the short repairing time, so that the holes are automatically identified, manual operations are not required by the user, the holes of a linux server corresponding to the current login user repairing habit are automatically acquired by a hole repairing platform, automatic repairing operations are directly carried out on the holes, and the user is not required to click, so that the holes are quickly repaired. If the current time is the repair time preset by the user, the name of the vulnerability of the server with the authority of the user is obtained, the vulnerability is repaired in a time period which is not commonly used by the linux server, and the time consumed by clicking and repairing by the user and the waiting time are saved.
In one embodiment, after the obtaining the security hole information of each server and performing semantic analysis/syntax analysis based on the security hole information to obtain the name of the hole that each server needs to repair, the method further includes:
s021, acquiring historical repair data of the loopholes, and extracting the loopholes repaired for more than a second set times to form a loophole set;
s022, acquiring dimensions of all vulnerabilities in the vulnerability set; the dimension comprises the type of the vulnerability and a server to which the vulnerability belongs;
s023, taking the dimension with the largest occurrence number as a target dimension, and sending a selection window like a user;
s024, judging whether the user selects the target dimension;
s025, if not, receiving a new repair dimension selected by a user;
s026, obtaining the name of the vulnerability corresponding to the new repair dimension selected by the user.
As described in the above steps S021-S024, historical repair data of the loopholes are obtained, and loopholes which are repaired more than the second set times are extracted to form a loophole set, if the loopholes in the loophole set are loopholes which are frequently required to be repaired, unnecessary trouble is brought if the user is required to click each time, so that dimensions of the loopholes in the loophole set are obtained, each loophole corresponds to two dimensions (corresponding linux server and type of the loophole), the dimension with the largest occurrence times is taken as a target dimension, if servers corresponding to most loopholes in the loophole set are No. 1 linux servers, no. 1 linux servers are corresponding target dimensions, or most types of loopholes are the same type, and the types are target dimensions. If the user selects a new repairing dimension, repairing is performed according to the user selection, and if the user does not select, repairing is performed according to the target dimension. The repairing dimension comprises a system dimension, an instance dimension, a vulnerability type and the like, the vulnerability of which Linux servers is repaired by selecting the system dimension, and it is understood that the vulnerability repairing of the Linux servers is actually an update software package version, and if the vulnerability repairing is required to recover the original package version, the vulnerability repairing can be realized through a rollback task. The selection example dimension corresponds to the specific selection of which vulnerabilities are repaired, the selection of the types of vulnerabilities (component names such as opensh, bash and the like) corresponds to which types of vulnerabilities are repaired, and the user selection repair dimension can quickly repair the vulnerabilities which need to be repaired in batches without the need of the user to select one by one for repair. The repair dimension includes not only the three dimensions described above, but also other dimensions that can classify vulnerabilities, not limited herein.
Before the user selects the new repair dimension, the user needs to determine whether to select the new repair dimension, and set a corresponding selection time in a window for selecting the new repair dimension, and if the user does not select the new repair dimension, the user is indicated to not select the new repair dimension in the selection time, at this time, the vulnerabilities of linux servers with authority of all users are obtained, and the CVE numbers of the vulnerabilities are obtained, and further component update version numbers corresponding to the CVE numbers are searched in the CVE database according to the CVE numbers of the vulnerabilities, a corresponding component installation package is downloaded in the yum database according to the component update version numbers to primarily repair the vulnerabilities, and a dependent component installation package corresponding to the dependent components is downloaded in the preset dependent database to thoroughly repair the vulnerabilities. When the user selects the new repair dimension in the selection time, repairing the vulnerability corresponding to the repair dimension according to the new repair dimension selected by the user.
In one embodiment, before the obtaining the CVE number of the vulnerability according to the name of the vulnerability, the method further includes:
s031, obtaining a log of the repair process of the vulnerability and judging whether a record of repair failure exists or not;
S032, if no record of repair failure exists, judging whether the user selects the minimum upgrade version;
s033, if the user does not select the minimum upgrade version, downloading a latest component installation package corresponding to the vulnerability in a yum database according to the vulnerability, and upgrading the component corresponding to the vulnerability by using the latest component installation package; the latest component installation package is capable of upgrading the component corresponding to the vulnerability to the latest version;
s034, if the user selects the minimum upgrade version, executing the step of acquiring the CVE number of the vulnerability corresponding to the repair dimension;
s035, if a record of repair failure exists, judging whether a new repair document is received or not;
s036, if a new repair document is received, word segmentation is carried out on the repair document to obtain keywords;
s037, searching and downloading a corresponding component installation package in the yum database according to the keywords, and upgrading a component corresponding to the vulnerability by utilizing the component installation package;
s038, if a new repair document is not received, pausing repair and displaying the bug and the reason for the bug pause repair at the front end.
As described in the above steps S031-S034, if the bug repair fails multiple times, it needs to be manually handled, and the bug repair is not required to be automatically performed all the time, which wastes repair time and is very complicated. Therefore, before the step of obtaining the CVE number of the vulnerability corresponding to the repair dimension, it is further required to obtain a log of the repair process of the vulnerability and determine whether there is a record of repair failure (a repair failure record with a preset number of times may be set); when no record of repair failure exists, the success rate of repair of the vulnerability is higher, and whether a user selects the minimum upgrade version is judged, and because risks caused by the larger upgrade operation version span are also increased in the process of repairing the vulnerability, the user is required to select whether to upgrade to the latest version. As with the select fix dimension, the corresponding selection time may be set in the window (whether the user selects yes or no) that selects the minimum upgrade version, and during the selection time, if the user does not select the minimum upgrade version, the default user selects the minimum upgrade version that is required. If the user selects no (i.e. does not select the minimum upgrade version) in the selection time, downloading a latest component installation package corresponding to the bug to be repaired in the yum database (the latest component installation package can upgrade the component corresponding to the bug to the latest version), and upgrading the component corresponding to the bug to be repaired by using the latest component installation package to complete the preliminary repair; and the corresponding dependent component installation package can be downloaded in a preset dependent database so as to thoroughly repair the vulnerability. If the user does not select the minimum upgrade version or selects the minimum upgrade version within the selection time, the CVE number of the vulnerability corresponding to the repair dimension is obtained, the minimum upgrade version of the component corresponding to the vulnerability is upgraded, the component update version number corresponding to the CVE number is searched in a CVE database according to the CVE number of the vulnerability, the corresponding component installation package is downloaded in a yum database according to the component update version number to primarily repair the vulnerability, and the corresponding dependent component installation package is downloaded in a preset database to thoroughly repair the vulnerability.
As described in the above steps S035-S038, when the log of the repair process has a record of repair failure, it is judged whether a new repair document is received (whether a new repair document is received is judged when a preset number of times can be set); when a new repair document is received, word segmentation is carried out on the repair document, wherein the word segmentation is based on a word segmentation method of natural language processing in manual only technology, and finally keywords are obtained, and partial words in component installation package names are arranged in a plurality of keywords, so that corresponding component installation packages can be searched and downloaded in the yum database according to the keywords, and components corresponding to the loopholes are upgraded by utilizing the component installation packages; if the new repair document is not received, the repair is paused, the bug and the bug pause repair reasons are displayed at the front end, the repair pause reasons comprise repair failure times, the new repair document is not received, or the new repair document is received but the corresponding component installation package is not found, and the like.
In one embodiment, before searching the component update version number corresponding to the CVE number in the CVE database according to the CVE number of the vulnerability, the method further includes:
s041, sending a window with an updated or non-updated option to a user in a first preset time period so as to be convenient for the user to select; wherein, the window is an operation instruction to the CVE database;
S042, judging whether an instruction for selecting updating or not updating by a user is received;
s043, if the instruction of the user is not received, synchronously updating the CVE database according to the red cap official network;
s044, if a user instruction is received, judging whether the instruction is updated or not;
s045, if the instruction is update, synchronously updating the CVE database according to a red cap official network;
and S046, if the instruction is not updated, stopping updating the CVE database.
The first preset time period is a fixed time period of daily, weekly, or monthly as described in steps S041-S046 above. For example, a first preset time period is set to be 12:00-14:00 noon every day, in the time period, whether a command of updating the CVE database by a user is received is judged, if not, the CVE database is selected to be updated by a default user, and then the CVE database is synchronously updated according to a red cap official network. If the command of the user is received, whether the command is updated or not is judged, and if the user selects to update, the CVE database is synchronously updated according to the red cap official network; if the user chooses not to update, it means that the user may have other operations or be repairing the vulnerability in the current time, and does not want to update the CVE database at this time. Therefore, it is necessary to stop updating the CVE database, and wait for a decision to be made again in the next first preset period of time.
In one embodiment, before downloading the component installation package corresponding to the component update version number in the yum database according to the component update version number and upgrading the component corresponding to the vulnerability by using the component installation package, the method further includes:
s051, in a second preset time period, sending a window with an updated or non-updated option to a user so as to be convenient for the user to select; wherein the window is an operation instruction to the yum database;
s052, judging whether an instruction of selecting update or not is received by a user;
s053, if the instruction of the user is not received, synchronously updating the yum database according to the red cap official network;
s054, if a user instruction is received, judging whether the instruction is updated or not;
s055, if the instruction is update, synchronously updating the yum database according to a red cap officer network;
s056, if the instruction is not updated, stopping updating the yum database.
The second preset time period is a fixed time period of daily, weekly, or monthly as described in steps S051-S056 above. For example, a second preset time period is set to 18:00-20:00 pm every day, in this time period, whether an instruction for updating the yum database by the user is received is judged, if not, the default user selects to update the yum database, and then the yum database is synchronously updated according to the red cap official network. If the instruction of the user is received, judging whether the instruction is updated or not, and if the user selects to update, synchronously updating the yum database according to the red cap official network; if the user chooses not to update, it means that the user may have other operations or be repairing the vulnerability during the current time, and does not want to update the yum database at this time. Therefore, the update of the yum database needs to be stopped, and a decision is made again as to whether to update or not in the next second preset period.
In one embodiment, after sending a download request to the preset dependency database to download a dependency component installation package and upgrading the dependency component using the dependency component installation package, the method further includes:
s8, judging whether the bug is successfully repaired;
s9, if the bug repair fails, rolling the bug back to a state before repair and marking the bug;
s10, sending an instruction for marking repair failure to the dependency database and the yum database so as to mark the component installation package and the dependency component installation package corresponding to the vulnerability;
s11, when the component installation packages and the dependent component installation packages corresponding to the loopholes are marked for more than a third set number of times, generating instructions for processing the component installation packages and the dependent component installation packages so as to facilitate manual processing by a user;
s12, if the vulnerability is successfully repaired, judging whether an application failure signal sent by a server corresponding to the vulnerability is received or not;
and S13, if a signal of application failure sent by the server corresponding to the vulnerability is received, generating a rollback instruction for a user to select.
As described in the above steps S8-S11, after the complete repair of the bug is completed, whether the bug is repaired successfully needs to be judged, when the bug is repaired failed, the bug repairing platform automatically rolls back the bug to a state before the repair and marks the bug, and if necessary, the bug can be displayed to the user at the front end so that the user can perform subsequent processing; meanwhile, an instruction for marking repair failure is sent to the dependency database and the yum database so as to mark the component installation package and the dependency component installation package corresponding to the loopholes, when the mark exceeds the set times, the component installation package and the dependency component installation package are indicated to cause the loopholes to repair failure for a plurality of times and are problematic installation packages, and operations such as deletion or modification are needed, so that an instruction for processing the component installation package and the dependency component installation package is generated, and a user can conveniently perform manual processing; meanwhile, the mark can also help a user to check the overall situation of the installation package in the database, or when the installation package is downloaded each time, whether the installation package can directly cause bug repair failure or not is judged through the mark times, and repair time and user checking time can be saved. When the bug repair is successful, only the component corresponding to the bug is indicated to be successfully upgraded, and the server corresponding to the bug is not necessarily capable of being successfully applied. Therefore, when the bug repair is successful, whether a signal of failure of the application sent by the server corresponding to the bug is received is also required to be judged, if so, the updated version of the component corresponding to the current bug cannot be applied by the server, an instruction whether to roll back is generated for the user to select, and if the user selects to roll back, the bug is rolled back to a state before repair; if the user selects not to roll, the vulnerability restoration platform does not roll back the restored vulnerability, which indicates that the user may want to perform other upgrading operations.
In one embodiment, after the step of rolling back the vulnerability to the state before the vulnerability is repaired if the vulnerability is failed, the step further includes:
s12, recording logs and repair results of the bug repair process; when the repair result is that the repair fails, the repair result also comprises a failure reason;
s13, associating the log of the repair process and the repair result with the name of the vulnerability, and storing the log and the repair result in a redis database;
s14, deleting the name of the vulnerability stored in the redis database before the second set time and the log and the repair result of the repair process corresponding to the name of the vulnerability in the third preset time period.
As described in the above step S12, the log of the bug repair process includes a plurality of different combinations of the name of the bug, the CVE number, the component update version number, the component name, the component installation package, the dependent component name, the dependent component installation package, and the latest component installation package, and when the repair result is a repair failure, the log further includes a failure cause, such as an update version number search failure, a component upgrade failure, a dependent component upgrade failure, and the like. By recording the log and the repair result of the bug repair process, the user can timely find out the problems occurring in the log of the bug repair process so as to solve the problems timely.
As described in the above steps S13-S14, the log of the repair process and the repair result are associated with the name of the vulnerability, and the repair time is recorded and stored as a record in the redis database, so that the redis database stores the history of the vulnerability repair, and the user can trace back conveniently. Meanwhile, some histories may become useless data after the existence time is too long, so in order to prevent excessive useless data in the redis database, deleting the data stored in the redis database in a third preset time period (for example, 1:00-2:00 in the early morning each day), and during deleting, setting the histories three days before or five days before deleting to reduce the storage capacity of the redis database, so that new data can be conveniently stored in the redis database.
As shown in fig. 2, the present application further provides a device for repairing a vulnerability of a server, including:
the system comprises an acquisition module 1, a database and a database, wherein the acquisition module 1 is used for acquiring security vulnerability information of each server and carrying out semantic analysis/grammar analysis based on the security vulnerability information to obtain names of vulnerabilities to be repaired of each server;
a CVE number module 2, configured to obtain a CVE number of the vulnerability according to the name of the vulnerability;
the first searching module 3 is used for searching a component update version number corresponding to the CVE number in a CVE database according to the CVE number of the vulnerability;
The first upgrade module 4 is configured to download a component installation package corresponding to the component update version number in a yum database according to the component update version number, and upgrade a component corresponding to the vulnerability by using the component installation package;
a second searching module 5, configured to search a preset dependency database for a dependency component corresponding to the component, where the component is a component corresponding to the vulnerability;
and the second upgrading module 6 is used for sending a downloading request to the preset dependent database to download a dependent component installation package, upgrading the dependent component by utilizing the dependent component installation package and finishing the repair of the vulnerability.
In one embodiment, further comprising:
the login information acquisition module is used for acquiring login information of a user;
and the user permission determining module is used for determining the permission of the user according to the login information of the user to obtain all servers with the permission of the user.
In one embodiment, further comprising:
the repair time judging module is used for judging whether the current time is the repair time preset by a user;
the instruction receiving module is used for acquiring the repairing habit of the user when the current time is not the repairing time preset by the user; the repairing habit comprises repairing loopholes exceeding a first set number of times and loopholes with repairing time smaller than the first set time;
The name acquisition module is used for acquiring the name of the corresponding vulnerability according to the repairing habit;
and the all-server vulnerability name acquisition module is used for acquiring the vulnerability name of the server with the authority of the user when the current time is the repair time preset by the user.
In one embodiment, further comprising:
the vulnerability collection module is used for acquiring historical repair data of the vulnerability and extracting vulnerabilities with which the repair exceeds a second set number of times to form a vulnerability collection;
the dimension module is used for acquiring the dimensions of all vulnerabilities in the vulnerability set; the dimension comprises the type of the vulnerability and a server to which the vulnerability belongs;
the sending module is used for taking the dimension with the largest occurrence number as a target dimension and sending a selection window like a user;
the judging module is used for judging whether the user selects the target dimension;
the vulnerability name acquisition module is used for receiving a new repair dimension selected by a user when the user does not select the repair dimension;
and the repair dimension vulnerability name acquisition module is used for acquiring the name of the new vulnerability corresponding to the repair dimension selected by the user.
In one embodiment, further comprising:
acquiring a log of the repair process of the vulnerability and judging whether a record of repair failure exists or not;
The minimum upgrade version judging module is used for judging whether a user selects a minimum upgrade version or not when the record of repair failure is not available;
the latest downloading module is used for downloading a latest component installation package corresponding to the vulnerability in a yum database according to the vulnerability when the user does not select the minimum upgrading version, and upgrading the component corresponding to the vulnerability by utilizing the latest component installation package; the latest component installation package is capable of upgrading the component corresponding to the vulnerability to the latest version;
the execution module is used for executing the step of acquiring the CVE number of the vulnerability corresponding to the repairing dimension when the user selects the minimum upgrading version;
the repair document module is used for judging whether a new repair document is received or not when a record of repair failure exists;
the word segmentation module is used for segmenting words in the repair document to obtain keywords when a new repair document is received;
the searching module is used for searching and downloading a corresponding component installation package in the yum database according to the keywords, and upgrading a component corresponding to the vulnerability by utilizing the component installation package;
and the pause module is used for pausing the repair and displaying the bug and the reason for pausing the repair of the bug at the front end when a new repair document is not received.
In one embodiment, further comprising:
the CVE database updating module is used for sending a window with an updated or non-updated option to a user in a first preset time period so as to be convenient for the user to select; wherein, the window is an operation instruction to the CVE database;
the first updating instruction module is used for judging whether an instruction of updating or not selected by a user is received or not;
the first synchronous updating module is used for synchronously updating the CVE database according to the red cap official network when the instruction of the user is not received;
the first updating or non-updating module is used for judging whether the instruction is updated or not when the instruction of the user is received;
the second synchronous updating module is used for synchronously updating the CVE database according to the red cap official network when the instruction is updating;
and the first updating stopping module is used for stopping updating the CVE database when the instruction is not updated.
In one embodiment, further comprising:
yum database updating module, configured to send a window with an option of updating or not updating to the user in a second preset period of time, so that the user can select; wherein the window is an operation instruction to the yum database;
The second updating instruction module is used for judging whether an instruction of updating or not selected by a user is received or not;
the third synchronous updating module is used for synchronously updating the yum database according to the red cap official network when the instruction of the user is not received;
the second updating or non-updating module is used for judging whether the instruction is updated or not when the instruction of the user is received;
the fourth synchronous updating module is used for synchronously updating the yum database according to the red cap official network when the instruction is updating;
and the second updating stopping module is used for stopping updating the yum database when the instruction is not updated.
In one embodiment, further comprising:
the repair success judging module is used for judging whether the loopholes are repaired successfully or not and marking the loopholes;
the marking instruction module is used for sending instructions for marking failure repair to the dependency database and the yum database so as to mark the component installation package and the dependency component installation package corresponding to the vulnerability;
the manual processing module is used for generating an instruction for processing the component installation package and the dependent component installation package when the component installation package and the dependent component installation package corresponding to the loophole are marked for more than a third set number of times, so that a user can perform manual processing;
The rollback module is used for rollback the vulnerability to a state before restoration when the vulnerability restoration fails;
the signal receiving module is used for judging whether an application failure signal sent by a server corresponding to the vulnerability is received when the vulnerability is successfully repaired;
and the rollback selection module is used for generating a rollback instruction for a user to select when receiving an application failure signal sent by the server corresponding to the vulnerability.
In one embodiment, further comprising:
the recording module is used for recording the log and the repairing result of the repairing process of the vulnerability; when the repair result is that the repair fails, the repair result also comprises a failure reason;
the association module is used for associating the log and the repair result of the repair process with the name of the vulnerability and storing the log and the repair result in a redis database;
the deleting module is used for deleting the name of the vulnerability stored in the redis database before the second set time and the log and the repairing result of the repairing process corresponding to the name of the vulnerability in the third preset time period.
The units and modules are used for correspondingly executing each step in the vulnerability restoration method of the server, and specific implementation manners of the units and modules are described with reference to the method embodiments and are not repeated herein.
As shown in fig. 3, the present application also provides a computer device, which may be a server, and the internal structure of which may be as shown in fig. 3. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the computer is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used to store all data required for the process of the vulnerability restoration method of the server. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a vulnerability restoration method for a server.
It will be appreciated by those skilled in the art that the architecture shown in fig. 3 is merely a block diagram of a portion of the architecture in connection with the present inventive arrangements and is not intended to limit the computer devices to which the present inventive arrangements are applicable.
An embodiment of the present application further provides a computer readable storage medium, on which a computer program is stored, where the computer program when executed by a processor implements a bug fix method of any one of the servers described above.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by hardware associated with a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium provided by the present application and used in embodiments may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual speed data rate SDRAM (SSRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, apparatus, article or method that comprises the element.
The foregoing description is only of the preferred embodiments of the present application and is not intended to limit the scope of the application, and all equivalent structures or equivalent processes using the descriptions and drawings of the present application or directly or indirectly applied to other related technical fields are included in the scope of the application.

Claims (8)

1. The vulnerability restoration method of the server is characterized by comprising the following steps of:
acquiring security vulnerability information of each server, and carrying out semantic analysis/grammar analysis based on the security vulnerability information to obtain names of vulnerabilities to be repaired of each server;
Obtaining the CVE number of the vulnerability according to the name of the vulnerability;
searching a component update version number corresponding to the CVE number in a CVE database according to the CVE number of the vulnerability;
downloading a component installation package corresponding to the component update version number in a yum database according to the component update version number, and upgrading a component corresponding to the vulnerability by utilizing the component installation package;
searching a dependency component corresponding to the component in a preset dependency database, wherein the component is the component corresponding to the vulnerability;
sending a downloading request to the preset dependent database to download a dependent component installation package, and upgrading the dependent component by using the dependent component installation package to finish the repair of the vulnerability;
the method comprises the steps of storing a dependent component name corresponding to a component installation package of a yum database and an installation package of a corresponding dependent component in the dependent database, wherein the installation package is a non-strongly dependent component which needs additional upgrading for component vulnerabilities;
after the security vulnerability information of each server is obtained and semantic analysis/grammar analysis is performed based on the security vulnerability information, the method further comprises the steps of:
Obtaining historical repair data of the loopholes, and extracting loopholes repaired for more than a second set number of times to form a loophole set;
acquiring dimensions of all vulnerabilities in the vulnerability set; the dimension comprises the type of the vulnerability and a server to which the vulnerability belongs;
taking the dimension with the largest occurrence number as a target dimension, and sending a selection window like a user;
judging whether the user selects the target dimension;
if not, receiving a new repair dimension selected by a user;
and acquiring the name of the vulnerability corresponding to the new repair dimension selected by the user.
2. The method for repairing vulnerabilities of servers of claim 1, wherein after obtaining security vulnerability information of each server and performing semantic analysis/syntax analysis based on the security vulnerability information to obtain names of vulnerabilities required to be repaired of each server, further comprising:
judging whether the current time is a repair time preset by a user;
if the current time is not the repair time preset by the user, acquiring the repair habit of the user; the repairing habit comprises repairing loopholes exceeding a first set number of times and loopholes with repairing time smaller than the first set time;
Obtaining the name of the corresponding vulnerability according to the repairing habit;
and if the current time is the repair time preset by the user, acquiring the name of the vulnerability of the server with the authority of the user.
3. The method for repairing the vulnerability of the server according to claim 1, wherein before searching the component update version number corresponding to the CVE number in the CVE database according to the CVE number of the vulnerability, the method further comprises:
transmitting a window with updated or non-updated options to a user in a first preset time period so as to enable the user to select; wherein, the window is an operation instruction to the CVE database;
judging whether an instruction of selecting updating or not updating by a user is received or not;
if the instruction of the user is not received, synchronously updating the CVE database according to the red cap official network;
if a user instruction is received, judging whether the instruction is updated or not;
if the instruction is update, synchronously updating the CVE database according to a red cap official network;
if the instruction is not updated, stopping updating the CVE database.
4. The method for repairing a vulnerability of a server according to claim 1, wherein after sending a download request to the preset dependency database to download a dependency component installation package and upgrading the dependency component by using the dependency component installation package, further comprising:
Judging whether the bug is successfully repaired;
if the bug repair fails, rolling the bug back to a state before repair and marking the bug;
sending instructions for marking repair failures to the dependency database and the yum database so as to mark the component installation packages and the dependency component installation packages corresponding to the loopholes;
when the component installation packages and the dependent component installation packages corresponding to the loopholes are marked for more than a third set number of times, generating instructions for processing the component installation packages and the dependent component installation packages so that a user can perform manual processing;
if the vulnerability is successfully repaired, judging whether an application failure signal sent by a server corresponding to the vulnerability is received or not;
and if a signal of application failure sent by the server corresponding to the vulnerability is received, generating an instruction whether to roll back or not for the user to select.
5. The method for repairing a vulnerability of a server according to claim 4, wherein if the vulnerability repair fails, rolling back the vulnerability to a state before repair further comprises:
recording the log and the repair result of the repair process of the vulnerability; when the repair result is that the repair fails, the repair result also comprises a failure reason;
Correlating the log and the repair result of the repair process with the name of the vulnerability, and storing the log and the repair result in a redis database;
and deleting the name of the vulnerability stored in the redis database before the second set time and the log and the repair result of the repair process corresponding to the name of the vulnerability in a third preset time period.
6. A vulnerability restoration apparatus of a server, comprising:
the acquisition module is used for acquiring the security vulnerability information of each server and carrying out semantic analysis/grammar analysis based on the security vulnerability information to obtain the names of vulnerabilities to be repaired of each server;
the CVE number module is used for obtaining the CVE number of the vulnerability according to the name of the vulnerability;
the first searching module is used for searching a component update version number corresponding to the CVE number in a CVE database according to the CVE number of the vulnerability;
the first upgrading module is used for downloading a component installation package corresponding to the component update version number in a yum database according to the component update version number and upgrading a component corresponding to the vulnerability by utilizing the component installation package;
the second searching module is used for searching a dependency component corresponding to the component in a preset dependency database, wherein the component is a component corresponding to the vulnerability;
The second upgrading module is used for sending a downloading request to the preset dependent database to download a dependent component installation package, upgrading the dependent component by utilizing the dependent component installation package and finishing the repair of the vulnerability;
the method comprises the steps of storing a dependent component name corresponding to a component installation package of a yum database and an installation package of a corresponding dependent component in the dependent database, wherein the installation package is a non-strongly dependent component which needs additional upgrading for component vulnerabilities;
the vulnerability collection module is used for acquiring historical repair data of the vulnerability and extracting vulnerabilities with which the repair exceeds a second set number of times to form a vulnerability collection;
the dimension module is used for acquiring the dimensions of all vulnerabilities in the vulnerability set; the dimension comprises the type of the vulnerability and a server to which the vulnerability belongs;
the sending module is used for taking the dimension with the largest occurrence number as a target dimension and sending a selection window like a user;
the judging module is used for judging whether the user selects the target dimension;
the vulnerability name acquisition module is used for receiving a new repair dimension selected by a user when the user does not select the repair dimension;
and the repair dimension vulnerability name acquisition module is used for acquiring the name of the new vulnerability corresponding to the repair dimension selected by the user.
7. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 5 when the computer program is executed.
8. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 5.
CN202110944700.6A 2021-08-17 2021-08-17 Vulnerability restoration method and device for server and computer equipment Active CN113486362B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110944700.6A CN113486362B (en) 2021-08-17 2021-08-17 Vulnerability restoration method and device for server and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110944700.6A CN113486362B (en) 2021-08-17 2021-08-17 Vulnerability restoration method and device for server and computer equipment

Publications (2)

Publication Number Publication Date
CN113486362A CN113486362A (en) 2021-10-08
CN113486362B true CN113486362B (en) 2023-10-03

Family

ID=77945576

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110944700.6A Active CN113486362B (en) 2021-08-17 2021-08-17 Vulnerability restoration method and device for server and computer equipment

Country Status (1)

Country Link
CN (1) CN113486362B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573525A (en) * 2014-12-19 2015-04-29 中国航天科工集团第二研究院七〇六所 Special information service software vulnerability fixing system based on white lists
CN105893850A (en) * 2016-03-30 2016-08-24 百度在线网络技术(北京)有限公司 Bug fixing method and device
CN107480533A (en) * 2017-08-08 2017-12-15 深圳市腾讯计算机系统有限公司 A kind of method, apparatus and device of leak reparation
CN110334513A (en) * 2019-06-25 2019-10-15 广州嘉为科技有限公司 A kind of restorative procedure based on (SuSE) Linux OS loophole
CN111198694A (en) * 2018-11-20 2020-05-26 北京国双科技有限公司 Software installation method and device
CN111865927A (en) * 2020-06-24 2020-10-30 平安普惠企业管理有限公司 Vulnerability processing method and device based on system, computer equipment and storage medium
CN112230963A (en) * 2020-10-29 2021-01-15 北京字节跳动网络技术有限公司 Method and device for repairing security vulnerability, computer equipment and storage medium
CN112698846A (en) * 2020-12-30 2021-04-23 麒麟软件有限公司 Method and system for automatically installing patch in Linux system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017019684A1 (en) * 2015-07-27 2017-02-02 Datagrid Systems, Inc. Techniques for evaluating server system reliability, vulnerability and component compatibility using crowdsourced server and vulnerability data

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573525A (en) * 2014-12-19 2015-04-29 中国航天科工集团第二研究院七〇六所 Special information service software vulnerability fixing system based on white lists
CN105893850A (en) * 2016-03-30 2016-08-24 百度在线网络技术(北京)有限公司 Bug fixing method and device
CN107480533A (en) * 2017-08-08 2017-12-15 深圳市腾讯计算机系统有限公司 A kind of method, apparatus and device of leak reparation
CN111198694A (en) * 2018-11-20 2020-05-26 北京国双科技有限公司 Software installation method and device
CN110334513A (en) * 2019-06-25 2019-10-15 广州嘉为科技有限公司 A kind of restorative procedure based on (SuSE) Linux OS loophole
CN111865927A (en) * 2020-06-24 2020-10-30 平安普惠企业管理有限公司 Vulnerability processing method and device based on system, computer equipment and storage medium
CN112230963A (en) * 2020-10-29 2021-01-15 北京字节跳动网络技术有限公司 Method and device for repairing security vulnerability, computer equipment and storage medium
CN112698846A (en) * 2020-12-30 2021-04-23 麒麟软件有限公司 Method and system for automatically installing patch in Linux system

Also Published As

Publication number Publication date
CN113486362A (en) 2021-10-08

Similar Documents

Publication Publication Date Title
CN110321254B (en) Software version rollback method, device, server and storage medium
US9940225B2 (en) Automated error checking system for a software application and method therefor
CN106815135B (en) Vulnerability detection method and device
CN111158674B (en) Component management method, system, device and storage medium
CN108847998B (en) Report monitoring method and device, computer equipment and storage medium
WO2018120965A1 (en) Automatic test method and device, and computer-readable storage medium
CN108776643B (en) Target code merging control method and system based on version control process
US20030088810A1 (en) Methods and apparatus for determining software component sizes associated with errors
CN113486362B (en) Vulnerability restoration method and device for server and computer equipment
CN106529281A (en) Executable file processing method and device
CN107341110B (en) Tool for modifying and affecting range of software test positioning patch and implementation method
CN110990249A (en) Code scanning result processing method and device, computer equipment and storage medium
CN112764789A (en) Distributed software upgrading method and node
CN111865927A (en) Vulnerability processing method and device based on system, computer equipment and storage medium
CN103309809A (en) Intelligent debugging method of computer software
CN115454860A (en) Automatic testing method and device, storage medium and electronic equipment
Mitchell et al. Why are design derivations hard to replay?
CN112559000B (en) Whole vehicle software updating method and device for vehicle
CN114860539A (en) Method and device for determining program execution state, electronic equipment and storage medium
CN115167896A (en) Method and device for updating software version, storage medium and electronic equipment
CN111061642B (en) Full-automatic competition data processing system and method based on user data
CN115599595B (en) Physical backup method based on distributed database
CN110750270A (en) Method and device for deploying packaged software
CN117312142A (en) Problem single regression testing method and device
CN112947948B (en) Deployment method and device of application service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20230831

Address after: No. 122, Xingguo Avenue, Xingguo Town, Yangxin County, Huangshi City, Hubei Province, 435200

Applicant after: Hubei Yifeng Digital Technology Co.,Ltd.

Address before: 518000 Room 202, block B, aerospace micromotor building, No.7, Langshan No.2 Road, Xili street, Nanshan District, Shenzhen City, Guangdong Province

Applicant before: Shenzhen LIAN intellectual property service center

Effective date of registration: 20230831

Address after: 518000 Room 202, block B, aerospace micromotor building, No.7, Langshan No.2 Road, Xili street, Nanshan District, Shenzhen City, Guangdong Province

Applicant after: Shenzhen LIAN intellectual property service center

Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant before: PING AN PUHUI ENTERPRISE MANAGEMENT Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant