CN115146278A - Vulnerability processing method and device based on cloud service and storage medium - Google Patents

Vulnerability processing method and device based on cloud service and storage medium Download PDF

Info

Publication number
CN115146278A
CN115146278A CN202210736840.9A CN202210736840A CN115146278A CN 115146278 A CN115146278 A CN 115146278A CN 202210736840 A CN202210736840 A CN 202210736840A CN 115146278 A CN115146278 A CN 115146278A
Authority
CN
China
Prior art keywords
vulnerability
client
vulnerability detection
information
repair
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210736840.9A
Other languages
Chinese (zh)
Inventor
龚春夏
龚霖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Cloud Computing Ltd
Original Assignee
Alibaba Cloud Computing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Cloud Computing Ltd filed Critical Alibaba Cloud Computing Ltd
Priority to CN202210736840.9A priority Critical patent/CN115146278A/en
Publication of CN115146278A publication Critical patent/CN115146278A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The embodiment of the application provides a vulnerability processing method, equipment and a storage medium based on cloud service so as to protect the security of a client. The method comprises the following steps: the method comprises the steps that under the condition that a client side meets vulnerability detection conditions, a vulnerability detection instruction is issued, the vulnerability detection instruction is determined according to configuration information of the client side, and the configuration information is sent through heartbeat data; receiving a vulnerability detection result through heartbeat data, wherein the vulnerability detection result is generated by executing vulnerability detection on a client according to the detection instruction; acquiring at least one vulnerability repair patch according to the vulnerability detection result; issuing the at least one bug fix patch, and executing vulnerability repair at the client according to the repair patch. The client-side-based vulnerability detection method can issue a proper vulnerability detection instruction based on the client-side, does not need to install security software on the client-side, and can repair vulnerability feedback vulnerability repair patches so as to improve the security of the client-side.

Description

Vulnerability processing method, device and storage medium based on cloud service
Technical Field
The present application relates to the field of security technologies, and in particular, to a vulnerability handling method based on cloud services, an electronic device, and a storage medium.
Background
A vulnerability refers to a flaw in the specific implementation of hardware, software, protocols, or system security policies that enables an attacker to access or destroy a system without authorization.
At present, the conventional vulnerability detection method generally installs security software locally, and scans vulnerabilities through the security software. However, with the development of cloud computing technology, a single and general vulnerability security service cannot meet the increasing computing scale of the cloud computing era. In a cloud computing scene, a cloud server can be connected with a plurality of clients, and each client can correspond to different configurations, so vulnerability scanning is performed in a mode of locally installing security software, and the security of the clients is difficult to guarantee.
Disclosure of Invention
The embodiment of the application provides a vulnerability processing method based on cloud service, so as to protect the security of a client.
Correspondingly, the embodiment of the application also provides electronic equipment and a storage medium, which are used for ensuring the realization and the application of the system.
In order to solve the above problem, an embodiment of the present application discloses a vulnerability processing method based on a cloud service, which is applied to a cloud service side, and the method includes:
the method comprises the steps that under the condition that a client side meets vulnerability detection conditions, a vulnerability detection instruction is issued, the vulnerability detection instruction is determined according to configuration information of the client side, and the configuration information is sent through heartbeat data;
receiving a vulnerability detection result through heartbeat data, wherein the vulnerability detection result is generated by executing vulnerability detection on a client according to the vulnerability detection instruction;
acquiring at least one vulnerability repair patch according to the vulnerability detection result;
and issuing the at least one bug fixing patch so as to execute bug fixing on a client side based on the bug fixing patch.
Optionally, the method further includes:
and detecting whether the client meets the vulnerability detection condition or not through the heartbeat data.
Optionally, detecting whether the client meets the vulnerability detection condition through the heartbeat data includes:
judging whether the client is on line or not according to time information corresponding to the heartbeat data;
if the client is online, detecting whether the client supports vulnerability scanning;
if the client supports vulnerability scanning, determining that the client meets vulnerability detection conditions;
and if the client is offline or does not support vulnerability scanning, determining that the client does not meet vulnerability detection conditions.
Optionally, the issuing a vulnerability detection instruction when the client meets the vulnerability detection condition includes:
acquiring configuration information through heartbeat data under the condition that a client meets vulnerability detection conditions;
acquiring client information from the configuration information, and determining a vulnerability detection instruction according to the client information;
and issuing the vulnerability detection instruction.
Optionally, the obtaining at least one bug fix patch according to the bug detection result includes:
acquiring at least one vulnerability information from the vulnerability detection result;
and acquiring at least one vulnerability fix patch according to the at least one vulnerability information.
Optionally, the method further includes:
determining risk level information corresponding to the vulnerability information;
analyzing the vulnerability information and the associated information of the client;
and generating repair suggestion information according to the risk level and the associated information, and feeding back the repair suggestion information.
Optionally, the issuing the bug detection instruction includes:
and transmitting the vulnerability detection instruction through a special message channel.
Optionally, the issuing the at least one bug fix patch includes:
transmitting the at least one bug fix patch through a dedicated message channel.
The embodiment of the application also discloses a vulnerability processing method based on the cloud service, which is applied to a client side and comprises the following steps:
uploading heartbeat data, wherein the heartbeat data comprises configuration information;
receiving a vulnerability detection instruction, wherein the vulnerability detection instruction is determined by the cloud server according to the configuration information;
executing missing detection processing according to the vulnerability detection instruction to obtain a vulnerability detection result;
adding the vulnerability detection result into heartbeat data, and sending the heartbeat data;
receiving at least one vulnerability repair patch, wherein the vulnerability repair patch is determined by a cloud server according to the vulnerability detection result;
and executing vulnerability repairing processing according to the vulnerability repairing patch, and determining a vulnerability repairing result.
Optionally, the sending the bug fixing result includes:
and sending the bug fixing result through a special message channel.
Optionally, the method further includes:
receiving repair suggestion information;
displaying a repair suggestion of the bug to be repaired according to the repair suggestion information, wherein the repair suggestion is determined according to the risk level and the associated information of the bug to be repaired;
and responding to the trigger of the repair suggestion, determining the vulnerability of the repair execution and feeding back the vulnerability to the cloud server.
The embodiment of the application also discloses a vulnerability handling device based on cloud service, is applied to the cloud server, the device includes:
the detection determining module is used for issuing a vulnerability detection instruction under the condition that the client side meets the vulnerability detection condition, wherein the vulnerability detection instruction is determined according to configuration information of the client side, and the configuration information is sent through heartbeat data;
the detection result receiving module is used for receiving a vulnerability detection result through heartbeat data, and the vulnerability detection result is generated by executing vulnerability detection on the client side according to the vulnerability detection instruction;
the fixing determining module is used for obtaining at least one vulnerability fixing patch according to the vulnerability detection result; and issuing the at least one bug fixing patch so as to execute bug fixing on a client side based on the bug fixing patch.
The embodiment of the application also discloses a vulnerability handling device based on cloud service, is applied to the client, the device includes:
the heartbeat uploading module is used for uploading heartbeat data, and the heartbeat data comprises configuration information; adding the vulnerability detection result into heartbeat data, and sending the heartbeat data;
the script transmission module is used for receiving a vulnerability detection instruction, and the vulnerability detection instruction is determined by the cloud server according to the configuration information; receiving at least one vulnerability repair patch, wherein the vulnerability repair patch is determined by the cloud server according to the vulnerability detection result;
the vulnerability detection module is used for executing the detection missing processing according to the vulnerability detection instruction to obtain a vulnerability detection result;
and the bug fixing module is used for executing bug fixing processing according to the bug fixing patch and determining a bug fixing result.
The embodiment of the application also discloses an electronic device, which comprises: a processor; and a memory having executable code stored thereon that, when executed by the processor, performs a method as described in embodiments of the present application.
One or more machine-readable media having stored thereon executable code that, when executed by a processor, performs a method as described in embodiments of the present application are also disclosed.
Compared with the prior art, the embodiment of the application has the following advantages:
in the embodiment of the application, the cloud service side issues the vulnerability detection instruction under the condition that the client side meets the vulnerability detection condition, the vulnerability detection instruction is determined according to the configuration information of the client side, the configuration information is sent through heartbeat data, so that a proper vulnerability detection instruction can be issued based on the client side, the client side is not required to be provided with safety software, the vulnerability detection can be executed at the client side through the vulnerability detection instruction, a vulnerability detection result is obtained, at least one vulnerability repair patch is acquired according to the vulnerability detection result, the at least one vulnerability repair patch is issued, the at least one vulnerability feedback repair patch can be repaired, the repair result is received, and therefore the safety of the client side can be improved.
Drawings
Fig. 1 is an interaction diagram of a vulnerability handling method based on cloud services according to an embodiment of the present application;
fig. 2 is an architecture diagram of a cloud computing system according to an embodiment of the present application;
fig. 3 is a flowchart illustrating steps of a cloud server in an embodiment of a cloud service-based vulnerability handling method according to the present application;
fig. 4 is a flowchart illustrating steps of a client in an embodiment of a cloud service-based vulnerability handling method according to the present application;
fig. 5 is a schematic structural diagram of an exemplary apparatus provided in an embodiment of the present application.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, the present application is described in further detail with reference to the accompanying drawings and the detailed description.
The embodiment of the application can be applied to a cloud computing scene, and various cloud services including vulnerability detection and repair services are provided based on cloud computing. The cloud computing system includes: the system comprises a cloud server and a client, wherein the client can be located at a terminal device. The cloud server side executes control and issuing of the tasks related to the vulnerabilities, functions such as vulnerability detection and repair are achieved, and the client side is responsible for executing specific vulnerability scanning and vulnerability repair operations. The embodiment of the application adopts a heavy server and a light client architecture mode, provides greater flexibility for vulnerability detection and repair, puts decision control on the server, and sends the instruction after decision completion to the client, so as to realize vulnerability detection and repair and complete cooperative work of the server and the client.
Referring to fig. 1, a schematic diagram of an example of vulnerability detection based on cloud services according to an embodiment of the present application is shown.
Step 102, a client uploads heartbeat data, wherein the heartbeat data comprises configuration information.
In the embodiment of the application, a periodical heartbeat signal can be arranged between the cloud server and the client, and the heartbeat signal can transmit heartbeat data. The heartbeat signal is used for informing the cloud server of the survival and the configuration of the client, so that the heartbeat data includes configuration information. On one hand, the heartbeat signal can inform the cloud service end that the client side is alive and is in an online state, and on the other hand, the configuration data can inform the cloud service end about the configuration of the client side, so that vulnerability detection and repair can be carried out subsequently. Heartbeat data may be understood as data used to inform clients of survival and configuration. In other embodiments, the heartbeat data may also transmit other information related to the vulnerability, such as vulnerability detection results, so the heartbeat data may also be understood as heartbeat data for the vulnerability.
The configuration information is the information of the client-side relevant configuration and also comprises the relevant configuration of vulnerability scanning and repairing. In some examples, the configuration information includes data such as client identification, client version, vulnerability configuration information, and the like, wherein the vulnerability configuration information may include whether the client supports vulnerability scanning, such as whether the client supports script execution, and the like. The heartbeat data is sent at regular time, such as 1 minute, 2 minutes, 5 minutes and the like, and is specifically set according to requirements. Therefore, the cloud server can determine the survival state of the client and acquire the configuration information of the client.
The client sends heartbeat data to the cloud server side through the heartbeat signal, and the cloud server side records the heartbeat data and uses the heartbeat data when needed. In the embodiment of the application, vulnerability detection for the client can be executed periodically or when trigger is received. For the scheme of periodic execution, a timing period can be set at the cloud server in advance, so that vulnerability detection and repair are started when the timing period is reached. The service side is provided with an API of the console, the console can be understood as an operation console controlled by a user, the operation console can provide an interactive page in the client side through a browser, an application program and the like, and the user interacts with the cloud service side through the interactive page and the API of the console. The user can set the period of the missed detection in the interactive page, and can also trigger the execution of the vulnerability detection through a control and the like. For example, a vulnerability detection control is provided in a page of a browser, and the vulnerability detection control is triggered to send a vulnerability detection request to a cloud server, so that vulnerability detection is started at the cloud server.
The cloud server can receive a vulnerability detection request of the client and can also automatically trigger vulnerability detection when the vulnerability detection period of the client is reached. And then whether the client meets the vulnerability detection condition is detected based on the heartbeat data of the client. In the embodiment of the application, the vulnerability detection condition is a condition for executing vulnerability detection, for example, the vulnerability detection condition is that the client supports vulnerability detection, and for example, the vulnerability detection condition is that the client allows to run a vulnerability detection plug-in, etc. Therefore, vulnerability configuration information can be obtained from heartbeat data, whether the client supports vulnerability scanning or not and whether the client supports vulnerability detection conditions such as scripts or not are judged, and whether the client is online or not is detected. And if the client is online and can support vulnerability scanning, the client is considered to meet the vulnerability detection condition. In one example, the detecting whether the client satisfies the vulnerability detection condition through the heartbeat data includes: judging whether the client is on line or not according to time information corresponding to the heartbeat data; if the client is online, detecting whether the client supports vulnerability scanning; if the client supports vulnerability scanning, determining that the client meets vulnerability detection conditions; and if the client is offline or does not support vulnerability scanning, determining that the client does not meet vulnerability detection conditions.
And step 104, the cloud server issues a vulnerability detection instruction under the condition that the client meets the vulnerability detection condition.
The cloud server side can determine the vulnerability detection instruction based on the configuration information of the client side under the condition that the client side meets the vulnerability detection condition, and then sends the vulnerability detection instruction to the corresponding client side. The vulnerability detection instruction can carry vulnerability detection scripts, vulnerability characteristic information, vulnerability detection plug-ins and the like, so that vulnerability detection can be carried out on a client side based on the vulnerability detection instruction.
In the embodiment of the application, the vulnerability detection instruction and the vulnerability repair patch can be configured based on vulnerability characteristics and an actual scene, and the actual scene can be based on the version of the client, the equipment where the client is located and the like. In other examples, the cloud server may further provide an API of the vulnerability operation console, provide the API for an operation user, interact with the cloud server through a page, and provide a configuration required for operation. By combining vulnerability characteristics and scene configuration scripts, the method can be more suitable for various clients and provides richer function configuration.
In an optional embodiment of the present application, issuing the vulnerability detection instruction when the client satisfies the vulnerability detection condition includes: acquiring configuration information through heartbeat data under the condition that a client meets vulnerability detection conditions; determining a vulnerability detection instruction according to the configuration information; and issuing the vulnerability detection instruction. Under the condition that the client side meets the vulnerability detection condition, configuration information can be obtained from heartbeat data of the client side, the configuration information can comprise configuration information such as client side identification, client side version and vulnerability configuration information, then a vulnerability detection instruction can be determined based on the configuration information, and the vulnerability detection instruction is sent to the client side.
In the embodiment of the application, a special message channel can be established between the client and the cloud server to transmit the bug detection instruction and the bug fixing patch, so that the data security is improved. The success rate of sending the script instruction is improved through a special message channel of the script, and the task is ensured to be executed smoothly.
And 106, the client executes the missed detection processing according to the vulnerability detection instruction to obtain a vulnerability detection result.
After receiving the vulnerability detection instruction, the client can execute the vulnerability detection instruction and execute vulnerability detection processing in the client. The vulnerability detection instruction can comprise parameters such as vulnerability detection rules and vulnerability characteristics, and the parameters can be loaded in the forms of vulnerability detection plug-ins or vulnerability detection scripts, so that whether vulnerabilities exist or not can be scanned and detected in the client side, and corresponding vulnerability detection results can be generated. For example, a vulnerability detection plug-in or a vulnerability detection script is run in the client based on the vulnerability detection instruction, the client can be scanned through the plug-in or the script, the scanning data and vulnerability characteristics are matched according to the vulnerability detection rule, vulnerability detection processing is achieved, and if a vulnerability is detected, vulnerability information such as vulnerability identification and characteristics can be recorded into a vulnerability detection result.
Step 108, the client adds the vulnerability detection result to heartbeat data, and transmitting the heartbeat data.
The client adds the vulnerability detection result to heartbeat data, such as the identification of the detected vulnerability, and then can send the heartbeat data to the cloud client.
And step 110, the cloud server side obtains at least one vulnerability fix patch according to the vulnerability detection result.
After receiving the heartbeat data, the cloud server may obtain a vulnerability detection result from the heartbeat data, and then determine at least one vulnerability repair patch based on the vulnerability detection result. In the embodiment of the application, the bug fixing patch is a program package for fixing bugs, and the bugs correspond to the bug fixing patch, so that the bug fixing patch can be determined based on bugs detected at a client, and one bug fixing patch is determined for each detected bug. The bug fix patch may include bug fix code, bug fix scripts, bug fix plug-ins, and the like in a variety of forms.
In an optional embodiment, obtaining at least one bug fix patch according to the bug detection result includes: acquiring at least one vulnerability information from the vulnerability detection result; and obtaining at least one vulnerability fix patch according to the at least one vulnerability information. In the vulnerability detection, one or more pieces of vulnerability information may be or are detected, so that at least one piece of vulnerability information may be carried in a vulnerability result, and for each piece of vulnerability information, a corresponding vulnerability repair patch can be obtained so as to respectively repair each vulnerability. In the embodiment of the application, the bug fix patch is also related to the configuration of the client, such as the version of the client, and therefore, the corresponding bug fix patch can be determined based on bug information, the version of the client and the like.
And step 112, the cloud service side issues the at least one bug fixing patch.
After determining at least one bug fix patch, the cloud server may send the at least one bug fix patch, where the bug fix patch may be sent through a dedicated channel.
And step 114, the client executes the bug fixing treatment according to the bug fixing patch to determine a bug fixing result.
After the client receives at least one bug fixing patch, the bug fixing patch can be adopted to carry out bug fixing processing, and a corresponding bug fixing result is obtained. For example, the client may start a bug fixing process, run the bug fixing patch through the bug fixing process, execute bug fixing processing, fix bugs for the client, and determine a bug fixing result.
After determining the bug fixing result, the client side can send the bug fixing result to the cloud server side, wherein the bug fixing result can be sent through a special message channel. And the cloud server receives the repairing result and records the bug repairing result.
In summary, the cloud service side issues a vulnerability detection instruction under the condition that the client side meets vulnerability detection conditions, the vulnerability detection instruction is determined according to configuration information of the client side, the configuration information is sent through heartbeat data, so that a proper vulnerability detection instruction can be issued based on the client side, vulnerability detection can be executed without installing security software on the client side, then vulnerability detection results are received through the heartbeat data, the vulnerability detection results are generated according to the vulnerability detection instruction executed on the client side, at least one vulnerability repair patch is acquired according to the vulnerability detection results, the at least one vulnerability repair patch is issued, the vulnerability can be repaired according to the vulnerability feedback repair patch, and the security of the client side can be improved.
On the basis of the foregoing embodiment, an embodiment of the present application further provides a vulnerability detection and repair method based on a cloud computing system, where the system includes: cloud server and client, as shown in fig. 2.
The cloud server side comprises: the system comprises a user console API, an operation console API, a vulnerability library, a scanning task unit, a client management unit, a script management unit and a vulnerability processing unit. The client side can run plug-ins and processes, can execute bug detection instructions through the plug-ins, and can run bug fixing patches.
The user console API is used for providing an interactive interface for a user (or called a first user) using the cloud service, supporting establishment of a vulnerability scanning timing task based on a user request, enabling the cloud service side to automatically trigger the vulnerability task when a timing period is reached, supporting establishment of the vulnerability scanning task at the cloud service side based on the user trigger request, and supporting determination of a vulnerability to be repaired based on the user trigger request, so that a vulnerability repair patch is determined through the cloud service side to execute vulnerability repair, namely a function which can be triggered by the user is realized at the service side, and specific realization of the function is processed by the cloud service side.
The operation console API is used for providing an interactive interface for an operation user (or called a second user), and the script is configured according to a specific scene by operation to realize a refined vulnerability processing scheme.
The information such as the characteristics of various vulnerabilities and the like are stored in the vulnerability database, and the information such as the related configuration and the rules for repairing the vulnerabilities can also be stored. And the server side maintains the vulnerability database and the matching rules.
The scanning task unit is used for determining a vulnerability scanning task, and can be a vulnerability scanning timing task, a vulnerability scanning task based on triggering and the like. When the task is triggered by a user or triggered regularly, whether the current state of the client meets vulnerability detection conditions is checked.
The client management unit is used for managing the client, and comprises heartbeat management, plug-in management and the like. The server side and the client side maintain a heartbeat channel, the client side reports keep-alive heartbeat data at regular time, the client side receives heartbeat of the client side and confirms that the client side is on line, and a confirmation message is returned after heartbeat processing is finished. The heartbeat carries the client configuration and the vulnerability detection result, the server checks whether the client configuration meets the vulnerability scanning condition, marks the client state and analyzes the vulnerability detection result. The server is also responsible for controlling other management of the client, such as installation and uninstallation of the plug-in on the client, plug-in state confirmation and the like.
The script management unit is used for managing the bug fixing patch and the bug detection instruction and managing the special message channel. The server and the client maintain a special message channel for vulnerability detection, and a vulnerability detection instruction, vulnerability repair and the like are transmitted through the special message channel, so that the client is ensured to receive the vulnerability detection instruction and vulnerability repair.
The vulnerability processing unit is used for executing vulnerability-related processing, such as vulnerability relevance matching, vulnerability positioning and the like. And the cloud server executes matching operation when extracting the vulnerability detection result, and sorts the vulnerability according to the influence degree of the vulnerability and the closeness degree of vulnerability association according to scores.
The following processing may be performed at the cloud server, as shown in fig. 3:
step 302, issuing a vulnerability detection instruction under the condition that the client side meets the vulnerability detection condition, wherein the vulnerability detection instruction is determined according to the configuration information of the client side, and the configuration information is sent through heartbeat data.
Receiving the trigger related to the vulnerability detection, such as the request of the client, the period of achieving the vulnerability detection and the like, and detecting whether the client meets the vulnerability detection condition or not through the heartbeat data. The user can trigger vulnerability detection at the client side, generate a vulnerability detection request and send the vulnerability detection request to the cloud server side. The vulnerability detection can also be a timing trigger task, and when the timing time is reached, the vulnerability detection can be triggered. The vulnerability detection period may be set by a user or by default. Wherein, detect whether the client satisfies the vulnerability detection condition through the heartbeat data, include: judging whether the client is on line or not according to time information corresponding to the heartbeat data; if the client side is on line, detecting whether the client side supports vulnerability scanning; if the client supports vulnerability scanning, determining that the client meets vulnerability detection conditions; and if the client is offline or does not support vulnerability scanning, determining that the client does not meet vulnerability detection conditions.
And the server and the client maintain a special message channel, and issue a vulnerability detection instruction through the special message channel.
And step 304, receiving a vulnerability detection result through the heartbeat data, wherein the vulnerability detection result is generated by executing vulnerability detection on the client according to the detection instruction.
And step 306, acquiring at least one vulnerability fix patch according to the vulnerability detection result.
Acquiring at least one vulnerability information from the vulnerability detection result; and acquiring at least one vulnerability fix patch according to the at least one vulnerability information.
Risk level information corresponding to the vulnerability information can also be determined; analyzing the vulnerability information and the associated information of the client; and generating repair suggestion information according to the risk level and the associated information, and feeding back the repair suggestion information. Risk level information corresponding to the vulnerability information may be determined, for example, high risk, medium risk, low risk, or other level classification manners, and the risk level information is used to indicate risk information existing in the vulnerability. Analyzing the vulnerability information and the associated information of the client, determining processes, applications and the like operated in the client, analyzing the processes, applications and the like influenced by the vulnerability based on the vulnerability information, determining the associated information based on the analysis result, indicating the degree of the vulnerability influencing the client, sequencing all vulnerability information according to risk grades and/or the associated information, generating repair suggestion information by adopting the risk grades and the associated information, sequencing the vulnerability information according to the risk grades and the same risk grades according to the associated information, performing weighted calculation on the risk grades and the associated information, sequencing the obtained weighted results and the like. The repair suggestion information can also comprise the description information of the bugs and the like, so that the client can select whether to repair the bugs or not, which bugs are repaired, and send corresponding requests to the cloud server, and the cloud server can determine the bugs needing to be repaired based on the requests of the client. And acquiring a corresponding bug fixing patch aiming at the bug to be fixed.
And 308, issuing the at least one bug fixing patch so as to execute bug fixing on the client according to the bug fixing patch.
And issuing at least one bug fix patch through a special message channel. And after the client executes bug fixing based on the bug fixing patch and obtains a bug fixing result, the cloud server can receive and record the fixing result.
The following processing may be performed at the client, as shown in fig. 4:
step 402, uploading heartbeat data, wherein the heartbeat data comprises configuration information.
Step 404, receiving a vulnerability detection instruction, wherein the vulnerability detection instruction is determined by the cloud server according to the configuration information.
Receiving a vulnerability detection instruction through a dedicated message channel.
And 406, executing missed detection processing according to the vulnerability detection instruction to obtain a vulnerability detection result.
Parameters such as vulnerability detection rules and vulnerability characteristics in the vulnerability detection instruction can be borne in the forms of vulnerability detection plugins or vulnerability detection scripts. And scanning and detecting whether the loopholes exist in the client side to generate a corresponding loophole detection result. For example, a vulnerability detection plug-in or a vulnerability detection script is run in the client based on the vulnerability detection instruction, the client can be scanned through the plug-in or the script, the scanning data and vulnerability characteristics are matched according to the vulnerability detection rule, vulnerability detection processing is achieved, and if a vulnerability is detected, vulnerability information such as vulnerability identification and characteristics can be recorded into a vulnerability detection result.
And step 408, adding the vulnerability detection result into heartbeat data, and sending the heartbeat data.
Step 410, receiving at least one bug fixing patch, wherein the bug fixing patch is determined by the cloud server according to the bug detection result.
In an alternative embodiment, the client may select the vulnerability to be fixed. The client receives repair suggestion information, and shows repair suggestions of the vulnerabilities to be repaired according to the repair suggestion information, wherein the repair suggestions are determined according to the risk levels and the associated information of the vulnerabilities to be repaired, for example, sequencing results of the vulnerabilities are displayed in the client according to the risk levels, associated information representing the close association degree of the vulnerabilities and the client, description information of the vulnerabilities and the like are displayed, so that a user can know the conditions of the vulnerabilities, the influence degree on the client and the like, the vulnerabilities to be repaired can be selected according to the influence degree, the vulnerabilities to be repaired are determined in response to triggering of the repair suggestions, and then the vulnerability to be repaired is fed back to the cloud server. In other examples, it may also be preset or set by default that all vulnerabilities are repaired, or vulnerabilities meeting certain conditions need to be repaired, where the conditions are sorted in the top N bits, and the risk level is a designated level such as a high security risk. After the cloud server determines at least one bug fixing patch according to the selection of the client, the at least one bug fixing patch can be transmitted through the special message channel.
And step 412, executing vulnerability repair processing according to the vulnerability repair patch, and determining a vulnerability repair result.
After the client receives the at least one bug fixing patch, a bug fixing process can be created and started, the at least one bug fixing patch is executed, and the bug is fixed based on the instruction and the parameters to obtain a bug fixing result.
The embodiment of the application adopts the structures of the heavy server and the light client, provides greater flexibility for the detection and the repair of the loophole, puts decision control on the server, sends a loophole detection instruction and a loophole repair patch after the decision is completed to the client to execute the loophole detection and repair, completes the cooperative work of the server and the client, and realizes the detection and repair processes.
The configuration information is transmitted by combining with a keep-alive mechanism of heartbeat of the client, the configuration related to vulnerability processing can be transmitted while the client is ensured to be on line, and the heartbeat message channel and the special message channel are respectively opened up to realize the classification processing of different messages, so that the success rate of vulnerability detection and repair is improved by the heartbeat message channel and the special message channel, and the vulnerability processing task is smoothly executed.
The vulnerability detection script and the vulnerability repair script can be adopted to execute vulnerability detection and repair processing, the script is introduced to realize cooperative work of the server and the client, the script can be configured based on the client, the script controls the starting and the ending of vulnerability detection and repair tasks, the control of the server on the detection or repair tasks is completed through the script, appropriate tasks are configured for specific scenes, and the great influence caused by uncertain client defects is avoided.
In the embodiments of the application, the user information is collected, used and stored after being authorized and allowed by the user, and various operations based on the user information are executed after being authorized and allowed by the user.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the embodiments are not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the embodiments. Further, those skilled in the art will also appreciate that the embodiments described in the specification are presently preferred and that no particular act is required of the embodiments of the application.
On the basis of the foregoing embodiment, the present embodiment further provides a vulnerability processing apparatus based on cloud service, which is applied to an electronic device at a server.
The detection determining module is used for issuing a vulnerability detection instruction under the condition that the client side meets vulnerability detection conditions, wherein the vulnerability detection instruction is determined according to configuration information of the client side, and the configuration information is sent through heartbeat data;
the detection result receiving module is used for receiving a vulnerability detection result through heartbeat data, and the vulnerability detection result is generated by executing vulnerability detection on the client side according to the vulnerability detection instruction;
the fixing determining module is used for obtaining at least one vulnerability fixing patch according to the vulnerability detection result; and issuing the at least one bug fix patch to execute bug fixes on the client based on the bug fix patch.
And the repair result receiving module is used for receiving a repair result, and the repair result is generated by executing bug repair on the client according to the repair patch.
In summary, the cloud service side issues a vulnerability detection instruction under the condition that the client side meets vulnerability detection conditions, the vulnerability detection instruction is determined according to configuration information of the client side, the configuration information is sent through heartbeat data, so that a proper vulnerability detection instruction can be issued based on the client side, security software does not need to be installed on the client side, then a vulnerability detection result is received through the heartbeat data, the vulnerability detection result is generated by executing vulnerability detection on the client side according to the detection instruction, at least one vulnerability repair patch is acquired according to the vulnerability detection result, the at least one vulnerability repair patch is issued, and the vulnerability can be repaired aiming at feedback repair, and the security of the client side is improved.
The detection determining module is further used for detecting whether the client side meets the vulnerability detection condition through the heartbeat data.
The detection determining module is used for judging whether the client is on line or not according to the time information corresponding to the heartbeat data; if the client is online, detecting whether the client supports vulnerability scanning; if the client supports vulnerability scanning, determining that the client meets vulnerability detection conditions; and if the client is offline or does not support vulnerability scanning, determining that the client does not meet vulnerability detection conditions.
The detection determining module is used for acquiring configuration information through heartbeat data under the condition that the client side meets the vulnerability detection condition; acquiring client information from the configuration information, and determining a vulnerability detection instruction according to the client information; and issuing the vulnerability detection instruction.
The repair determining module is used for acquiring at least one vulnerability information from the vulnerability detection result; and acquiring at least one vulnerability fix patch according to the at least one vulnerability information.
The repair determining module is further configured to determine risk level information corresponding to the vulnerability information; analyzing the relation information of the vulnerability information and the client; and generating repair suggestion information according to the risk level and the associated information, and feeding back the repair suggestion information.
And the detection determining module is used for transmitting the vulnerability detecting instruction through a special message channel.
The repair determining module is configured to transmit the at least one bug fix patch through a dedicated message channel.
On the basis of the foregoing embodiment, the present embodiment further provides a vulnerability processing apparatus based on cloud service, which is applied to an electronic device of a client.
The heartbeat uploading module is used for uploading heartbeat data, and the heartbeat data comprises configuration information; adding the vulnerability detection result into heartbeat data, and sending the heartbeat data;
the script transmission module is used for receiving a vulnerability detection instruction, and the vulnerability detection instruction is determined by the cloud server side according to the configuration information; receiving at least one vulnerability repair patch, wherein the vulnerability repair patch is determined by a cloud server according to the vulnerability detection result; and sending the bug fixing result;
the vulnerability detection module is used for executing the detection missing processing according to the vulnerability detection instruction to obtain a vulnerability detection result;
and the bug fixing module is used for executing bug fixing processing according to the bug fixing patch and determining a bug fixing result.
And the script transmission module is used for sending the bug fixing result through a special message channel.
The vulnerability repairing module is also used for receiving repairing suggestion information; displaying a repair suggestion of the bug to be repaired according to the repair suggestion information, wherein the repair suggestion is determined according to the risk level and the associated information of the bug to be repaired; and responding to the trigger of the repair suggestion, determining the vulnerability of the repair execution and feeding back the vulnerability to the cloud server.
The embodiment of the application adopts the structures of the heavy server and the light client, provides greater flexibility for the detection and the repair of the loophole, puts decision control on the server, sends a loophole detection instruction and a loophole repair patch after the decision is completed to the client to execute the loophole detection and repair, completes the cooperative work of the server and the client, and realizes the detection and repair processes.
The configuration information is transmitted by combining with a keep-alive mechanism of heartbeat of the client, the configuration related to vulnerability processing can be transmitted while the client is ensured to be on line, and the heartbeat message channel and the special message channel are respectively opened up to realize the classification processing of different messages, so that the success rate of vulnerability detection and repair is improved by the heartbeat message channel and the special message channel, and the vulnerability processing task is smoothly executed.
The vulnerability detection script and the vulnerability repair script can be adopted to execute vulnerability detection and repair processing, the script is introduced to realize cooperative work of the server and the client, the script can be configured based on the client, the script controls the starting and the ending of vulnerability detection and repair tasks, the control of the server on the detection or repair tasks is completed through the script, appropriate tasks are configured for specific scenes, and the great influence caused by uncertain client defects is avoided.
In the embodiments of the application, the user information is collected, used and stored after being authorized and allowed by the user, and various operations based on the user information are executed after being authorized and allowed by the user.
The present application further provides a non-transitory, readable storage medium, where one or more modules (programs) are stored, and when the one or more modules are applied to a device, the device may execute instructions (instructions) of method steps in this application.
Embodiments of the present application provide one or more machine-readable media having instructions stored thereon, which when executed by one or more processors, cause an electronic device to perform the methods as described in one or more of the above embodiments. In the embodiment of the application, the electronic device includes a server, a terminal device and other devices.
Embodiments of the present disclosure may be implemented as an apparatus, which may include servers (clusters), terminals, etc. electronic devices, using any suitable hardware, firmware, software, or any combination thereof, for a desired configuration. Fig. 5 schematically illustrates an example apparatus 500 that may be used to implement various embodiments described herein.
For one embodiment, fig. 5 illustrates an exemplary apparatus 500 having one or more processors 502, a control module (chipset) 504 coupled to at least one of the processor(s) 502, a memory 506 coupled to the control module 504, a non-volatile memory (NVM)/storage 508 coupled to the control module 504, one or more input/output devices 510 coupled to the control module 504, and a network interface 512 coupled to the control module 504.
The processor 502 may include one or more single-core or multi-core processors, and the processor 502 may include any combination of general-purpose or special-purpose processors (e.g., graphics processors, application processors, baseband processors, etc.). In some embodiments, the apparatus 500 can be used as a server, a terminal, or the like in the embodiments of the present application.
In some embodiments, apparatus 500 may include one or more computer-readable media (e.g., memory 506 or NVM/storage 508) having instructions 514 and one or more processors 502 in combination with the one or more computer-readable media and configured to execute instructions 514 to implement modules to perform the actions described in this disclosure.
For one embodiment, control module 504 may include any suitable interface controllers to provide any suitable interface to at least one of the processor(s) 502 and/or any suitable device or component in communication with control module 504.
Control module 504 may include a memory controller module to provide an interface to memory 506. The memory controller module may be a hardware module, a software module, and/or a firmware module.
The memory 506 may be used, for example, to load and store data and/or instructions 514 for the apparatus 500. For one embodiment, memory 506 may comprise any suitable volatile memory, such as suitable DRAM. In some embodiments, the memory 506 may comprise a double data rate type four synchronous dynamic random access memory (DDR 4 SDRAM).
For one embodiment, control module 504 may include one or more input/output controllers to provide an interface to NVM/storage 508 and input/output device(s) 510.
For example, NVM/storage 508 may be used to store data and/or instructions 514. NVM/storage 508 may include any suitable non-volatile memory (e.g., flash memory) and/or may include any suitable non-volatile storage device(s) (e.g., one or more Hard Disk Drives (HDDs), one or more Compact Disc (CD) drives, and/or one or more Digital Versatile Disc (DVD) drives).
NVM/storage 508 may include storage resources that are part of the device on which apparatus 500 is installed, or it may be accessible by the device and may not necessarily be part of the device. For example, NVM/storage 508 may be accessed over a network via input/output device(s) 510.
Input/output device(s) 510 may provide an interface for apparatus 500 to communicate with any other suitable device, input/output devices 510 may include communication components, audio components, sensor components, and so forth. The network interface 512 may provide an interface for the apparatus 500 to communicate over one or more networks, and the apparatus 500 may wirelessly communicate with one or more components of a wireless network according to any of one or more wireless network standards and/or protocols, such as access to a communication standard-based wireless network, such as WiFi, 2G, 3G, 4G, 5G, etc., or a combination thereof.
For one embodiment, at least one of the processor(s) 502 may be packaged together with logic for one or more controller(s) (e.g., memory controller module) of the control module 504. For one embodiment, at least one of the processor(s) 502 may be packaged together with logic for one or more controller(s) of the control module 504 to form a System In Package (SiP). For one embodiment, at least one of the processor(s) 502 may be integrated on the same die with logic for one or more controller(s) of the control module 504. For one embodiment, at least one of the processor(s) 502 may be integrated on the same die with logic for one or more controller(s) of the control module 504 to form a system on chip (SoC).
In various embodiments, the apparatus 500 may be, but is not limited to: a server, a desktop computing device, or a mobile computing device (e.g., a laptop computing device, a handheld computing device, a tablet, a netbook, etc.), among other terminal devices. In various embodiments, the apparatus 500 may have more or fewer components and/or different architectures. For example, in some embodiments, device 500 includes one or more cameras, a keyboard, a Liquid Crystal Display (LCD) screen (including a touch screen display), a non-volatile memory port, multiple antennas, a graphics chip, an Application Specific Integrated Circuit (ASIC), and speakers.
The detection device can adopt a main control chip as a processor or a control module, sensor data, position information and the like are stored in a memory or an NVM/storage device, a sensor group can be used as an input/output device, and a communication interface can comprise a network interface.
An embodiment of the present application further provides an electronic device, including: a processor; and a memory having executable code stored thereon that, when executed, causes the processor to perform a method as described in one or more of the embodiments of the application. In the embodiment of the present application, various data, such as various data of a target file, a file and application associated data, and the like, may be stored in the memory, and user behavior data may also be included, so as to provide a data basis for various processing.
Embodiments of the present application also provide one or more machine-readable media having executable code stored thereon that, when executed, cause a processor to perform a method as described in one or more of the embodiments of the present application.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all changes and modifications that fall within the true scope of the embodiments of the present application.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrases "comprising one of \ 8230; \8230;" does not exclude the presence of additional like elements in a process, method, article, or terminal device that comprises the element.
The vulnerability processing method based on the cloud service, the electronic device and the storage medium provided by the application are introduced in detail, specific examples are applied in the detailed description to explain the principle and the implementation mode of the application, and the description of the embodiments is only used for helping to understand the method and the core idea of the application; meanwhile, for a person skilled in the art, according to the idea of the present application, the specific implementation manner and the application scope may be changed, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (13)

1. A vulnerability processing method based on cloud service is characterized by being applied to a cloud service side, and the method comprises the following steps:
the method comprises the steps that under the condition that a client side meets vulnerability detection conditions, a vulnerability detection instruction is issued, the vulnerability detection instruction is determined according to configuration information of the client side, and the configuration information is sent through heartbeat data;
receiving a vulnerability detection result through heartbeat data, wherein the vulnerability detection result is generated by executing vulnerability detection on a client according to the vulnerability detection instruction;
acquiring at least one vulnerability repair patch according to the vulnerability detection result;
and issuing the at least one bug fixing patch so as to execute bug fixing on a client side based on the bug fixing patch.
2. The method of claim 1, further comprising:
and detecting whether the client meets the vulnerability detection condition or not through the heartbeat data.
3. The method according to claim 2, wherein the detecting whether the client satisfies the vulnerability detection condition through the heartbeat data includes:
judging whether the client is on line or not according to time information corresponding to the heartbeat data;
if the client is online, detecting whether the client supports vulnerability scanning;
if the client supports vulnerability scanning, determining that the client meets vulnerability detection conditions;
and if the client is offline or does not support vulnerability scanning, determining that the client does not meet vulnerability detection conditions.
4. The method according to claim 1, wherein issuing the vulnerability detection instruction in case that the client satisfies the vulnerability detection condition comprises:
acquiring configuration information through heartbeat data under the condition that a client meets vulnerability detection conditions;
acquiring client information from the configuration information, and determining a vulnerability detection instruction according to the client information;
and issuing the vulnerability detection instruction.
5. The method according to claim 1, wherein the obtaining at least one vulnerability fix patch according to the vulnerability detection result comprises:
acquiring at least one vulnerability information from the vulnerability detection result;
and acquiring at least one vulnerability fix patch according to the at least one vulnerability information.
6. The method of claim 1 or 5, further comprising:
determining risk level information corresponding to the vulnerability information;
analyzing the vulnerability information and the associated information of the client;
and generating repair suggestion information according to the risk level and the associated information, and feeding back the repair suggestion information.
7. The method according to claim 1 or 4, wherein the issuing the bug detection instruction comprises:
and transmitting the vulnerability detection instruction through a special message channel.
8. The method of claim 1, wherein the issuing the at least one bug fix patch comprises:
transmitting the at least one bug fix patch through a dedicated message channel.
9. A vulnerability processing method based on cloud service is applied to a client side, and comprises the following steps:
uploading heartbeat data, wherein the heartbeat data comprises configuration information;
receiving a vulnerability detection instruction, wherein the vulnerability detection instruction is determined by the cloud server according to the configuration information;
executing detection missing processing according to the vulnerability detection instruction to obtain a vulnerability detection result;
adding the vulnerability detection result into heartbeat data, and sending the heartbeat data;
receiving at least one vulnerability repair patch, wherein the vulnerability repair patch is determined by a cloud server according to the vulnerability detection result;
and executing vulnerability repairing processing according to the vulnerability repairing patch, and determining a vulnerability repairing result.
10. The method of claim 9, further comprising:
and sending the bug fixing result through a special message channel.
11. The method of claim 9, further comprising:
receiving repair suggestion information;
displaying a repair suggestion of the bug to be repaired according to the repair suggestion information, wherein the repair suggestion is determined according to the risk level and the associated information of the bug to be repaired;
and responding to the trigger of the repair suggestion, determining the vulnerability of the repair execution and feeding back the vulnerability to the cloud server.
12. An electronic device, comprising: a processor;
and a memory having stored thereon executable code which, when executed by the processor, performs the method of any of claims 1-11.
13. One or more machine-readable media having executable code stored thereon that, when executed by a processor, performs the method of any of claims 1-11.
CN202210736840.9A 2022-06-27 2022-06-27 Vulnerability processing method and device based on cloud service and storage medium Pending CN115146278A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210736840.9A CN115146278A (en) 2022-06-27 2022-06-27 Vulnerability processing method and device based on cloud service and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210736840.9A CN115146278A (en) 2022-06-27 2022-06-27 Vulnerability processing method and device based on cloud service and storage medium

Publications (1)

Publication Number Publication Date
CN115146278A true CN115146278A (en) 2022-10-04

Family

ID=83409162

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210736840.9A Pending CN115146278A (en) 2022-06-27 2022-06-27 Vulnerability processing method and device based on cloud service and storage medium

Country Status (1)

Country Link
CN (1) CN115146278A (en)

Similar Documents

Publication Publication Date Title
CN108900776B (en) Method and apparatus for determining response time
EP3333704B1 (en) Method and apparatus for repairing kernel vulnerability
CN102306117B (en) Automatic hardware test alarm method and device
CN106897095B (en) Method and device for hot repairing application program, readable storage medium and computing equipment
US10496696B2 (en) Search method and apparatus
US10984110B2 (en) Evaluation of security of firmware
US9466310B2 (en) Compensating for identifiable background content in a speech recognition device
WO2015172616A1 (en) Method, device and system for uploading file to cloud disk, and cloud disk server
CN113630253A (en) Login method, device, computer system and readable storage medium
US9510182B2 (en) User onboarding for newly enrolled devices
CN109408116B (en) Service identifier acquisition method, device, equipment and storage medium
CN111581005A (en) Terminal repairing method, terminal and storage medium
CN111200744B (en) Multimedia playing control method and device and intelligent equipment
US10896252B2 (en) Composite challenge task generation and deployment
US20130083194A1 (en) Video monitoring server and method
CN116662193A (en) Page testing method and device
CN115146278A (en) Vulnerability processing method and device based on cloud service and storage medium
CN111930629A (en) Page testing method and device, electronic equipment and storage medium
US10162488B1 (en) Browser-based media scan
CN112650557B (en) Command execution method and device
CN108471635B (en) Method and apparatus for connecting wireless access points
CN108446219B (en) Application program operation method, system, medium and computing device
CN114465738A (en) Application program evidence obtaining method, system, device and storage medium
CN111510432A (en) Safety monitoring method, device and equipment for website abnormity
CN106951347B (en) Online diagnosis method and online diagnosis device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination