CN115396159A - Container mirror image detection method, client and server - Google Patents

Container mirror image detection method, client and server Download PDF

Info

Publication number
CN115396159A
CN115396159A CN202210927234.5A CN202210927234A CN115396159A CN 115396159 A CN115396159 A CN 115396159A CN 202210927234 A CN202210927234 A CN 202210927234A CN 115396159 A CN115396159 A CN 115396159A
Authority
CN
China
Prior art keywords
mirror image
vulnerability
container
client
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210927234.5A
Other languages
Chinese (zh)
Inventor
黄超
杜杨浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Qianhai Huanrong Lianyi Information Technology Service Co Ltd
Original Assignee
Shenzhen Qianhai Huanrong Lianyi Information Technology Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Qianhai Huanrong Lianyi Information Technology Service Co Ltd filed Critical Shenzhen Qianhai Huanrong Lianyi Information Technology Service Co Ltd
Priority to CN202210927234.5A priority Critical patent/CN115396159A/en
Publication of CN115396159A publication Critical patent/CN115396159A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes

Abstract

The invention discloses a container mirror image detection method, a client and a server, and mainly aims to solve the problem that the existing centralized scanning container mirror image warehouse detection method cannot cover mirror images in edge operation. The method comprises the following steps: the client acquires mirror image data of a container to be scanned from a container engine of the edge network node; analyzing the mirror image data to obtain mirror image layering information, and sending a vulnerability scanning request carrying the mirror image layering information to a server side of a cloud platform control center; the server receives a vulnerability scanning request of at least one edge network node client, and extracts mirror image layering information carried in the vulnerability scanning request according to the time sequence of receiving the vulnerability scanning request; and carrying out vulnerability scanning on the mirror image layering information based on a vulnerability database downloaded from a third party, and sending a scanning result to the client. And the client receives the scanning result sent by the server to complete the mirror image detection of the container to be scanned.

Description

Container mirror image detection method, client and server
Technical Field
The invention relates to the technical field of software detection, in particular to a container mirror image detection method, a client and a server.
Background
The mirror image of the container means that the code of the application program and the running environment thereof are subjected to standardized encapsulation, so that a special file system is obtained, and the special file system comprises a packaged application, the dependency relationship of the packaged application and process information of the packaged application running at the time of starting. When the mirror image of the container has abnormal conditions such as a leak and the like, the corresponding container has potential safety hazards.
At present, most of the existing container mirror image detection methods adopt a centralized scanning mechanism, that is, a container mirror image warehouse is deployed on a server, and the server scans image files in the container mirror image warehouse for centralized scanning detection during detection. However, the detection method of the centralized scanning container mirror image warehouse cannot cover the mirror image in the edge operation, so that the loopholes of the mirror image file in the edge network node cannot be found in time, and the potential safety hazard of the container exists.
Disclosure of Invention
In view of this, the present invention provides a container mirror image detection method, a client and a server, and mainly aims to solve the problem that the existing centralized scanning container mirror image warehouse detection method cannot cover a mirror image in edge operation, so that vulnerabilities of mirror image files in edge network nodes cannot be discovered in time.
According to an aspect of the present invention, there is provided a container mirror detection method applied to a client of an edge network node, including:
acquiring mirror image data of a container to be scanned from a container engine of an edge network node;
analyzing the mirror image data to obtain mirror image layering information, and sending a vulnerability scanning request carrying the mirror image layering information to a server of a cloud platform control center so that the server can perform vulnerability scanning based on the mirror image layering information;
and receiving a scanning result sent by the server side, and completing mirror image detection on the container to be scanned.
Further, the analyzing the mirror image data to obtain mirror image hierarchical information includes:
code data of the mirror image data is obtained;
and obtaining mirror image layering information of the mirror image data by detecting the unique identification code information stored in each mirror image layer in the code data.
Further, after receiving the scanning result sent by the server and completing the mirror image detection on the container to be scanned, the method further includes:
acquiring a mirror image layered list of the container to be scanned from a container engine of the edge network node, and comparing a first mirror image layer in the mirror image layered list with a second mirror image layer in the mirror image layered information to obtain a difference mirror image layer;
if the difference mirror image layer is detected to be a missing mirror image layer, sending a missing mirror image layer query request to the server, so that the server loads missing mirror image layering information corresponding to the missing mirror image layer from a local cache;
and if the difference mirror image layer is detected to be a new mirror image layer, acquiring mirror image data corresponding to the new mirror image layer from the container engine, analyzing the mirror image data to obtain new mirror image layering information, and sending a bug scanning request carrying the new mirror image layering information to the server side.
According to another aspect of the present invention, another container image detection method is provided, which is applied to a server of a cloud platform control center, and includes:
downloading the vulnerability database from a third party for local storage;
receiving a vulnerability scanning request of a client of at least one edge network node, and extracting mirror image layering information carried in the vulnerability scanning request according to the time sequence of receiving the vulnerability scanning request;
and carrying out vulnerability scanning on the mirror image layering information based on the vulnerability database, and sending a scanning result to the client.
Further, the vulnerability scanning of the mirror image layering information based on the vulnerability database includes:
matching data in the mirror image layering information with different types of vulnerability data in the vulnerability database one by one;
and outputting the vulnerability type successfully matched with the vulnerability data as the vulnerability scanning result.
Further, after receiving a vulnerability scanning request of a client of at least one edge network node and extracting mirror image layering information carried in the vulnerability scanning request according to the time sequence of receiving the vulnerability scanning request, the method further includes:
storing the mirror image hierarchical information into a local cache;
and when a missing mirror image layer query request sent by the client is received, acquiring mirror image layering information of the missing mirror image layer to be queried in the missing mirror image layer query request from the local cache.
Further, the method further comprises:
receiving a vulnerability scanning request carrying newly added mirror image layering information;
and carrying out vulnerability scanning on the newly added mirror image layering information based on the vulnerability database, and sending a scanning result to the client.
According to an aspect of the present invention, there is provided a client, including:
the data acquisition module is used for acquiring mirror image data of a container to be scanned from a container engine of the edge network node;
the analysis and sending module is used for analyzing the mirror image data to obtain mirror image layering information and sending a vulnerability scanning request carrying the mirror image layering information to a server side of a cloud platform control center so that the server side can perform vulnerability scanning based on the mirror image layering information;
and the receiving module is used for receiving the scanning result sent by the server and completing the mirror image detection of the container to be scanned.
Further, the analyzing and sending module further includes:
a code acquisition unit configured to acquire code data of the mirror image data;
and the identification unit is used for detecting the unique identification code information stored in each mirror image layer in the code data to obtain the mirror image layering information of the mirror image data.
Further, the client further includes:
a comparison module, configured to obtain a mirror image hierarchical list of the container to be scanned from a container engine of the edge network node, and compare the mirror image layer in the mirror image hierarchical list with the mirror image layer in the mirror image hierarchical information to obtain a difference mirror image layer;
the missing mirror image query module is used for sending a query request of a missing mirror image layer to the server if the difference mirror image layer is detected to be the missing mirror image layer, so that the server loads the missing mirror image layering information corresponding to the missing mirror image layer from a local cache;
and the newly-added mirror image analysis module is used for acquiring mirror image data corresponding to the newly-added mirror image layer from the client side to analyze the mirror image data to obtain newly-added mirror image layered information if the difference mirror image layer is detected to be the newly-added mirror image layer, and sending a bug scanning request carrying the newly-added mirror image layered information to the server side.
According to an aspect of the present invention, there is provided a server, including:
the database downloading module is used for downloading the vulnerability database from a third party for local storage;
the information extraction module is used for receiving a vulnerability scanning request of a client of at least one edge network node and extracting mirror image layering information carried in the vulnerability scanning request according to the time sequence of receiving the vulnerability scanning request;
and the vulnerability scanning module is used for carrying out vulnerability scanning on the mirror image layering information based on the vulnerability database and sending a scanning result to the client.
Further, the vulnerability scanning module further comprises:
the vulnerability matching unit is used for matching the data in the mirror image layering information with vulnerability data of different vulnerability types in the vulnerability database one by one;
and the result output unit is used for determining the vulnerability type corresponding to the vulnerability data which is successfully matched as the vulnerability result of the vulnerability scanning.
Further, the server further includes:
the storage module is used for storing the mirror image layering information into a local cache;
and the missing mirror image acquisition module is used for acquiring mirror image layering information of the missing mirror image layer to be inquired in the missing mirror image layer inquiry request from the local cache when the missing mirror image layer inquiry request sent by the client is received.
Further, the server further includes:
the newly added mirror image receiving module is used for receiving a vulnerability scanning request carrying the layered information of the newly added mirror image;
and the newly added mirror image scanning module is used for carrying out leak scanning on the layered information of the newly added mirror image based on the leak database and sending a scanning result to the client.
According to an aspect of the present invention, there is provided a storage medium having at least one executable instruction stored therein, where the executable instruction causes a processor to perform an operation corresponding to the detection method of the container image.
According to an aspect of the present invention, there is provided a computer device, including a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the container image detection method in any one of the above items.
According to an aspect of the present invention, there is provided another storage medium, where at least one executable instruction is stored, and the executable instruction causes a processor to perform an operation corresponding to the container image detection method according to any one of the above descriptions.
According to an aspect of the present invention, another computer device is provided, which includes a processor, a memory, a communication interface, and a communication bus, where the processor, the memory, and the communication interface complete communication with each other through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the container image detection method in any one of the above items.
By the technical scheme, the technical scheme provided by the embodiment of the invention at least has the following advantages:
compared with the prior art that a container mirror image warehouse is arranged on a server, and the server scans mirror image files in the container mirror image warehouse to perform centralized scanning detection during detection, the invention acquires mirror image data of a container to be scanned from a container engine of an edge network node through the client; analyzing the mirror image data to obtain mirror image layering information, and sending a vulnerability scanning request carrying the mirror image layering information to a server of a cloud platform control center so that the server can perform vulnerability scanning based on the mirror image layering information; and receiving a scanning result sent by the server side, and completing mirror image detection on the container to be scanned. A server side of the cloud platform control center downloads the vulnerability database from a third party for local storage; receiving a vulnerability scanning request of a client of at least one edge network node, and extracting mirror image layering information carried in the vulnerability scanning request according to the time sequence of receiving the vulnerability scanning request; and carrying out vulnerability scanning on the mirror image layering information based on the vulnerability database, and sending a scanning result to the client. Distributed vulnerability scanning is carried out on container mirror images running in different edge network nodes, so that vulnerabilities existing in the container mirror images of the different edge network nodes can be timely and effectively found, and vulnerability scanning efficiency of the container mirror images of the edge network nodes is improved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a flowchart illustrating a method for detecting a container image according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating a method for detecting container images according to an embodiment of the present invention;
FIG. 3 is a flow chart illustrating a method for detecting container mirroring according to an embodiment of the present invention;
FIG. 4 is a flow chart illustrating a method for detecting container mirroring according to an embodiment of the present invention;
FIG. 5 is an interaction flow chart of a container mirror image detection method according to an embodiment of the present invention;
fig. 6 is a block diagram illustrating a client according to an embodiment of the present invention;
fig. 7 is a block diagram illustrating components of a server according to an embodiment of the present invention;
FIG. 8 is a schematic structural diagram of a computer device according to an embodiment of the present invention;
FIG. 9 is a schematic diagram of another computer device provided in an embodiment of the present invention;
fig. 10 is a block diagram illustrating a container mirror image detection system according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
An embodiment of the present invention provides a method for detecting a container mirror image, which can be applied to a client of an edge network node, and as shown in fig. 1, the method includes:
101. acquiring mirror image data of a container to be scanned from a container engine of an edge network node;
in the embodiment of the present invention, the mirror image data of the container is stored in the container engine of the edge network node corresponding to the current client, and when scanning the mirror image of the container in the edge network node, the mirror image data of the container to be scanned needs to be obtained from the container engine of the edge network node. The container engine provides strong cluster management and arrangement for the edge network node, and application container engines Docker and the like are commonly used, and the embodiment of the invention is not particularly limited. The mirror data of the container contains a packaged application, the dependency relationship of the application, the process information and other data contents which are run when the container is started.
102. Analyzing the mirror image data to obtain mirror image layered information, and sending a vulnerability scanning request carrying the mirror image layered information to a server side of a cloud platform control center so that the server side can perform vulnerability scanning based on the mirror image layered information;
in the embodiment of the invention, after the client of the current edge network node acquires the mirror image data of the container to be scanned, the mirror image data needs to be analyzed to obtain the mirror image layering information of each mirror image in the mirror image data. The mirror image layer information is used to represent information or data included in each layer in the mirror image data, such as information or data included in each layer, such as a mirror image layer, a roit layer, a container layer, and a mount layer, and the embodiment of the present invention is not limited specifically. The current client sends a vulnerability scanning request carrying mirror image hierarchical information to the server, so that the server performs vulnerability scanning based on the mirror image hierarchical information.
It should be noted that, when a plurality of edge network nodes exist, each client also only analyzes the mirror image data acquired from the container engine of the corresponding edge network node, and sends vulnerability scanning requests to the service end of the same cloud platform control center respectively to form a distributed scanning structure.
103. And receiving a scanning result sent by the server to complete the mirror image detection of the container to be scanned.
In the embodiment of the invention, the client of the current edge network node receives the bug scanning result sent by the server of the cloud platform control center, if the mirror image data of the scanning container to be detected has no bug, or there is one or more types of bugs such as SQL injection bugs, directory traversal bugs, cross-site scripting bugs, etc., the embodiments of the present invention are not specifically limited, and mirror image detection of the scanning container to be detected is completed.
The invention provides a container mirror image detection method, which comprises the steps of obtaining mirror image data of a container to be scanned from a container engine of an edge network node; analyzing the mirror image data to obtain mirror image layered information, and sending a vulnerability scanning request carrying the mirror image layered information to a server side of a cloud platform control center so that the server side can perform vulnerability scanning based on the mirror image layered information; and receiving a scanning result sent by the server side, and completing mirror image detection on the container to be scanned. Therefore, the container mirror image data in the edge network nodes can be timely detected, the security loopholes of the running containers in the edge network nodes can be found in advance, and the security and the reliability of the container mirror images in the edge network nodes can be ensured.
Further, as a refinement and an extension of the specific implementation of the embodiment, in order to fully describe the specific implementation process in this embodiment, another method for detecting a container mirror image is provided, and the step of analyzing the mirror image data to obtain mirror image hierarchical information includes:
acquiring code data of the mirror image data;
and obtaining mirror image layering information of the mirror image data by detecting the unique identification code information stored in each mirror image layer in the code data.
In the embodiment of the invention, the layered information of each mirror image is more efficiently and conveniently identified and acquired. The current client obtains code data of the mirror image data, where the code data of the mirror image data includes a unique identification code stored in each mirror image layer, such as a unique identifier imageID of the mirror image, an index chainID adopted by a Docker content addressing mechanism, a mirror image layer check diffID, and the like. The current client side obtains mirror image layering information of the mirror image data through the unique identification code information by detecting the unique identification code information stored in each mirror image layer in the code data.
Further, as a refinement and an extension of the specific implementation manner of the above embodiment, in order to simplify the container mirror image detection method, after the container to be scanned is subjected to the first vulnerability scanning, all mirror image data of the container to be scanned is not repeatedly obtained, but through detection, new mirror image data of the container to be scanned is obtained and is analyzed and scanned, or missing mirror image hierarchical information of the container to be scanned is called from the server side of the cloud platform control center to perform vulnerability scanning, so that not only is the vulnerability scanning efficiency of the edge network node improved, but also the workload of vulnerability scanning of the server side of the cloud platform control center is reduced. Another container mirror image detection method is provided, as shown in fig. 2, the step of receiving the scanning result sent by the server, and after the mirror image detection on the container to be scanned is completed, the method further includes:
201. acquiring a mirror image layered list of the container to be scanned from a container engine of the edge network node, and comparing a first mirror image layer in the mirror image layered list with a second mirror image layer in the mirror image layered information to obtain a difference mirror image layer;
in the embodiment of the invention, the client of the current edge network node acquires the mirror image layered list of the container to be scanned from the container engine of the edge network node corresponding to the client. The mirror image hierarchical list is used for counting information such as the number and name of mirror image layers of the container, and the embodiment of the present invention is not specifically limited. The current client compares a first mirror image layer in the mirror image layering list with a second mirror image layer in the mirror image layering information to obtain a difference mirror image layer. The difference mirror layer is used for representing the difference part between the first mirror layer and the second mirror layer and comprises a missing mirror layer and a newly added mirror layer.
202. If the difference mirror image layer is detected to be a missing mirror image layer, sending a missing mirror image layer query request to the server, so that the server loads missing mirror image layering information corresponding to the missing mirror image layer from a local cache;
in the embodiment of the invention, if the current client detects that the difference mirror image layer is the missing mirror image layer, the current client sends a missing mirror image layer query request to the server of the cloud platform control center, after receiving the query request of the current client, the server of the cloud platform control center loads the missing mirror image corresponding to the missing mirror image layer into information from the local cache, and the server performs vulnerability scanning on the basis of the vulnerability database.
It should be noted that the mirror image layering information carried by the first vulnerability scanning request of the container to be scanned is stored in the local cache of the cloud platform control center server, and when the missing mirror image layer is queried, the missing mirror image layering information is loaded by detecting the unique identification code information in the code data of the missing mirror image layer.
203. And if the difference mirror image layer is detected to be a new mirror image layer, acquiring mirror image data corresponding to the new mirror image layer from the container engine, analyzing the mirror image data to obtain new mirror image layering information, and sending a bug scanning request carrying the new mirror image layering information to the server side.
In the embodiment of the invention, if a client of a current edge network node detects that a difference mirror layer is a new mirror layer, mirror image data corresponding to the new mirror layer is obtained from a container engine corresponding to the edge network node, the current client detects unique identification code information of the code data by obtaining code data of the mirror image data corresponding to the new mirror layer to obtain new mirror layer information of the new mirror layer, a bug scanning request carrying the new mirror layer information is sent to a server of a cloud platform control center, the server performs bug detection based on a database after receiving the new mirror layer information, and the new mirror layer information is stored in a local cache of the cloud platform control center.
The invention provides a container mirror image detection method, which comprises the steps of obtaining mirror image data of a container to be scanned from a container engine of an edge network node; analyzing the mirror image data to obtain mirror image layered information, and sending a vulnerability scanning request carrying the mirror image layered information to a server side of a cloud platform control center so that the server side can perform vulnerability scanning based on the mirror image layered information; and receiving a scanning result sent by the server to complete the mirror image detection of the container to be scanned. Therefore, the container mirror image data in the edge network nodes can be timely detected, the security loopholes of the running containers in the edge network nodes can be found in advance, and the security and the reliability of the container mirror images in the edge network nodes can be ensured.
An embodiment of the present invention provides another method for detecting a container mirror image, which can be applied to a server of a cloud platform control center, as shown in fig. 3, the method includes:
301. downloading the vulnerability database from a third party for local storage;
in the embodiment of the invention, the server side of the current cloud platform control center downloads the vulnerability database from the third party and stores the vulnerability database in the local server side. The vulnerability database downloaded by the third party includes various types of vulnerability data including but not limited to SQL injection vulnerabilities, directory traversal vulnerabilities, cross-site scripting vulnerabilities, and the like, and embodiments of the present invention are not particularly limited.
302. Receiving a vulnerability scanning request of a client of at least one edge network node, and extracting mirror image layering information carried in the vulnerability scanning request according to the time sequence of receiving the vulnerability scanning request;
in the embodiment of the invention, a server of a current cloud platform control center receives vulnerability scanning requests of one or more client sides of edge network nodes associated with the server, and processes the vulnerability scanning requests according to the time sequence of receiving the vulnerability scanning requests of each client side, namely, the vulnerability scanning request received firstly is processed firstly, and the vulnerability scanning requests received later are processed later. When the current server side processes the vulnerability scanning request, firstly, the mirror image layering information carried in the vulnerability scanning request is obtained.
It should be noted that the time here is based on the time of the server of the cloud platform control center, so as to avoid confusion of the time for receiving the request due to non-uniform time of each edge network node client.
303. And carrying out vulnerability scanning on the mirror image layering information based on the vulnerability database, and sending a scanning result to the client.
In the embodiment of the invention, after the current server side obtains the mirror image layering information, the mirror image layering information is subjected to vulnerability scanning based on the vulnerability database, the mirror image layering information and different types of vulnerability data in the vulnerability database are compared one by one during vulnerability scanning to carry out vulnerability identification, and the identified vulnerabilities are sent to the client side corresponding to the vulnerability scanning request. And when the vulnerability information is not identified, sending the scanning result without vulnerability data to the client corresponding to the vulnerability scanning request.
The invention provides a detection method of a container mirror image, which is characterized in that a vulnerability database is downloaded from a third party for local storage; receiving a vulnerability scanning request of a client of at least one edge network node, and extracting mirror image layering information carried in the vulnerability scanning request according to the time sequence of receiving the vulnerability scanning request; and carrying out vulnerability scanning on the mirror image layering information based on the vulnerability database, and sending a scanning result to the client. The server side of the current cloud platform control center processes vulnerability scanning requests of the client sides of the edge network nodes to form a distributed vulnerability scanning structure, so that management of container images of the client sides of the edge network nodes is facilitated, and storage pressure of the server side of the cloud platform control center is reduced.
Further, as a refinement and an extension of the specific implementation manner of the above embodiment, in order to improve vulnerability scanning efficiency and vulnerability scanning accuracy of mirror image data, another method for detecting a container mirror image is provided, and the step of performing vulnerability scanning on the mirror image hierarchical information based on the vulnerability database includes:
matching data in the mirror image layering information with vulnerability data of different vulnerability types in the vulnerability database one by one;
and determining the vulnerability type corresponding to the vulnerability data which is successfully matched as the vulnerability result of the vulnerability scanning.
In the embodiment of the invention, a server side of a current cloud platform control center matches data in mirror image data hierarchical information with different types of vulnerability data in a vulnerability database one by one, and during matching, feature extraction can be performed on the vulnerability data of different types in the vulnerability database firstly, and matching is performed based on the extracted features; keywords of different types of vulnerability data in the vulnerability database can be detected, matching is performed based on the keywords, and embodiments of the invention are not particularly limited. And the server side of the current cloud platform control center outputs the successfully matched vulnerability types as vulnerability scanning results. And when the mirror image hierarchical information is unsuccessfully matched with any type of vulnerability data in the vulnerability database, outputting a scanning result without the vulnerability.
Further, as a refinement and an extension of the specific implementation manner of the above embodiment, in order to perform vulnerability scanning only on a missing mirror image layer and improve vulnerability scanning efficiency of a server of a cloud platform control center, another method for detecting a container mirror image is provided, which includes the steps of receiving a vulnerability scanning request of a client of at least one edge network node, and after extracting mirror image layering information carried in the vulnerability scanning request according to a time sequence of receiving the vulnerability scanning request, as shown in fig. 4, the method further includes:
401. storing the mirror image layering information into a local cache;
402. and when a missing mirror image layer query request sent by the client is received, acquiring mirror image layering information of the missing mirror image layer to be queried in the missing mirror image layer query request from the local cache.
In the embodiment of the invention, the server side of the current cloud platform control center can search the mirror image layering information missing from the client side in the local cache in the later period, and the mirror image layering information of all the mirror image layers of the container to be scanned is stored in the local cache. When the current server receives a missing mirror layer query request sent by a client of an edge network node, mirror layering information corresponding to a missing mirror layer is obtained from a local cache of a cloud platform control center by detecting unique identification code information of the missing mirror layer, and vulnerability scanning is carried out.
It should be noted that, the contents of the difference mirror layers of the clients of different edge network nodes are different, the difference mirror layer of the client of some edge network nodes includes a missing mirror layer, and the difference mirror layer of the client of some edge network nodes includes a newly added mirror layer. And the server searches the missing mirror image layering information from the local cache according to the sequence of receiving time of the query request.
Further, as a refinement and an extension of the specific implementation manner of the above embodiment, in order to perform vulnerability scanning only on a newly added mirror image layer, reduce data analysis work of clients of each edge network node, and improve vulnerability scanning efficiency of a server of a cloud platform control center, another container mirror image detection method is provided, where the method further includes:
receiving a vulnerability scanning request carrying newly added mirror image layering information;
and carrying out vulnerability scanning on the newly added mirror image layering information based on the vulnerability database, and sending a scanning result to the client.
In the embodiment of the invention, the contents of the difference mirror image layers of the clients of different edge network nodes have difference, the difference mirror image layer of the client of some edge network nodes comprises a missing mirror image layer, and the difference mirror image layer of the client of some edge network nodes comprises a newly added mirror image layer. And sending a vulnerability scanning request carrying the layering information of the newly added mirror image to the current server only if the client side containing the newly added mirror image layer is detected. The current server performs vulnerability scanning on newly added mirror image layering information of a newly added mirror image layer on the basis of a vulnerability database, before scanning, feature extraction can be performed on vulnerability data of different types in the vulnerability database, and matching is performed on the basis of the extracted features; keywords of different types of vulnerability data in the vulnerability database can be detected, matching is performed based on the keywords, and embodiments of the invention are not particularly limited. And sending the result of vulnerability scanning to the client.
For the embodiment of the invention, in order to timely perform vulnerability detection on the mirror image data of the container running in each edge network node, the container mirror image data in the container engine corresponding to each edge network node is analyzed to obtain the mirror image layering information, and then the mirror image layering information is sent to the server side for vulnerability scanning. And storing the mirror image layering information of each edge network node client container in a cache of a server of the cloud platform control center, wherein the server provides query service for each client when mirror image layering is lost. When the containers of the clients are updated, the server provides vulnerability scanning service for the newly added mirror image layered information, so that the data analysis work of the clients is reduced, meanwhile, the vulnerability scanning work of the server is reduced, and the overall scanning efficiency of the distributed vulnerability scanning system is improved. In addition, since the client of the edge network node in the embodiment of the present invention may be an application end of different services such as a merchant management system, a code scanning ordering system, an intelligent home control management system, and a green travel management system, an interaction step of performing data processing in the embodiment of the present invention on the client of the edge network node and a server of a cloud platform control center is shown in fig. 5.
The invention provides a detection method of a container mirror image, which is characterized in that a vulnerability database is downloaded from a third party for local storage; receiving a vulnerability scanning request of a client of at least one edge network node, and extracting mirror image layering information carried in the vulnerability scanning request according to the time sequence of receiving the vulnerability scanning request; and carrying out vulnerability scanning on the mirror image layering information based on the vulnerability database, and sending a scanning result to the client. The server side of the current cloud platform control center processes vulnerability scanning requests of the client sides of the edge network nodes to form a distributed vulnerability scanning structure, so that management of container images of the client sides of the edge network nodes is facilitated, and storage pressure of the server side of the cloud platform control center is reduced.
As an implementation of the method shown in fig. 1, an embodiment of the present invention provides a client, and as shown in fig. 6, the client includes:
a data obtaining module 51, configured to obtain mirror image data of a container to be scanned from a container engine of an edge network node;
the analyzing and sending module 52 is configured to analyze the mirror image data to obtain mirror image layering information, and send a vulnerability scanning request carrying the mirror image layering information to a server of a cloud platform control center, so that the server performs vulnerability scanning based on the mirror image layering information;
and the receiving module 53 receives the scanning result sent by the server, and completes the mirror image detection on the container to be scanned.
Further, the parsing and sending module further includes:
a code acquisition unit configured to acquire code data of the mirror image data;
and the identification unit is used for detecting the unique identification code information stored in each mirror image layer in the code data to obtain the mirror image layering information of the mirror image data.
Further, the client further includes:
a comparison module, configured to obtain a mirror image hierarchical list of the container to be scanned from a container engine of the edge network node, and compare the mirror image layer in the mirror image hierarchical list with the mirror image layer in the mirror image hierarchical information to obtain a difference mirror image layer;
the missing mirror image query module is used for sending a query request of a missing mirror image layer to the server if the difference mirror image layer is detected to be the missing mirror image layer, so that the server loads the missing mirror image layering information corresponding to the missing mirror image layer from a local cache;
and the newly-added mirror image analysis module is used for acquiring mirror image data corresponding to the newly-added mirror image layer from the client side to analyze the mirror image data to obtain newly-added mirror image layered information if the difference mirror image layer is detected to be the newly-added mirror image layer, and sending a bug scanning request carrying the newly-added mirror image layered information to the server side.
The invention provides a client, which acquires mirror image data of a container to be scanned from a container engine of an edge network node; analyzing the mirror image data to obtain mirror image layering information, and sending a vulnerability scanning request carrying the mirror image layering information to a server of a cloud platform control center so that the server can perform vulnerability scanning based on the mirror image layering information; and receiving a scanning result sent by the server to complete the mirror image detection of the container to be scanned. Therefore, the container mirror image data in the edge network node can be timely detected, the security loophole of the running container in the edge network node can be found in advance, and the security and the reliability of the container mirror image in the edge network node can be ensured.
As an implementation of the method shown in fig. 3, an embodiment of the present invention provides a server, as shown in fig. 7, where the server includes:
the database downloading module 61 is used for downloading the vulnerability database from a third party for local storage;
the information extraction module 62 is configured to receive a vulnerability scanning request of a client of at least one edge network node, and extract mirror image layering information carried in the vulnerability scanning request according to a time sequence of receiving the vulnerability scanning request;
and the vulnerability scanning module 63 is used for carrying out vulnerability scanning on the mirror image layering information based on the vulnerability database and sending a scanning result to the client.
Further, the vulnerability scanning module further comprises:
the vulnerability matching unit is used for matching the data in the mirror image layering information with vulnerability data of different vulnerability types in the vulnerability database one by one;
and the result output unit is used for determining the vulnerability type corresponding to the vulnerability data which is successfully matched as the vulnerability result of the vulnerability scanning.
Further, the server further includes:
the storage module is used for storing the mirror image layering information into a local cache;
and the missing mirror image acquisition module is used for acquiring mirror image layering information of the missing mirror image layer to be inquired in the missing mirror image layer inquiry request from the local cache when the missing mirror image layer inquiry request sent by the client is received.
Further, the server further includes:
the newly added mirror image receiving module is used for receiving a vulnerability scanning request carrying the layered information of the newly added mirror image;
and the newly added mirror image scanning module is used for carrying out leak scanning on the layered information of the newly added mirror image based on the leak database and sending a scanning result to the client.
The invention provides a server, which is characterized in that a vulnerability database is downloaded from a third party for local storage; receiving a vulnerability scanning request of a client of at least one edge network node, and extracting mirror image layering information carried in the vulnerability scanning request according to the time sequence of receiving the vulnerability scanning request; and carrying out vulnerability scanning on the mirror image layering information based on the vulnerability database, and sending a scanning result to the client. The server side of the current cloud platform control center processes vulnerability scanning requests of the client sides of the edge network nodes to form a distributed vulnerability scanning structure, so that management of container mirror images of the client sides of the edge network nodes is facilitated, and storage pressure of the server side of the cloud platform control center is reduced.
According to an embodiment of the present invention, a storage medium is provided, where the storage medium stores at least one executable instruction, and the computer executable instruction may perform an operation corresponding to the container image detection method in any method embodiment described above.
Fig. 8 is a schematic structural diagram of a computer device according to an embodiment of the present invention, where the embodiment of the present invention does not limit the specific implementation of the computer device.
As shown in fig. 8, the computer apparatus may include: a processor (processor) 702, a Communications Interface 704, a memory 706, and a communication bus 708.
Wherein: the processor 702, communication interface 704, and memory 706 communicate with each other via a communication bus 708.
A communication interface 704 for communicating with network elements of other devices, such as clients or other servers.
The processor 702 is configured to execute the program 710, and may specifically execute relevant steps in the above data processing method embodiment.
In particular, the program 710 may include program code that includes computer operating instructions.
The processor 702 may be a central processing unit CPU, or an Application Specific Integrated Circuit ASIC (Application Specific Integrated Circuit), or one or more Integrated circuits configured to implement an embodiment of the present invention. The computer device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
The memory 706 stores a program 710. The memory 706 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 710 may specifically be used to cause the processor 702 to perform the following operations:
acquiring mirror image data of a container to be scanned from a container engine of an edge network node;
analyzing the mirror image data to obtain mirror image layered information, and sending a vulnerability scanning request carrying the mirror image layered information to a server side of a cloud platform control center so that the server side can perform vulnerability scanning based on the mirror image layered information;
and receiving a scanning result sent by the server side, and completing mirror image detection on the container to be scanned.
Fig. 9 is a schematic structural diagram of another computer device according to an embodiment of the present invention, and the specific embodiment of the present invention does not limit the specific implementation of the computer device.
As shown in fig. 9, the computer apparatus may include: a processor (processor) 802, a Communications Interface 804, a memory 806, and a communication bus 808.
Wherein: the processor 802, communication interface 804, and memory 806 communicate with one another via a communication bus 808.
A communication interface 804 for communicating with network elements of other devices, such as clients or other servers.
The processor 802 is configured to execute the program 810, and may specifically perform relevant steps in the above data processing method embodiments.
In particular, the program 810 may include program code comprising computer operating instructions.
The processor 802 may be a central processing unit CPU, or an Application Specific Integrated Circuit ASIC (Application Specific Integrated Circuit), or one or more Integrated circuits configured to implement embodiments of the present invention. The computer device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
The memory 806 stores a program 810. The memory 806 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 810 may be specifically configured to cause the processor 802 to perform the following operations:
downloading the vulnerability database from a third party for local storage;
receiving a vulnerability scanning request of a client of at least one edge network node, and extracting mirror image layering information carried in the vulnerability scanning request according to the time sequence of receiving the vulnerability scanning request;
and carrying out vulnerability scanning on the mirror image layering information based on the vulnerability database, and sending a scanning result to the client.
An embodiment of the present invention provides a system for detecting a container mirror image, as shown in fig. 10, including: a client 901 and a server 902;
the client 901 is configured to obtain mirror image data of a container to be scanned from a container engine of an edge network node;
the client 901 is further configured to analyze the mirror image data to obtain mirror image hierarchical information, and send a vulnerability scanning request carrying the mirror image hierarchical information to a server of a cloud platform control center, so that the server performs vulnerability scanning based on the mirror image hierarchical information;
the client 901 is further configured to receive a scanning result sent by the server, and complete mirror image detection on the container to be scanned.
The server 902 is configured to download the vulnerability database from a third party for local storage;
the server 902 is further configured to receive a vulnerability scanning request of a client of at least one edge network node, and extract mirror image hierarchical information carried in the vulnerability scanning request according to a time sequence of receiving the vulnerability scanning request;
the server 902 is further configured to perform vulnerability scanning on the mirror image layering information based on the vulnerability database, and send a scanning result to the client.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (13)

1. A detection method of a container mirror image is applied to a client of an edge network node, and is characterized by comprising the following steps:
acquiring mirror image data of a container to be scanned from a container engine of an edge network node;
analyzing the mirror image data to obtain mirror image layered information, and sending a vulnerability scanning request carrying the mirror image layered information to a server side of a cloud platform control center so that the server side can perform vulnerability scanning based on the mirror image layered information;
and receiving a scanning result sent by the server side, and completing mirror image detection on the container to be scanned.
2. The method of claim 1, wherein analyzing the mirrored data to obtain mirrored hierarchy information comprises:
acquiring code data of the mirror image data;
and obtaining mirror image layering information of the mirror image data by detecting the unique identification code information stored in each mirror image layer in the code data.
3. The method according to claim 2, wherein after receiving the scanning result sent by the server and completing the mirror image detection on the container to be scanned, the method further comprises:
acquiring a mirror image layered list of the container to be scanned from a container engine of the edge network node, and comparing a first mirror image layer in the mirror image layered list with a second mirror image layer in the mirror image layered information to obtain a difference mirror image layer;
if the difference mirror image layer is detected to be a missing mirror image layer, sending a missing mirror image layer query request to the server, so that the server loads missing mirror image layering information corresponding to the missing mirror image layer from a local cache;
and if the difference mirror image layer is detected to be a new mirror image layer, acquiring mirror image data corresponding to the new mirror image layer from the container engine, analyzing the mirror image data to obtain new mirror image layering information, and sending a bug scanning request carrying the new mirror image layering information to the server side.
4. A detection method of a container mirror image is applied to a server side of a cloud platform control center, and is characterized by comprising the following steps:
downloading the vulnerability database from a third party for local storage;
receiving a vulnerability scanning request of a client of at least one edge network node, and extracting mirror image layering information carried in the vulnerability scanning request according to the time sequence of receiving the vulnerability scanning request;
and carrying out vulnerability scanning on the mirror image layering information based on the vulnerability database, and sending a scanning result to the client.
5. The method of claim 4, wherein the vulnerability scanning the mirror layering information based on the vulnerability database comprises:
matching data in the mirror image hierarchical information with vulnerability data of different vulnerability types in the vulnerability database one by one;
and determining the vulnerability type corresponding to the vulnerability data which is successfully matched as the vulnerability result of the vulnerability scanning.
6. The method according to claim 4, wherein after receiving the vulnerability scanning request of the client of at least one edge network node and extracting the mirror image layering information carried in the vulnerability scanning request according to the time sequence of receiving the vulnerability scanning request, the method further comprises:
storing the mirror image layering information into a local cache;
and when a missing mirror image layer query request sent by the client is received, acquiring mirror image layering information of the missing mirror image layer to be queried in the missing mirror image layer query request from the local cache.
7. The method of claim 4, further comprising:
receiving a vulnerability scanning request carrying new added mirror image layering information;
and carrying out vulnerability scanning on the newly added mirror image layering information based on the vulnerability database, and sending a scanning result to the client.
8. A client, comprising:
the data acquisition module is used for acquiring mirror image data of a container to be scanned from a container engine of the edge network node;
the analysis and sending module is used for analyzing the mirror image data to obtain mirror image layering information and sending a vulnerability scanning request carrying the mirror image layering information to a server side of a cloud platform control center so that the server side can perform vulnerability scanning based on the mirror image layering information;
and the receiving module is used for receiving the scanning result sent by the server and completing the mirror image detection of the container to be scanned.
9. A server, comprising:
the database downloading module is used for downloading the vulnerability database from a third party for local storage;
the information extraction module is used for receiving a vulnerability scanning request of a client of at least one edge network node and extracting mirror image layering information carried in the vulnerability scanning request according to the time sequence of receiving the vulnerability scanning request;
and the vulnerability scanning module is used for carrying out vulnerability scanning on the mirror image layering information based on the vulnerability database and sending a scanning result to the client.
10. A storage medium having at least one executable instruction stored therein, the executable instruction executing an operation corresponding to the container image detection method according to any one of claims 1 to 3.
11. A computer device, comprising a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface are communicated with each other through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the operation corresponding to the detection method of the container image according to any one of claims 1-3.
12. A storage medium having at least one executable instruction stored therein, the executable instruction executing an operation corresponding to the container image detection method according to any one of claims 4 to 7.
13. A computer device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface are communicated with each other through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the operation corresponding to the detection method of the container image according to any one of claims 4-7.
CN202210927234.5A 2022-08-03 2022-08-03 Container mirror image detection method, client and server Pending CN115396159A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210927234.5A CN115396159A (en) 2022-08-03 2022-08-03 Container mirror image detection method, client and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210927234.5A CN115396159A (en) 2022-08-03 2022-08-03 Container mirror image detection method, client and server

Publications (1)

Publication Number Publication Date
CN115396159A true CN115396159A (en) 2022-11-25

Family

ID=84118603

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210927234.5A Pending CN115396159A (en) 2022-08-03 2022-08-03 Container mirror image detection method, client and server

Country Status (1)

Country Link
CN (1) CN115396159A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116436644A (en) * 2023-03-15 2023-07-14 中国人民解放军61660部队 Multi-engine-based large-scale network vulnerability rapid scanning method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116436644A (en) * 2023-03-15 2023-07-14 中国人民解放军61660部队 Multi-engine-based large-scale network vulnerability rapid scanning method and system

Similar Documents

Publication Publication Date Title
US20160119375A1 (en) Cloud security-based file processing method and apparatus
CN101743530B (en) Method and system for anti-virus scanning of partially available content
CN109800207B (en) Log analysis method, device and equipment and computer readable storage medium
US20180082061A1 (en) Scanning device, cloud management device, method and system for checking and killing malicious programs
CN110058864B (en) Micro-service deployment method and device
CN114911830B (en) Index caching method, device, equipment and storage medium based on time sequence database
CN112307374A (en) Jumping method, device and equipment based on backlog and storage medium
CN110968478A (en) Log collection method, server and computer storage medium
CN114531259A (en) Attack result detection method, device, system, computer device and medium
CN115396159A (en) Container mirror image detection method, client and server
US9411618B2 (en) Metadata-based class loading using a content repository
CN111026455A (en) Plug-in generation method, electronic device and storage medium
CN113626823B (en) Method and device for detecting interaction threat among components based on reachability analysis
CN114296747A (en) Installation method and device of software installation package
US11138075B2 (en) Method, apparatus, and computer program product for generating searchable index for a backup of a virtual machine
CN113420046A (en) Data operation method, device, equipment and storage medium of non-relational database
CN111291044A (en) Sensitive data identification method and device, electronic equipment and storage medium
CN111400243A (en) Research and development management system based on pipeline service and file storage method and device
CN115002079B (en) Short address generation method, device, equipment and storage medium
CN116301950B (en) Docker image generation method, device, equipment and storage medium
CN112433743B (en) File updating method and device, electronic equipment and storage medium
US11356853B1 (en) Detection of malicious mobile apps
US20240028317A1 (en) System and method for mapping source code components and risks to runtime
US10313366B1 (en) Retroactive identification of previously unknown malware based on network traffic analysis from a sandbox environment
CN117556419A (en) Override analysis method, device, system and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination