WO2022247226A1 - Applet monitoring method and device - Google Patents

Applet monitoring method and device Download PDF

Info

Publication number
WO2022247226A1
WO2022247226A1 PCT/CN2021/137053 CN2021137053W WO2022247226A1 WO 2022247226 A1 WO2022247226 A1 WO 2022247226A1 CN 2021137053 W CN2021137053 W CN 2021137053W WO 2022247226 A1 WO2022247226 A1 WO 2022247226A1
Authority
WO
WIPO (PCT)
Prior art keywords
applet
source code
security
primary selection
primary
Prior art date
Application number
PCT/CN2021/137053
Other languages
French (fr)
Chinese (zh)
Inventor
徐浩冬
Original Assignee
深圳前海微众银行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海微众银行股份有限公司 filed Critical 深圳前海微众银行股份有限公司
Publication of WO2022247226A1 publication Critical patent/WO2022247226A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes

Definitions

  • any primary selection applet For any primary selection applet, according to the application identifier of the primary selection applet, send a record acquisition request to the server of the primary selection applet;
  • a change alarm is issued for the target applet
  • the query unit is specifically used for:
  • a record acquisition request is sent to the server of the primary selection applet.
  • the scanning unit is specifically used for:
  • a change alarm is issued for the target applet
  • FIG. 1 is a schematic structural diagram of a possible system architecture provided by an embodiment of the present invention
  • FIG. 1 it is a schematic diagram of an application architecture of a method for processing operation rights in an embodiment of the present invention.
  • the system architecture includes a terminal device 100 and a server 200 .
  • the memory 120 may include Read Only Memory (ROM) and Random Access Memory (RAM), and provides program instructions and data stored in the memory 120 to the processor 110 .
  • the memory 120 may be used to store the program of the applet monitoring method in the embodiment of the present invention.
  • a simulator is used to establish a session with the server of the primary selection applet according to the application identifier of the primary selection applet, and the simulator is used to send data packets to the server of the primary selection applet according to a set frequency to keep the session;
  • Fig. 5 shows a schematic diagram of the interface of the applet change alarm.
  • the change information of one applet whose information has been changed may be displayed to the user, or the change information of multiple applets whose information has been changed within a period of time may be displayed.
  • the query unit 602 is specifically configured to:

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Technology Law (AREA)
  • Strategic Management (AREA)
  • Marketing (AREA)
  • Finance (AREA)
  • Computing Systems (AREA)
  • Development Economics (AREA)
  • Accounting & Taxation (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The present invention relates to the technical field of data processing in financial technology (Fintech), and in particular to an applet monitoring method and device, for use in improving data security monitoring efficiency and ensuring data security. The method in embodiments of the present invention comprises: in response to a monitoring operation for primarily selected applets, obtaining application identifiers of N primarily selected applets, wherein N is a positive integer; according to the application identifiers, querying change records of the N primarily selected applets; on the basis of the change records, determining from the N primarily selected applets a target applet whose information has changed; obtaining a source code of the target applet, and performing a security scan on the target applet on the basis of the source code; and determining a security level of the target applet according to the result of the security scan.

Description

一种小程序监控方法及装置A small program monitoring method and device
相关申请的交叉引用Cross References to Related Applications
本申请要求在2021年05月28日提交中国专利局、申请号为202110589518.3、申请名称为“一种小程序监控方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202110589518.3 and the application name "A Small Program Monitoring Method and Device" submitted to the China Patent Office on May 28, 2021, the entire contents of which are incorporated in this application by reference middle.
技术领域technical field
本发明涉及金融科技(Fintech)中的数据处理技术领域,尤其涉及一种小程序监控方法及装置。The invention relates to the technical field of data processing in financial technology (Fintech), in particular to a small program monitoring method and device.
背景技术Background technique
随着计算机技术的发展,越来越多的技术应用在金融领域,传统金融业正在逐步向金融科技(Finteh)转变,但由于金融行业的安全性、实时性要求,也对技术提出的更高的要求。With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually transforming into financial technology (Finteh). However, due to the security and real-time requirements of the financial industry, higher requirements are placed on technology requirements.
小程序是一种不需要下载安装即可使用的应用,用户扫一扫或者搜一下即可打开应用,不用关心是否安装太多应用的问题。对于开发者而言,小程序开发门槛相对较低,难度低于APP(应用程序,Application),能够满足简单的基础应用,适合生活服务类线下商铺以及非刚需低频应用的转换。对于用户来说,能够节约使用时间成本和手机内存空间;对于开发者来说也能节约开发和推广成本。A small program is an application that can be used without downloading and installing. Users can scan or search to open the application without worrying about whether to install too many applications. For developers, the development threshold of small programs is relatively low, and the difficulty is lower than that of APP (Application, Application). For users, it can save time cost and mobile phone memory space; for developers, it can also save development and promotion costs.
针对小程序进行安全风险评估检测时,现有技术方案主要为通过研发流程管控和内部资产管理系统进行接口对接收集,而安全检测则需要人工干预进行检测,整个方案涉及多个关联系统并且需要大量人工干预,时效性差无法实时发现小程序安全风险,满足不了现有的安全需求。When conducting security risk assessment and testing for small programs, the existing technical solutions mainly use the R&D process control and internal asset management system to interface with the receiving set, while security testing requires manual intervention for testing. The entire solution involves multiple related systems and requires a large number of Manual intervention, poor timeliness, unable to discover small program security risks in real time, and cannot meet existing security needs.
发明内容Contents of the invention
本申请提供一种小程序监控方法及装置,用以提高对数据安全监测的效率,保障数据安全。The present application provides a small program monitoring method and device to improve the efficiency of data security monitoring and ensure data security.
本发明实施例提供的一种小程序监控方法,所述方法包括:A small program monitoring method provided by an embodiment of the present invention, the method includes:
响应于针对初选小程序的监控操作,获取N个初选小程序的应用标识,N为正整数;Responding to the monitoring operation for the primary selection applet, obtain the application identifiers of the N primary selection applets, where N is a positive integer;
根据所述应用标识,查询所述N个初选小程序的变更记录;According to the application identification, query the change records of the N primary selection applets;
基于所述变更记录,从所述N个初选小程序中确定存在信息变更的目标小程序;Based on the change record, determine a target applet with information changes from the N primary selection applets;
获取所述目标小程序的源码,并基于所述源码对所述目标小程序进行安全扫描,生成安全扫描的结果。Acquire the source code of the target applet, and perform a security scan on the target applet based on the source code to generate a security scan result.
一种可选的实施例中,所述获取N个初选小程序的应用标识之后,所述根据所述应用标识,查询所述N个初选小程序的变更记录之前,还包括:In an optional embodiment, after acquiring the application identifiers of the N primary-selected applets, before querying the change records of the N primary-selected applets according to the application identifiers, the method further includes:
针对任一初选小程序,根据所述初选小程序的应用标识,判断所述初选小程序是否在白名单中;For any primary selection applet, judge whether the primary selection applet is in the whitelist according to the application identifier of the primary selection applet;
若是,则执行所述根据所述应用标识,查询所述初选小程序的变更记录的步骤;If so, execute the step of querying the change record of the primary selection applet according to the application identifier;
若否,则结束对所述初选小程序的数据监控。If not, end the data monitoring of the primary selection applet.
一种可选的实施例中,所述根据所述应用标识,查询所述N个初选小程序的变更记录,包括:In an optional embodiment, the querying the change records of the N primary applets according to the application identification includes:
针对任一初选小程序,根据所述初选小程序的应用标识,向所述初选小程序的服务器发送记录获取请求;For any primary selection applet, according to the application identifier of the primary selection applet, send a record acquisition request to the server of the primary selection applet;
接收服务器反馈的记录获取响应,所述记录获取响应中包括所述初选小程序的变更记录。A record acquisition response fed back by the server is received, and the record acquisition response includes the change record of the primary selected applet.
一种可选的实施例中,所述根据所述初选小程序的应用标识,向所述初选小程序的服务器发送记录获取请求,包括:In an optional embodiment, the sending a record acquisition request to the server of the primary selection applet according to the application identifier of the primary selection applet includes:
利用模拟器,根据所述初选小程序的应用标识,与所述初选小程序的服 务器之间建立会话,所述模拟器用于按照设定频率向所述初选小程序的服务器发送数据包以保持所述会话;A simulator is used to establish a session with the server of the primary selection applet according to the application identifier of the primary selection applet, and the simulator is used to send data packets to the server of the primary selection applet according to a set frequency to maintain said session;
基于所述会话,向所述初选小程序的服务器发送记录获取请求。Based on the session, a record acquisition request is sent to the server of the primary selection applet.
一种可选的实施例中,所述获取所述目标小程序的源码,包括:In an optional embodiment, the acquiring the source code of the target applet includes:
利用模拟器,向所述目标小程序的服务器发送访问请求;sending an access request to the server of the target applet by using a simulator;
接收所述目标小程序的服务器反馈的访问响应,所述访问响应中包括所述目标小程序的源码;receiving an access response fed back by the server of the target applet, where the access response includes the source code of the target applet;
将所述目标小程序的源码进行保存。The source code of the target applet is saved.
一种可选的实施例中,所述基于所述源码对所述目标小程序进行安全扫描,生成安全扫描结果,包括:In an optional embodiment, the performing a security scan on the target applet based on the source code to generate a security scan result includes:
对所述目标小程序的源码进行反编译;Decompiling the source code of the target applet;
对反编译后的源码进行安全扫描,生成安全扫描结果。Perform a security scan on the decompiled source code and generate a security scan result.
一种可选的实施例中,所述对反编译后的源码进行安全扫描,生成安全扫描结果,包括:In an optional embodiment, performing a security scan on the decompiled source code to generate a security scan result includes:
获取安全扫描脚本;Get the security scan script;
利用所述安全扫描脚本对所述反编译后的源码进行扫描,确定所述反编译后的源码中是否存在与预设规则相匹配的敏感信息;Using the security scanning script to scan the decompiled source code to determine whether there is sensitive information matching preset rules in the decompiled source code;
若所述反编译后的源码中存在与预设规则相匹配的敏感信息,则确定所述安全扫描的结果为所述源码中存在安全漏洞。If there is sensitive information matching preset rules in the decompiled source code, it is determined that the security scan result indicates that there is a security hole in the source code.
一种可选的实施例中,所述基于所述变更记录,从所述N个初选小程序中确定存在信息变更的目标小程序之后,还包括:In an optional embodiment, after determining the target applet with information change from the N primary applets based on the change record, the method further includes:
针对所述目标小程序,进行变更告警;A change alarm is issued for the target applet;
所述生成安全扫描的结果,包括:The results of the generated security scan include:
若所述安全扫描的结果为所述源码中存在安全漏洞,则确定所述目标小程序为低安全等级;If the result of the security scan is that there is a security hole in the source code, then determine that the target applet has a low security level;
根据所述目标小程序为低安全等级,进行安全告警。According to the low security level of the target applet, a security alarm is issued.
本发明实施例还提供一种小程序监控装置,包括:An embodiment of the present invention also provides a small program monitoring device, including:
响应单元,用于响应于针对初选小程序的监控操作,获取N个初选小程序的应用标识,N为正整数;A response unit, configured to respond to the monitoring operation for the primary selection applet, and obtain the application identifiers of the N primary selection applets, where N is a positive integer;
查询单元,用于根据所述应用标识,查询所述N个初选小程序的变更记录;A query unit, configured to query the change records of the N primary-selected applets according to the application identifier;
变更单元,用于基于所述变更记录,从所述N个初选小程序中确定存在信息变更的目标小程序;A change unit, configured to determine, from the N primary selected applets, a target applet with information change based on the change record;
扫描单元,用于获取所述目标小程序的源码,并基于所述源码对所述目标小程序进行安全扫描,生成安全扫描的结果。The scanning unit is configured to obtain the source code of the target applet, and perform a security scan on the target applet based on the source code to generate a security scan result.
一种可选的实施例中,还包括初选单元,用于:In an optional embodiment, a primary selection unit is also included for:
针对任一初选小程序,根据所述初选小程序的应用标识,判断所述初选小程序是否在白名单中;For any primary selection applet, judge whether the primary selection applet is in the whitelist according to the application identifier of the primary selection applet;
若是,则执行所述根据所述应用标识,查询所述初选小程序的变更记录的步骤;If so, execute the step of querying the change record of the primary selection applet according to the application identifier;
若否,则结束对所述初选小程序的数据监控。If not, end the data monitoring of the primary selection applet.
一种可选的实施例中,所述查询单元,具体用于:In an optional embodiment, the query unit is specifically used for:
针对任一初选小程序,根据所述初选小程序的应用标识,向所述初选小程序的服务器发送记录获取请求;For any primary selection applet, according to the application identifier of the primary selection applet, send a record acquisition request to the server of the primary selection applet;
接收服务器反馈的记录获取响应,所述记录获取响应中包括所述初选小程序的变更记录。A record acquisition response fed back by the server is received, and the record acquisition response includes the change record of the primary selected applet.
一种可选的实施例中,所述查询单元,具体用于:In an optional embodiment, the query unit is specifically used for:
利用模拟器,根据所述初选小程序的应用标识,与所述初选小程序的服务器之间建立会话,所述模拟器用于按照设定频率向所述初选小程序的服务器发送数据包以保持所述会话;A simulator is used to establish a session with the server of the primary selection applet according to the application identifier of the primary selection applet, and the simulator is used to send data packets to the server of the primary selection applet according to a set frequency to maintain said session;
基于所述会话,向所述初选小程序的服务器发送记录获取请求。Based on the session, a record acquisition request is sent to the server of the primary selection applet.
一种可选的实施例中,所述扫描单元,具体用于:In an optional embodiment, the scanning unit is specifically used for:
利用模拟器,向所述目标小程序的服务器发送访问请求;sending an access request to the server of the target applet by using a simulator;
接收所述目标小程序的服务器反馈的访问响应,所述访问响应中包括所 述目标小程序的源码;Receive the access response fed back by the server of the target applet, where the access response includes the source code of the target applet;
将所述目标小程序的源码进行保存。The source code of the target applet is saved.
一种可选的实施例中,所述扫描单元,具体用于:In an optional embodiment, the scanning unit is specifically used for:
对所述目标小程序的源码进行反编译;Decompiling the source code of the target applet;
对反编译后的源码进行安全扫描,生成安全扫描结果。Perform a security scan on the decompiled source code and generate a security scan result.
一种可选的实施例中,所述扫描单元,具体用于:In an optional embodiment, the scanning unit is specifically used for:
获取安全扫描脚本;Get the security scan script;
利用所述安全扫描脚本对所述反编译后的源码进行扫描,确定所述反编译后的源码中是否存在与预设规则相匹配的敏感信息;Using the security scanning script to scan the decompiled source code to determine whether there is sensitive information matching preset rules in the decompiled source code;
若所述反编译后的源码中存在与预设规则相匹配的敏感信息,则确定所述安全扫描的结果为所述源码中存在安全漏洞。If there is sensitive information matching preset rules in the decompiled source code, it is determined that the security scan result indicates that there is a security hole in the source code.
一种可选的实施例中,还包括告警单元,用于:In an optional embodiment, an alarm unit is also included for:
针对所述目标小程序,进行变更告警;A change alarm is issued for the target applet;
若所述安全扫描的结果为所述源码中存在安全漏洞,则确定所述目标小程序为低安全等级;If the result of the security scan is that there is a security hole in the source code, then determine that the target applet has a low security level;
根据所述目标小程序为低安全等级,进行安全告警。According to the low security level of the target applet, a security alarm is issued.
本发明实施例还提供一种电子设备,包括:The embodiment of the present invention also provides an electronic device, including:
至少一个处理器;以及,at least one processor; and,
与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein,
所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行如上所述的方法。The memory stores instructions executable by the at least one processor, the instructions are executed by the at least one processor to enable the at least one processor to perform the method as described above.
本发明实施例还提供一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令用于使所述计算机执行如上所述的方法。An embodiment of the present invention also provides a non-transitory computer-readable storage medium, where the non-transitory computer-readable storage medium stores computer instructions, and the computer instructions are used to cause the computer to execute the method as described above.
本发明实施例提供了一种小程序监控方法,应用于终端设备。用户在终端的显示界面中输入监控操作,终端响应于针对初选小程序的监控操作,获取N个初选小程序的应用标识。根据应用标识,终端查询N个初选小程序的 变更记录,并基于变更记录,从N个初选小程序中确定存在信息变更的初选小程序作为目标小程序。终端获取目标小程序的源码,并基于源码对目标小程序进行安全扫描,生成安全扫描的结果,从而实现对目标小程序的安全监控。本发明实施例仅需用户输入监控操作,即可实现实时监控初选小程序的变更记录,并进行安全扫描,从而可以实时有效发现安全问题并及时进行安全告警,从而提高了数据安全风险监控的效率,有效保障数据安全。An embodiment of the present invention provides a small program monitoring method, which is applied to a terminal device. The user inputs a monitoring operation on the display interface of the terminal, and the terminal acquires the application identifiers of the N primary-selected applets in response to the monitoring operation on the primary-selected applets. According to the application identification, the terminal queries the change records of the N primary applets, and based on the change records, determines the primary applet with information change from the N primary applets as the target applet. The terminal obtains the source code of the target applet, and performs a security scan on the target applet based on the source code, and generates a security scanning result, thereby realizing security monitoring of the target applet. The embodiment of the present invention only needs the user to input the monitoring operation to realize real-time monitoring of the change record of the primary selection applet and perform security scanning, so that security problems can be effectively found in real time and security alarms can be issued in time, thereby improving the efficiency of data security risk monitoring Efficiency and effective protection of data security.
附图说明Description of drawings
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present invention. For Those of ordinary skill in the art can also obtain other drawings based on these drawings without any creative effort.
图1为本发明实施例提供的一种可能的系统构架的结构示意图;FIG. 1 is a schematic structural diagram of a possible system architecture provided by an embodiment of the present invention;
图2为本发明实施例提供的一种小程序监控方法的流程示意图;FIG. 2 is a schematic flowchart of a small program monitoring method provided by an embodiment of the present invention;
图3为本发明实施例提供的小程序初筛的流程示意图;Fig. 3 is a schematic flow chart of the preliminary screening of small programs provided by the embodiment of the present invention;
图4为本发明实施例提供的小程序变更监控的过程示意图;Fig. 4 is a schematic diagram of the process of mini program change monitoring provided by the embodiment of the present invention;
图5为本发明实施例提供的小程序变更告警的界面示意图;Fig. 5 is a schematic diagram of the interface of the applet change alarm provided by the embodiment of the present invention;
图6为本发明实施例提供的一种小程序监控装置的结构示意图;Fig. 6 is a schematic structural diagram of a small program monitoring device provided by an embodiment of the present invention;
图7为本发明实施例提供的电子设备的结构示意图。FIG. 7 is a schematic structural diagram of an electronic device provided by an embodiment of the present invention.
具体实施方式Detailed ways
为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作进一步地详细描述,显然,所描述的实施例仅仅是本发明一部份实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, rather than all embodiments . Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.
参阅图1所示,为本发明实施例中操作权限的处理方法的应用架构示意 图,该系统架构包括终端设备100、服务器200。Referring to FIG. 1 , it is a schematic diagram of an application architecture of a method for processing operation rights in an embodiment of the present invention. The system architecture includes a terminal device 100 and a server 200 .
终端设备100可以是移动的,也可以是固定的电子设备。例如,手机、平板电脑、笔记本电脑、台式电脑、各类可穿戴设备、智能电视、车载设备或其它能够实现上述功能的电子设备等。终端设备100中可以安装各类软件和小程序,能够接收并处理用户的监控操作,并基于该监控操作对小程序进行安全监控。The terminal device 100 may be a mobile device or a fixed electronic device. For example, mobile phones, tablet computers, notebook computers, desktop computers, various wearable devices, smart TVs, vehicle-mounted devices, or other electronic devices that can achieve the above functions. Various software and applets can be installed in the terminal device 100, which can receive and process user monitoring operations, and perform security monitoring on the applets based on the monitoring operations.
终端设备100与服务器200之间可以通过互联网相连,实现相互之间的通信。可选地,上述的互联网使用标准通信技术和/或协议。互联网通常为因特网、但也可以是任何网络,包括但不限于局域网(Local Area Network,LAN)、城域网(Metropolitan Area Network,MAN)、广域网(Wide Area Network,WAN)、移动、有线或者无线网络、专用网络或者虚拟专用网络的任何组合。在一些实施例中,使用包括超文本标记语言(Hyper Text Mark-up Language,HTML)、可扩展标记语言(Extensible Markup Language,XML)等的技术和/或格式来代表通过网络交换的数据。此外还可以使用诸如安全套接字层(Secure Socket Layer,SSL)、传输层安全(Transport Layer Security,TLS)、虚拟专用网络(Virtual Private Network,VPN)、网际协议安全(Internet Protocol Security,IPsec)等常规加密技术来加密所有或者一些链路。在另一些实施例中,还可以使用定制和/或专用数据通信技术取代或者补充上述数据通信技术。The terminal device 100 and the server 200 may be connected through the Internet to realize mutual communication. Optionally, the aforementioned Internet uses standard communication technologies and/or protocols. The Internet is usually the Internet, but can be any network, including but not limited to Local Area Network (LAN), Metropolitan Area Network (MAN), Wide Area Network (WAN), mobile, wired or wireless Any combination of network, private network, or virtual private network. In some embodiments, data exchanged over a network is represented using technologies and/or formats including Hyper Text Mark-up Language (HTML), Extensible Markup Language (XML), and the like. In addition, you can also use methods such as Secure Socket Layer (Secure Socket Layer, SSL), Transport Layer Security (Transport Layer Security, TLS), Virtual Private Network (Virtual Private Network, VPN), Internet Protocol Security (Internet Protocol Security, IPsec) and other conventional encryption techniques to encrypt all or some links. In some other embodiments, customized and/or dedicated data communication technologies may also be used to replace or supplement the above data communication technologies.
服务器200可以为终端设备100提供各种网络服务,服务器200可以采用云计算技术进行信息处理。其中,服务器200可以是独立的物理服务器,也可以是多个物理服务器构成的服务器集群或者分布式系统,还可以是提供云服务、云数据库、云计算、云函数、云存储、网络服务、云通信、中间件服务、域名服务、安全服务、CDN、以及大数据和人工智能平台等基础云计算服务的云服务器。终端可以是智能手机、平板电脑、笔记本电脑、台式计算机、智能音箱、智能手表等,但并不局限于此。终端以及服务器可以通过有线或无线通信方式进行直接或间接地连接,本申请在此不做限制。The server 200 can provide various network services for the terminal device 100, and the server 200 can use cloud computing technology to process information. Wherein, the server 200 can be an independent physical server, or a server cluster or a distributed system composed of multiple physical servers, and can also provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud Cloud servers for basic cloud computing services such as communications, middleware services, domain name services, security services, CDN, and big data and artificial intelligence platforms. The terminal may be a smart phone, a tablet computer, a laptop computer, a desktop computer, a smart speaker, a smart watch, etc., but is not limited thereto. The terminal and the server may be connected directly or indirectly through wired or wireless communication, which is not limited in this application.
具体地,终端设备100可以包括处理器(Center Processing Unit,CPU) 110、存储器120、输入设备130和输出设备140等,输入设备130可以包括键盘、鼠标、触摸屏等,输出设备140可以包括显示设备,如液晶显示器(Liquid Crystal Display,LCD)、阴极射线管(Cathode Ray Tube,CRT)等。Specifically, the terminal device 100 may include a processor (Center Processing Unit, CPU) 110, a memory 120, an input device 130, an output device 140, etc., the input device 130 may include a keyboard, a mouse, a touch screen, etc., and the output device 140 may include a display device , such as liquid crystal display (Liquid Crystal Display, LCD), cathode ray tube (Cathode Ray Tube, CRT) and so on.
存储器120可以包括只读存储器(ROM)和随机存取存储器(RAM),并向处理器110提供存储器120中存储的程序指令和数据。在本发明实施例中,存储器120可以用于存储本发明实施例中小程序监控方法的程序。The memory 120 may include Read Only Memory (ROM) and Random Access Memory (RAM), and provides program instructions and data stored in the memory 120 to the processor 110 . In the embodiment of the present invention, the memory 120 may be used to store the program of the applet monitoring method in the embodiment of the present invention.
处理器110通过调用存储器120存储的程序指令,处理器110用于按照获得的程序指令执行本发明实施例中任一种小程序监控方法的步骤。The processor 110 invokes the program instructions stored in the memory 120, and the processor 110 is configured to execute the steps of any applet monitoring method in the embodiments of the present invention according to the obtained program instructions.
基于上述架构,本发明实施例提供了一种小程序监控方法,可以用于监控终端设备中的小程序,以下内容中以监控的对象为小程序为例进行说明。如图2所示,本发明实施例提供的小程序监控方法应用于终端设备时,方法包括以下步骤:Based on the above architecture, embodiments of the present invention provide a method for monitoring applets, which can be used to monitor applets in a terminal device. The following content is described by taking applets as objects of monitoring as an example. As shown in Figure 2, when the applet monitoring method provided by the embodiment of the present invention is applied to a terminal device, the method includes the following steps:
步骤201、终端响应于针对初选小程序的监控操作,获取N个初选小程序的应用标识,N为正整数。 Step 201 , the terminal acquires the application identifiers of N primary selected applets in response to the monitoring operation on the primary selected applets, where N is a positive integer.
具体实施过程中,用户向终端显示的界面中进行监控操作,该监控操作可以是点击,例如点击需要监控的小程序图标;也可以是用户在输入框中输入小程序的名称进行搜索。这里,监控操作对应的小程序数量不限,可以是一个,也可以是多个。例如输入“安全监控”进行搜索,则终端确定名称中包含“安全监控”的小程序,包括:安全监控小程序A、安全监控小程序B、安全监控小程序C等。During the specific implementation process, the user performs a monitoring operation on the interface displayed on the terminal. The monitoring operation may be clicking, for example, clicking on the icon of the applet to be monitored; it may also be that the user enters the name of the applet in the input box to search. Here, the number of applets corresponding to the monitoring operation is not limited, and may be one or multiple. For example, if you input "security monitoring" to search, the terminal determines the applets whose names contain "security monitoring", including: security monitoring applet A, security monitoring applet B, security monitoring applet C, and so on.
步骤202、根据所述应用标识,查询所述N个初选小程序的变更记录。Step 202: Query the change records of the N primary-selected applets according to the application identification.
具体实施过程中,当小程序的信息变更之后,会将变更的信息进行记录。这里小程序的变更包括版本变更、名称变更等,变更记录中除了记录变更的信息,还可以记录有变更时间、变更的小程序名称。During the specific implementation process, when the information of the applet is changed, the changed information will be recorded. The change of the applet here includes version change, name change, etc. In addition to recording the changed information, the change record can also record the time of change and the name of the changed applet.
本发明实施例中的应用标识可以具有唯一性,即任意两个不同的小程序具有不同的应用标识,例如将小程序的APPID作为应用标识。The application identifier in the embodiment of the present invention may be unique, that is, any two different applets have different application identifiers, for example, the APPID of the applet is used as the application identifier.
应用标识也可以是不唯一的,即不同的小程序具有相同的应用标识,例 如上述将“安全监控”作为应用标识,即将小程序的名称中的部分信息作为应用标识。这种情况下,在查询该小程序的变更记录时,还需要基于应用标识,提取该小程序的唯一标识,如APPID、URL(Uniform Resource Locator,统一资源定位器)等,以便于区分不同的小程序,便于后续监控。之后,则可以基于小程序的唯一标识,分别查询N个小程序的变更记录。The application identification can also be non-unique, that is, different applets have the same application identification, for example, "security monitoring" is used as the application identification above, and part of the information in the name of the applet is used as the application identification. In this case, when querying the change record of the applet, it is also necessary to extract the unique identifier of the applet based on the application identifier, such as APPID, URL (Uniform Resource Locator, Uniform Resource Locator), etc., so as to distinguish different Small program for easy follow-up monitoring. After that, based on the unique identifier of the applet, the change records of N applets can be queried respectively.
步骤203、基于所述变更记录,从所述N个初选小程序中确定存在信息变更的目标小程序。 Step 203 , based on the change record, determine a target applet with information change from the N preliminary selected applets.
具体实施过程中,数据库中可以记录有小程序的信息。将查询到的变更记录与数据库中记录的小程序信息进行对比,如果两者不一致,则表明该小程序的信息存在变更,将该小程序作为目标小程序,并根据变更信息更新数据库中小程序的信息。During the specific implementation process, the information of the applet may be recorded in the database. Compare the queried change record with the applet information recorded in the database. If the two are inconsistent, it indicates that the information of the applet has changed. Set the applet as the target applet, and update the applet information in the database according to the change information. information.
步骤204、获取所述目标小程序的源码,并基于所述源码对所述目标小程序进行安全扫描,生成安全扫描的结果。Step 204: Obtain the source code of the target applet, and perform a security scan on the target applet based on the source code to generate a security scan result.
本发明实施例提供了一种小程序监控方法,应用于终端设备。用户在终端的显示界面中输入监控操作,终端响应于针对初选小程序的监控操作,获取N个初选小程序的应用标识。根据应用标识,终端查询N个初选小程序的变更记录,并基于变更记录,从N个初选小程序中确定存在信息变更的初选小程序作为目标小程序。终端获取目标小程序的源码,并基于源码对目标小程序进行安全扫描。根据安全扫描结果,终端确定目标小程序的安全等级,从而实现对目标小程序的安全监控。本发明实施例仅需用户输入监控操作,即可实现实时监控初选小程序的变更记录,并进行安全扫描,从而可以实时有效发现安全问题并及时进行安全告警,从而提高了数据安全风险监控的效率,有效保障数据安全。An embodiment of the present invention provides a small program monitoring method, which is applied to a terminal device. The user inputs a monitoring operation on the display interface of the terminal, and the terminal acquires the application identifiers of the N primary-selected applets in response to the monitoring operation on the primary-selected applets. According to the application identification, the terminal queries the change records of the N primary applets, and based on the change records, determines the primary applet with information change from the N primary applets as the target applet. The terminal obtains the source code of the target applet, and performs a security scan on the target applet based on the source code. According to the security scanning result, the terminal determines the security level of the target applet, so as to realize the security monitoring of the target applet. The embodiment of the present invention only needs the user to input the monitoring operation to realize real-time monitoring of the change record of the primary selection applet and perform security scanning, so that security problems can be effectively found in real time and security alarms can be issued in time, thereby improving the efficiency of data security risk monitoring Efficiency and effective protection of data security.
进一步地,所述获取N个初选小程序的应用标识之后,所述根据所述应用标识,查询所述N个初选小程序的变更记录之前,还包括:Further, after acquiring the application identifiers of the N primary-selected applets, before querying the change records of the N primary-selected applets according to the application identifiers, the method further includes:
针对任一初选小程序,根据所述初选小程序的应用标识,判断所述初选小程序是否在白名单中;For any primary selection applet, judge whether the primary selection applet is in the whitelist according to the application identifier of the primary selection applet;
若是,则执行所述根据所述应用标识,查询所述初选小程序的变更记录的步骤;If so, execute the step of querying the change record of the primary selection applet according to the application identifier;
若否,则结束对所述初选小程序的数据监控。If not, end the data monitoring of the primary selection applet.
具体实施过程中,为了选出可以进行监控的小程序,利用白名单对初选小程序进行筛选。这里的白名单可以保存在终端中,当需要进行初筛时,直接从终端中获取白名单进行比对。白名单也可以保存在服务器中,当需要进行初筛时,终端从服务器中获取白名单。In the specific implementation process, in order to select the applets that can be monitored, the white list is used to screen the primary applets. The whitelist here can be saved in the terminal, and when a preliminary screening is required, the whitelist can be obtained directly from the terminal for comparison. The white list can also be saved in the server, and when a preliminary screening is required, the terminal obtains the white list from the server.
具体进行初筛的标准不做限制,本发明实施例中利用开发者对小程序进行筛选。图3示出了对小程序进行初筛的流程示意图。如图3所示,获取小程序的开发者名称,与白名单中的开发者名称进行对比,若确定小程序的开发者名称在白名单中,则执行后续的监控步骤,包括获取小程序的APPID、name、URL等字段,并存入数据库mysql中,方便后续对小程序进行变更监控。The specific criteria for the primary screening are not limited. In the embodiment of the present invention, developers are used to screen the applets. Fig. 3 shows a schematic flow chart of preliminary screening of applets. As shown in Figure 3, obtain the developer name of the applet and compare it with the developer name in the white list. If it is determined that the developer name of the applet is in the white list, then perform subsequent monitoring steps, including obtaining the applet Fields such as APPID, name, and URL are stored in the database mysql to facilitate subsequent change monitoring of the applet.
若小程序的开发者不在白名单中,则直接结束对该小程序的监控。If the developer of the applet is not in the white list, the monitoring of the applet will be ended directly.
由于本发明实施例中初选小程序的数量不限,因此,需要对每一个初选小程序进行白名单对比,确定后续针对该初选小程序的操作。Since the number of primary selection applets is not limited in the embodiment of the present invention, it is necessary to perform a whitelist comparison for each primary selection applet to determine subsequent operations for the primary selection applet.
进一步地,所述根据所述应用标识,查询所述N个初选小程序的变更记录,包括:Further, the querying the change records of the N primary selected applets according to the application identification includes:
针对任一初选小程序,根据所述初选小程序的应用标识,向所述初选小程序的服务器发送记录获取请求;For any primary selection applet, according to the application identifier of the primary selection applet, send a record acquisition request to the server of the primary selection applet;
接收服务器反馈的记录获取响应,所述记录获取响应中包括所述初选小程序的变更记录。A record acquisition response fed back by the server is received, and the record acquisition response includes the change record of the primary selected applet.
具体实施过程中,针对上述已经确定为白名单中的小程序,对其进行变更监控。其中变更记录需要从小程序对应的服务器中获取。具体来说,可以基于小程序的APPID,调用小程序的官方接口,向小程序的服务器发送记录获取请求,以查询该小程序的相关信息。During the specific implementation process, for the above-mentioned applets that have been determined to be in the white list, they are monitored for changes. The change record needs to be obtained from the server corresponding to the applet. Specifically, based on the APPID of the applet, the official interface of the applet can be invoked, and a record acquisition request can be sent to the server of the applet to query the relevant information of the applet.
进一步地,所述根据所述初选小程序的应用标识,向所述初选小程序的 服务器发送记录获取请求,包括:Further, the sending a record acquisition request to the server of the primary selection applet according to the application identifier of the primary selection applet includes:
利用模拟器,根据所述初选小程序的应用标识,与所述初选小程序的服务器之间建立会话,所述模拟器用于按照设定频率向所述初选小程序的服务器发送数据包以保持会话;A simulator is used to establish a session with the server of the primary selection applet according to the application identifier of the primary selection applet, and the simulator is used to send data packets to the server of the primary selection applet according to a set frequency to keep the session;
基于会话,向所述初选小程序的服务器发送记录获取请求。Based on the session, a record acquisition request is sent to the server of the primary selection applet.
具体来说,在小程序变更记录的查询中,使用到了会话标识X-WECHAT-KEY和用户标识X-WECHAT-UIN。终端与小程序的服务器之间基于X-WECHAT-UIN建立会话,即用户需要进行登录后建立会话。会话对应唯一的X-WECHAT-KEY。由于X-WECHAT-KEY为小程序查询时的会话KEY,有2个小时的有效期,为了确保会话能够保持长时间有效,在终端上使用模拟器对小程序进行模拟点击,即定时点击小程序,向小程序对应的服务器发送数据包,以触发生成新的X-WECHAT-KEY来保持会话不失效。Specifically, the session identifier X-WECHAT-KEY and user identifier X-WECHAT-UIN are used in the query of the applet change record. The session between the terminal and the server of the applet is established based on X-WECHAT-UIN, that is, the user needs to log in to establish a session. A session corresponds to a unique X-WECHAT-KEY. Since X-WECHAT-KEY is the session KEY when querying the applet, it has a valid period of 2 hours. In order to ensure that the session can remain valid for a long time, the simulator is used on the terminal to simulate clicking on the applet, that is, clicking on the applet at regular intervals. Send a data packet to the server corresponding to the applet to trigger the generation of a new X-WECHAT-KEY to keep the session alive.
图4示出了对小程序进行变更监控的过程示意图。如图4所示,通过会话,将查询到的小程序变更时间和小程序名称等记录与数据库mysql中的信息进行比对,如果新查询到的记录与数据库中的信息不一致,则将新查询到的记录更新到数据库小程序对应的信息中,并且记录到变更表中。Fig. 4 shows a schematic diagram of the process of performing change monitoring on applets. As shown in Figure 4, through the session, compare the queried records such as the change time of the applet and the name of the applet with the information in the database mysql. If the newly queried record is inconsistent with the information in the database, the new query The received records are updated to the information corresponding to the database applet and recorded in the change table.
进一步地,将所有初选小程序进行变更查询后,可以对发现变更的小程序进行变更告警,即所述基于所述变更记录,从所述N个初选小程序中确定存在信息变更的目标小程序之后,还包括:Further, after performing change query on all the primary-selected applets, a change alarm can be issued to the changed applet, that is, based on the change record, it is determined from the N primary-selected applets that there is an information change target After the applet, it also includes:
针对所述目标小程序,进行变更告警。A change alarm is issued for the target applet.
例如通过界面或邮件等方式向用户显示发生信息变更的小程序,以及小程序变更的相关信息。图5显示了小程序变更告警的界面示意图。如图5所示,可以向用户显示发生信息变更的一个小程序的变更信息,也可以显示一段时间内发生信息变更的多个小程序的变更信息。For example, the Mini Program whose information has been changed and the relevant information about the Mini Program change are displayed to the user through the interface or email. Fig. 5 shows a schematic diagram of the interface of the applet change alarm. As shown in FIG. 5 , the change information of one applet whose information has been changed may be displayed to the user, or the change information of multiple applets whose information has been changed within a period of time may be displayed.
进一步地,所述获取所述目标小程序的源码,包括:Further, the acquiring the source code of the target applet includes:
利用模拟器,向所述目标小程序的服务器发送访问请求;sending an access request to the server of the target applet by using a simulator;
接收所述目标小程序的服务器反馈的访问响应,所述访问响应中包括所 述目标小程序的源码;Receive the access response fed back by the server of the target applet, where the access response includes the source code of the target applet;
将所述目标小程序的源码进行保存。The source code of the target applet is saved.
具体实施过程中,在模拟器中进行目标小程序的源码搜索。具体为模拟器根据小程序的name,访问对应的小程序。第一次访问小程序后,会下载小程序的源码压缩包存储至模拟器的本地目录中。后续小程序的信息变更后,其源码也会发生改变,因此再次通过模拟器访问小程序的服务器,获取小程序更新后的源码后并保存。In the specific implementation process, the source code search of the target applet is carried out in the simulator. Specifically, the simulator accesses the corresponding applet according to the name of the applet. After accessing the applet for the first time, the compressed source code package of the applet will be downloaded and stored in the local directory of the emulator. After the information of the subsequent applet changes, its source code will also change, so access the server of the applet through the simulator again, obtain the updated source code of the applet and save it.
进一步地,所述基于所述源码对所述目标小程序进行安全扫描,生成安全扫描结果,包括:Further, the performing a security scan on the target applet based on the source code to generate a security scan result includes:
对所述目标小程序的源码进行反编译;Decompiling the source code of the target applet;
对反编译后的源码进行安全扫描,生成安全扫描结果。Perform a security scan on the decompiled source code and generate a security scan result.
具体地,从模拟器中获取小程序源码后,对源码进行反编译,从而将源码变成直观可读的代码。然后对反编译后的源码进行安全扫描。由于源码中可能存在包括密钥AppSecret、账号密码、URL和个人信息等敏感信息,在对敏感信息扫描基础上可以对获取到的URL进行未授权等安全漏洞扫描。Specifically, after obtaining the source code of the applet from the simulator, the source code is decompiled, thereby turning the source code into an intuitive and readable code. Then perform a security scan on the decompiled source code. Since there may be sensitive information in the source code, including key AppSecret, account password, URL, and personal information, based on the scanning of sensitive information, the obtained URL can be scanned for security vulnerabilities such as unauthorized access.
进一步地,所述对反编译后的源码进行安全扫描,生成安全扫描结果,包括:Further, performing security scanning on the decompiled source code to generate security scanning results, including:
获取安全扫描脚本;Get the security scan script;
利用所述安全扫描脚本对所述反编译后的源码进行扫描,确定所述反编译后的源码中是否存在与预设规则相匹配的敏感信息;Using the security scanning script to scan the decompiled source code to determine whether there is sensitive information matching preset rules in the decompiled source code;
若所述反编译后的源码中存在与预设规则相匹配的敏感信息,则确定所述安全扫描的结果为所述源码中存在安全漏洞。If there is sensitive information matching preset rules in the decompiled source code, it is determined that the security scan result indicates that there is a security hole in the source code.
具体实施过程中,安全扫描脚本可以为已开发完成的开源工具,也可以为自行编写的扫描脚本。例如,可以调用bulk-extractor开源工具对源码中是否包括电子邮件地址、信用卡号、URL等信息进行扫描。由于反编译后的源码存在某个目录下,所以可以利用该bulk-extractor开源工具定时“执行bulk_extractor-R filedir-遍历目录下的文件-o outdir-指定输出目录”进行扫 描,通过文本匹配的方式确定源码中是否存在电子邮件地址、信用卡号、URL等敏感信息。During the specific implementation process, the security scanning script can be a developed open source tool, or a self-written scanning script. For example, you can call the bulk-extractor open source tool to scan whether the source code includes information such as email addresses, credit card numbers, and URLs. Since the decompiled source code exists in a certain directory, you can use the bulk-extractor open source tool to scan regularly by "executing bulk_extractor-R filedir-traversing files in the directory-o outdir-specifying the output directory" by text matching Determine whether there are sensitive information such as email addresses, credit card numbers, and URLs in the source code.
另一方面,针对密钥AppSecret和手机号等bulk-extractor无法覆盖扫描的敏感信息,则编写扫描脚本进行扫描,通过正则匹配等方式识别源码中是否存在与预设规则相匹配的敏感信息。例如针对手机号的预设规则可以设置如下:iphones=On the other hand, for sensitive information such as key AppSecret and mobile phone number that cannot be covered by bulk-extractor, scan scripts are written to scan, and identify whether there is sensitive information in the source code that matches the preset rules through regular matching. For example, the preset rules for mobile phone numbers can be set as follows: iphones=
re.findall(r'[%"\'<](?:13[012]\d{8}[%"\'<]|15[56]\d{8}[%"\'<]|18[56]\d{8}[%"\'<]|176\d{8}[%"\'<]|145\d{8}[%"\'<]|13[456789]\d{8}[%"\'<]|147\d{8}[%"\'<]|178\d{8}[%"\'<]|15[012789]\d{8}[%"\'<]|18[23478]\d{8}[%"\'<]|133\d{8}[%"\'<]|153\d{8}[%"\'<]|189\d{8}[%"\'<])',string)。re.findall(r'[%"\'<](?:13[012]\d{8}[%"\'<]|15[56]\d{8}[%"\'<]| 18[56]\d{8}[%"\'<]|176\d{8}[%"\'<]|145\d{8}[%"\'<]|13[456789]\ d{8}[%"\'<]|147\d{8}[%"\'<]|178\d{8}[%"\'<]|15[012789]\d{8}[ %"\'<]|18[23478]\d{8}[%"\'<]|133\d{8}[%"\'<]|153\d{8}[%"\'< ]|189\d{8}[%"\'<])',string).
即,若源码匹配中上述预设规则,则认为源码中存在手机号的敏感信息。That is, if the source code matches the above preset rules, it is considered that there is sensitive information of the mobile phone number in the source code.
进一步地,所述生成安全扫描的结果,包括:Further, the result of generating the security scan includes:
若所述安全扫描的结果为所述源码中存在安全漏洞,则确定所述目标小程序为低安全等级;If the result of the security scan is that there is a security hole in the source code, then determine that the target applet has a low security level;
根据所述目标小程序为低安全等级,进行安全告警。According to the low security level of the target applet, a security alarm is issued.
具体实施过程中,若发现源码中存在安全漏洞,则确定对应的小程序为低安全等级,需要发出安全告警,告警方式包括邮件、短信、界面显示等。若源码中不存在安全漏洞,则确定对应的小程序为高安全等级,继续进行数据监控即可。During the specific implementation process, if a security loophole is found in the source code, it is determined that the corresponding applet has a low security level, and a security warning needs to be issued. The warning methods include email, text message, interface display, etc. If there are no security vulnerabilities in the source code, then confirm that the corresponding applet has a high security level and continue with data monitoring.
本发明实施例还提供了一种小程序监控装置,所述装置如图6所示,包括:The embodiment of the present invention also provides a small program monitoring device, as shown in Figure 6, including:
响应单元601,用于响应于针对初选小程序的监控操作,获取N个初选小程序的应用标识,N为正整数;The response unit 601 is configured to respond to the monitoring operation on the primary selection applet, and obtain the application identifiers of the N primary selection applets, where N is a positive integer;
查询单元602,用于根据所述应用标识,查询所述N个初选小程序的变更记录;A query unit 602, configured to query the change records of the N primary selected applets according to the application identifier;
变更单元603,用于基于所述变更记录,从所述N个初选小程序中确定存在信息变更的目标小程序;A change unit 603, configured to determine, from the N primary selected applets, a target applet with information change based on the change record;
扫描单元604,用于获取所述目标小程序的源码,并基于所述源码对所述目标小程序进行安全扫描,生成安全扫描的结果。The scanning unit 604 is configured to obtain the source code of the target applet, and perform a security scan on the target applet based on the source code to generate a security scan result.
一种可选的实施例中,还包括初选单元605,用于:In an optional embodiment, a primary selection unit 605 is also included, configured to:
针对任一初选小程序,根据所述初选小程序的应用标识,判断所述初选小程序是否在白名单中;For any primary selection applet, judge whether the primary selection applet is in the whitelist according to the application identifier of the primary selection applet;
若是,则执行所述根据所述应用标识,查询所述初选小程序的变更记录的步骤;If so, execute the step of querying the change record of the primary selection applet according to the application identifier;
若否,则结束对所述初选小程序的数据监控。If not, end the data monitoring of the primary selection applet.
一种可选的实施例中,所述查询单元602元,具体用于:In an optional embodiment, the query unit 602 is specifically used for:
针对任一初选小程序,根据所述初选小程序的应用标识,向所述初选小程序的服务器发送记录获取请求;For any primary selection applet, according to the application identifier of the primary selection applet, send a record acquisition request to the server of the primary selection applet;
接收服务器反馈的记录获取响应,所述记录获取响应中包括所述初选小程序的变更记录。A record acquisition response fed back by the server is received, and the record acquisition response includes the change record of the primary selected applet.
一种可选的实施例中,所述查询单元602,具体用于:In an optional embodiment, the query unit 602 is specifically configured to:
利用模拟器,根据所述初选小程序的应用标识,与所述初选小程序的服务器之间建立会话,所述模拟器用于按照设定频率向所述初选小程序的服务器发送数据包以保持所述会话;A simulator is used to establish a session with the server of the primary selection applet according to the application identifier of the primary selection applet, and the simulator is used to send data packets to the server of the primary selection applet according to a set frequency to maintain said session;
基于所述会话,向所述初选小程序的服务器发送记录获取请求。Based on the session, a record acquisition request is sent to the server of the primary selection applet.
一种可选的实施例中,所述扫描单元604,具体用于:In an optional embodiment, the scanning unit 604 is specifically configured to:
利用模拟器,向所述目标小程序的服务器发送访问请求;sending an access request to the server of the target applet by using a simulator;
接收所述目标小程序的服务器反馈的访问响应,所述访问响应中包括所述目标小程序的源码;receiving an access response fed back by the server of the target applet, where the access response includes the source code of the target applet;
将所述目标小程序的源码进行保存。The source code of the target applet is saved.
一种可选的实施例中,所述扫描单元604,具体用于:In an optional embodiment, the scanning unit 604 is specifically configured to:
对所述目标小程序的源码进行反编译;Decompiling the source code of the target applet;
对反编译后的源码进行安全扫描,生成安全扫描结果。Perform a security scan on the decompiled source code and generate a security scan result.
一种可选的实施例中,所述扫描单元,具体用于:In an optional embodiment, the scanning unit is specifically used for:
获取安全扫描脚本;Get the security scan script;
利用所述安全扫描脚本对所述反编译后的源码进行扫描,确定所述反编译后的源码中是否存在与预设规则相匹配的敏感信息;Using the security scanning script to scan the decompiled source code to determine whether there is sensitive information matching preset rules in the decompiled source code;
若所述反编译后的源码中存在与预设规则相匹配的敏感信息,则确定所述安全扫描的结果为所述源码中存在安全漏洞。If there is sensitive information matching preset rules in the decompiled source code, it is determined that the security scan result indicates that there is a security hole in the source code.
一种可选的实施例中,还包括告警单元606,用于:In an optional embodiment, an alarm unit 606 is also included, configured to:
针对所述目标小程序,进行变更告警;A change alarm is issued for the target applet;
若所述安全扫描的结果为所述源码中存在安全漏洞,则确定所述目标小程序为低安全等级;If the result of the security scan is that there is a security hole in the source code, then determine that the target applet has a low security level;
根据所述目标小程序为低安全等级,进行安全告警。According to the low security level of the target applet, a security alarm is issued.
基于相同的原理,本发明还提供一种电子设备,如图7所示,包括:Based on the same principle, the present invention also provides an electronic device, as shown in Figure 7, comprising:
包括处理器701、存储器702、收发机703、总线接口704,其中处理器701、存储器702与收发机703之间通过总线接口704连接;Including a processor 701, a memory 702, a transceiver 703, and a bus interface 704, wherein the processor 701, the memory 702, and the transceiver 703 are connected through the bus interface 704;
所述处理器701,用于读取所述存储器702中的程序,执行下列方法:The processor 701 is configured to read the program in the memory 702, and execute the following method:
响应于针对初选小程序的监控操作,获取N个初选小程序的应用标识,N为正整数;Responding to the monitoring operation for the primary selection applet, obtain the application identifiers of the N primary selection applets, where N is a positive integer;
根据所述应用标识,查询所述N个初选小程序的变更记录;According to the application identification, query the change records of the N primary selection applets;
基于所述变更记录,从所述N个初选小程序中确定存在信息变更的目标小程序;Based on the change record, determine a target applet with information changes from the N primary selection applets;
获取所述目标小程序的源码,并基于所述源码对所述目标小程序进行安全扫描,生成安全扫描的结果。Acquire the source code of the target applet, and perform a security scan on the target applet based on the source code to generate a security scan result.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程小程序监控设备的处理器以产生一个机器,使得通过计算机或其他可编程小程序监控设备的处理器执行的指令产生用于实现 在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable applet monitoring device to produce a machine such that instructions executed by the processor of the computer or other programmable applet monitoring device Produce means for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程小程序监控设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable applet monitoring device to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the The instruction means implements the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程小程序监控设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable applet monitoring device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process for execution on the computer or other programmable device The instructions provide steps for implementing the functions specified in the procedure or procedures of the flowchart and/or the block or blocks of the block diagram.
尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。While preferred embodiments of the invention have been described, additional changes and modifications to these embodiments can be made by those skilled in the art once the basic inventive concept is appreciated. Therefore, it is intended that the appended claims be construed to cover the preferred embodiment as well as all changes and modifications which fall within the scope of the invention.
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包括这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and equivalent technologies thereof, the present invention also intends to include these modifications and variations.

Claims (10)

  1. 一种小程序监控方法,其特征在于,所述方法包括:A small program monitoring method, characterized in that the method comprises:
    响应于针对初选小程序的监控操作,获取N个初选小程序的应用标识,N为正整数;Responding to the monitoring operation for the primary selection applet, obtain the application identifiers of the N primary selection applets, where N is a positive integer;
    根据所述应用标识,查询所述N个初选小程序的变更记录;According to the application identification, query the change records of the N primary selection applets;
    基于所述变更记录,从所述N个初选小程序中确定存在信息变更的目标小程序;Based on the change record, determine a target applet with information changes from the N primary selection applets;
    获取所述目标小程序的源码,并基于所述源码对所述目标小程序进行安全扫描,生成安全扫描的结果。Acquire the source code of the target applet, and perform a security scan on the target applet based on the source code to generate a security scan result.
  2. 如权利要求1所述的方法,其特征在于,所述获取N个初选小程序的应用标识之后,所述根据所述应用标识,查询所述N个初选小程序的变更记录之前,还包括:The method according to claim 1, characterized in that, after acquiring the application identifiers of the N primary-selected applets, before querying the change records of the N primary-selected applets according to the application identifiers, further include:
    针对任一初选小程序,根据所述初选小程序的应用标识,判断所述初选小程序是否在白名单中;For any primary selection applet, judge whether the primary selection applet is in the whitelist according to the application identifier of the primary selection applet;
    若是,则执行所述根据所述应用标识,查询所述初选小程序的变更记录的步骤;If so, execute the step of querying the change record of the primary selection applet according to the application identifier;
    若否,则结束对所述初选小程序的数据监控。If not, end the data monitoring of the primary selection applet.
  3. 如权利要求1所述的方法,其特征在于,所述根据所述应用标识,查询所述N个初选小程序的变更记录,包括:The method according to claim 1, wherein the querying the change records of the N primary applets according to the application identification includes:
    针对任一初选小程序,根据所述初选小程序的应用标识,向所述初选小程序的服务器发送记录获取请求;For any primary selection applet, according to the application identifier of the primary selection applet, send a record acquisition request to the server of the primary selection applet;
    接收服务器反馈的记录获取响应,所述记录获取响应中包括所述初选小程序的变更记录。A record acquisition response fed back by the server is received, and the record acquisition response includes the change record of the primary selected applet.
  4. 如权利要求3所述的方法,其特征在于,所述根据所述初选小程序的应用标识,向所述初选小程序的服务器发送记录获取请求,包括:The method according to claim 3, wherein the sending a record acquisition request to the server of the primary selection applet according to the application identifier of the primary selection applet includes:
    利用模拟器,根据所述初选小程序的应用标识,与所述初选小程序的服 务器之间建立会话,所述模拟器用于按照设定频率向所述初选小程序的服务器发送数据包以保持所述会话;A simulator is used to establish a session with the server of the primary selection applet according to the application identifier of the primary selection applet, and the simulator is used to send data packets to the server of the primary selection applet according to a set frequency to maintain said session;
    基于所述会话,向所述初选小程序的服务器发送记录获取请求。Based on the session, a record acquisition request is sent to the server of the primary selection applet.
  5. 如权利要求1所述的方法,其特征在于,所述获取所述目标小程序的源码,包括:The method according to claim 1, wherein said acquiring the source code of said target applet comprises:
    利用模拟器,向所述目标小程序的服务器发送访问请求;sending an access request to the server of the target applet by using a simulator;
    接收所述目标小程序的服务器反馈的访问响应,所述访问响应中包括所述目标小程序的源码;receiving an access response fed back by the server of the target applet, where the access response includes the source code of the target applet;
    将所述目标小程序的源码进行保存。The source code of the target applet is saved.
  6. 如权利要求5所述的方法,其特征在于,所述基于所述源码对所述目标小程序进行安全扫描,生成安全扫描结果,包括:The method according to claim 5, wherein the performing a security scan on the target applet based on the source code to generate a security scan result comprises:
    对所述目标小程序的源码进行反编译;Decompiling the source code of the target applet;
    对反编译后的源码进行安全扫描,生成安全扫描结果。Perform a security scan on the decompiled source code and generate a security scan result.
  7. 如权利要求6所述的方法,其特征在于,所述对反编译后的源码进行安全扫描,生成安全扫描结果,包括:The method according to claim 6, wherein said performing a security scan on the decompiled source code to generate a security scan result comprises:
    获取安全扫描脚本;Get the security scan script;
    利用所述安全扫描脚本对所述反编译后的源码进行扫描,确定所述反编译后的源码中是否存在与预设规则相匹配的敏感信息;Using the security scanning script to scan the decompiled source code to determine whether there is sensitive information matching preset rules in the decompiled source code;
    若所述反编译后的源码中存在与预设规则相匹配的敏感信息,则确定所述安全扫描的结果为所述源码中存在安全漏洞。If there is sensitive information matching preset rules in the decompiled source code, it is determined that the security scan result indicates that there is a security hole in the source code.
  8. 如权利要求1至7任一项所述的方法,其特征在于,所述基于所述变更记录,从所述N个初选小程序中确定存在信息变更的目标小程序之后,还包括:The method according to any one of claims 1 to 7, characterized in that, after determining the target applet with information change from the N primary applets based on the change record, further comprising:
    针对所述目标小程序,进行变更告警;A change alarm is issued for the target applet;
    所述生成安全扫描的结果,包括:The results of the generated security scan include:
    若所述安全扫描的结果为所述源码中存在安全漏洞,则确定所述目标小程序为低安全等级;If the result of the security scan is that there is a security hole in the source code, then determine that the target applet has a low security level;
    根据所述目标小程序为低安全等级,进行安全告警。According to the low security level of the target applet, a security alarm is issued.
  9. 一种小程序监控装置,其特征在于,所述装置包括:A small program monitoring device, characterized in that the device includes:
    响应单元,用于响应于针对初选小程序的监控操作,获取N个初选小程序的应用标识,N为正整数;A response unit, configured to respond to the monitoring operation for the primary selection applet, and obtain the application identifiers of the N primary selection applets, where N is a positive integer;
    查询单元,用于根据所述应用标识,查询所述N个初选小程序的变更记录;A query unit, configured to query the change records of the N primary-selected applets according to the application identifier;
    变更单元,用于基于所述变更记录,从所述N个初选小程序中确定存在信息变更的目标小程序;A change unit, configured to determine, from the N primary selected applets, a target applet with information change based on the change record;
    扫描单元,用于获取所述目标小程序的源码,并基于所述源码对所述目标小程序进行安全扫描,生成安全扫描的结果。The scanning unit is configured to obtain the source code of the target applet, and perform a security scan on the target applet based on the source code to generate a security scan result.
  10. 一种非暂态计算机可读存储介质,其特征在于,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令用于使所述计算机执行权利要求1~8任一所述方法。A non-transitory computer-readable storage medium, characterized in that the non-transitory computer-readable storage medium stores computer instructions, and the computer instructions are used to make the computer perform the method described in any one of claims 1-8 .
PCT/CN2021/137053 2021-05-28 2021-12-10 Applet monitoring method and device WO2022247226A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110589518.3A CN113326506A (en) 2021-05-28 2021-05-28 Applet monitoring method and device
CN202110589518.3 2021-05-28

Publications (1)

Publication Number Publication Date
WO2022247226A1 true WO2022247226A1 (en) 2022-12-01

Family

ID=77421945

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/137053 WO2022247226A1 (en) 2021-05-28 2021-12-10 Applet monitoring method and device

Country Status (2)

Country Link
CN (1) CN113326506A (en)
WO (1) WO2022247226A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113326506A (en) * 2021-05-28 2021-08-31 深圳前海微众银行股份有限公司 Applet monitoring method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3159821A1 (en) * 2015-10-23 2017-04-26 Giesecke & Devrient GmbH Processor system with applet security settings
CN106909845A (en) * 2015-12-23 2017-06-30 北京奇虎科技有限公司 A kind of method and apparatus of program object scanning
CN111597113A (en) * 2020-05-18 2020-08-28 北京百度网讯科技有限公司 Method, device and equipment for verifying small program and storage medium
CN112100072A (en) * 2020-09-16 2020-12-18 广州虎牙科技有限公司 Static detection method, device, equipment and medium for application program codes
CN113326506A (en) * 2021-05-28 2021-08-31 深圳前海微众银行股份有限公司 Applet monitoring method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111400722B (en) * 2020-03-25 2023-04-07 深圳市腾讯网域计算机网络有限公司 Method, apparatus, computer device and storage medium for scanning small program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3159821A1 (en) * 2015-10-23 2017-04-26 Giesecke & Devrient GmbH Processor system with applet security settings
CN106909845A (en) * 2015-12-23 2017-06-30 北京奇虎科技有限公司 A kind of method and apparatus of program object scanning
CN111597113A (en) * 2020-05-18 2020-08-28 北京百度网讯科技有限公司 Method, device and equipment for verifying small program and storage medium
CN112100072A (en) * 2020-09-16 2020-12-18 广州虎牙科技有限公司 Static detection method, device, equipment and medium for application program codes
CN113326506A (en) * 2021-05-28 2021-08-31 深圳前海微众银行股份有限公司 Applet monitoring method and device

Also Published As

Publication number Publication date
CN113326506A (en) 2021-08-31

Similar Documents

Publication Publication Date Title
JP7018920B2 (en) Confidential information processing methods, devices, servers, and security decision systems
US11294983B2 (en) Inferred user identity in content distribution
EP3097509B1 (en) Intercepting and supervising calls to transformed operations and objects
CN111414407A (en) Data query method and device of database, computer equipment and storage medium
US20240012641A1 (en) Model construction method and apparatus, and medium and electronic device
US20150161390A1 (en) Fast and accurate identification of message-based api calls in application binaries
WO2021203919A1 (en) Method and apparatus for evaluating joint training model
US11580294B2 (en) Techniques for web framework detection
CN112583815B (en) Operation instruction management method and device
CN111241559A (en) Training model protection method, device, system, equipment and computer storage medium
US9910724B2 (en) Fast and accurate identification of message-based API calls in application binaries
WO2022095518A1 (en) Automatic interface test method and apparatus, and computer device and storage medium
CN111163095A (en) Network attack analysis method, network attack analysis device, computing device, and medium
CN115587575A (en) Data table creation method, target data query method, device and equipment
US11882154B2 (en) Template representation of security resources
CN113342639A (en) Applet security risk assessment method and electronic device
WO2022247226A1 (en) Applet monitoring method and device
WO2022142536A1 (en) Grayscale publishing method, system and apparatus, and device and storage medium
US10242200B1 (en) Static analysis of vulnerabilities in application packages
CN112416395A (en) Hot repair updating method and device
CN116244682A (en) Database access method, device, equipment and storage medium
CN111666581A (en) Data protection method, device, equipment and medium
CN112256308A (en) Target application updating method and device
CN110554942A (en) method and device for monitoring code execution
EP4343594A1 (en) Systems and methods for autonomous program classification generation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21942789

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE