CN106294160B - Check the method and system for relying on packet legitimacy - Google Patents
Check the method and system for relying on packet legitimacy Download PDFInfo
- Publication number
- CN106294160B CN106294160B CN201610663025.9A CN201610663025A CN106294160B CN 106294160 B CN106294160 B CN 106294160B CN 201610663025 A CN201610663025 A CN 201610663025A CN 106294160 B CN106294160 B CN 106294160B
- Authority
- CN
- China
- Prior art keywords
- packet
- relying
- legitimacy
- dependence
- base application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/43—Checking; Contextual analysis
- G06F8/433—Dependency analysis; Data or control flow analysis
Abstract
The invention discloses a kind of methods for checking and relying on packet legitimacy, comprising: obtains and relies on packet, and base application frame is added;The dependence packet of modification base application frame describes file;According to modified description file, the legitimacy for relying on packet is checked.By the above-mentioned means, the present invention can avoid relying on the generation that packet quotes the problems such as other unknown dependences cause dependence to conflict, introduce Unlawful cost packet;Avoid relying on the generation that packet does not conform to the problems such as specification causes restocking to fail;There is remarkable efficacy to the problem of prevention development cycle delay.
Description
Technical field
The present invention relates to wireless mobile technical fields, more particularly, to a kind of method for checking dependence packet legitimacy and are
System.
Background technique
As mobile device uses more more and more universal in daily life, the quantity of mobile application developer increasingly increases.
Many mobile application developers can gratuitously provide some dependence packets and use for remaining mobile application developer.It is more and more public
Department or tissue also start to introduce the thought of modularization programming, and function point is split into dependence packet, introduces and relies in application framework,
The function point provided using packet is relied on.
Existing sharing mode, mobile application developer can not be in the dependence packets provided using third party, it is ensured that it is not
Its application being developed can be had adverse effect on, such as rely on conflict, restocking in violation of rules and regulations, hides bad plug-in unit etc..
Summary of the invention
The technical problems to be solved by the present invention are: being directed to disadvantage mentioned above, a kind of check in advance is provided and relies on the legal of packet
Property scheme, the problems such as can avoid relying on packet and quote unknown other dependences and causes to rely on and conflict, and introduce Unlawful cost packet
Generation;The generation that packet does not conform to the problems such as specification causes restocking to fail is avoided relying on, is had to the problem of prevention development cycle delay
Remarkable efficacy.
In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention are as follows: a kind of inspection dependence packet legitimacy is provided
Method, comprising:
It obtains and relies on packet, and base application frame is added;
The dependence packet of modification base application frame describes file;
According to modified description file, the legitimacy for relying on packet is checked.
To solve the above problems, the present invention also provides a kind of systems for checking and relying on packet legitimacy, including rely on packet and base
Plinth application framework, in which:
Packet is relied on for being added in base application frame;
Base application frame relies on packet description file for modifying;And
According to modified description file, the legitimacy for relying on packet is checked.
The beneficial effects of the present invention are: it is different from the prior art, base application frame is added by that will rely on packet in the present invention
Frame, and modify description file after, carry out validity checking.By the above-mentioned means, the present invention can avoid relying on packet reference it is unknown
Other dependences cause rely on conflict, introduce Unlawful cost packet the problems such as generation;It avoids relying on packet and does not conform to specification and cause restocking
The generation of the problems such as failure;There is remarkable efficacy to the problem of prevention development cycle delay.
Detailed description of the invention
Fig. 1 is the flow diagram that the present invention rely on packet legitimacy.
Specific embodiment
To explain the technical content, the achieved purpose and the effect of the present invention in detail, below in conjunction with embodiment and cooperate attached
Figure is explained.
The most critical design of the present invention is: by rely on wrap be added base application frame, and modify description file after, check
Rely on the legitimacy of packet.
The embodiment of the present invention one provides a kind of method for checking and relying on packet legitimacy, comprising:
It obtains and relies on packet, and base application frame is added;
The dependence packet of modification base application frame describes file;
According to modified description file, the legitimacy for relying on packet is checked.
Be different from the prior art, the present invention by will rely on packet be added base application frame, and modify describe file after, into
Row validity checking.By the above-mentioned means, the present invention, which can avoid relying on other unknown dependences of packet reference, to be caused to rely on conflict,
The generation for the problems such as introducing Unlawful cost packet;Avoid relying on the generation that packet does not conform to the problems such as specification causes restocking to fail;To prevention
There is remarkable efficacy in the problem of development cycle is delayed.
Wherein the base application frame includes iOS system base application frame and Android system base application frame.Base
Plinth application framework contains two sets basic application frameworks under iOS and Android system, the frame can direct compilation at a letter
Single mobile application.And this is using reliable and stable, by test.Introduce rely on packet after, by tool automatically to application framework into
Row relies on description file modification, specifically: Android modifies the dependency.gradle file in frame, increases and relies on packet
Description, apple application are modified in the xxx.Podspec file in frame, and xxx is mobile application name.
Validity checking of the present invention to packet is relied on, including base application frame, rely on the stability test of packet, rely on packet
Safety test, rely on the dependence control inspection of packet, rely on packet restocking normalized checking and rely on packet the big minor inspection of dependence it is several
A part.The stability test for wherein relying on packet relies on the safety test of packet, relies on the dependence control inspection of packet, relies on packet
The step of restocking normalized checking and the big minor inspection of dependence for relying on packet are can be parallel, interchangeable sequence.Specifically:
The stability test for relying on packet is will to rely on packet to introduce base application frame, is packaged out mobile application, movement is answered
With being respectively installed on the test loom of existing certain amount (more).Operation application a period of time, examine its stability.It moves
It moves to dodge to move back using 12 hours of continuous operation and is considered as stabilization.
The safety test for relying on packet is will to rely on packet to introduce base application frame, mobile application is packaged out, by mobile application
It is respectively installed on the test loom of existing certain amount (part).Carry out the detection of secure context.Detection content includes: wind
Dangerous loophole audit, component safety audit, sensitive information and permission are audited.Auditing result to loophole that may be present according to grouping and
Risk sequence, and generate a security audit report.
The dependence control inspection for relying on packet is will to rely on packet to introduce base application frame, and dependence inspection is carried out in project packet
It looks into.Check that the dependent tree entirely applied, dependent tree are that the dependence of basic application framework and introducing rely on increased dependence after wrapping
Union, automatically generated by tool.The dependence relied on except white list defined in administrator is checked whether there is, if so,
Display refers to the component except white list, and there are risks;Conversely, then display is verified.
Rely on packet restocking normalized checking be will rely on packet introducing base application frame, from code level to packing after answer
It with level, checks whether containing the place for not meeting restocking specification, if so, display, which relies on packet, does not meet restocking specification, if hard
It holds and may result in restocking failure using the dependence packet;Conversely, then showing, restocking normalized checking passes through.Including relying in packet
Whether packet name contains forbidden character, and whether name legal;Whether expose not allows open interface;Whether rushed containing resource
It is prominent.
The big minor inspection of dependence for relying on packet is will to rely on packet to introduce base application frame, is packaged out mobile application, calculates and move
The size of dynamic application packet judge after introducing and relying on packet, using the size of packet and when being not introduced into dependence using packet size
Whether difference is more than threshold value;If so, display, introduces after relying on packet, abnormal using the increase of packet size, there are risks;Conversely, then
Display passes through using big minor inspection is wrapped.
The exception for relying on packet size will lead to become larger suddenly using packet, and user experience decline causes customer churn.In report
After introducing dependence packet can be embodied, using increased size, it is legal voluntarily to be judged whether by dependence packet user.
As Android developer is developing Android in application, needing to realize that the third party of rsa encryption and decryption wraps using one.By
Packet validity checking is relied on, it is found that the Bao Mingzhong of the dependence packet contains " .demo. " printed words, can regard as influencing the non-of restocking
Method name, can embody in report.
Accordingly, second embodiment of the present invention provides a kind of systems for checking and relying on packet legitimacy, including rely on packet and basis
Application framework, in which:
Packet is relied on for being added in base application frame;
Base application frame relies on packet description file for modifying;And
According to modified description file, the legitimacy for relying on packet is checked.
When mobile application is developed reference and relied on, there is a set of process to check the dependence packet of introducing in advance, excludes big
Part because introduce rely on it is improper caused by product development cycle be delayed the problem of.It therefore can be when mobile application be developed, to introducing
Rely on the process that packet carries out compliance inspection.
It should be understood that the main object of the present invention is to guarantee that mobile application is safe and reliable to the reference of dependence, effectively
Avoid the generation of some bug;Avoiding relying on other unknown dependences of packet reference causes to rely on conflict, introduces Unlawful cost packet etc. and asks
The generation of topic;Avoid relying on the generation that packet does not conform to the problems such as specification causes restocking to fail;The problem of to the delay of prevention development cycle
There is remarkable efficacy.
The above description is only an embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalents made by bright specification and accompanying drawing content are applied directly or indirectly in relevant technical field, similarly include
In scope of patent protection of the invention.
Claims (10)
1. a kind of check the method for relying on packet legitimacy characterized by comprising
It obtains and relies on packet, and base application frame is added;
The dependence packet of modification base application frame describes file;The base application frame can direct compilation simple moved at one
Dynamic application;
According to modified description file, the legitimacy for relying on packet is checked;It is described to check that the legitimacy for relying on packet is answered including basis
With frame, the stability test of packet is relied on, relies on the safety test of packet, the dependence control inspection of packet is relied on, relies on the restocking of packet
Normalized checking and the big minor inspection of dependence for relying on packet.
2. checking the method for relying on packet legitimacy according to claim 1, which is characterized in that the wherein base application frame
Including iOS system base application frame and Android system base application frame.
3. according to claim 2 check rely on packet legitimacy method, which is characterized in that modification base application frame according to
The step of relying packet description file specifically:
The dependency.gradle file in Android system base application frame is modified, the description for relying on packet is increased;Or
Modify the Podspec file of the mobile application in iOS system base application frame.
4. checking the method for relying on packet legitimacy according to claim 1, which is characterized in that according to modified description text
Part checks the step of relying on the legitimacy wrapped specifically:
It will rely on after wrapping introducing base application frame, and be packaged out mobile application;
Mobile application is respectively installed on several test machines, and continuous operation 12 hours;
Detect whether that mobile application sudden strain of a muscle occur moves back,
If so, indicating that the dependence packet is unstable;
Otherwise, it means that the dependence packet is stablized.
5. checking the method for relying on packet legitimacy according to claim 1, which is characterized in that according to modified description text
Part checks the step of relying on the legitimacy wrapped specifically:
It will rely on after wrapping introducing base application frame, and be packaged out mobile application;
Mobile application is respectively installed on several test looms, the detection of secure context is carried out;
And it sorts to testing result loophole that may be present according to grouping and risk;
Wherein, detection content includes: that the audit of risk loophole, component safety audit, sensitive information and permission are audited.
6. checking the method for relying on packet legitimacy according to claim 1, which is characterized in that according to modified description text
Part checks the step of relying on the legitimacy wrapped specifically:
It will rely on after wrapping introducing base application frame, and obtain the dependent tree of mobile application;
Whether detect has the dependence relied on except white list defined in administrator on the dependent tree,
If so, display refers to the component except white list, there are risks;
Conversely, then display is verified;
Wherein, dependent tree is that the dependence of basis application framework relies on the union of increased dependence after packet with introducing, passes through tool
It automatically generates.
7. checking the method for relying on packet legitimacy according to claim 1, which is characterized in that according to modified description text
Part checks the step of relying on the legitimacy wrapped specifically:
To rely on after wrapping and introducing base application frame, from code level to packing after application, check whether containing not being inconsistent
In place of closing frame specification,
If so, display, which relies on packet, does not meet restocking specification, if adhering to may result in restocking failure using the dependence packet;
Conversely, then showing, restocking normalized checking passes through;
Not meeting restocking specification place wherein includes: to rely on packet name to contain forbidden character, is named illegal;Exposure does not allow out
The interface put and contain resource contention.
8. checking the method for relying on packet legitimacy according to claim 1, which is characterized in that according to modified description text
Part checks the step of relying on the legitimacy wrapped specifically:
It will rely on after wrapping introducing base application frame, and be packaged out mobile application;
The size for calculating mobile application packet judges after introducing dependence packet, using the size of packet and answering when being not introduced into dependence
It whether is more than threshold value with the difference of packet size;
If so, display, introduces after relying on packet, abnormal using the increase of packet size, there are risks;
Conversely, then showing, pass through using big minor inspection is wrapped.
9. checking the method for relying on packet legitimacy according to claim 1, which is characterized in that according to modified description text
Part, inspection rely on after the legitimacy of packet, further includes: generate audit report.
10. a kind of check the system for relying on packet legitimacy, which is characterized in that including relying on packet and base application frame, in which:
Packet is relied on for being added in base application frame;
Base application frame relies on packet description file for modifying;The base application frame can direct compilation it is simple at one
Mobile application;And
According to modified description file, the legitimacy for relying on packet is checked;It is described to check that the legitimacy for relying on packet is answered including basis
With frame, the stability test of packet is relied on, relies on the safety test of packet, the dependence control inspection of packet is relied on, relies on the restocking of packet
Normalized checking and the big minor inspection of dependence for relying on packet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610663025.9A CN106294160B (en) | 2016-08-12 | 2016-08-12 | Check the method and system for relying on packet legitimacy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610663025.9A CN106294160B (en) | 2016-08-12 | 2016-08-12 | Check the method and system for relying on packet legitimacy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106294160A CN106294160A (en) | 2017-01-04 |
| CN106294160B true CN106294160B (en) | 2019-09-03 |
Family
ID=57669696
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610663025.9A Active CN106294160B (en) | 2016-08-12 | 2016-08-12 | Check the method and system for relying on packet legitimacy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106294160B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107992749B (en) * | 2017-12-11 | 2021-05-25 | 北京时之砂科技有限公司 | Method and device for detecting conflict of patch packages |
| CN108279905B (en) * | 2018-01-04 | 2022-06-21 | 武汉斗鱼网络科技有限公司 | Method and device for introducing library file into assembly |
| CN110308999B (en) * | 2018-03-20 | 2024-02-20 | Tcl科技集团股份有限公司 | Method for dynamically sharing dependency package between applications, storage medium and mobile terminal |
| CN108628751B (en) * | 2018-05-17 | 2021-06-11 | 北京三快在线科技有限公司 | Useless dependency item detection method and device |
| CN112181858B (en) * | 2020-11-09 | 2021-12-31 | 东北大学 | Automatic detection method for Java software project dependent conflict semantic consistency |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102073582A (en) * | 2010-07-30 | 2011-05-25 | 兰雨晴 | Conflict-based method for checking dependency of software package |
| CN102109991A (en) * | 2010-07-30 | 2011-06-29 | 兰雨晴 | Software package dependency relationship modeling method |
| CN102129381A (en) * | 2011-03-14 | 2011-07-20 | 兰雨晴 | Method for customizing linux operating system |
| US8341622B1 (en) * | 2005-12-15 | 2012-12-25 | Crimson Corporation | Systems and methods for efficiently using network bandwidth to deploy dependencies of a software package |
| CN102880466A (en) * | 2012-09-04 | 2013-01-16 | 中标软件有限公司 | Method for detecting dependent relationship of software package in Linux operating system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9348573B2 (en) * | 2013-12-02 | 2016-05-24 | Qbase, LLC | Installation and fault handling in a distributed system utilizing supervisor and dependency manager nodes |
-
2016
- 2016-08-12 CN CN201610663025.9A patent/CN106294160B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8341622B1 (en) * | 2005-12-15 | 2012-12-25 | Crimson Corporation | Systems and methods for efficiently using network bandwidth to deploy dependencies of a software package |
| CN102073582A (en) * | 2010-07-30 | 2011-05-25 | 兰雨晴 | Conflict-based method for checking dependency of software package |
| CN102109991A (en) * | 2010-07-30 | 2011-06-29 | 兰雨晴 | Software package dependency relationship modeling method |
| CN102129381A (en) * | 2011-03-14 | 2011-07-20 | 兰雨晴 | Method for customizing linux operating system |
| CN102880466A (en) * | 2012-09-04 | 2013-01-16 | 中标软件有限公司 | Method for detecting dependent relationship of software package in Linux operating system |
Non-Patent Citations (3)
| Title |
|---|
| Grad1e统一依赖管理;_wiky_;《https://blog.csdn.net/cai_iac/article/details/51850291》;20160707;第1-6页 |
| When GitHub Meets CRAN:An Analysis of Inter Repository Package Dependecy Problems;A.Decan等;《2016 IEEE 23rd International Conference on software Analysis,Evolution,and Reengineering(SANER),Suita,Osaka,Japan》;20160318;第493-504页 |
| 基于构件的软件包依赖性度量研究;唐光义等;《中国科技论文在线》;20140528;第1-6页 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106294160A (en) | 2017-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106294160B (en) | Check the method and system for relying on packet legitimacy | |
| Jana et al. | Automatically detecting error handling bugs using error specifications | |
| Zhang et al. | Efficient, context-aware privacy leakage confinement for android applications without firmware modding | |
| CN102810143B (en) | Safety detecting system and method based on mobile phone application program of Android platform | |
| Just et al. | Information flow analysis for javascript | |
| EP3259697B1 (en) | Mining sandboxes | |
| CN106503563B (en) | Batch leak detection method based on general framework | |
| Lee et al. | Design and implementation of the secure compiler and virtual machine for developing secure IoT services | |
| CN106548076A (en) | Method and apparatus of the detection using bug code | |
| TWI541669B (en) | Detection systems and methods for static detection applications, and computer program products | |
| US10915609B2 (en) | Securing applications on mobile devices | |
| CN104715195A (en) | Malicious code detecting system and method based on dynamic instrumentation | |
| CN107145781A (en) | A kind of method and device that safety detection is carried out to application program | |
| CN113722683A (en) | Model protection method, device, equipment, system and storage medium | |
| CN110968872A (en) | File vulnerability detection processing method and device, electronic equipment and storage medium | |
| CN113467784B (en) | Application processing method and device and computer readable storage medium | |
| Boxler et al. | Static taint analysis tools to detect information flows | |
| CN107169318A (en) | A kind of method and device of application security protection | |
| CN109934014A (en) | A kind of method and terminal detecting resource file correctness | |
| CN109902500B (en) | Method and system for realizing service call data security through link library | |
| CN107086977A (en) | Using security processing and device | |
| CN107368713B (en) | Protect the method and security component of software | |
| Simpson | SAFECode whitepaper: Fundamental practices for secure software development 2nd edition | |
| Backes et al. | Seamless in-app ad blocking on stock android | |
| CN107092828A (en) | A kind of Android dynamic debuggings detection method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |