CN107368413A - A kind of method and apparatus for submitting vulnerability information - Google Patents
A kind of method and apparatus for submitting vulnerability information Download PDFInfo
- Publication number
- CN107368413A CN107368413A CN201710567665.4A CN201710567665A CN107368413A CN 107368413 A CN107368413 A CN 107368413A CN 201710567665 A CN201710567665 A CN 201710567665A CN 107368413 A CN107368413 A CN 107368413A
- Authority
- CN
- China
- Prior art keywords
- information
- application program
- management server
- vulnerability
- vulnerability management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 63
- 238000012360 testing method Methods 0.000 claims abstract description 65
- 238000012956 testing procedure Methods 0.000 claims abstract description 39
- 230000007613 environmental effect Effects 0.000 claims 1
- 230000008569 process Effects 0.000 abstract description 12
- 230000007547 defect Effects 0.000 abstract description 7
- 238000005457 optimization Methods 0.000 description 9
- 238000012545 processing Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000004321 preservation Methods 0.000 description 2
- 238000007650 screen-printing Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3696—Methods or tools to render software testable
Abstract
In the embodiment of the present invention, a kind of method for submitting vulnerability information is proposed, including:When detecting leak during testing the first application program, the second application program obtains first application program and testing procedure information and test environment information residing during leak occurs;Second application program sends the testing procedure information and the test environment information to Vulnerability Management server.In this scenario, when detecting leak during testing the first application program, second application program obtains testing procedure residing when leak occurs and test environment information, and send to Vulnerability Management server, do not need tester is completely manual to participate in the process, therefore, it is possible to reduce submit the time spent by vulnerability information, and improve efficiency.Operated simultaneously as not being that tester is completely manual, and hence it is also possible to the accuracy of information relatively low and incomplete defect submitted caused by avoiding hand by mistake.
Description
Technical field
Embodiments of the present invention are related to Application testing technical field, more specifically, embodiments of the present invention relate to
A kind of and method and apparatus for submitting vulnerability information.
Background technology
This part is it is intended that the embodiments of the present invention stated in claims provide background or context.Herein
Description recognizes it is prior art not because not being included in this part.
In the intelligent terminal more and more common epoch, the application program in intelligent terminal is also more and more, people
Gradually increased using the frequency of application program.Because requirement of the user to APP type and function improves constantly, therefore, in order to
Meet the different demands of user, developer develops the application program for possessing difference in functionality.And after the completion of application development,
Before issue, in order to ensure the availability of application program, it will usually dependence test is carried out to application program, wherein, testing
Cheng Zhong, test result may be that application program has leak (bug), and now, tester needs to carry to exploitation and product personnel
Vulnerability information is handed over, the application program that leak be present is optimized with product personnel to develop.
Submit the method for vulnerability information to rely primarily on tester manually to realize at present, mainly comprise the following steps:
Step 1:Tester installs tested application program on a testing machine;
Step 2:In test process if detecting that bug occurs in application program, tester carries out screenshotss;
Step 3:Screenshotss information is uploaded to computer by tester using application programs such as QQ or wechats, and is stored to finger
Positioning is put;
Step 4:Tester opens Jira on the computer of storage screenshotss information using browser, and logs in Jira;
Step 5:The newly-built task of tester, is bug by type selecting;
Step 6:Tester adds detailed title and description under newly-built task;
Step 7:Tester selects developer under newly-built task, and this bug is distributed into selected exploitation
Personnel;
Step 8:Tester sets bug priority;
Step 9:Tester describes the information of the terminal of the tested application program of installation, comprises at least system in information, determines
Plate-making sheet, internal memory situation, CPU (Central Processing Unit, CPU) occupancy etc.;
Step 10:Tester submits the screenshotss information to be uploaded and log files.
Because said process is required for test manually to operate, therefore time-consuming longer and less efficient lack be present
Fall into;Simultaneously as being manually-operated, there is hand by mistake, cause the information of submission inaccurate or incomplete scarce
Fall into.
The content of the invention
The method of vulnerability information is submitted to have that time-consuming longer, the less efficient, degree of accuracy is relatively low and incomplete defect at present,
This is very bothersome process.
Therefore, a kind of improved method and apparatus for submitting vulnerability information are highly desirable to, to solve to exist in the prior art
It is time-consuming longer and less efficient the defects of.
In the first aspect of embodiment of the present invention, there is provided a kind of method for submitting vulnerability information, including:
When detecting leak during testing the first application program, the second application program obtains described first and applies journey
Testing procedure information and test environment information residing during leak occur for sequence;
The testing procedure information and the test environment information are sent to Vulnerability Management and taken by second application program
Business device.
In one embodiment, the method according to the above-mentioned embodiment of the present invention, the second application program is by institute
Testing procedure information and the test environment information are stated, is sent to Vulnerability Management server, including:
Create the page of record leak, second application program is by the page by the testing procedure information and described
Test environment information, send to Vulnerability Management server.
In some embodiments, the method according to any of the above-described embodiment of the present invention, the test environment
Information includes first application program and installs the system information of equipment, type information and in first application program generation
At least one of current performance index information of equipment during leak.
In some embodiments, the method according to any of the above-described embodiment of the present invention, the performance indications
Information includes size, first application program of internal memory shared by startup time, flow, power consumption, first application program
At least one of occupation rate to central processor CPU.
In some embodiments, the method according to any of the above-described embodiment of the present invention, methods described are also wrapped
Include:
Second application program obtains the log information of first application program to target area, and responds user's
Selection, the log information is sent to the Vulnerability Management server.
In some embodiments, the method according to any of the above-described embodiment of the present invention, methods described are also wrapped
Include:
First application program of the second application program acquisition interception installs equipment and applies journey described first
Screen during leak occurs for sequence, and the screen of interception is sent to the Vulnerability Management server.
In some embodiments, the method according to any of the above-described embodiment of the present invention, methods described are also wrapped
Include:
Second application program determines the class information of the leak occurred, and the class information is sent to the leakage
Hole management server.
In some embodiments, the method according to any of the above-described embodiment of the present invention, second application
Program sends to the information of the Vulnerability Management server and is merely able to by with being able to access that the Vulnerability Management server authority
User in specified user check.
In some embodiments, the method according to any of the above-described embodiment of the present invention, second application
Program sends the testing procedure information and the test environment information to Vulnerability Management server, including:
Second application program judges whether to have been registered with logging in user's correlation used in Vulnerability Management server
Information;
If so, second application program logs in the Vulnerability Management server using the user related information;
Otherwise, second application program registers the user related information, and related using the user after registration
Vulnerability Management server described in information registration.
In the second aspect of embodiment of the present invention, there is provided a kind of device for submitting vulnerability information, including:
Acquiring unit, for when detecting leak during testing the first application program, obtaining first application
Testing procedure information and test environment information residing during leak occur for program;
Transmitting element, for sending the testing procedure information and the test environment information to Vulnerability Management service
Device.
In one embodiment, the device according to the above-mentioned embodiment of the present invention, the transmitting element, is used for
By the testing procedure information and the test environment information, send to Vulnerability Management server, be specially:
The page of record leak is created, by the page by the testing procedure information and the test environment information, hair
Deliver to Vulnerability Management server.
In some embodiments, the device according to any of the above-described embodiment of the present invention, the test environment
Information includes first application program and installs the system information of equipment, type information and in first application program generation
At least one of current performance index information of equipment during leak.
In some embodiments, the device according to any of the above-described embodiment of the present invention, the performance indications
Information includes size, first application program of internal memory shared by startup time, flow, power consumption, first application program
At least one of occupation rate to central processor CPU.
In some embodiments, the device according to any of the above-described embodiment of the present invention, the acquiring unit
It is additionally operable to, the log information of first application program is obtained to target area;
The transmitting element is additionally operable to, and responds the selection of user, and the log information is sent to the Vulnerability Management service
Device.
In some embodiments, the device according to any of the above-described embodiment of the present invention, described device are also wrapped
Interception unit is included, screen of the equipment when leak occurs for first application program is installed for intercepting first application program
Curtain;
The transmitting element is additionally operable to, and the screen of interception is sent to the Vulnerability Management server.
In some embodiments, the device according to any of the above-described embodiment of the present invention, described device are also wrapped
Determining unit is included, for the class information for the leak for determining to occur;
The transmitting element is additionally operable to, and the class information is sent to the Vulnerability Management server.
In some embodiments, the device according to any of the above-described embodiment of the present invention, the transmitting element
Send to the information of the Vulnerability Management server and be merely able to by with the use for being able to access that the Vulnerability Management server authority
Specified user in family checks.
In some embodiments, the device according to any of the above-described embodiment of the present invention, the transmitting element
Including judging unit, unit and registering unit are logged in, wherein:
The judging unit, for judging whether to have been registered with logging in user's correlation used in Vulnerability Management server
Information;
The login unit, for judging to have been registered with logging in the Vulnerability Management server institute in the judging unit
During the user related information used, the Vulnerability Management server is logged in using the user related information;
The registering unit, for judging that the unregistered login Vulnerability Management server is used in the judging unit
User related information when, register the user related information, and described in logging in using the user related information after registration
Vulnerability Management server.
In the third aspect of embodiment of the present invention, there is provided a kind of device for submitting vulnerability information, including:
One or more processor;
Memory, have program stored therein, when described program is by one or more of computing devices, described program makes
The device for submitting vulnerability information performs method as described above.
In the fourth aspect of embodiment of the present invention, there is provided a kind of computer-readable recording medium, the computer
Readable storage medium storing program for executing has program stored therein, when said program is executed by a processor so that the computing device is as described above
Method.
In the embodiment of the present invention, a kind of scheme for submitting vulnerability information is proposed, during the first application program is tested
When detecting leak, the second application program obtains first application program and testing procedure information residing during leak and survey occurs
Test ring environment information;Second application program sends the testing procedure information and the test environment information to leak pipe
Manage server.In this scenario, when detecting leak during testing the first application program, the second application program obtains hair
Residing testing procedure and test environment information during raw leak, and send to Vulnerability Management server, it is not necessary to tester is complete
The process is participated in manually entirely, therefore, it is possible to reduce submit the time spent by vulnerability information, and improve efficiency.Simultaneously as not
It is that tester is completely manual to operate, and hence it is also possible to which the accuracy of information submitted caused by avoiding hand by mistake is relatively low and endless
The defects of kind.
Brief description of the drawings
Detailed description below, above-mentioned and other mesh of exemplary embodiment of the invention are read by reference to accompanying drawing
, feature and advantage will become prone to understand.In the accompanying drawings, if showing the present invention's by way of example, and not by way of limitation
Dry embodiment, wherein:
Figure 1A schematically show according to embodiment of the present invention submit vulnerability information after interface schematic diagram;
Figure 1B schematically shows the flow chart of the submission vulnerability information according to embodiment of the present invention;
Fig. 1 C schematically show the exemplary plot of the submission vulnerability information according to embodiment of the present invention;
Fig. 2 schematically shows the schematic diagram of the device of the submission vulnerability information according to embodiment of the present invention.
Embodiment
The principle and spirit of the present invention is described below with reference to some illustrative embodiments.It should be appreciated that provide this
A little embodiments are not with any just for the sake of better understood when those skilled in the art and then realize the present invention
Mode limits the scope of the present invention.On the contrary, these embodiments are provided so that the disclosure is more thorough and complete, and energy
It is enough that the scope of the present disclosure is intactly communicated to those skilled in the art.
One skilled in the art will appreciate that embodiments of the present invention can be implemented as a kind of system, device, equipment, method
Or computer program product.Therefore, the disclosure can be implemented as following form, i.e.,:Complete hardware, complete software
(including firmware, resident software, microcode etc.), or the form that hardware and software combines.
Herein, any number of elements in accompanying drawing is used to example and unrestricted, and any name is only used for
Distinguish, without any restrictions implication.
Below with reference to the principle and spirit of some representative embodiments of the present invention, in detail the explaination present invention.
Summary of the invention
The inventors discovered that during test application program, if bug occurs for tested application program,
Relevant information can be obtained by other other application program, for example, the testing procedure that bug occurs is obtained, or it is tested
Some relevant informations of test machine where application program, and the information of acquisition is sent to Vulnerability Management server, from the beginning of
Test and submit vulnerability information automation to realize, it may not be necessary to which tester participates in, therefore, it is possible to reduce submit vulnerability information
The spent time, improve efficiency.Simultaneously as it is not that tester operates manually, and hence it is also possible to avoid hand from causing by mistake
Submission the relatively low and incomplete defect of accuracy of information.
After the general principle of the present invention is described, lower mask body introduces the various non-limiting embodiment party of the present invention
Formula.
Application scenarios overview
The first application program is tested, the page of record leak is created in the second application program, if occurring in test process
If bug, obtain and bug testing procedure information occur, and the system information of the terminal installed of the first application program, model letter
Breath and terminal performance indications current when there is bug, then, the second application program by the testing procedure information got, be
System information, type information and performance indications are sent to Vulnerability Management server, submit the interface after vulnerability information as shown in Figure 1A.
Illustrative methods
With reference to above-mentioned application scenarios, describe to be used to submit according to exemplary embodiment of the invention with reference to figure 1B
The method of vulnerability information.It should be noted that above-mentioned application scenarios be for only for ease of understand spirit and principles of the present invention and
Show, embodiments of the present invention are unrestricted in this regard.On the contrary, embodiments of the present invention can apply to be applicable
Any scene.
Refering to shown in Figure 1B, in the embodiment of the present invention, a kind of method 10 for submitting vulnerability information is proposed, including:
Step 100:When detecting leak during testing the first application program, the second application program obtains described the
Testing procedure information and test environment information residing during leak occur for one application program;
Step 110:Second application program extremely leaks the testing procedure information and the test environment information, transmission
Hole management server.
In the embodiment of the present invention, the second application program sends the testing procedure information and the test environment information
To Vulnerability Management server, including:
Create the page of record leak, second application program is by the page by the testing procedure information and described
Test environment information, send to Vulnerability Management server.
For example, test process includes 10 steps altogether, there is bug, now, second when proceeding to the 6th step in test
Application program passes through the page of the record leak of establishment by the information of the step 6 of acquisition and test environment information, sends to leak
Management server.
In the embodiment of the present invention, alternatively, the test environment information installs equipment including first application program
System information, type information and first application program occur leak when the current performance index information of the equipment in
At least one.Above- mentioned information can only include one, can also include any combination, be not specifically limited herein.
System information can be android system information, IOS system informations, symbian S60 system informations, and this is several
Simply specific example, is not limited to this.
Type information can be Huawei P9, Samsung Galaxy C5, Apple 6S, Apple SE, and this simply wherein has
The example of body, is not limited to this.
In the embodiment of the present invention, alternatively, the performance index information includes starting time, flow, power consumption, described the
The size of internal memory, first application program are at least one of CPU occupation rate shared by one application program.Above- mentioned information can
Only to include one, any combination can also be included, be not specifically limited herein.
In the embodiment of the present invention, in order that more information can be obtained to optimize the application for bug occur by obtaining developer
Program, further, methods described also include:
Second application program obtains the log information of first application program to target area, and responds user's
Selection, the log information is sent to the Vulnerability Management server.Operation Log can be included in Log information, than only step
Information is more rich, and so, developer may be referred to log information when bug application program occurs in optimization and carry out targetedly
Optimization.
In the embodiment of the present invention, in order that more information can be obtained to optimize the application for bug occur by obtaining developer
Program, further, methods described also include:
First application program of the second application program acquisition interception installs equipment and applies journey described first
Screen when leak occurs for sequence (can be intercepted, the second application program intercepts or the behaviour of response user by the first application program
Make, equipment installed by the first application program and intercepted in itself), and the screen of interception is sent to the Vulnerability Management server.
So, developer may be referred to the screen message of interception when bug application program occurs in optimization.
The bug of appearance may have it is multiple, it is further, described in order to which bug preferentially higher to importance is optimized
Method also includes:
Second application program determines the class information of the leak occurred, and the class information is sent to the leakage
Hole management server.
For example, the class information of leak is major, minor etc..So, there is bug application journey in optimization in developer
It can optimize successively according to class information during sequence, for example, first optimize higher ranked bug, the junior bug of re-optimization.
In the embodiment of the present invention, in order to improve security, second application program is sent to the Vulnerability Management service
The information of device is merely able to be checked with the specified user being able to access that in the user of the Vulnerability Management server authority.
During specific implementation, the use that can check record bug information can be recorded in the page for creating record leak
The relevant information at family, for example, can be that the numbering of user or the name of user or the phone number of user etc. uniquely may be used
To determine the identification information of user.
In the embodiment of the present invention, second application program by the testing procedure information and the test environment information,
When sending to Vulnerability Management server, it is alternatively possible in the following way:
Second application program judges whether to have been registered with logging in user's correlation used in Vulnerability Management server
Information;
If so, second application program logs in the Vulnerability Management server using the user related information;
Otherwise, second application program registers the user related information, and related using the user after registration
Vulnerability Management server described in information registration.
For example, if the username and password of the Vulnerability Management server is logged in, it is necessary to register use without registration before
Name in an account book and password, the Vulnerability Management server is logged in using the username and password of registration, institute is logged in if having registered before
The username and password of Vulnerability Management server is stated, the Vulnerability Management server is directly logged in using username and password.
Refering to shown in Fig. 1 C, method 10 is briefly described with specific example below.
User installs tested application program on model Apple 6s mobile phone, opens the second application program, creates note
The bug page is recorded, occurs bug in test process, now the second application program intercepts current screen, and records and bug occurs
When residing testing procedure, performance when further obtaining above-mentioned Apple 6s system information, type information and bug occurs refers to
Information is marked, can also further obtain log information;Bug priority and the identification information of specified user are determined, and by above-mentioned section
The screen taken, the testing procedure of acquisition, system information, type information, performance index information, log information, bug priority and
The identification information of user is specified to send to Vulnerability Management server.
In this scenario, relevant information when bug occurs in the first application program can be obtained, such as test environment information,
Testing procedure information etc., it is not the intervention of tester of placing one's entire reliance upon, and then efficiency can be improved.Simultaneously as it is not to survey
Examination personnel are completely manual to be operated, and hence it is also possible to which the accuracy of information submitted caused by avoiding hand by mistake is relatively low and incomplete
Defect.
In addition, many steps have also done simplification to a certain extent, for example, need not be first saved in after above-mentioned screen printing
It is local, then sent from the screen of the local interception for finding preservation to Vulnerability Management server, the side that the embodiment of the present invention is proposed
Case can directly occur to Vulnerability Management server, it is not necessary to local is stored in advance in, it is thus possible to improve efficiency.
Exemplary means
After the method for exemplary embodiment of the invention is described, next, with reference to figure 2 to the exemplary reality of the present invention
The device 20 for applying the submission vulnerability information of mode is briefly described, and device 20 includes:
Acquiring unit 200, should for when detecting leak during testing the first application program, obtaining described first
Residing testing procedure information and test environment information during with program generation leak;
Transmitting element 210, taken for by the testing procedure information and the test environment information, sending to Vulnerability Management
Business device.
In the embodiment of the present invention, the transmitting element 210, for by first application program occur leak when it is residing
Testing procedure information and test environment information, send to Vulnerability Management server, be specially:
The page of record leak is created, by the page by the testing procedure information and the test environment information, hair
Deliver to Vulnerability Management server.
For example, test process includes 10 steps altogether, there is bug, now, second when proceeding to the 6th step in test
Application program passes through the page of the record leak of establishment by the information of the step 6 of acquisition and test environment information, sends to leak
Management server.
In the embodiment of the present invention, alternatively, the test environment information installs equipment including first application program
System information, type information and first application program occur leak when the current performance index information of the equipment in
At least one.Above- mentioned information can only include one, can also include any combination, be not specifically limited herein.
System information can be android system information, IOS system informations, symbian S60 system informations, and this is several
Simply specific example, is not limited to this.
Type information can be Huawei P9, Samsung Galaxy C5, Apple 6S, Apple SE, and this simply wherein has
The example of body, is not limited to this.
In the embodiment of the present invention, alternatively, the performance index information includes starting time, flow, power consumption, described the
The size of internal memory, first application program are at least one of occupation rate of central processor CPU shared by one application program.
Above- mentioned information can only include one, can also include any combination, be not specifically limited herein.
In the embodiment of the present invention, in order that more information can be obtained to optimize the application for bug occur by obtaining developer
Program, further, the acquiring unit 200 are additionally operable to, and the log information of first application program is obtained to target area;
The transmitting element 210 is additionally operable to, and responds the selection of user, and the log information is sent to the Vulnerability Management
Server.Operation Log can be included in Log information, more more rich than only Step Information, so, developer occurs in optimization
Log information is may be referred to during bug application program targetedly to be optimized.
In the embodiment of the present invention, in order that more information can be obtained to optimize the application for bug occur by obtaining developer
Program, further, described device 20 also include interception unit 220, and equipment is installed for intercepting first application program
Screen when leak occurs for first application program;
The transmitting element 210 is additionally operable to, and the screen of interception is sent to the Vulnerability Management server.So, develop
Personnel may be referred to the screen message of interception when bug application program occurs in optimization.
Occur bug may have it is multiple, in order to which bug preferentially higher to importance is optimized, further, the dress
Putting 20 also includes determining unit 230, for the class information for the leak for determining to occur;
The transmitting element 210 is additionally operable to, and the class information is sent to the Vulnerability Management server.
For example, the class information of leak is major, minor etc..So, developer can be with the bug that optimization occurs
Optimize successively according to class information, for example, first optimize higher ranked bug, the junior bug of re-optimization.
In the embodiment of the present invention, in order to improve security, the transmitting element 210 is sent to the Vulnerability Management server
Information be merely able to be checked with the specified user being able to access that in the user of the Vulnerability Management server authority.
During specific implementation, the use that can check record bug information can be recorded in the page for creating record leak
The relevant information at family, for example, can be that the numbering of user or the name of user or the phone number of user etc. uniquely may be used
To determine the identification information of user.
In the embodiment of the present invention, alternatively, the transmitting element 210 include judging unit 210A, log in unit 210B and
Registering unit 210C, wherein:
The judging unit 210A, for judging whether to have been registered with logging in user used in Vulnerability Management server
Relevant information;
The login unit 210B, for judging to have been registered with logging in the Vulnerability Management service in the judging unit
Used in device during user related information, the Vulnerability Management server is logged in;
The registering unit 210C, for judging the unregistered login Vulnerability Management server institute in the judging unit
During the user related information used, the user related information is registered, and log in using the user related information after registration
The Vulnerability Management server.
If for example, before without registration Vulnerability Management server username and password, it is necessary to registered user's name and close
Code, Vulnerability Management server is logged in using the username and password of registration, if having registered the use of Vulnerability Management server before
Name in an account book and password, Vulnerability Management server is directly logged in using the username and password of registration.
Refering to shown in Fig. 1 C, the operation performed by device 20 is briefly described with specific example below.
User installs tested application program on model Apple 6s mobile phone, opens the second application program, creates note
The bug page is recorded, occurs bug in test process, now the second application program intercepts current screen, and records and bug occurs
When residing testing procedure, performance when further obtaining above-mentioned Apple 6s system information, type information and bug occurs refers to
Information is marked, can also further obtain log information;Bug priority and the identification information of specified user are determined, and by above-mentioned section
The screen taken, the testing procedure of acquisition, system information, type information, performance index information, log information, bug priority and
The identification information of user is specified to send to Vulnerability Management server.
In this scenario, relevant information when bug occurs in the first application program can be obtained, such as test environment information,
Testing procedure information etc., it is not the intervention of tester of placing one's entire reliance upon, and then efficiency can be improved.Simultaneously as it is not to survey
Examination personnel are completely manual to be operated, and hence it is also possible to which the accuracy of information submitted caused by avoiding hand by mistake is relatively low and incomplete
Defect.
In addition, many steps have also done simplification to a certain extent, for example, need not be first saved in after above-mentioned screen printing
It is local, then sent from the screen of the local interception for finding preservation to Vulnerability Management server, the side that the embodiment of the present invention is proposed
Case can be sent directly to Vulnerability Management server, it is not necessary to local is stored in advance in, it is thus possible to improve efficiency.
Exemplary means
After the method and apparatus of exemplary embodiment of the invention is described, next, introducing according to the present invention's
The device for being used to submit vulnerability information of another exemplary embodiment.
Person of ordinary skill in the field it is understood that various aspects of the invention can be implemented as system, method or
Program product.Therefore, various aspects of the invention can be implemented as following form, i.e.,:It is complete hardware embodiment, complete
The embodiment combined in terms of full Software Implementation (including firmware, microcode etc.), or hardware and software, can unite here
Referred to as " circuit ", " module " or " system ".
In some possible embodiments, according to embodiment of the present invention be used for submit the device of vulnerability information can be with
Including at least one processing unit and at least one memory cell.Wherein, memory cell has program stored therein code, works as program
When the processed unit of code performs so that processing unit performs the basis described in above-mentioned " illustrative methods " part of this specification
The step being used to submit in the method for vulnerability information of the various illustrative embodiments of the present invention.For example, processing unit can be held
The step of method of the submission vulnerability information of row as shown in fig. 1b and refinement scheme.
Exemplary process product
In some possible embodiments, various aspects of the invention are also implemented as a kind of shape of program product
Formula, it includes program code, and when shown program product is being run in equipment, described program code is used to make equipment perform this theory
The submission vulnerability information according to the various illustrative embodiments of the present invention described in bright above-mentioned " illustrative methods " part of book
Step in method, for example, the step of equipment can perform the method for submission vulnerability information as shown in fig. 1b and refinement
Scheme.
Program product can use any combination of one or more computer-readable recording mediums.Computer-readable recording medium can be that readable signal is situated between
Matter or readable storage medium storing program for executing.Readable storage medium storing program for executing for example may be-but not limited to-electricity, magnetic, optical, electromagnetic, infrared
The system of line or semiconductor, device or device, or any combination above.The more specifically example of readable storage medium storing program for executing is (non-
Exhaustive list) include:Electrical connection, portable disc, hard disk, random access memory (RAM) with one or more wires,
Read-only storage (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, the read-only storage of portable compact disc
Device (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
Readable signal medium can be included in a base band or as a part of data-signal propagated of carrier wave, wherein carrying
Readable program code.The data-signal of this propagation can take various forms, including --- but being not limited to --- electromagnetism letter
Number, optical signal or above-mentioned any appropriate combination.Readable signal medium can also be beyond readable storage medium storing program for executing it is any can
Read medium, the computer-readable recording medium can send, propagate either transmit for being used by instruction execution system, device or device or
Program in connection.
The program code included on computer-readable recording medium can be transmitted with any appropriate medium, including --- but being not limited to ---
Wirelessly, wired, optical cable, RF etc., or above-mentioned any appropriate combination.
Can being combined to write the program operated for performing the present invention with one or more programming languages
Code, programming language include object oriented program language-Java, C++ etc., in addition to conventional process
Formula programming language-such as " C " language or similar programming language.Program code can be calculated fully in user
Performed in equipment, part performs or set completely in remote computation on a remote computing on the user computing device for part
Performed on standby or server.In the situation of remote computing device is related to, remote computing device can pass through the net of any kind
Network --- including LAN (LAN) or wide area network (WAN)-user calculating equipment is connected to, or, it may be connected to outside meter
Calculate equipment (such as passing through Internet connection using ISP).
It should be noted that although being referred to some units or subelement of device in above-detailed, but this stroke
It is only schematically not enforceable to divide.In fact, according to the embodiment of the present invention, it is above-described two or more
The feature and function of unit can embody in a unit.Conversely, the feature and function of an above-described unit can
To be further divided into being embodied by multiple units.
In addition, although the operation of the inventive method is described with particular order in the accompanying drawings, still, this do not require that or
Hint must perform these operations according to the particular order, or the operation having to carry out shown in whole could realize it is desired
As a result.Additionally or alternatively, it is convenient to omit some steps, multiple steps are merged into a step and performed, and/or by one
Step is decomposed into execution of multiple steps.
Although describe spirit and principles of the present invention by reference to some embodiments, it should be appreciated that, this
Invention is not limited to disclosed embodiment, and the division to each side does not mean that the feature in these aspects can not yet
Combination is to be benefited, and this division is merely to the convenience of statement.It is contemplated that cover appended claims spirit and
In the range of included various modifications and equivalent arrangements.
Claims (10)
1. a kind of method for submitting vulnerability information, including:
When detecting leak during testing the first application program, the second application program obtains the first application program hair
Residing testing procedure information and test environment information during raw leak;
Second application program sends the testing procedure information and the test environment information to Vulnerability Management service
Device.
2. the method as described in claim 1, the second application program by the testing procedure information and the test environment information,
Send to Vulnerability Management server, including:
The page of record leak is created, second application program is by the page by the testing procedure information and the test
Environmental information, send to Vulnerability Management server.
3. the method as described in claim 1, methods described also includes:
Second application program obtains the log information of first application program to target area, and responds the selection of user,
The log information is sent to the Vulnerability Management server.
4. the method as described in claim 1, methods described also includes:
First application program of the second application program acquisition interception is installed equipment and sent out in first application program
Screen during raw leak, and the screen of interception is sent to the Vulnerability Management server.
5. the method as described in claim 1, methods described also includes:
Second application program determines the class information of the leak occurred, and the class information is sent to the leak pipe
Manage server.
6. the method as described in claim 1, second application program is sent to the information of the Vulnerability Management server
It can be checked with the specified user being able to access that in the user of the Vulnerability Management server authority.
7. the method as described in claim any one of 1-6, second application program is by the testing procedure information and described
Test environment information, send to Vulnerability Management server, including:
Second application program judges whether to have been registered with logging in user related information used in Vulnerability Management server;
If so, second application program logs in the Vulnerability Management server using the user related information;
Otherwise, second application program registers the user related information, and using the user related information after registration
Log in the Vulnerability Management server.
8. a kind of device for submitting vulnerability information, including:
Acquiring unit, for when detecting leak during testing the first application program, obtaining first application program
Testing procedure information and test environment information residing during leak occurs;
Transmitting element, for sending the testing procedure information and the test environment information to Vulnerability Management server.
9. a kind of device for submitting vulnerability information, including:
One or more processor;
Memory, have program stored therein, when described program is by one or more of computing devices, described program makes described
Submit method of the device execution of vulnerability information as described in any one in claim 1-7.
10. a kind of computer-readable recording medium, the computer-readable recording medium storage has program, when described program is located
When managing device execution so that method of the computing device as described in any one in claim 1-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710567665.4A CN107368413A (en) | 2017-07-12 | 2017-07-12 | A kind of method and apparatus for submitting vulnerability information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710567665.4A CN107368413A (en) | 2017-07-12 | 2017-07-12 | A kind of method and apparatus for submitting vulnerability information |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107368413A true CN107368413A (en) | 2017-11-21 |
Family
ID=60306775
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710567665.4A Pending CN107368413A (en) | 2017-07-12 | 2017-07-12 | A kind of method and apparatus for submitting vulnerability information |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107368413A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108170605A (en) * | 2017-12-28 | 2018-06-15 | 广州启生信息技术有限公司 | Submission method, client and the computer readable storage medium of bug information |
CN110083521A (en) * | 2018-01-26 | 2019-08-02 | 南京大学 | A kind of submission of mobile application test report and processing method based on swarm intelligence |
CN110958243A (en) * | 2019-11-28 | 2020-04-03 | 米哈游科技(上海)有限公司 | Network vulnerability submitting method and device, storage medium and electronic equipment |
CN111046393A (en) * | 2019-12-14 | 2020-04-21 | 深圳市优必选科技股份有限公司 | Vulnerability information uploading method and device, terminal equipment and storage medium |
CN111475423A (en) * | 2020-06-29 | 2020-07-31 | 深圳市珍爱云信息技术有限公司 | Data entry method and device, electronic equipment and readable storage medium |
CN112749092A (en) * | 2021-01-13 | 2021-05-04 | 叮当快药科技集团有限公司 | Information processing method for managing software bugs |
CN113434417A (en) * | 2021-06-29 | 2021-09-24 | 青岛海尔科技有限公司 | Regression testing method and device for vulnerability, storage medium and electronic device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9021587B2 (en) * | 2011-10-27 | 2015-04-28 | Microsoft Technology Licensing, Llc | Detecting software vulnerabilities in an isolated computing environment |
CN105630675A (en) * | 2015-12-21 | 2016-06-01 | 浪潮集团有限公司 | Method for rapidly obtaining and submitting BUG information |
CN105740138A (en) * | 2014-12-08 | 2016-07-06 | 阿里巴巴集团控股有限公司 | Test method, test device and test system of application |
CN106294041A (en) * | 2016-07-22 | 2017-01-04 | 厦门美图移动科技有限公司 | Method, device and the mobile terminal of a kind of BUG information reporting |
-
2017
- 2017-07-12 CN CN201710567665.4A patent/CN107368413A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9021587B2 (en) * | 2011-10-27 | 2015-04-28 | Microsoft Technology Licensing, Llc | Detecting software vulnerabilities in an isolated computing environment |
CN105740138A (en) * | 2014-12-08 | 2016-07-06 | 阿里巴巴集团控股有限公司 | Test method, test device and test system of application |
CN105630675A (en) * | 2015-12-21 | 2016-06-01 | 浪潮集团有限公司 | Method for rapidly obtaining and submitting BUG information |
CN106294041A (en) * | 2016-07-22 | 2017-01-04 | 厦门美图移动科技有限公司 | Method, device and the mobile terminal of a kind of BUG information reporting |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108170605A (en) * | 2017-12-28 | 2018-06-15 | 广州启生信息技术有限公司 | Submission method, client and the computer readable storage medium of bug information |
CN110083521A (en) * | 2018-01-26 | 2019-08-02 | 南京大学 | A kind of submission of mobile application test report and processing method based on swarm intelligence |
CN110958243A (en) * | 2019-11-28 | 2020-04-03 | 米哈游科技(上海)有限公司 | Network vulnerability submitting method and device, storage medium and electronic equipment |
CN111046393A (en) * | 2019-12-14 | 2020-04-21 | 深圳市优必选科技股份有限公司 | Vulnerability information uploading method and device, terminal equipment and storage medium |
CN111475423A (en) * | 2020-06-29 | 2020-07-31 | 深圳市珍爱云信息技术有限公司 | Data entry method and device, electronic equipment and readable storage medium |
CN112749092A (en) * | 2021-01-13 | 2021-05-04 | 叮当快药科技集团有限公司 | Information processing method for managing software bugs |
CN113434417A (en) * | 2021-06-29 | 2021-09-24 | 青岛海尔科技有限公司 | Regression testing method and device for vulnerability, storage medium and electronic device |
CN113434417B (en) * | 2021-06-29 | 2023-06-16 | 青岛海尔科技有限公司 | Regression testing method and device for loopholes, storage medium and electronic device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107368413A (en) | A kind of method and apparatus for submitting vulnerability information | |
CN104407980B (en) | Mobile solution automatic test device and method | |
Li et al. | Decentralized is not risk-free: Understanding public perceptions of privacy-utility trade-offs in COVID-19 contact-tracing apps | |
CN110427323A (en) | A kind of application testing method, device, proxy server and system | |
CN105338110A (en) | Remote debugging method, platform and server | |
AU2017279667B2 (en) | Automated data collection and analytics | |
CN109636317A (en) | Service control method, device, system and storage medium | |
CN104731566B (en) | Integrated Development Environment test device, method and system | |
US10977161B2 (en) | Automatic intelligent cloud service testing tool | |
WO2021202854A1 (en) | Automatic contact tracing | |
US10612940B2 (en) | Flow meter reading with image recognition secured with mask and software connected by mobile device | |
CN105095078A (en) | Systematic automation testing device and method and calculating device | |
CN104579830B (en) | service monitoring method and device | |
CN108984389A (en) | A kind of applied program testing method and terminal device | |
US9286195B2 (en) | Derivation of generalized test cases | |
CN106326088A (en) | Test object constructing method and device, and service configuration testing device | |
CN105975272A (en) | Method and system for generating unique device number of device | |
CN107038120A (en) | A kind of method for testing software and equipment | |
US20200117584A1 (en) | Zero coding automation with natural language processing, such as for use in testing telecommunications software and resources | |
JP2021002326A (en) | Refinement of repair patterns for static analysis violations in software programs | |
US20210286706A1 (en) | Graph-based method for inductive bug localization | |
CN104536745A (en) | Task modification method and device | |
CN111813648A (en) | Automatic testing method and device applied to App, storage medium and electronic equipment | |
CN115022201B (en) | Data processing function test method, device, equipment and storage medium | |
CN103812730A (en) | Multiple cell TTCN (Tree and Tabular Combined Notation) protocol conformance test platform system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171121 |
|
RJ01 | Rejection of invention patent application after publication |