CN108319854A - A kind of incremental code static scanning method, equipment and computer readable storage medium - Google Patents
A kind of incremental code static scanning method, equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN108319854A CN108319854A CN201711482490.3A CN201711482490A CN108319854A CN 108319854 A CN108319854 A CN 108319854A CN 201711482490 A CN201711482490 A CN 201711482490A CN 108319854 A CN108319854 A CN 108319854A
- Authority
- CN
- China
- Prior art keywords
- code
- incremental
- branch
- code file
- static
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Stored Programmes (AREA)
- Debugging And Monitoring (AREA)
Abstract
The present invention proposes a kind of incremental code static scanning method, including:When detecting that any incremental code is added to exploitation code branch, based on the default first foundation code file set in the exploitation code branch, the exploitation code branch is scanned, the first incremental code file changed;In the first foundation code collection, the corresponding unmodified first foundation code file of the first incremental code file is determined;Static code scanning is executed respectively to the first foundation code file and the first incremental code file, obtains the static code scanning information of all incremental codes.The invention also discloses a kind of incremental code static scanning equipment and computer readable storage mediums, by implementing said program, it realizes and real-time static code scanning is carried out to the incremental code for being added to code branch, vulnerability information, security information and the specification information for obtaining incremental code in real time effectively increase the efficiency of management of code and write efficiency.
Description
Technical field
The present invention relates to a kind of code administration technical field more particularly to incremental code static scanning method, equipment and meters
Calculation machine readable storage medium storing program for executing.
Background technology
With the fast development of computer program, need multiple program development engineers respectively in computer program project
Different code branches are developed respectively, it is therefore desirable to are managed to computer program item destination code version, to ensure
Computer program item purpose is smoothly developed.
The scan mode of existing computer program item destination code version is by manually triggering or clocked flip, to meter
Full dose code in all code branches in calculation machine procedural item carries out static scanning, to obtain full dose code in code branch
Static scanning information, can not accurately obtain the static scanning information of incremental code in code branch;Simultaneously to computer program
Full dose code in all code branches in project carries out static scanning, the more situation of code quantity in code branch
Under, the static scanning time is longer, obtains the inefficiency of static scanning information.
Invention content
The present invention proposes a kind of incremental code static scanning method, equipment and computer readable storage medium, to solve
The problem of real-time static scanning can not being carried out to the incremental code in code branch in computer program project in the prior art.
The technical solution adopted by the present invention is to provide a kind of incremental code static scanning method, including:
When detecting that any incremental code is added to exploitation code branch, based on default in the exploitation code branch
First foundation code file set is scanned the exploitation code branch, the first incremental code file changed;
In the first foundation code collection, corresponding the first unmodified base of the first incremental code file is determined
Plinth code file;
Static code scanning is executed respectively to the first foundation code file and the first incremental code file, is obtained
The static code scanning information of all incremental codes.
Optionally, before any incremental code is added to exploitation code branch, the method further includes:
When creating the exploitation code branch, the code file set in the main code branch is set as described
One foundation code file set;
Wherein, the exploitation code branches into the tributary branches of main code branch.
Optionally, described that static generation is executed respectively to the first foundation code file and the first incremental code file
Code scanning, obtains the static code scanning information of any incremental code, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to the exploitation code point
Zhi Jinhang is over-scanned;
In judgement before detecting that any incremental code is added to exploitation code branch, not to the exploitation code branch
In the case of being over-scanned, is executed respectively to the first foundation code file and the first incremental code file static generation
Code scanning, obtains the static code scanning information of all incremental codes.
Optionally, the method further includes:
In judgement before detecting that any incremental code is added to exploitation code branch, to the exploitation code branch
It is over-scanned, in the case of the first incremental code file set changed, judges the first incremental code file
Whether include the first incremental code file in set;
If it is determined that including the first incremental code file in the first incremental code file set, then respectively to second
Foundation code file set and the first incremental code file set execute static code scanning, obtain all increment generations
The static code scanning information of code;Wherein, the second foundation code file set, including:The first incremental code file
Corresponding the second unmodified foundation code file of each incremental code file in set;
If it is determined that not including the first incremental code file in the first incremental code file set, then respectively to the
Three foundation code file sets and the second incremental code file set execute static code scanning, obtain all increments
The static code scanning information of code;Wherein, the second incremental code file set, including:First incremental code file set
Each incremental code file and the first incremental code file in conjunction;The third foundation code file set, including:Institute
State the corresponding unmodified third foundation code file of each incremental code file in the first incremental code file set and described
First foundation code file.
Optionally, the static code scanning information includes at least one of following information:
The rule of the loophole bug information of the incremental code, the security information of the incremental code and the incremental code
Model information.
The present invention also provides a kind of incremental code static scanning equipment, the incremental code static scanning equipment includes processing
Device and memory;
The processor is used to execute the program of the incremental code static scanning stored in memory, to realize following step
Suddenly:
When detecting that any incremental code is added to exploitation code branch, based on default in the exploitation code branch
First foundation code file set is scanned the exploitation code branch, the first incremental code file changed;
In the first foundation code collection, corresponding the first unmodified base of the first incremental code file is determined
Plinth code file;
Static code scanning is executed respectively to the first foundation code file and the first incremental code file, is obtained
The static code scanning information of all incremental codes.
Optionally, before any incremental code is added to exploitation code branch, the processor is additionally operable to execute
The program of the incremental code static scanning, to realize following steps:
When creating the exploitation code branch, the code file set in the main code branch is set as described
One foundation code file set;
Wherein, the exploitation code branches into the tributary branches of main code branch.
Optionally, described that static generation is executed respectively to the first foundation code file and the first incremental code file
Code scanning, obtains the static code scanning information of any incremental code, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to the exploitation code point
Zhi Jinhang is over-scanned;
In judgement before detecting that any incremental code is added to exploitation code branch, not to the exploitation code branch
In the case of being over-scanned, is executed respectively to the first foundation code file and the first incremental code file static generation
Code scanning, obtains the static code scanning information of all incremental codes.
Optionally, the processor is additionally operable to execute the program of the incremental code static scanning, to realize following steps:
In judgement before detecting that any incremental code is added to exploitation code branch, to the exploitation code branch
It is over-scanned, in the case of the first incremental code file set changed, judges the first incremental code file
Whether include the first incremental code file in set;
If it is determined that including the first incremental code file in the first incremental code file set, then respectively to second
Foundation code file set and the first incremental code file set execute static code scanning, obtain all increment generations
The static code scanning information of code;Wherein, the second foundation code file set, including:The first incremental code file
Corresponding the second unmodified foundation code file of each incremental code file in set;
If it is determined that not including the first incremental code file in the first incremental code file set, then respectively to the
Three foundation code file sets and the second incremental code file set execute static code scanning, obtain all increments
The static code scanning information of code;Wherein, the second incremental code file set, including:First incremental code file set
Each incremental code file and the first incremental code file in conjunction;The third foundation code file set, including:Institute
State the corresponding unmodified third foundation code file of each incremental code file in the first incremental code file set and described
First foundation code file.
Optionally, the static code scanning information includes at least one of following information:
The rule of the loophole bug information of the incremental code, the security information of the incremental code and the incremental code
Model information.
The present invention also provides a kind of computer readable storage medium, the computer-readable recording medium storage there are one or
The multiple programs of person, one or more of programs can be executed by one or more processor, to realize above-mentioned increment generation
The step of code static scanning method.
Using above-mentioned technical proposal, the present invention at least has following advantages:
A kind of incremental code static scanning method, equipment and computer readable storage medium of the present invention, realize pair
The incremental code for being added to code branch carries out real-time static code scanning, obtains vulnerability information, the safety of incremental code in real time
Information and specification information effectively increase the efficiency of management of code and write efficiency.
Description of the drawings
Fig. 1 is the incremental code static scanning method flow diagram of first embodiment of the invention;
Fig. 2 is the incremental code static scanning method flow diagram of second embodiment of the invention;
Fig. 3 is the incremental code static scanning method flow diagram of third embodiment of the invention;
Fig. 4 is the incremental code static scanning method flow diagram of fourth embodiment of the invention;
Fig. 5 is that the incremental code static scanning equipment of the 5th to the 8th embodiment of the invention forms structural schematic diagram.
Specific implementation mode
Further to illustrate the present invention to reach the technological means and effect that predetermined purpose is taken, below in conjunction with attached drawing
And preferred embodiment, the present invention is described in detail as after.
First embodiment of the invention, a kind of incremental code static scanning method, as shown in Figure 1, including step in detail below:
Step S101, when detecting that any incremental code is added to exploitation code branch, based in exploitation code branch
Default first foundation code file set, to exploitation code, branch is scanned, the first incremental code for having been changed text
Part.
Wherein, the first incremental code file includes any incremental code.
In the present embodiment, the quantity of the first incremental code file is not specifically limited, can is one, can also be
It is multiple.
Optionally, step S101, including:
When detecting that any incremental code is added to exploitation code branch by preset detection script, based on exploitation generation
The mark of code branch, obtains the default first foundation code file set in exploitation code branch;Wherein, first foundation code text
Part collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, based on exploitation code branch
The tributary branches of code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned,
The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Such as:When detecting that any incremental code is added to exploitation code branch by the Ci plug-in units in GitLab, base
In the mark of exploitation code branch, the default first foundation code file set in exploitation code branch is obtained;Wherein, the first base
Plinth code file collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, exploitation code
Branch into the tributary branches of main code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned,
The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Wherein, GitLab is the open source projects for warehouse management system, using Git as code management tools, and
The web services come are erected on the basis of this.
Step S102 determines the first incremental code file corresponding unmodified first in first foundation code collection
Foundation code file.
In the present embodiment, the first incremental code file includes:Code in first foundation code file and any increasing
Measure code.
Step S103 executes static code scanning to first foundation code file and the first incremental code file, obtains respectively
To the static code scanning information of all incremental codes.
Optionally, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Optionally, step S103, including:
Edition code on the basis of first foundation code file is arranged, and set the first incremental code file to target version
This code obtains all incremental codes by executing static code scanning respectively to benchmark edition code and target version code
Static code scanning information;Wherein, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Wherein, static code scanning refers in soft project, and programmer needs not move through compiler volume after finishing writing code
It translates, and directly code is scanned using scanning tools, find out code some semantics flaws present in and/or safety leakage
The solution in hole;It can find much dynamically to test indiscoverable defect in code.
By having detected whether that incremental code is added to exploitation code branch, with triggering to incremental code corresponding code text
The static code of part scans, and realizes the static code scanning in real time to incremental code, is effectively improved static code scanning
Efficiency;Due to only obtaining the static code scanning information of the corresponding code file of incremental code, engineer is greatly improved
Solve the efficiency of code issue.
The incremental code static scanning method of first embodiment of the invention realizes the increment generation to being added to code branch
Code carries out real-time static code scanning, obtains vulnerability information, security information and the specification information of incremental code in real time, effectively improves
The efficiency of management of code and write efficiency.
Second embodiment of the invention, a kind of incremental code static scanning method, as shown in Fig. 2, including step in detail below:
Code file set in main code branch is set as first by step S201 when creating exploitation code branch
Foundation code file set.
Wherein, exploitation code branches into the tributary branches of main code branch.
When creating tributary branches (exploitation code branch) for main code branch, by the code file collection in main code branch
The foundation code file set copied as in exploitation code branch is closed, so that engineer is on the basis of foundation code file set
It is further to increase function code (incremental code).
By the way that foundation code file set is arranged for exploitation code branch, there is incremental code to be added to exploitation code to work as
It, can be using foundation code file set as baseline version, using the corresponding incremental code file of incremental code as target version when branch
This, carries out static code scanning, to improve to exploitation to the corresponding incremental code file of incremental code in exploitation code branch
The static code scan efficiency of code in code branch avoids and carries out static generation to code all in exploitation code branch
The low problem of static code scan efficiency caused by code scanning.
Step S202, when detecting that any incremental code is added to exploitation code branch, based in exploitation code branch
First foundation code file set, to exploitation code, branch is scanned, the first incremental code file changed.
Wherein, the first incremental code file includes any incremental code.
In the present embodiment, the quantity of the first incremental code file is not specifically limited, can is one, can also be
It is multiple.
Optionally, step S202, including:
When detecting that any incremental code is added to exploitation code branch by preset detection script, based on exploitation generation
The mark of code branch, obtains the default first foundation code file set in exploitation code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned,
The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Such as:When detecting that any incremental code is added to exploitation code branch by the Ci plug-in units in GitLab, base
In the mark of exploitation code branch, the default first foundation code file set in exploitation code branch is obtained;Wherein, the first base
Plinth code file collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, exploitation code
Branch into the tributary branches of main code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned,
The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Wherein, GitLab is the open source projects for warehouse management system, using Git as code management tools, and
The web services come are erected on the basis of this.
Step S203 determines the first incremental code file corresponding unmodified first in first foundation code collection
Foundation code file.
In the present embodiment, the first incremental code file includes:Code in first foundation code file and any increasing
Measure code.
Step S204 executes static code scanning to first foundation code file and the first incremental code file, obtains respectively
To the static code scanning information of all incremental codes.
Optionally, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Optionally, step S204, including:
Edition code on the basis of first foundation code file is arranged, and set the first incremental code file to target version
This code obtains all incremental codes by executing static code scanning respectively to benchmark edition code and target version code
Static code scanning information;Wherein, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Wherein, static code scanning refers in soft project, and programmer needs not move through compiler volume after finishing writing code
It translates, and directly code is scanned using scanning tools, find out code some semantics flaws present in and/or safety leakage
The solution in hole;It can find much dynamically to test indiscoverable defect in code.
By having detected whether that incremental code is added to exploitation code branch, with triggering to incremental code corresponding code text
The static code of part scans, and realizes the static code scanning in real time to incremental code, is effectively improved static code scanning
Efficiency;Due to only obtaining the static code scanning information of the corresponding code file of incremental code, engineer is greatly improved
Solve the efficiency of code issue.
The incremental code static scanning method of second embodiment of the invention realizes the increment generation to being added to code branch
Code carries out real-time static code scanning, obtains vulnerability information, security information and the specification information of incremental code in real time, effectively improves
The efficiency of management of code and write efficiency.
Third embodiment of the invention, a kind of incremental code static scanning method, as shown in figure 3, including step in detail below:
Step S301, when detecting that any incremental code is added to exploitation code branch, based in exploitation code branch
Default first foundation code file set, to exploitation code, branch is scanned, the first incremental code for having been changed text
Part.
Wherein, the first incremental code file includes any incremental code.
In the present embodiment, the quantity of the first incremental code file is not specifically limited, can is one, can also be
It is multiple.
Optionally, step S301, including:
When detecting that any incremental code is added to exploitation code branch by preset detection script, based on exploitation generation
The mark of code branch, obtains the default first foundation code file set in exploitation code branch;Wherein, first foundation code text
Part collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, based on exploitation code branch
The tributary branches of code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned,
The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Such as:When detecting that any incremental code is added to exploitation code branch by the Ci plug-in units in GitLab, base
In the mark of exploitation code branch, the default first foundation code file set in exploitation code branch is obtained;Wherein, the first base
Plinth code file collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, exploitation code
Branch into the tributary branches of main code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned,
The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Wherein, GitLab is the open source projects for warehouse management system, using Git as code management tools, and
The web services come are erected on the basis of this.
Step S302 determines the first incremental code file corresponding unmodified first in first foundation code collection
Foundation code file.
In the present embodiment, the first incremental code file includes:Code in first foundation code file and any increasing
Measure code.
Step S303 executes static code scanning to first foundation code file and the first incremental code file, obtains respectively
To the static code scanning information of all incremental codes.
Optionally, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Optionally, step S303, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to exploitation code branch into
Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is not carried out
In the case of overscanning, static code scanning is executed respectively to first foundation code file and the first incremental code file, is obtained
The static code scanning information of all incremental codes.
Optionally, step S303, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to exploitation code branch into
Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is not carried out
In the case of overscanning, edition code on the basis of first foundation code file is arranged, and the first incremental code file is arranged
Owned by executing static code scanning respectively to benchmark edition code and target version code for target version code
The static code scanning information of incremental code;Wherein, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Wherein, static code scanning refers in soft project, and programmer needs not move through compiler volume after finishing writing code
It translates, and directly code is scanned using scanning tools, find out code some semantics flaws present in and/or safety leakage
The solution in hole;It can find much dynamically to test indiscoverable defect in code.
By having detected whether that incremental code is added to exploitation code branch, with triggering to incremental code corresponding code text
The static code of part scans, and realizes the static code scanning in real time to incremental code, is effectively improved static code scanning
Efficiency;Due to only obtaining the static code scanning information of the corresponding code file of incremental code, engineer is greatly improved
Solve the efficiency of code issue.
The incremental code static scanning method of third embodiment of the invention realizes the increment generation to being added to code branch
Code carries out real-time static code scanning, obtains vulnerability information, security information and the specification information of incremental code in real time, effectively improves
The efficiency of management of code and write efficiency.
Fourth embodiment of the invention, a kind of incremental code static scanning method, as shown in figure 4, including step in detail below:
Step S401, when detecting that any incremental code is added to exploitation code branch, based in exploitation code branch
Default first foundation code file set, to exploitation code, branch is scanned, the first incremental code for having been changed text
Part.
Wherein, the first incremental code file includes any incremental code.
In the present embodiment, the quantity of the first incremental code file is not specifically limited, can is one, can also be
It is multiple.
Optionally, step S401, including:
When detecting that any incremental code is added to exploitation code branch by preset detection script, based on exploitation generation
The mark of code branch, obtains the default first foundation code file set in exploitation code branch;Wherein, first foundation code text
Part collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, based on exploitation code branch
The tributary branches of code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned,
The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Such as:When detecting that any incremental code is added to exploitation code branch by the Ci plug-in units in GitLab, base
In the mark of exploitation code branch, the default first foundation code file set in exploitation code branch is obtained;Wherein, the first base
Plinth code file collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, exploitation code
Branch into the tributary branches of main code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned,
The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Wherein, GitLab is the open source projects for warehouse management system, using Git as code management tools, and
The web services come are erected on the basis of this.
Step S402 determines the first incremental code file corresponding unmodified first in first foundation code collection
Foundation code file.
In the present embodiment, the first incremental code file includes:Code in first foundation code file and any increasing
Measure code.
Step S403 executes static code scanning to first foundation code file and the first incremental code file, obtains respectively
To the static code scanning information of all incremental codes.
Optionally, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Optionally, step S403, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to exploitation code branch into
Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is not carried out
In the case of overscanning, static code scanning is executed respectively to first foundation code file and the first incremental code file, is obtained
The static code scanning information of all incremental codes;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is carried out
Overscanning, in the case of the first incremental code file set changed, judge be in the first incremental code file set
No includes the first incremental code file;
If it is determined that including the first incremental code file in the first incremental code file set, then respectively to the second foundation code
File set and the first incremental code file set execute static code scanning, obtain the static code scanning of all incremental codes
Information;Wherein, the second foundation code file set, including:Each incremental code file pair in first incremental code file set
The the second unmodified foundation code file answered;
If it is determined that not including the first incremental code file in the first incremental code file set, then respectively to third basis generation
Code file set and the second incremental code file set execute static code scanning, and the static code for obtaining all incremental codes is swept
Retouch information;Wherein, the second incremental code file set, including:Each incremental code file in first incremental code file set,
And the first incremental code file;Third foundation code file set, including:Each increment generation in first incremental code file set
Code file corresponding unmodified third foundation code file and first foundation code file.
Optionally, step S403, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to exploitation code branch into
Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is not carried out
In the case of overscanning, edition code on the basis of first foundation code file is arranged, and the first incremental code file is arranged
Owned by executing static code scanning respectively to benchmark edition code and target version code for target version code
The static code scanning information of incremental code;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is carried out
Overscanning, in the case of the first incremental code file set changed, judge be in the first incremental code file set
No includes the first incremental code file;
If it is determined that including the first incremental code file in the first incremental code file set, then by the second foundation code file
Edition code on the basis of set setting, and set the first incremental code file set to target version code, by benchmark
Edition code executes static code scanning respectively with target version code, obtains the static code scanning letter of all incremental codes
Breath;Wherein, the second foundation code file set, including:Each incremental code file corresponds in first incremental code file set
The second unmodified foundation code file;
If it is determined that not including the first incremental code file in the first incremental code file set, then by third foundation code text
Edition code on the basis of the setting of part set, and set the second incremental code file set to target version code, by base
Quasi- edition code executes static code scanning respectively with target version code, obtains the static code scanning letter of all incremental codes
Breath;Wherein, the second incremental code file set, including:Each incremental code file and in first incremental code file set
One incremental code file;Third foundation code file set, including:Each incremental code text in first incremental code file set
Part corresponding unmodified third foundation code file and first foundation code file.
Wherein, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Wherein, static code scanning refers in soft project, and programmer needs not move through compiler volume after finishing writing code
It translates, and directly code is scanned using scanning tools, find out code some semantics flaws present in and/or safety leakage
The solution in hole;It can find much dynamically to test indiscoverable defect in code.
By having detected whether that incremental code is added to exploitation code branch, with triggering to incremental code corresponding code text
The static code of part scans, and realizes the static code scanning in real time to incremental code, is effectively improved static code scanning
Efficiency;Due to only obtaining the static code scanning information of the corresponding code file of incremental code, engineer is greatly improved
Solve the efficiency of code issue.
The incremental code static scanning method of fourth embodiment of the invention realizes the increment generation to being added to code branch
Code carries out real-time static code scanning, obtains vulnerability information, security information and the specification information of incremental code in real time, effectively improves
The efficiency of management of code and write efficiency.
Fifth embodiment of the invention, a kind of incremental code static scanning equipment, as shown in figure 5, including consisting of part:
Processor 601 and memory 602.In some embodiments of the invention, processor 601 and memory 602 can lead to
Cross bus or other manner connection.
Processor 601 can be general processor, such as central processing unit (Central Processing Unit,
CPU), it can also be digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (English:
Application Specific Integrated Circuit, ASIC), or be arranged to implement the embodiment of the present invention
One or more integrated circuits.Wherein, memory 602 is used to store the executable instruction of processor 601;
Memory 602 is transferred to processor 601 for storing program code, and by the program code.Memory 602 can
To include volatile memory (Volatile Memory), such as random access memory (Random Access Memory,
RAM);Memory 602 can also include nonvolatile memory (Non-Volatile Memory), such as read-only memory
(Read-Only Memory, ROM), flash memory (Flash Memory), hard disk (Hard Disk Drive, HDD) or solid
State hard disk (Solid-State Drive, SSD);Memory 602 can also include the combination of the memory of mentioned kind.
Wherein, the program code management code that processor 601 is used to that memory 602 to be called to store executes following operation:
1) when detecting that any incremental code is added to exploitation code branch, based on default the in exploitation code branch
One foundation code file set, to exploitation code, branch is scanned, the first incremental code file changed.
Wherein, the first incremental code file includes any incremental code.
In the present embodiment, the quantity of the first incremental code file is not specifically limited, can is one, can also be
It is multiple.
Optionally, when detecting that any incremental code is added to exploitation code branch, based in exploitation code branch
Default first foundation code file set, to exploitation code, branch is scanned, the first incremental code file changed
Mode, including:
When detecting that any incremental code is added to exploitation code branch by preset detection script, based on exploitation generation
The mark of code branch, obtains the default first foundation code file set in exploitation code branch;Wherein, first foundation code text
Part collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, based on exploitation code branch
The tributary branches of code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned,
The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Such as:When detecting that any incremental code is added to exploitation code branch by the Ci plug-in units in GitLab, base
In the mark of exploitation code branch, the default first foundation code file set in exploitation code branch is obtained;Wherein, the first base
Plinth code file collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, exploitation code
Branch into the tributary branches of main code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned,
The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Wherein, GitLab is the open source projects for warehouse management system, using Git as code management tools, and
The web services come are erected on the basis of this.
2) in first foundation code collection, the corresponding unmodified first foundation code of the first incremental code file is determined
File.
In the present embodiment, the first incremental code file includes:Code in first foundation code file and any increasing
Measure code.
3) static code scanning is executed respectively to first foundation code file and the first incremental code file, obtains all increasings
Measure the static code scanning information of code.
Optionally, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Optionally, static code scanning is executed respectively to first foundation code file and the first incremental code file, obtained
The mode of the static code scanning information of all incremental codes, including:
Edition code on the basis of first foundation code file is arranged, and set the first incremental code file to target version
This code obtains all incremental codes by executing static code scanning respectively to benchmark edition code and target version code
Static code scanning information;Wherein, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Wherein, static code scanning refers in soft project, and programmer needs not move through compiler volume after finishing writing code
It translates, and directly code is scanned using scanning tools, find out code some semantics flaws present in and/or safety leakage
The solution in hole;It can find much dynamically to test indiscoverable defect in code.
By having detected whether that incremental code is added to exploitation code branch, with triggering to incremental code corresponding code text
The static code of part scans, and realizes the static code scanning in real time to incremental code, is effectively improved static code scanning
Efficiency;Due to only obtaining the static code scanning information of the corresponding code file of incremental code, engineer is greatly improved
Solve the efficiency of code issue.
The incremental code static scanning equipment of fifth embodiment of the invention realizes the increment generation to being added to code branch
Code carries out real-time static code scanning, obtains vulnerability information, security information and the specification information of incremental code in real time, effectively improves
The efficiency of management of code and write efficiency.
Sixth embodiment of the invention, a kind of incremental code static scanning equipment, as shown in figure 5, including consisting of part:
Processor 601 and memory 602.In some embodiments of the invention, processor 601 and memory 602 can lead to
Cross bus or other manner connection.
Processor 601 can be general processor, such as central processing unit (Central Processing Unit,
CPU), it can also be digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (English:
Application Specific Integrated Circuit, ASIC), or be arranged to implement the embodiment of the present invention
One or more integrated circuits.Wherein, memory 602 is used to store the executable instruction of processor 601;
Memory 602 is transferred to processor 601 for storing program code, and by the program code.Memory 602 can
To include volatile memory (Volatile Memory), such as random access memory (RandomAccess Memory,
RAM);Memory 602 can also include nonvolatile memory (Non-Volatile Memory), such as read-only memory
(Read-Only Memory, ROM), flash memory (Flash Memory), hard disk (Hard Disk Drive, HDD) or solid
State hard disk (Solid-State Drive, SSD);Memory 602 can also include the combination of the memory of mentioned kind.
Wherein, the program code management code that processor 601 is used to that memory 602 to be called to store executes following operation:
1) when creating exploitation code branch, the code file set in main code branch is set to first foundation code
File set.
Wherein, exploitation code branches into the tributary branches of main code branch.
When creating tributary branches (exploitation code branch) for main code branch, by the code file collection in main code branch
The foundation code file set copied as in exploitation code branch is closed, so that engineer is on the basis of foundation code file set
It is further to increase function code (incremental code).
By the way that foundation code file set is arranged for exploitation code branch, there is incremental code to be added to exploitation code to work as
It, can be using foundation code file set as baseline version, using the corresponding incremental code file of incremental code as target version when branch
This, carries out static code scanning, to improve to exploitation to the corresponding incremental code file of incremental code in exploitation code branch
The static code scan efficiency of code in code branch avoids and carries out static generation to code all in exploitation code branch
The low problem of static code scan efficiency caused by code scanning.
2) when detecting that any incremental code is added to exploitation code branch, based on the first base in exploitation code branch
Plinth code file set, to exploitation code, branch is scanned, the first incremental code file changed.
Wherein, the first incremental code file includes any incremental code.
In the present embodiment, the quantity of the first incremental code file is not specifically limited, can is one, can also be
It is multiple.
Optionally, when detecting that any incremental code is added to exploitation code branch, based in exploitation code branch
First foundation code file set, to exploitation code, branch is scanned, the side for the first incremental code file changed
Formula, including:
When detecting that any incremental code is added to exploitation code branch by preset detection script, based on exploitation generation
The mark of code branch, obtains the default first foundation code file set in exploitation code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned,
The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Such as:When detecting that any incremental code is added to exploitation code branch by the Ci plug-in units in GitLab, base
In the mark of exploitation code branch, the default first foundation code file set in exploitation code branch is obtained;Wherein, the first base
Plinth code file collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, exploitation code
Branch into the tributary branches of main code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned,
The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Wherein, GitLab is the open source projects for warehouse management system, using Git as code management tools, and
The web services come are erected on the basis of this.
3) in first foundation code collection, the corresponding unmodified first foundation code of the first incremental code file is determined
File.
In the present embodiment, the first incremental code file includes:Code in first foundation code file and any increasing
Measure code.
4) static code scanning is executed respectively to first foundation code file and the first incremental code file, obtains all increasings
Measure the static code scanning information of code.
Optionally, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Optionally, static code scanning is executed respectively to first foundation code file and the first incremental code file, obtained
The mode of the static code scanning information of all incremental codes, including:
Edition code on the basis of first foundation code file is arranged, and set the first incremental code file to target version
This code obtains all incremental codes by executing static code scanning respectively to benchmark edition code and target version code
Static code scanning information;Wherein, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Wherein, static code scanning refers in soft project, and programmer needs not move through compiler volume after finishing writing code
It translates, and directly code is scanned using scanning tools, find out code some semantics flaws present in and/or safety leakage
The solution in hole;It can find much dynamically to test indiscoverable defect in code.
By having detected whether that incremental code is added to exploitation code branch, with triggering to incremental code corresponding code text
The static code of part scans, and realizes the static code scanning in real time to incremental code, is effectively improved static code scanning
Efficiency;Due to only obtaining the static code scanning information of the corresponding code file of incremental code, engineer is greatly improved
Solve the efficiency of code issue.
The incremental code static state of sixth embodiment of the invention sweeps equipment, realizes the incremental code to being added to code branch
Real-time static code scanning is carried out, vulnerability information, security information and the specification information of incremental code is obtained in real time, effectively increases
The efficiency of management of code and write efficiency.
Seventh embodiment of the invention, a kind of incremental code static scanning equipment, as shown in figure 5, including consisting of part:
Processor 601 and memory 602.In some embodiments of the invention, processor 601 and memory 602 can lead to
Cross bus or other manner connection.
Processor 601 can be general processor, such as central processing unit (Central Processing Unit,
CPU), it can also be digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (English:
Application Specific Integrated Circuit, ASIC), or be arranged to implement the embodiment of the present invention
One or more integrated circuits.Wherein, memory 602 is used to store the executable instruction of processor 601;
Memory 602 is transferred to processor 601 for storing program code, and by the program code.Memory 602 can
To include volatile memory (Volatile Memory), such as random access memory (Random Access Memory,
RAM);Memory 602 can also include nonvolatile memory (Non-Volatile Memory), such as read-only memory
(Read-Only Memory, ROM), flash memory (Flash Memory), hard disk (Hard Disk Drive, HDD) or solid
State hard disk (Solid-State Drive, SSD);Memory 602 can also include the combination of the memory of mentioned kind.
Wherein, the program code management code that processor 601 is used to that memory 602 to be called to store executes following operation:
1) when detecting that any incremental code is added to exploitation code branch, based on default the in exploitation code branch
One foundation code file set, to exploitation code, branch is scanned, the first incremental code file changed.
Wherein, the first incremental code file includes any incremental code.
In the present embodiment, the quantity of the first incremental code file is not specifically limited, can is one, can also be
It is multiple.
Optionally, when detecting that any incremental code is added to exploitation code branch, based in exploitation code branch
Default first foundation code file set, to exploitation code, branch is scanned, the first incremental code file changed
Mode, including:
When detecting that any incremental code is added to exploitation code branch by preset detection script, based on exploitation generation
The mark of code branch, obtains the default first foundation code file set in exploitation code branch;Wherein, first foundation code text
Part collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, based on exploitation code branch
The tributary branches of code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned,
The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Such as:When detecting that any incremental code is added to exploitation code branch by the Ci plug-in units in GitLab, base
In the mark of exploitation code branch, the default first foundation code file set in exploitation code branch is obtained;Wherein, the first base
Plinth code file collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, exploitation code
Branch into the tributary branches of main code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned,
The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Wherein, GitLab is the open source projects for warehouse management system, using Git as code management tools, and
The web services come are erected on the basis of this.
2) in first foundation code collection, the corresponding unmodified first foundation code of the first incremental code file is determined
File.
In the present embodiment, the first incremental code file includes:Code in first foundation code file and any increasing
Measure code.
3) static code scanning is executed respectively to first foundation code file and the first incremental code file, obtains all increasings
Measure the static code scanning information of code.
Optionally, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Optionally, static code scanning is executed respectively to first foundation code file and the first incremental code file, obtained
The mode of the static code scanning information of all incremental codes, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to exploitation code branch into
Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is not carried out
In the case of overscanning, static code scanning is executed respectively to first foundation code file and the first incremental code file, is obtained
The static code scanning information of all incremental codes.
Optionally, static code scanning is executed respectively to first foundation code file and the first incremental code file, obtained
The mode of the static code scanning information of all incremental codes, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to exploitation code branch into
Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is not carried out
In the case of overscanning, edition code on the basis of first foundation code file is arranged, and the first incremental code file is arranged
Owned by executing static code scanning respectively to benchmark edition code and target version code for target version code
The static code scanning information of incremental code;Wherein, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Wherein, static code scanning refers in soft project, and programmer needs not move through compiler volume after finishing writing code
It translates, and directly code is scanned using scanning tools, find out code some semantics flaws present in and/or safety leakage
The solution in hole;It can find much dynamically to test indiscoverable defect in code.
By having detected whether that incremental code is added to exploitation code branch, with triggering to incremental code corresponding code text
The static code of part scans, and realizes the static code scanning in real time to incremental code, is effectively improved static code scanning
Efficiency;Due to only obtaining the static code scanning information of the corresponding code file of incremental code, engineer is greatly improved
Solve the efficiency of code issue.
The incremental code static scanning equipment of seventh embodiment of the invention realizes the increment generation to being added to code branch
Code carries out real-time static code scanning, obtains vulnerability information, security information and the specification information of incremental code in real time, effectively improves
The efficiency of management of code and write efficiency.
Eighth embodiment of the invention, a kind of incremental code static scanning equipment, as shown in figure 5, including consisting of part:
Processor 601 and memory 602.In some embodiments of the invention, processor 601 and memory 602 can lead to
Cross bus or other manner connection.
Processor 601 can be general processor, such as central processing unit (Central Processing Unit,
CPU), it can also be digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (English:
Application Specific Integrated Circuit, ASIC), or be arranged to implement the embodiment of the present invention
One or more integrated circuits.Wherein, memory 602 is used to store the executable instruction of processor 601;
Memory 602 is transferred to processor 601 for storing program code, and by the program code.Memory 602 can
To include volatile memory (Volatile Memory), such as random access memory (Random Access Memory,
RAM);Memory 602 can also include nonvolatile memory (Non-Volatile Memory), such as read-only memory
(Read-Only Memory, ROM), flash memory (Flash Memory), hard disk (Hard Disk Drive, HDD) or solid
State hard disk (Solid-State Drive, SSD);Memory 602 can also include the combination of the memory of mentioned kind.
Wherein, the program code management code that processor 601 is used to that memory 602 to be called to store executes following operation:
1) when detecting that any incremental code is added to exploitation code branch, based on default the in exploitation code branch
One foundation code file set, to exploitation code, branch is scanned, the first incremental code file changed.
Wherein, the first incremental code file includes any incremental code.
In the present embodiment, the quantity of the first incremental code file is not specifically limited, can is one, can also be
It is multiple.
Optionally, when detecting that any incremental code is added to exploitation code branch, based in exploitation code branch
Default first foundation code file set, to exploitation code, branch is scanned, the first incremental code file changed
Mode, including:
When detecting that any incremental code is added to exploitation code branch by preset detection script, based on exploitation generation
The mark of code branch, obtains the default first foundation code file set in exploitation code branch;Wherein, first foundation code text
Part collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, based on exploitation code branch
The tributary branches of code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned,
The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Such as:When detecting that any incremental code is added to exploitation code branch by the Ci plug-in units in GitLab, base
In the mark of exploitation code branch, the default first foundation code file set in exploitation code branch is obtained;Wherein, the first base
Plinth code file collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, exploitation code
Branch into the tributary branches of main code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned,
The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Wherein, GitLab is the open source projects for warehouse management system, using Git as code management tools, and
The web services come are erected on the basis of this.
2) in first foundation code collection, the corresponding unmodified first foundation code of the first incremental code file is determined
File.
In the present embodiment, the first incremental code file includes:Code in first foundation code file and any increasing
Measure code.
3) static code scanning is executed respectively to first foundation code file and the first incremental code file, obtains all increasings
Measure the static code scanning information of code.
Optionally, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Optionally, static code scanning is executed respectively to first foundation code file and the first incremental code file, obtained
The mode of the static code scanning information of all incremental codes, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to exploitation code branch into
Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is not carried out
In the case of overscanning, static code scanning is executed respectively to first foundation code file and the first incremental code file, is obtained
The static code scanning information of all incremental codes;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is carried out
Overscanning, in the case of the first incremental code file set changed, judge be in the first incremental code file set
No includes the first incremental code file;
If it is determined that including the first incremental code file in the first incremental code file set, then respectively to the second foundation code
File set and the first incremental code file set execute static code scanning, obtain the static code scanning of all incremental codes
Information;Wherein, the second foundation code file set, including:Each incremental code file pair in first incremental code file set
The the second unmodified foundation code file answered;
If it is determined that not including the first incremental code file in the first incremental code file set, then respectively to third basis generation
Code file set and the second incremental code file set execute static code scanning, and the static code for obtaining all incremental codes is swept
Retouch information;Wherein, the second incremental code file set, including:Each incremental code file in first incremental code file set,
And the first incremental code file;Third foundation code file set, including:Each increment generation in first incremental code file set
Code file corresponding unmodified third foundation code file and first foundation code file.
Optionally, static code scanning is executed respectively to first foundation code file and the first incremental code file, obtained
The mode of the static code scanning information of all incremental codes, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to exploitation code branch into
Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is not carried out
In the case of overscanning, edition code on the basis of first foundation code file is arranged, and the first incremental code file is arranged
Owned by executing static code scanning respectively to benchmark edition code and target version code for target version code
The static code scanning information of incremental code;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is carried out
Overscanning, in the case of the first incremental code file set changed, judge be in the first incremental code file set
No includes the first incremental code file;
If it is determined that including the first incremental code file in the first incremental code file set, then by the second foundation code file
Edition code on the basis of set setting, and set the first incremental code file set to target version code, by benchmark
Edition code executes static code scanning respectively with target version code, obtains the static code scanning letter of all incremental codes
Breath;Wherein, the second foundation code file set, including:Each incremental code file corresponds in first incremental code file set
The second unmodified foundation code file;
If it is determined that not including the first incremental code file in the first incremental code file set, then by third foundation code text
Edition code on the basis of the setting of part set, and set the second incremental code file set to target version code, by base
Quasi- edition code executes static code scanning respectively with target version code, obtains the static code scanning letter of all incremental codes
Breath;Wherein, the second incremental code file set, including:Each incremental code file and in first incremental code file set
One incremental code file;Third foundation code file set, including:Each incremental code text in first incremental code file set
Part corresponding unmodified third foundation code file and first foundation code file;
Wherein, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Wherein, static code scanning refers in soft project, and programmer needs not move through compiler volume after finishing writing code
It translates, and directly code is scanned using scanning tools, find out code some semantics flaws present in and/or safety leakage
The solution in hole;It can find much dynamically to test indiscoverable defect in code.
By having detected whether that incremental code is added to exploitation code branch, with triggering to incremental code corresponding code text
The static code of part scans, and realizes the static code scanning in real time to incremental code, is effectively improved static code scanning
Efficiency;Due to only obtaining the static code scanning information of the corresponding code file of incremental code, engineer is greatly improved
Solve the efficiency of code issue.
The incremental code static scanning equipment of eighth embodiment of the invention realizes the increment generation to being added to code branch
Code carries out real-time static code scanning, obtains vulnerability information, security information and the specification information of incremental code in real time, effectively improves
The efficiency of management of code and write efficiency.
Ninth embodiment of the invention, a kind of computer readable storage medium.
Computer storage media can be RAM memory, flash memory, ROM memory, eprom memory, EEPROM storages
The storage medium of device, register, hard disk, mobile hard disk, CD-ROM or any other form known in the art.
Computer-readable recording medium storage there are one or multiple programs, one or more program can by one or
The multiple processors of person execute, with realize in first embodiment of the invention to fourth embodiment of the invention in any embodiment part or
Overall Steps.
Computer readable storage medium described in ninth embodiment of the invention is stored with one or more program, this one
A or multiple programs can be executed by one or more processor, realized and carried out to the incremental code for being added to code branch
Real-time static code scanning, obtains vulnerability information, security information and the specification information of incremental code, effectively increases code in real time
The efficiency of management and write efficiency.
It should be noted that herein, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that process, method, article or device including a series of elements include not only those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including this
There is also other identical elements in the process of element, method, article or device.
The embodiments of the present invention are for illustration only, can not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical scheme of the present invention substantially in other words does the prior art
Going out the part of contribution can be expressed in the form of software products, which is stored in a storage medium
In (such as ROM/RAM, magnetic disc, CD), including some instructions are used so that a station terminal (can be mobile phone, computer, service
Device, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The embodiment of the present invention is described with above attached drawing, but the invention is not limited in above-mentioned specific
Embodiment, the above mentioned embodiment is only schematical, rather than restrictive, those skilled in the art
Under the inspiration of the present invention, without breaking away from the scope protected by the purposes and claims of the present invention, it can also make very much
Form, all of these belong to the protection of the present invention.
Claims (11)
1. a kind of incremental code static scanning method, which is characterized in that including:
When detecting that any incremental code is added to exploitation code branch, based on default first in the exploitation code branch
Foundation code file set is scanned the exploitation code branch, the first incremental code file changed;
In the first foundation code collection, the first incremental code file corresponding unmodified first foundation generation is determined
Code file;
Static code scanning is executed respectively to the first foundation code file and the first incremental code file, is owned
The static code scanning information of the incremental code.
2. according to the method described in claim 1, it is characterized in that, being added to exploitation code branch in any incremental code
Before, the method further includes:
When creating the exploitation code branch, it sets the code file set in the main code branch to first base
Plinth code file set;
Wherein, the exploitation code branches into the tributary branches of main code branch.
3. according to the method described in claim 1, it is characterized in that, described to the first foundation code file and described first
Incremental code file executes static code scanning respectively, obtains the static code scanning information of any incremental code, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to the exploitation code branch into
Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, the exploitation code branch is not carried out
In the case of overscanning, are executed by static code respectively and is swept for the first foundation code file and the first incremental code file
It retouches, obtains the static code scanning information of all incremental codes.
4. according to the method described in claim 3, it is characterized in that, the method further includes:
In judgement before detecting that any incremental code is added to exploitation code branch, the exploitation code branch is carried out
It over-scans, in the case of the first incremental code file set changed, judges the first incremental code file set
In whether include the first incremental code file;
If it is determined that including the first incremental code file in the first incremental code file set, then respectively to the second basis
Code file set and the first incremental code file set execute static code scanning, obtain all incremental codes
Static code scanning information;Wherein, the second foundation code file set, including:The first incremental code file set
In corresponding the second unmodified foundation code file of each incremental code file;
If it is determined that not including the first incremental code file in the first incremental code file set, then respectively to third base
Plinth code file set and the second incremental code file set execute static code scanning, obtain all incremental codes
Static code scanning information;Wherein, the second incremental code file set, including:In first incremental code file set
Each incremental code file and the first incremental code file;The third foundation code file set, including:Described
The corresponding unmodified third foundation code file of each incremental code file and described first in one incremental code file set
Foundation code file.
5. method according to claim 1 to 4, which is characterized in that the static code scanning information is at least
Including one of following information:
The specification of the loophole bug information of the incremental code, the security information of the incremental code and the incremental code is believed
Breath.
6. a kind of incremental code static scanning equipment, which is characterized in that the incremental code static scanning equipment includes processor
And memory;
The processor is used to execute the program of the incremental code static scanning stored in memory, to realize following steps:
When detecting that any incremental code is added to exploitation code branch, based on default first in the exploitation code branch
Foundation code file set is scanned the exploitation code branch, the first incremental code file changed;
In the first foundation code collection, the first incremental code file corresponding unmodified first foundation generation is determined
Code file;
Static code scanning is executed respectively to the first foundation code file and the first incremental code file, is owned
The static code scanning information of the incremental code.
7. equipment according to claim 6, which is characterized in that be added to exploitation code branch in any incremental code
Before, the processor is additionally operable to execute the program of the incremental code static scanning, to realize following steps:
When creating the exploitation code branch, it sets the code file set in the main code branch to first base
Plinth code file set;
Wherein, the exploitation code branches into the tributary branches of main code branch.
8. equipment according to claim 6, which is characterized in that described to the first foundation code file and described first
Incremental code file executes static code scanning respectively, obtains the static code scanning information of any incremental code, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to the exploitation code branch into
Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, the exploitation code branch is not carried out
In the case of overscanning, are executed by static code respectively and is swept for the first foundation code file and the first incremental code file
It retouches, obtains the static code scanning information of all incremental codes.
9. equipment according to claim 8, which is characterized in that the processor is additionally operable to execute the incremental code static state
The program of scanning, to realize following steps:
In judgement before detecting that any incremental code is added to exploitation code branch, the exploitation code branch is carried out
It over-scans, in the case of the first incremental code file set changed, judges the first incremental code file set
In whether include the first incremental code file;
If it is determined that including the first incremental code file in the first incremental code file set, then respectively to the second basis
Code file set and the first incremental code file set execute static code scanning, obtain all incremental codes
Static code scanning information;Wherein, the second foundation code file set, including:The first incremental code file set
In corresponding the second unmodified foundation code file of each incremental code file;
If it is determined that not including the first incremental code file in the first incremental code file set, then respectively to third base
Plinth code file set and the second incremental code file set execute static code scanning, obtain all incremental codes
Static code scanning information;Wherein, the second incremental code file set, including:In first incremental code file set
Each incremental code file and the first incremental code file;The third foundation code file set, including:Described
The corresponding unmodified third foundation code file of each incremental code file and described first in one incremental code file set
Foundation code file.
10. the equipment according to any one of claim 6 to 9, which is characterized in that the static code scanning information is at least
Including one of following information:
The specification of the loophole bug information of the incremental code, the security information of the incremental code and the incremental code is believed
Breath.
11. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage there are one or
Multiple programs, one or more of programs can be executed by one or more processor, with realize according to claim 1~
The step of incremental code static scanning method described in any one of 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711482490.3A CN108319854B (en) | 2017-12-29 | 2017-12-29 | Incremental code static scanning method and device and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711482490.3A CN108319854B (en) | 2017-12-29 | 2017-12-29 | Incremental code static scanning method and device and computer readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108319854A true CN108319854A (en) | 2018-07-24 |
CN108319854B CN108319854B (en) | 2020-09-11 |
Family
ID=62893489
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711482490.3A Active CN108319854B (en) | 2017-12-29 | 2017-12-29 | Incremental code static scanning method and device and computer readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108319854B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109002295A (en) * | 2018-10-19 | 2018-12-14 | 武汉斗鱼网络科技有限公司 | A kind of static code scan method, system, server and storage medium |
CN109284225A (en) * | 2018-08-22 | 2019-01-29 | 深圳点猫科技有限公司 | A kind of quality determining method and electronic equipment of multi-person synergy exploitation programming code |
CN109918286A (en) * | 2018-12-28 | 2019-06-21 | 北京奇安信科技有限公司 | A kind of processing method and processing device of static code analysis |
CN110598305A (en) * | 2019-09-06 | 2019-12-20 | 北京华大九天软件有限公司 | Sensitivity analysis method for comparing scanning simulation increment of circuit |
CN110874316A (en) * | 2018-08-31 | 2020-03-10 | 北京京东尚科信息技术有限公司 | Method, device and system for scanning codes |
CN112860261A (en) * | 2019-11-28 | 2021-05-28 | 腾讯科技(深圳)有限公司 | Static code checking method and device, computer equipment and readable storage medium |
CN114265870A (en) * | 2021-12-22 | 2022-04-01 | 建信金融科技有限责任公司 | Problem identification method and system based on code scanning |
US11475135B2 (en) * | 2018-11-30 | 2022-10-18 | Target Brands, Inc. | Orchestration of vulnerability scanning and issue tracking for version control technology |
CN115269444A (en) * | 2022-09-30 | 2022-11-01 | 平安银行股份有限公司 | Code static detection method and device and server |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102707982A (en) * | 2011-03-04 | 2012-10-03 | 微软公司 | Incremental generation of managed assemblies |
CN102741837A (en) * | 2009-10-08 | 2012-10-17 | 国际商业机器公司 | System and method for static detection and categorization of information-flow downgraders |
CN104199664A (en) * | 2014-09-03 | 2014-12-10 | 北京大学 | Synchronous simulation code generating method based on annotation |
CN105224326A (en) * | 2015-09-30 | 2016-01-06 | 北京恒华伟业科技股份有限公司 | A kind of incremental deploying method of system code and device |
-
2017
- 2017-12-29 CN CN201711482490.3A patent/CN108319854B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102741837A (en) * | 2009-10-08 | 2012-10-17 | 国际商业机器公司 | System and method for static detection and categorization of information-flow downgraders |
CN102707982A (en) * | 2011-03-04 | 2012-10-03 | 微软公司 | Incremental generation of managed assemblies |
CN104199664A (en) * | 2014-09-03 | 2014-12-10 | 北京大学 | Synchronous simulation code generating method based on annotation |
CN105224326A (en) * | 2015-09-30 | 2016-01-06 | 北京恒华伟业科技股份有限公司 | A kind of incremental deploying method of system code and device |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109284225A (en) * | 2018-08-22 | 2019-01-29 | 深圳点猫科技有限公司 | A kind of quality determining method and electronic equipment of multi-person synergy exploitation programming code |
CN110874316B (en) * | 2018-08-31 | 2024-04-12 | 北京京东尚科信息技术有限公司 | Method, device and system for scanning codes |
CN110874316A (en) * | 2018-08-31 | 2020-03-10 | 北京京东尚科信息技术有限公司 | Method, device and system for scanning codes |
CN109002295B (en) * | 2018-10-19 | 2022-01-04 | 武汉斗鱼网络科技有限公司 | Static code scanning method, system, server and storage medium |
CN109002295A (en) * | 2018-10-19 | 2018-12-14 | 武汉斗鱼网络科技有限公司 | A kind of static code scan method, system, server and storage medium |
US11475135B2 (en) * | 2018-11-30 | 2022-10-18 | Target Brands, Inc. | Orchestration of vulnerability scanning and issue tracking for version control technology |
CN109918286A (en) * | 2018-12-28 | 2019-06-21 | 北京奇安信科技有限公司 | A kind of processing method and processing device of static code analysis |
CN110598305B (en) * | 2019-09-06 | 2022-05-24 | 北京华大九天科技股份有限公司 | Sensitivity analysis method for comparing scanning simulation increment of circuit |
CN110598305A (en) * | 2019-09-06 | 2019-12-20 | 北京华大九天软件有限公司 | Sensitivity analysis method for comparing scanning simulation increment of circuit |
CN112860261A (en) * | 2019-11-28 | 2021-05-28 | 腾讯科技(深圳)有限公司 | Static code checking method and device, computer equipment and readable storage medium |
CN114265870A (en) * | 2021-12-22 | 2022-04-01 | 建信金融科技有限责任公司 | Problem identification method and system based on code scanning |
CN115269444A (en) * | 2022-09-30 | 2022-11-01 | 平安银行股份有限公司 | Code static detection method and device and server |
CN115269444B (en) * | 2022-09-30 | 2023-02-03 | 平安银行股份有限公司 | Code static detection method and device and server |
Also Published As
Publication number | Publication date |
---|---|
CN108319854B (en) | 2020-09-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108319854A (en) | A kind of incremental code static scanning method, equipment and computer readable storage medium | |
US10691806B2 (en) | Self-measuring nonvolatile memory device systems and methods | |
CN106295337A (en) | For detecting the malice method of leak file, device and terminal | |
CN103729595B (en) | A kind of Android application program private data leakage off-line checking method | |
CN101436237B (en) | Method and system for whitelisting software components | |
US9230106B2 (en) | System and method for detecting malicious software using malware trigger scenarios in a modified computer environment | |
US20130117855A1 (en) | Apparatus for automatically inspecting security of applications and method thereof | |
Höller et al. | Qemu-based fault injection for a system-level analysis of software countermeasures against fault attacks | |
US20180096162A1 (en) | Data protection method and apparatus | |
CN106294134A (en) | The collapse localization method of code and device | |
CN108228361A (en) | A kind of information push method, terminal and computer readable storage medium | |
CN108282411A (en) | A kind of access current-limiting method, device, equipment and computer readable storage medium | |
CN105701410A (en) | Information, device and system for obtaining information in source codes | |
EP4080842A1 (en) | Method and apparatus for obtaining malicious event information, and electronic device | |
CN108197476A (en) | The leak detection method and device of a kind of intelligent terminal | |
CN108228451A (en) | A kind of information push method, equipment and computer readable storage medium | |
CN103902908A (en) | Method and system for detecting malicious codes of Android reinforced applications | |
CN105740161A (en) | Data storage device and flash memory control method | |
CN103714293A (en) | Correcting workflow security vulnerability via static analysis and virtual patching | |
CN107851032A (en) | Service is performed in a reservoir | |
CN108804177A (en) | Update method, apparatus, computer equipment and the storage medium of interface view | |
CN104035765B (en) | A kind of analysis method of embedded system context | |
CN102789417B (en) | Program detecting system and method based on directional symbol execution on mobile intelligent terminal | |
US11663338B2 (en) | Automated security analysis of baseband firmware | |
KR20160052045A (en) | A method for preventing hacking using memory monitoring in online games |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |