CN108319854A - A kind of incremental code static scanning method, equipment and computer readable storage medium - Google Patents

A kind of incremental code static scanning method, equipment and computer readable storage medium Download PDF

Info

Publication number
CN108319854A
CN108319854A CN201711482490.3A CN201711482490A CN108319854A CN 108319854 A CN108319854 A CN 108319854A CN 201711482490 A CN201711482490 A CN 201711482490A CN 108319854 A CN108319854 A CN 108319854A
Authority
CN
China
Prior art keywords
code
incremental
branch
code file
static
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711482490.3A
Other languages
Chinese (zh)
Other versions
CN108319854B (en
Inventor
秦偲晟
卞伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Rui Jia Information Technology Co Ltd
Original Assignee
Shanghai Rui Jia Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Rui Jia Information Technology Co Ltd filed Critical Shanghai Rui Jia Information Technology Co Ltd
Priority to CN201711482490.3A priority Critical patent/CN108319854B/en
Publication of CN108319854A publication Critical patent/CN108319854A/en
Application granted granted Critical
Publication of CN108319854B publication Critical patent/CN108319854B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Stored Programmes (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The present invention proposes a kind of incremental code static scanning method, including:When detecting that any incremental code is added to exploitation code branch, based on the default first foundation code file set in the exploitation code branch, the exploitation code branch is scanned, the first incremental code file changed;In the first foundation code collection, the corresponding unmodified first foundation code file of the first incremental code file is determined;Static code scanning is executed respectively to the first foundation code file and the first incremental code file, obtains the static code scanning information of all incremental codes.The invention also discloses a kind of incremental code static scanning equipment and computer readable storage mediums, by implementing said program, it realizes and real-time static code scanning is carried out to the incremental code for being added to code branch, vulnerability information, security information and the specification information for obtaining incremental code in real time effectively increase the efficiency of management of code and write efficiency.

Description

A kind of incremental code static scanning method, equipment and computer readable storage medium
Technical field
The present invention relates to a kind of code administration technical field more particularly to incremental code static scanning method, equipment and meters Calculation machine readable storage medium storing program for executing.
Background technology
With the fast development of computer program, need multiple program development engineers respectively in computer program project Different code branches are developed respectively, it is therefore desirable to are managed to computer program item destination code version, to ensure Computer program item purpose is smoothly developed.
The scan mode of existing computer program item destination code version is by manually triggering or clocked flip, to meter Full dose code in all code branches in calculation machine procedural item carries out static scanning, to obtain full dose code in code branch Static scanning information, can not accurately obtain the static scanning information of incremental code in code branch;Simultaneously to computer program Full dose code in all code branches in project carries out static scanning, the more situation of code quantity in code branch Under, the static scanning time is longer, obtains the inefficiency of static scanning information.
Invention content
The present invention proposes a kind of incremental code static scanning method, equipment and computer readable storage medium, to solve The problem of real-time static scanning can not being carried out to the incremental code in code branch in computer program project in the prior art.
The technical solution adopted by the present invention is to provide a kind of incremental code static scanning method, including:
When detecting that any incremental code is added to exploitation code branch, based on default in the exploitation code branch First foundation code file set is scanned the exploitation code branch, the first incremental code file changed;
In the first foundation code collection, corresponding the first unmodified base of the first incremental code file is determined Plinth code file;
Static code scanning is executed respectively to the first foundation code file and the first incremental code file, is obtained The static code scanning information of all incremental codes.
Optionally, before any incremental code is added to exploitation code branch, the method further includes:
When creating the exploitation code branch, the code file set in the main code branch is set as described One foundation code file set;
Wherein, the exploitation code branches into the tributary branches of main code branch.
Optionally, described that static generation is executed respectively to the first foundation code file and the first incremental code file Code scanning, obtains the static code scanning information of any incremental code, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to the exploitation code point Zhi Jinhang is over-scanned;
In judgement before detecting that any incremental code is added to exploitation code branch, not to the exploitation code branch In the case of being over-scanned, is executed respectively to the first foundation code file and the first incremental code file static generation Code scanning, obtains the static code scanning information of all incremental codes.
Optionally, the method further includes:
In judgement before detecting that any incremental code is added to exploitation code branch, to the exploitation code branch It is over-scanned, in the case of the first incremental code file set changed, judges the first incremental code file Whether include the first incremental code file in set;
If it is determined that including the first incremental code file in the first incremental code file set, then respectively to second Foundation code file set and the first incremental code file set execute static code scanning, obtain all increment generations The static code scanning information of code;Wherein, the second foundation code file set, including:The first incremental code file Corresponding the second unmodified foundation code file of each incremental code file in set;
If it is determined that not including the first incremental code file in the first incremental code file set, then respectively to the Three foundation code file sets and the second incremental code file set execute static code scanning, obtain all increments The static code scanning information of code;Wherein, the second incremental code file set, including:First incremental code file set Each incremental code file and the first incremental code file in conjunction;The third foundation code file set, including:Institute State the corresponding unmodified third foundation code file of each incremental code file in the first incremental code file set and described First foundation code file.
Optionally, the static code scanning information includes at least one of following information:
The rule of the loophole bug information of the incremental code, the security information of the incremental code and the incremental code Model information.
The present invention also provides a kind of incremental code static scanning equipment, the incremental code static scanning equipment includes processing Device and memory;
The processor is used to execute the program of the incremental code static scanning stored in memory, to realize following step Suddenly:
When detecting that any incremental code is added to exploitation code branch, based on default in the exploitation code branch First foundation code file set is scanned the exploitation code branch, the first incremental code file changed;
In the first foundation code collection, corresponding the first unmodified base of the first incremental code file is determined Plinth code file;
Static code scanning is executed respectively to the first foundation code file and the first incremental code file, is obtained The static code scanning information of all incremental codes.
Optionally, before any incremental code is added to exploitation code branch, the processor is additionally operable to execute The program of the incremental code static scanning, to realize following steps:
When creating the exploitation code branch, the code file set in the main code branch is set as described One foundation code file set;
Wherein, the exploitation code branches into the tributary branches of main code branch.
Optionally, described that static generation is executed respectively to the first foundation code file and the first incremental code file Code scanning, obtains the static code scanning information of any incremental code, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to the exploitation code point Zhi Jinhang is over-scanned;
In judgement before detecting that any incremental code is added to exploitation code branch, not to the exploitation code branch In the case of being over-scanned, is executed respectively to the first foundation code file and the first incremental code file static generation Code scanning, obtains the static code scanning information of all incremental codes.
Optionally, the processor is additionally operable to execute the program of the incremental code static scanning, to realize following steps:
In judgement before detecting that any incremental code is added to exploitation code branch, to the exploitation code branch It is over-scanned, in the case of the first incremental code file set changed, judges the first incremental code file Whether include the first incremental code file in set;
If it is determined that including the first incremental code file in the first incremental code file set, then respectively to second Foundation code file set and the first incremental code file set execute static code scanning, obtain all increment generations The static code scanning information of code;Wherein, the second foundation code file set, including:The first incremental code file Corresponding the second unmodified foundation code file of each incremental code file in set;
If it is determined that not including the first incremental code file in the first incremental code file set, then respectively to the Three foundation code file sets and the second incremental code file set execute static code scanning, obtain all increments The static code scanning information of code;Wherein, the second incremental code file set, including:First incremental code file set Each incremental code file and the first incremental code file in conjunction;The third foundation code file set, including:Institute State the corresponding unmodified third foundation code file of each incremental code file in the first incremental code file set and described First foundation code file.
Optionally, the static code scanning information includes at least one of following information:
The rule of the loophole bug information of the incremental code, the security information of the incremental code and the incremental code Model information.
The present invention also provides a kind of computer readable storage medium, the computer-readable recording medium storage there are one or The multiple programs of person, one or more of programs can be executed by one or more processor, to realize above-mentioned increment generation The step of code static scanning method.
Using above-mentioned technical proposal, the present invention at least has following advantages:
A kind of incremental code static scanning method, equipment and computer readable storage medium of the present invention, realize pair The incremental code for being added to code branch carries out real-time static code scanning, obtains vulnerability information, the safety of incremental code in real time Information and specification information effectively increase the efficiency of management of code and write efficiency.
Description of the drawings
Fig. 1 is the incremental code static scanning method flow diagram of first embodiment of the invention;
Fig. 2 is the incremental code static scanning method flow diagram of second embodiment of the invention;
Fig. 3 is the incremental code static scanning method flow diagram of third embodiment of the invention;
Fig. 4 is the incremental code static scanning method flow diagram of fourth embodiment of the invention;
Fig. 5 is that the incremental code static scanning equipment of the 5th to the 8th embodiment of the invention forms structural schematic diagram.
Specific implementation mode
Further to illustrate the present invention to reach the technological means and effect that predetermined purpose is taken, below in conjunction with attached drawing And preferred embodiment, the present invention is described in detail as after.
First embodiment of the invention, a kind of incremental code static scanning method, as shown in Figure 1, including step in detail below:
Step S101, when detecting that any incremental code is added to exploitation code branch, based in exploitation code branch Default first foundation code file set, to exploitation code, branch is scanned, the first incremental code for having been changed text Part.
Wherein, the first incremental code file includes any incremental code.
In the present embodiment, the quantity of the first incremental code file is not specifically limited, can is one, can also be It is multiple.
Optionally, step S101, including:
When detecting that any incremental code is added to exploitation code branch by preset detection script, based on exploitation generation The mark of code branch, obtains the default first foundation code file set in exploitation code branch;Wherein, first foundation code text Part collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, based on exploitation code branch The tributary branches of code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned, The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Such as:When detecting that any incremental code is added to exploitation code branch by the Ci plug-in units in GitLab, base In the mark of exploitation code branch, the default first foundation code file set in exploitation code branch is obtained;Wherein, the first base Plinth code file collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, exploitation code Branch into the tributary branches of main code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned, The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Wherein, GitLab is the open source projects for warehouse management system, using Git as code management tools, and The web services come are erected on the basis of this.
Step S102 determines the first incremental code file corresponding unmodified first in first foundation code collection Foundation code file.
In the present embodiment, the first incremental code file includes:Code in first foundation code file and any increasing Measure code.
Step S103 executes static code scanning to first foundation code file and the first incremental code file, obtains respectively To the static code scanning information of all incremental codes.
Optionally, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Optionally, step S103, including:
Edition code on the basis of first foundation code file is arranged, and set the first incremental code file to target version This code obtains all incremental codes by executing static code scanning respectively to benchmark edition code and target version code Static code scanning information;Wherein, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Wherein, static code scanning refers in soft project, and programmer needs not move through compiler volume after finishing writing code It translates, and directly code is scanned using scanning tools, find out code some semantics flaws present in and/or safety leakage The solution in hole;It can find much dynamically to test indiscoverable defect in code.
By having detected whether that incremental code is added to exploitation code branch, with triggering to incremental code corresponding code text The static code of part scans, and realizes the static code scanning in real time to incremental code, is effectively improved static code scanning Efficiency;Due to only obtaining the static code scanning information of the corresponding code file of incremental code, engineer is greatly improved Solve the efficiency of code issue.
The incremental code static scanning method of first embodiment of the invention realizes the increment generation to being added to code branch Code carries out real-time static code scanning, obtains vulnerability information, security information and the specification information of incremental code in real time, effectively improves The efficiency of management of code and write efficiency.
Second embodiment of the invention, a kind of incremental code static scanning method, as shown in Fig. 2, including step in detail below:
Code file set in main code branch is set as first by step S201 when creating exploitation code branch Foundation code file set.
Wherein, exploitation code branches into the tributary branches of main code branch.
When creating tributary branches (exploitation code branch) for main code branch, by the code file collection in main code branch The foundation code file set copied as in exploitation code branch is closed, so that engineer is on the basis of foundation code file set It is further to increase function code (incremental code).
By the way that foundation code file set is arranged for exploitation code branch, there is incremental code to be added to exploitation code to work as It, can be using foundation code file set as baseline version, using the corresponding incremental code file of incremental code as target version when branch This, carries out static code scanning, to improve to exploitation to the corresponding incremental code file of incremental code in exploitation code branch The static code scan efficiency of code in code branch avoids and carries out static generation to code all in exploitation code branch The low problem of static code scan efficiency caused by code scanning.
Step S202, when detecting that any incremental code is added to exploitation code branch, based in exploitation code branch First foundation code file set, to exploitation code, branch is scanned, the first incremental code file changed.
Wherein, the first incremental code file includes any incremental code.
In the present embodiment, the quantity of the first incremental code file is not specifically limited, can is one, can also be It is multiple.
Optionally, step S202, including:
When detecting that any incremental code is added to exploitation code branch by preset detection script, based on exploitation generation The mark of code branch, obtains the default first foundation code file set in exploitation code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned, The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Such as:When detecting that any incremental code is added to exploitation code branch by the Ci plug-in units in GitLab, base In the mark of exploitation code branch, the default first foundation code file set in exploitation code branch is obtained;Wherein, the first base Plinth code file collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, exploitation code Branch into the tributary branches of main code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned, The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Wherein, GitLab is the open source projects for warehouse management system, using Git as code management tools, and The web services come are erected on the basis of this.
Step S203 determines the first incremental code file corresponding unmodified first in first foundation code collection Foundation code file.
In the present embodiment, the first incremental code file includes:Code in first foundation code file and any increasing Measure code.
Step S204 executes static code scanning to first foundation code file and the first incremental code file, obtains respectively To the static code scanning information of all incremental codes.
Optionally, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Optionally, step S204, including:
Edition code on the basis of first foundation code file is arranged, and set the first incremental code file to target version This code obtains all incremental codes by executing static code scanning respectively to benchmark edition code and target version code Static code scanning information;Wherein, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Wherein, static code scanning refers in soft project, and programmer needs not move through compiler volume after finishing writing code It translates, and directly code is scanned using scanning tools, find out code some semantics flaws present in and/or safety leakage The solution in hole;It can find much dynamically to test indiscoverable defect in code.
By having detected whether that incremental code is added to exploitation code branch, with triggering to incremental code corresponding code text The static code of part scans, and realizes the static code scanning in real time to incremental code, is effectively improved static code scanning Efficiency;Due to only obtaining the static code scanning information of the corresponding code file of incremental code, engineer is greatly improved Solve the efficiency of code issue.
The incremental code static scanning method of second embodiment of the invention realizes the increment generation to being added to code branch Code carries out real-time static code scanning, obtains vulnerability information, security information and the specification information of incremental code in real time, effectively improves The efficiency of management of code and write efficiency.
Third embodiment of the invention, a kind of incremental code static scanning method, as shown in figure 3, including step in detail below:
Step S301, when detecting that any incremental code is added to exploitation code branch, based in exploitation code branch Default first foundation code file set, to exploitation code, branch is scanned, the first incremental code for having been changed text Part.
Wherein, the first incremental code file includes any incremental code.
In the present embodiment, the quantity of the first incremental code file is not specifically limited, can is one, can also be It is multiple.
Optionally, step S301, including:
When detecting that any incremental code is added to exploitation code branch by preset detection script, based on exploitation generation The mark of code branch, obtains the default first foundation code file set in exploitation code branch;Wherein, first foundation code text Part collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, based on exploitation code branch The tributary branches of code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned, The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Such as:When detecting that any incremental code is added to exploitation code branch by the Ci plug-in units in GitLab, base In the mark of exploitation code branch, the default first foundation code file set in exploitation code branch is obtained;Wherein, the first base Plinth code file collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, exploitation code Branch into the tributary branches of main code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned, The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Wherein, GitLab is the open source projects for warehouse management system, using Git as code management tools, and The web services come are erected on the basis of this.
Step S302 determines the first incremental code file corresponding unmodified first in first foundation code collection Foundation code file.
In the present embodiment, the first incremental code file includes:Code in first foundation code file and any increasing Measure code.
Step S303 executes static code scanning to first foundation code file and the first incremental code file, obtains respectively To the static code scanning information of all incremental codes.
Optionally, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Optionally, step S303, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to exploitation code branch into Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is not carried out In the case of overscanning, static code scanning is executed respectively to first foundation code file and the first incremental code file, is obtained The static code scanning information of all incremental codes.
Optionally, step S303, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to exploitation code branch into Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is not carried out In the case of overscanning, edition code on the basis of first foundation code file is arranged, and the first incremental code file is arranged Owned by executing static code scanning respectively to benchmark edition code and target version code for target version code The static code scanning information of incremental code;Wherein, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Wherein, static code scanning refers in soft project, and programmer needs not move through compiler volume after finishing writing code It translates, and directly code is scanned using scanning tools, find out code some semantics flaws present in and/or safety leakage The solution in hole;It can find much dynamically to test indiscoverable defect in code.
By having detected whether that incremental code is added to exploitation code branch, with triggering to incremental code corresponding code text The static code of part scans, and realizes the static code scanning in real time to incremental code, is effectively improved static code scanning Efficiency;Due to only obtaining the static code scanning information of the corresponding code file of incremental code, engineer is greatly improved Solve the efficiency of code issue.
The incremental code static scanning method of third embodiment of the invention realizes the increment generation to being added to code branch Code carries out real-time static code scanning, obtains vulnerability information, security information and the specification information of incremental code in real time, effectively improves The efficiency of management of code and write efficiency.
Fourth embodiment of the invention, a kind of incremental code static scanning method, as shown in figure 4, including step in detail below:
Step S401, when detecting that any incremental code is added to exploitation code branch, based in exploitation code branch Default first foundation code file set, to exploitation code, branch is scanned, the first incremental code for having been changed text Part.
Wherein, the first incremental code file includes any incremental code.
In the present embodiment, the quantity of the first incremental code file is not specifically limited, can is one, can also be It is multiple.
Optionally, step S401, including:
When detecting that any incremental code is added to exploitation code branch by preset detection script, based on exploitation generation The mark of code branch, obtains the default first foundation code file set in exploitation code branch;Wherein, first foundation code text Part collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, based on exploitation code branch The tributary branches of code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned, The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Such as:When detecting that any incremental code is added to exploitation code branch by the Ci plug-in units in GitLab, base In the mark of exploitation code branch, the default first foundation code file set in exploitation code branch is obtained;Wherein, the first base Plinth code file collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, exploitation code Branch into the tributary branches of main code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned, The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Wherein, GitLab is the open source projects for warehouse management system, using Git as code management tools, and The web services come are erected on the basis of this.
Step S402 determines the first incremental code file corresponding unmodified first in first foundation code collection Foundation code file.
In the present embodiment, the first incremental code file includes:Code in first foundation code file and any increasing Measure code.
Step S403 executes static code scanning to first foundation code file and the first incremental code file, obtains respectively To the static code scanning information of all incremental codes.
Optionally, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Optionally, step S403, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to exploitation code branch into Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is not carried out In the case of overscanning, static code scanning is executed respectively to first foundation code file and the first incremental code file, is obtained The static code scanning information of all incremental codes;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is carried out Overscanning, in the case of the first incremental code file set changed, judge be in the first incremental code file set No includes the first incremental code file;
If it is determined that including the first incremental code file in the first incremental code file set, then respectively to the second foundation code File set and the first incremental code file set execute static code scanning, obtain the static code scanning of all incremental codes Information;Wherein, the second foundation code file set, including:Each incremental code file pair in first incremental code file set The the second unmodified foundation code file answered;
If it is determined that not including the first incremental code file in the first incremental code file set, then respectively to third basis generation Code file set and the second incremental code file set execute static code scanning, and the static code for obtaining all incremental codes is swept Retouch information;Wherein, the second incremental code file set, including:Each incremental code file in first incremental code file set, And the first incremental code file;Third foundation code file set, including:Each increment generation in first incremental code file set Code file corresponding unmodified third foundation code file and first foundation code file.
Optionally, step S403, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to exploitation code branch into Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is not carried out In the case of overscanning, edition code on the basis of first foundation code file is arranged, and the first incremental code file is arranged Owned by executing static code scanning respectively to benchmark edition code and target version code for target version code The static code scanning information of incremental code;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is carried out Overscanning, in the case of the first incremental code file set changed, judge be in the first incremental code file set No includes the first incremental code file;
If it is determined that including the first incremental code file in the first incremental code file set, then by the second foundation code file Edition code on the basis of set setting, and set the first incremental code file set to target version code, by benchmark Edition code executes static code scanning respectively with target version code, obtains the static code scanning letter of all incremental codes Breath;Wherein, the second foundation code file set, including:Each incremental code file corresponds in first incremental code file set The second unmodified foundation code file;
If it is determined that not including the first incremental code file in the first incremental code file set, then by third foundation code text Edition code on the basis of the setting of part set, and set the second incremental code file set to target version code, by base Quasi- edition code executes static code scanning respectively with target version code, obtains the static code scanning letter of all incremental codes Breath;Wherein, the second incremental code file set, including:Each incremental code file and in first incremental code file set One incremental code file;Third foundation code file set, including:Each incremental code text in first incremental code file set Part corresponding unmodified third foundation code file and first foundation code file.
Wherein, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Wherein, static code scanning refers in soft project, and programmer needs not move through compiler volume after finishing writing code It translates, and directly code is scanned using scanning tools, find out code some semantics flaws present in and/or safety leakage The solution in hole;It can find much dynamically to test indiscoverable defect in code.
By having detected whether that incremental code is added to exploitation code branch, with triggering to incremental code corresponding code text The static code of part scans, and realizes the static code scanning in real time to incremental code, is effectively improved static code scanning Efficiency;Due to only obtaining the static code scanning information of the corresponding code file of incremental code, engineer is greatly improved Solve the efficiency of code issue.
The incremental code static scanning method of fourth embodiment of the invention realizes the increment generation to being added to code branch Code carries out real-time static code scanning, obtains vulnerability information, security information and the specification information of incremental code in real time, effectively improves The efficiency of management of code and write efficiency.
Fifth embodiment of the invention, a kind of incremental code static scanning equipment, as shown in figure 5, including consisting of part:
Processor 601 and memory 602.In some embodiments of the invention, processor 601 and memory 602 can lead to Cross bus or other manner connection.
Processor 601 can be general processor, such as central processing unit (Central Processing Unit, CPU), it can also be digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (English: Application Specific Integrated Circuit, ASIC), or be arranged to implement the embodiment of the present invention One or more integrated circuits.Wherein, memory 602 is used to store the executable instruction of processor 601;
Memory 602 is transferred to processor 601 for storing program code, and by the program code.Memory 602 can To include volatile memory (Volatile Memory), such as random access memory (Random Access Memory, RAM);Memory 602 can also include nonvolatile memory (Non-Volatile Memory), such as read-only memory (Read-Only Memory, ROM), flash memory (Flash Memory), hard disk (Hard Disk Drive, HDD) or solid State hard disk (Solid-State Drive, SSD);Memory 602 can also include the combination of the memory of mentioned kind.
Wherein, the program code management code that processor 601 is used to that memory 602 to be called to store executes following operation:
1) when detecting that any incremental code is added to exploitation code branch, based on default the in exploitation code branch One foundation code file set, to exploitation code, branch is scanned, the first incremental code file changed.
Wherein, the first incremental code file includes any incremental code.
In the present embodiment, the quantity of the first incremental code file is not specifically limited, can is one, can also be It is multiple.
Optionally, when detecting that any incremental code is added to exploitation code branch, based in exploitation code branch Default first foundation code file set, to exploitation code, branch is scanned, the first incremental code file changed Mode, including:
When detecting that any incremental code is added to exploitation code branch by preset detection script, based on exploitation generation The mark of code branch, obtains the default first foundation code file set in exploitation code branch;Wherein, first foundation code text Part collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, based on exploitation code branch The tributary branches of code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned, The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Such as:When detecting that any incremental code is added to exploitation code branch by the Ci plug-in units in GitLab, base In the mark of exploitation code branch, the default first foundation code file set in exploitation code branch is obtained;Wherein, the first base Plinth code file collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, exploitation code Branch into the tributary branches of main code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned, The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Wherein, GitLab is the open source projects for warehouse management system, using Git as code management tools, and The web services come are erected on the basis of this.
2) in first foundation code collection, the corresponding unmodified first foundation code of the first incremental code file is determined File.
In the present embodiment, the first incremental code file includes:Code in first foundation code file and any increasing Measure code.
3) static code scanning is executed respectively to first foundation code file and the first incremental code file, obtains all increasings Measure the static code scanning information of code.
Optionally, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Optionally, static code scanning is executed respectively to first foundation code file and the first incremental code file, obtained The mode of the static code scanning information of all incremental codes, including:
Edition code on the basis of first foundation code file is arranged, and set the first incremental code file to target version This code obtains all incremental codes by executing static code scanning respectively to benchmark edition code and target version code Static code scanning information;Wherein, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Wherein, static code scanning refers in soft project, and programmer needs not move through compiler volume after finishing writing code It translates, and directly code is scanned using scanning tools, find out code some semantics flaws present in and/or safety leakage The solution in hole;It can find much dynamically to test indiscoverable defect in code.
By having detected whether that incremental code is added to exploitation code branch, with triggering to incremental code corresponding code text The static code of part scans, and realizes the static code scanning in real time to incremental code, is effectively improved static code scanning Efficiency;Due to only obtaining the static code scanning information of the corresponding code file of incremental code, engineer is greatly improved Solve the efficiency of code issue.
The incremental code static scanning equipment of fifth embodiment of the invention realizes the increment generation to being added to code branch Code carries out real-time static code scanning, obtains vulnerability information, security information and the specification information of incremental code in real time, effectively improves The efficiency of management of code and write efficiency.
Sixth embodiment of the invention, a kind of incremental code static scanning equipment, as shown in figure 5, including consisting of part:
Processor 601 and memory 602.In some embodiments of the invention, processor 601 and memory 602 can lead to Cross bus or other manner connection.
Processor 601 can be general processor, such as central processing unit (Central Processing Unit, CPU), it can also be digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (English: Application Specific Integrated Circuit, ASIC), or be arranged to implement the embodiment of the present invention One or more integrated circuits.Wherein, memory 602 is used to store the executable instruction of processor 601;
Memory 602 is transferred to processor 601 for storing program code, and by the program code.Memory 602 can To include volatile memory (Volatile Memory), such as random access memory (RandomAccess Memory, RAM);Memory 602 can also include nonvolatile memory (Non-Volatile Memory), such as read-only memory (Read-Only Memory, ROM), flash memory (Flash Memory), hard disk (Hard Disk Drive, HDD) or solid State hard disk (Solid-State Drive, SSD);Memory 602 can also include the combination of the memory of mentioned kind.
Wherein, the program code management code that processor 601 is used to that memory 602 to be called to store executes following operation:
1) when creating exploitation code branch, the code file set in main code branch is set to first foundation code File set.
Wherein, exploitation code branches into the tributary branches of main code branch.
When creating tributary branches (exploitation code branch) for main code branch, by the code file collection in main code branch The foundation code file set copied as in exploitation code branch is closed, so that engineer is on the basis of foundation code file set It is further to increase function code (incremental code).
By the way that foundation code file set is arranged for exploitation code branch, there is incremental code to be added to exploitation code to work as It, can be using foundation code file set as baseline version, using the corresponding incremental code file of incremental code as target version when branch This, carries out static code scanning, to improve to exploitation to the corresponding incremental code file of incremental code in exploitation code branch The static code scan efficiency of code in code branch avoids and carries out static generation to code all in exploitation code branch The low problem of static code scan efficiency caused by code scanning.
2) when detecting that any incremental code is added to exploitation code branch, based on the first base in exploitation code branch Plinth code file set, to exploitation code, branch is scanned, the first incremental code file changed.
Wherein, the first incremental code file includes any incremental code.
In the present embodiment, the quantity of the first incremental code file is not specifically limited, can is one, can also be It is multiple.
Optionally, when detecting that any incremental code is added to exploitation code branch, based in exploitation code branch First foundation code file set, to exploitation code, branch is scanned, the side for the first incremental code file changed Formula, including:
When detecting that any incremental code is added to exploitation code branch by preset detection script, based on exploitation generation The mark of code branch, obtains the default first foundation code file set in exploitation code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned, The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Such as:When detecting that any incremental code is added to exploitation code branch by the Ci plug-in units in GitLab, base In the mark of exploitation code branch, the default first foundation code file set in exploitation code branch is obtained;Wherein, the first base Plinth code file collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, exploitation code Branch into the tributary branches of main code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned, The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Wherein, GitLab is the open source projects for warehouse management system, using Git as code management tools, and The web services come are erected on the basis of this.
3) in first foundation code collection, the corresponding unmodified first foundation code of the first incremental code file is determined File.
In the present embodiment, the first incremental code file includes:Code in first foundation code file and any increasing Measure code.
4) static code scanning is executed respectively to first foundation code file and the first incremental code file, obtains all increasings Measure the static code scanning information of code.
Optionally, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Optionally, static code scanning is executed respectively to first foundation code file and the first incremental code file, obtained The mode of the static code scanning information of all incremental codes, including:
Edition code on the basis of first foundation code file is arranged, and set the first incremental code file to target version This code obtains all incremental codes by executing static code scanning respectively to benchmark edition code and target version code Static code scanning information;Wherein, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Wherein, static code scanning refers in soft project, and programmer needs not move through compiler volume after finishing writing code It translates, and directly code is scanned using scanning tools, find out code some semantics flaws present in and/or safety leakage The solution in hole;It can find much dynamically to test indiscoverable defect in code.
By having detected whether that incremental code is added to exploitation code branch, with triggering to incremental code corresponding code text The static code of part scans, and realizes the static code scanning in real time to incremental code, is effectively improved static code scanning Efficiency;Due to only obtaining the static code scanning information of the corresponding code file of incremental code, engineer is greatly improved Solve the efficiency of code issue.
The incremental code static state of sixth embodiment of the invention sweeps equipment, realizes the incremental code to being added to code branch Real-time static code scanning is carried out, vulnerability information, security information and the specification information of incremental code is obtained in real time, effectively increases The efficiency of management of code and write efficiency.
Seventh embodiment of the invention, a kind of incremental code static scanning equipment, as shown in figure 5, including consisting of part:
Processor 601 and memory 602.In some embodiments of the invention, processor 601 and memory 602 can lead to Cross bus or other manner connection.
Processor 601 can be general processor, such as central processing unit (Central Processing Unit, CPU), it can also be digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (English: Application Specific Integrated Circuit, ASIC), or be arranged to implement the embodiment of the present invention One or more integrated circuits.Wherein, memory 602 is used to store the executable instruction of processor 601;
Memory 602 is transferred to processor 601 for storing program code, and by the program code.Memory 602 can To include volatile memory (Volatile Memory), such as random access memory (Random Access Memory, RAM);Memory 602 can also include nonvolatile memory (Non-Volatile Memory), such as read-only memory (Read-Only Memory, ROM), flash memory (Flash Memory), hard disk (Hard Disk Drive, HDD) or solid State hard disk (Solid-State Drive, SSD);Memory 602 can also include the combination of the memory of mentioned kind.
Wherein, the program code management code that processor 601 is used to that memory 602 to be called to store executes following operation:
1) when detecting that any incremental code is added to exploitation code branch, based on default the in exploitation code branch One foundation code file set, to exploitation code, branch is scanned, the first incremental code file changed.
Wherein, the first incremental code file includes any incremental code.
In the present embodiment, the quantity of the first incremental code file is not specifically limited, can is one, can also be It is multiple.
Optionally, when detecting that any incremental code is added to exploitation code branch, based in exploitation code branch Default first foundation code file set, to exploitation code, branch is scanned, the first incremental code file changed Mode, including:
When detecting that any incremental code is added to exploitation code branch by preset detection script, based on exploitation generation The mark of code branch, obtains the default first foundation code file set in exploitation code branch;Wherein, first foundation code text Part collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, based on exploitation code branch The tributary branches of code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned, The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Such as:When detecting that any incremental code is added to exploitation code branch by the Ci plug-in units in GitLab, base In the mark of exploitation code branch, the default first foundation code file set in exploitation code branch is obtained;Wherein, the first base Plinth code file collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, exploitation code Branch into the tributary branches of main code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned, The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Wherein, GitLab is the open source projects for warehouse management system, using Git as code management tools, and The web services come are erected on the basis of this.
2) in first foundation code collection, the corresponding unmodified first foundation code of the first incremental code file is determined File.
In the present embodiment, the first incremental code file includes:Code in first foundation code file and any increasing Measure code.
3) static code scanning is executed respectively to first foundation code file and the first incremental code file, obtains all increasings Measure the static code scanning information of code.
Optionally, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Optionally, static code scanning is executed respectively to first foundation code file and the first incremental code file, obtained The mode of the static code scanning information of all incremental codes, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to exploitation code branch into Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is not carried out In the case of overscanning, static code scanning is executed respectively to first foundation code file and the first incremental code file, is obtained The static code scanning information of all incremental codes.
Optionally, static code scanning is executed respectively to first foundation code file and the first incremental code file, obtained The mode of the static code scanning information of all incremental codes, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to exploitation code branch into Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is not carried out In the case of overscanning, edition code on the basis of first foundation code file is arranged, and the first incremental code file is arranged Owned by executing static code scanning respectively to benchmark edition code and target version code for target version code The static code scanning information of incremental code;Wherein, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Wherein, static code scanning refers in soft project, and programmer needs not move through compiler volume after finishing writing code It translates, and directly code is scanned using scanning tools, find out code some semantics flaws present in and/or safety leakage The solution in hole;It can find much dynamically to test indiscoverable defect in code.
By having detected whether that incremental code is added to exploitation code branch, with triggering to incremental code corresponding code text The static code of part scans, and realizes the static code scanning in real time to incremental code, is effectively improved static code scanning Efficiency;Due to only obtaining the static code scanning information of the corresponding code file of incremental code, engineer is greatly improved Solve the efficiency of code issue.
The incremental code static scanning equipment of seventh embodiment of the invention realizes the increment generation to being added to code branch Code carries out real-time static code scanning, obtains vulnerability information, security information and the specification information of incremental code in real time, effectively improves The efficiency of management of code and write efficiency.
Eighth embodiment of the invention, a kind of incremental code static scanning equipment, as shown in figure 5, including consisting of part:
Processor 601 and memory 602.In some embodiments of the invention, processor 601 and memory 602 can lead to Cross bus or other manner connection.
Processor 601 can be general processor, such as central processing unit (Central Processing Unit, CPU), it can also be digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (English: Application Specific Integrated Circuit, ASIC), or be arranged to implement the embodiment of the present invention One or more integrated circuits.Wherein, memory 602 is used to store the executable instruction of processor 601;
Memory 602 is transferred to processor 601 for storing program code, and by the program code.Memory 602 can To include volatile memory (Volatile Memory), such as random access memory (Random Access Memory, RAM);Memory 602 can also include nonvolatile memory (Non-Volatile Memory), such as read-only memory (Read-Only Memory, ROM), flash memory (Flash Memory), hard disk (Hard Disk Drive, HDD) or solid State hard disk (Solid-State Drive, SSD);Memory 602 can also include the combination of the memory of mentioned kind.
Wherein, the program code management code that processor 601 is used to that memory 602 to be called to store executes following operation:
1) when detecting that any incremental code is added to exploitation code branch, based on default the in exploitation code branch One foundation code file set, to exploitation code, branch is scanned, the first incremental code file changed.
Wherein, the first incremental code file includes any incremental code.
In the present embodiment, the quantity of the first incremental code file is not specifically limited, can is one, can also be It is multiple.
Optionally, when detecting that any incremental code is added to exploitation code branch, based in exploitation code branch Default first foundation code file set, to exploitation code, branch is scanned, the first incremental code file changed Mode, including:
When detecting that any incremental code is added to exploitation code branch by preset detection script, based on exploitation generation The mark of code branch, obtains the default first foundation code file set in exploitation code branch;Wherein, first foundation code text Part collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, based on exploitation code branch The tributary branches of code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned, The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Such as:When detecting that any incremental code is added to exploitation code branch by the Ci plug-in units in GitLab, base In the mark of exploitation code branch, the default first foundation code file set in exploitation code branch is obtained;Wherein, the first base Plinth code file collection is combined into when creating exploitation code branch, the code file set in main code branch;Wherein, exploitation code Branch into the tributary branches of main code branch;
Based on the default first foundation code file set in exploitation code branch, to exploitation code, branch is scanned, The the first incremental code file changed;Wherein, the first incremental code file includes any incremental code.
Wherein, GitLab is the open source projects for warehouse management system, using Git as code management tools, and The web services come are erected on the basis of this.
2) in first foundation code collection, the corresponding unmodified first foundation code of the first incremental code file is determined File.
In the present embodiment, the first incremental code file includes:Code in first foundation code file and any increasing Measure code.
3) static code scanning is executed respectively to first foundation code file and the first incremental code file, obtains all increasings Measure the static code scanning information of code.
Optionally, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Optionally, static code scanning is executed respectively to first foundation code file and the first incremental code file, obtained The mode of the static code scanning information of all incremental codes, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to exploitation code branch into Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is not carried out In the case of overscanning, static code scanning is executed respectively to first foundation code file and the first incremental code file, is obtained The static code scanning information of all incremental codes;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is carried out Overscanning, in the case of the first incremental code file set changed, judge be in the first incremental code file set No includes the first incremental code file;
If it is determined that including the first incremental code file in the first incremental code file set, then respectively to the second foundation code File set and the first incremental code file set execute static code scanning, obtain the static code scanning of all incremental codes Information;Wherein, the second foundation code file set, including:Each incremental code file pair in first incremental code file set The the second unmodified foundation code file answered;
If it is determined that not including the first incremental code file in the first incremental code file set, then respectively to third basis generation Code file set and the second incremental code file set execute static code scanning, and the static code for obtaining all incremental codes is swept Retouch information;Wherein, the second incremental code file set, including:Each incremental code file in first incremental code file set, And the first incremental code file;Third foundation code file set, including:Each increment generation in first incremental code file set Code file corresponding unmodified third foundation code file and first foundation code file.
Optionally, static code scanning is executed respectively to first foundation code file and the first incremental code file, obtained The mode of the static code scanning information of all incremental codes, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to exploitation code branch into Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is not carried out In the case of overscanning, edition code on the basis of first foundation code file is arranged, and the first incremental code file is arranged Owned by executing static code scanning respectively to benchmark edition code and target version code for target version code The static code scanning information of incremental code;
In judgement before detecting that any incremental code is added to exploitation code branch, exploitation code branch is carried out Overscanning, in the case of the first incremental code file set changed, judge be in the first incremental code file set No includes the first incremental code file;
If it is determined that including the first incremental code file in the first incremental code file set, then by the second foundation code file Edition code on the basis of set setting, and set the first incremental code file set to target version code, by benchmark Edition code executes static code scanning respectively with target version code, obtains the static code scanning letter of all incremental codes Breath;Wherein, the second foundation code file set, including:Each incremental code file corresponds in first incremental code file set The second unmodified foundation code file;
If it is determined that not including the first incremental code file in the first incremental code file set, then by third foundation code text Edition code on the basis of the setting of part set, and set the second incremental code file set to target version code, by base Quasi- edition code executes static code scanning respectively with target version code, obtains the static code scanning letter of all incremental codes Breath;Wherein, the second incremental code file set, including:Each incremental code file and in first incremental code file set One incremental code file;Third foundation code file set, including:Each incremental code text in first incremental code file set Part corresponding unmodified third foundation code file and first foundation code file;
Wherein, static code scanning information includes at least one of following information:
Bug (loophole) information of incremental code, the security information of incremental code and the specification information of incremental code.
Wherein, static code scanning refers in soft project, and programmer needs not move through compiler volume after finishing writing code It translates, and directly code is scanned using scanning tools, find out code some semantics flaws present in and/or safety leakage The solution in hole;It can find much dynamically to test indiscoverable defect in code.
By having detected whether that incremental code is added to exploitation code branch, with triggering to incremental code corresponding code text The static code of part scans, and realizes the static code scanning in real time to incremental code, is effectively improved static code scanning Efficiency;Due to only obtaining the static code scanning information of the corresponding code file of incremental code, engineer is greatly improved Solve the efficiency of code issue.
The incremental code static scanning equipment of eighth embodiment of the invention realizes the increment generation to being added to code branch Code carries out real-time static code scanning, obtains vulnerability information, security information and the specification information of incremental code in real time, effectively improves The efficiency of management of code and write efficiency.
Ninth embodiment of the invention, a kind of computer readable storage medium.
Computer storage media can be RAM memory, flash memory, ROM memory, eprom memory, EEPROM storages The storage medium of device, register, hard disk, mobile hard disk, CD-ROM or any other form known in the art.
Computer-readable recording medium storage there are one or multiple programs, one or more program can by one or The multiple processors of person execute, with realize in first embodiment of the invention to fourth embodiment of the invention in any embodiment part or Overall Steps.
Computer readable storage medium described in ninth embodiment of the invention is stored with one or more program, this one A or multiple programs can be executed by one or more processor, realized and carried out to the incremental code for being added to code branch Real-time static code scanning, obtains vulnerability information, security information and the specification information of incremental code, effectively increases code in real time The efficiency of management and write efficiency.
It should be noted that herein, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that process, method, article or device including a series of elements include not only those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including this There is also other identical elements in the process of element, method, article or device.
The embodiments of the present invention are for illustration only, can not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical scheme of the present invention substantially in other words does the prior art Going out the part of contribution can be expressed in the form of software products, which is stored in a storage medium In (such as ROM/RAM, magnetic disc, CD), including some instructions are used so that a station terminal (can be mobile phone, computer, service Device, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The embodiment of the present invention is described with above attached drawing, but the invention is not limited in above-mentioned specific Embodiment, the above mentioned embodiment is only schematical, rather than restrictive, those skilled in the art Under the inspiration of the present invention, without breaking away from the scope protected by the purposes and claims of the present invention, it can also make very much Form, all of these belong to the protection of the present invention.

Claims (11)

1. a kind of incremental code static scanning method, which is characterized in that including:
When detecting that any incremental code is added to exploitation code branch, based on default first in the exploitation code branch Foundation code file set is scanned the exploitation code branch, the first incremental code file changed;
In the first foundation code collection, the first incremental code file corresponding unmodified first foundation generation is determined Code file;
Static code scanning is executed respectively to the first foundation code file and the first incremental code file, is owned The static code scanning information of the incremental code.
2. according to the method described in claim 1, it is characterized in that, being added to exploitation code branch in any incremental code Before, the method further includes:
When creating the exploitation code branch, it sets the code file set in the main code branch to first base Plinth code file set;
Wherein, the exploitation code branches into the tributary branches of main code branch.
3. according to the method described in claim 1, it is characterized in that, described to the first foundation code file and described first Incremental code file executes static code scanning respectively, obtains the static code scanning information of any incremental code, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to the exploitation code branch into Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, the exploitation code branch is not carried out In the case of overscanning, are executed by static code respectively and is swept for the first foundation code file and the first incremental code file It retouches, obtains the static code scanning information of all incremental codes.
4. according to the method described in claim 3, it is characterized in that, the method further includes:
In judgement before detecting that any incremental code is added to exploitation code branch, the exploitation code branch is carried out It over-scans, in the case of the first incremental code file set changed, judges the first incremental code file set In whether include the first incremental code file;
If it is determined that including the first incremental code file in the first incremental code file set, then respectively to the second basis Code file set and the first incremental code file set execute static code scanning, obtain all incremental codes Static code scanning information;Wherein, the second foundation code file set, including:The first incremental code file set In corresponding the second unmodified foundation code file of each incremental code file;
If it is determined that not including the first incremental code file in the first incremental code file set, then respectively to third base Plinth code file set and the second incremental code file set execute static code scanning, obtain all incremental codes Static code scanning information;Wherein, the second incremental code file set, including:In first incremental code file set Each incremental code file and the first incremental code file;The third foundation code file set, including:Described The corresponding unmodified third foundation code file of each incremental code file and described first in one incremental code file set Foundation code file.
5. method according to claim 1 to 4, which is characterized in that the static code scanning information is at least Including one of following information:
The specification of the loophole bug information of the incremental code, the security information of the incremental code and the incremental code is believed Breath.
6. a kind of incremental code static scanning equipment, which is characterized in that the incremental code static scanning equipment includes processor And memory;
The processor is used to execute the program of the incremental code static scanning stored in memory, to realize following steps:
When detecting that any incremental code is added to exploitation code branch, based on default first in the exploitation code branch Foundation code file set is scanned the exploitation code branch, the first incremental code file changed;
In the first foundation code collection, the first incremental code file corresponding unmodified first foundation generation is determined Code file;
Static code scanning is executed respectively to the first foundation code file and the first incremental code file, is owned The static code scanning information of the incremental code.
7. equipment according to claim 6, which is characterized in that be added to exploitation code branch in any incremental code Before, the processor is additionally operable to execute the program of the incremental code static scanning, to realize following steps:
When creating the exploitation code branch, it sets the code file set in the main code branch to first base Plinth code file set;
Wherein, the exploitation code branches into the tributary branches of main code branch.
8. equipment according to claim 6, which is characterized in that described to the first foundation code file and described first Incremental code file executes static code scanning respectively, obtains the static code scanning information of any incremental code, including:
Judge before detecting that any incremental code is added to exploitation code branch, if to the exploitation code branch into Row overscanning;
In judgement before detecting that any incremental code is added to exploitation code branch, the exploitation code branch is not carried out In the case of overscanning, are executed by static code respectively and is swept for the first foundation code file and the first incremental code file It retouches, obtains the static code scanning information of all incremental codes.
9. equipment according to claim 8, which is characterized in that the processor is additionally operable to execute the incremental code static state The program of scanning, to realize following steps:
In judgement before detecting that any incremental code is added to exploitation code branch, the exploitation code branch is carried out It over-scans, in the case of the first incremental code file set changed, judges the first incremental code file set In whether include the first incremental code file;
If it is determined that including the first incremental code file in the first incremental code file set, then respectively to the second basis Code file set and the first incremental code file set execute static code scanning, obtain all incremental codes Static code scanning information;Wherein, the second foundation code file set, including:The first incremental code file set In corresponding the second unmodified foundation code file of each incremental code file;
If it is determined that not including the first incremental code file in the first incremental code file set, then respectively to third base Plinth code file set and the second incremental code file set execute static code scanning, obtain all incremental codes Static code scanning information;Wherein, the second incremental code file set, including:In first incremental code file set Each incremental code file and the first incremental code file;The third foundation code file set, including:Described The corresponding unmodified third foundation code file of each incremental code file and described first in one incremental code file set Foundation code file.
10. the equipment according to any one of claim 6 to 9, which is characterized in that the static code scanning information is at least Including one of following information:
The specification of the loophole bug information of the incremental code, the security information of the incremental code and the incremental code is believed Breath.
11. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage there are one or Multiple programs, one or more of programs can be executed by one or more processor, with realize according to claim 1~ The step of incremental code static scanning method described in any one of 5.
CN201711482490.3A 2017-12-29 2017-12-29 Incremental code static scanning method and device and computer readable storage medium Active CN108319854B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711482490.3A CN108319854B (en) 2017-12-29 2017-12-29 Incremental code static scanning method and device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711482490.3A CN108319854B (en) 2017-12-29 2017-12-29 Incremental code static scanning method and device and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN108319854A true CN108319854A (en) 2018-07-24
CN108319854B CN108319854B (en) 2020-09-11

Family

ID=62893489

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711482490.3A Active CN108319854B (en) 2017-12-29 2017-12-29 Incremental code static scanning method and device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN108319854B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109002295A (en) * 2018-10-19 2018-12-14 武汉斗鱼网络科技有限公司 A kind of static code scan method, system, server and storage medium
CN109284225A (en) * 2018-08-22 2019-01-29 深圳点猫科技有限公司 A kind of quality determining method and electronic equipment of multi-person synergy exploitation programming code
CN109918286A (en) * 2018-12-28 2019-06-21 北京奇安信科技有限公司 A kind of processing method and processing device of static code analysis
CN110598305A (en) * 2019-09-06 2019-12-20 北京华大九天软件有限公司 Sensitivity analysis method for comparing scanning simulation increment of circuit
CN110874316A (en) * 2018-08-31 2020-03-10 北京京东尚科信息技术有限公司 Method, device and system for scanning codes
CN112860261A (en) * 2019-11-28 2021-05-28 腾讯科技(深圳)有限公司 Static code checking method and device, computer equipment and readable storage medium
CN114265870A (en) * 2021-12-22 2022-04-01 建信金融科技有限责任公司 Problem identification method and system based on code scanning
US11475135B2 (en) * 2018-11-30 2022-10-18 Target Brands, Inc. Orchestration of vulnerability scanning and issue tracking for version control technology
CN115269444A (en) * 2022-09-30 2022-11-01 平安银行股份有限公司 Code static detection method and device and server

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102707982A (en) * 2011-03-04 2012-10-03 微软公司 Incremental generation of managed assemblies
CN102741837A (en) * 2009-10-08 2012-10-17 国际商业机器公司 System and method for static detection and categorization of information-flow downgraders
CN104199664A (en) * 2014-09-03 2014-12-10 北京大学 Synchronous simulation code generating method based on annotation
CN105224326A (en) * 2015-09-30 2016-01-06 北京恒华伟业科技股份有限公司 A kind of incremental deploying method of system code and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102741837A (en) * 2009-10-08 2012-10-17 国际商业机器公司 System and method for static detection and categorization of information-flow downgraders
CN102707982A (en) * 2011-03-04 2012-10-03 微软公司 Incremental generation of managed assemblies
CN104199664A (en) * 2014-09-03 2014-12-10 北京大学 Synchronous simulation code generating method based on annotation
CN105224326A (en) * 2015-09-30 2016-01-06 北京恒华伟业科技股份有限公司 A kind of incremental deploying method of system code and device

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109284225A (en) * 2018-08-22 2019-01-29 深圳点猫科技有限公司 A kind of quality determining method and electronic equipment of multi-person synergy exploitation programming code
CN110874316B (en) * 2018-08-31 2024-04-12 北京京东尚科信息技术有限公司 Method, device and system for scanning codes
CN110874316A (en) * 2018-08-31 2020-03-10 北京京东尚科信息技术有限公司 Method, device and system for scanning codes
CN109002295B (en) * 2018-10-19 2022-01-04 武汉斗鱼网络科技有限公司 Static code scanning method, system, server and storage medium
CN109002295A (en) * 2018-10-19 2018-12-14 武汉斗鱼网络科技有限公司 A kind of static code scan method, system, server and storage medium
US11475135B2 (en) * 2018-11-30 2022-10-18 Target Brands, Inc. Orchestration of vulnerability scanning and issue tracking for version control technology
CN109918286A (en) * 2018-12-28 2019-06-21 北京奇安信科技有限公司 A kind of processing method and processing device of static code analysis
CN110598305B (en) * 2019-09-06 2022-05-24 北京华大九天科技股份有限公司 Sensitivity analysis method for comparing scanning simulation increment of circuit
CN110598305A (en) * 2019-09-06 2019-12-20 北京华大九天软件有限公司 Sensitivity analysis method for comparing scanning simulation increment of circuit
CN112860261A (en) * 2019-11-28 2021-05-28 腾讯科技(深圳)有限公司 Static code checking method and device, computer equipment and readable storage medium
CN114265870A (en) * 2021-12-22 2022-04-01 建信金融科技有限责任公司 Problem identification method and system based on code scanning
CN115269444A (en) * 2022-09-30 2022-11-01 平安银行股份有限公司 Code static detection method and device and server
CN115269444B (en) * 2022-09-30 2023-02-03 平安银行股份有限公司 Code static detection method and device and server

Also Published As

Publication number Publication date
CN108319854B (en) 2020-09-11

Similar Documents

Publication Publication Date Title
CN108319854A (en) A kind of incremental code static scanning method, equipment and computer readable storage medium
US10691806B2 (en) Self-measuring nonvolatile memory device systems and methods
CN106295337A (en) For detecting the malice method of leak file, device and terminal
CN103729595B (en) A kind of Android application program private data leakage off-line checking method
CN101436237B (en) Method and system for whitelisting software components
US9230106B2 (en) System and method for detecting malicious software using malware trigger scenarios in a modified computer environment
US20130117855A1 (en) Apparatus for automatically inspecting security of applications and method thereof
Höller et al. Qemu-based fault injection for a system-level analysis of software countermeasures against fault attacks
US20180096162A1 (en) Data protection method and apparatus
CN106294134A (en) The collapse localization method of code and device
CN108228361A (en) A kind of information push method, terminal and computer readable storage medium
CN108282411A (en) A kind of access current-limiting method, device, equipment and computer readable storage medium
CN105701410A (en) Information, device and system for obtaining information in source codes
EP4080842A1 (en) Method and apparatus for obtaining malicious event information, and electronic device
CN108197476A (en) The leak detection method and device of a kind of intelligent terminal
CN108228451A (en) A kind of information push method, equipment and computer readable storage medium
CN103902908A (en) Method and system for detecting malicious codes of Android reinforced applications
CN105740161A (en) Data storage device and flash memory control method
CN103714293A (en) Correcting workflow security vulnerability via static analysis and virtual patching
CN107851032A (en) Service is performed in a reservoir
CN108804177A (en) Update method, apparatus, computer equipment and the storage medium of interface view
CN104035765B (en) A kind of analysis method of embedded system context
CN102789417B (en) Program detecting system and method based on directional symbol execution on mobile intelligent terminal
US11663338B2 (en) Automated security analysis of baseband firmware
KR20160052045A (en) A method for preventing hacking using memory monitoring in online games

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant