CN109241748A - A method of based on software version number identification software loophole - Google Patents
A method of based on software version number identification software loophole Download PDFInfo
- Publication number
- CN109241748A CN109241748A CN201811433420.3A CN201811433420A CN109241748A CN 109241748 A CN109241748 A CN 109241748A CN 201811433420 A CN201811433420 A CN 201811433420A CN 109241748 A CN109241748 A CN 109241748A
- Authority
- CN
- China
- Prior art keywords
- software
- loophole
- version number
- version
- method based
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention discloses a kind of methods based on software version number identification software loophole, including S1, and the querying command of software version number is placed in script or database, and the querying command is called to obtain the version number of software;S2, according to the version numbers match alignments got, the size by comparing version number judges Current software with the presence or absence of loophole.The present invention is by integrating the querying command of each software version number, the software version number inquired is compared automatically, judges current software version with the presence or absence of loophole, whole process does not need artificially to participate in, the recognition efficiency of loophole software is improved, and significantly improves the accuracy of software vulnerability identification.
Description
Technical field
The present invention relates to computer data processing technology fields, specifically a kind of to be based on software version number identification software
The method of loophole.
Background technique
Software version number refers to the version number being arranged for software, is an important attribute of software, passes through software version
It number can intuitively show the iteration version of Current software, the concrete function of the version.One mature software company and soft
Part product suffers from the software version number of specification.
Effect of the continuous specification of version number in software process also becomes ever more important with development, such as: certain
There are what loopholes in what version for software, can directly be judged by version number, this also brings the reparation of loophole
Advantageous help.
Traditional query software version is with the presence or absence of the method for loophole: obtaining version by the querying command of version number
Number, then manually relatively current version whether there is loophole.This mode only inquires a kind of software and is easier to operate, but inquires
It there is artificial participation low efficiency, and the phenomenon that judging result accuracy rate is low when various software.
Summary of the invention
A kind of method based on software version number identification software loophole is provided in the embodiment of the present invention, to solve existing skill
Artificially judgement has that software version low efficiency, the accuracy rate of loophole are low in art.
In order to solve the above-mentioned technical problem, the embodiment of the invention discloses following technical solutions:
The present invention provides a kind of methods based on software version number identification software loophole, comprising the following steps:
The querying command of software version number is placed in script or database by S1, and the querying command is called to obtain software
Version number;
S2, according to the version numbers match alignments got, the size by comparing version number judges that Current software is
It is no that there are loopholes.
Further, the method also includes:
S3 will be deemed as being sent to loophole test software there are the software version number of loophole and comparison result, carry out loophole
Detection.
Further, described to be sent to loophole test software, carry out the detailed process of the Hole Detection of software are as follows:
Obtain the title of the loophole test software of configuration;
It will be deemed as there are the software version number of loophole and comparison result output being the corresponding parameter of the title and format;
Loophole test software is called, to being judged as that the software there are loophole detects.
Further, the step S1 further include:
By identifying host ip (Internet Protocol Address, internet protocol address), to local or/and remote
The inquiry of journey host progress software version number.
Further, according to the specific mode of loophole version, the alignments include directly comparing with loophole version, with
And indicate loophole version with custom parameter, it is compared with custom parameter.
Further, the detailed process directly compared with loophole version are as follows:
Judge whether current version number is consistent with the length of loophole version number;
If inconsistent, loophole is not present in current version;
If consistent, version number is split, is compared one by one from left to right, different if it exists, then current version is not present
Loophole, otherwise there are loopholes for current version.
Further, the custom parameter includes customized version number and identifier, the customized version number and mark
Knowing symbol co-determination, there are the ranges of loophole.
Further, the detailed process compared with custom parameter are as follows:
Judge whether current version number is consistent with the length of customized version number, if inconsistent, by the knot of short version number
0 cover of tail;
Version number is split, is compared one by one from left to right, it is different if it exists, then judge the size of Liang Ge version number,
Judge whether current version number falls within the scope of loophole simultaneously.
The effect provided in summary of the invention is only the effect of embodiment, rather than invents all whole effects, above-mentioned
A technical solution in technical solution have the following advantages that or the utility model has the advantages that
1, by integrating the querying command of each software version number, the software version number inquired is compared automatically, is sentenced
Disconnected current software version whether there is loophole, and whole process does not need artificially to participate in, and improve the recognition efficiency of loophole software, and aobvious
Write the accuracy for improving software vulnerability identification.
2, in the query process of software version number, by identifying the IP address of host, local host and remote can be carried out
The software inquiry of journey host, improving the present invention is the scope of application, and avoids host query one by one, simplifies query process, improves work
Make efficiency.
3, in comparison process, loophole version is had according to Current software, different way of contrast is matched, provides
Comparison efficiency and accuracy.
4, judging there are after the software of loophole, by third-party loophole test software, to being judged as that there are loopholes
Software carry out further loophole test, guarantee the accuracy of final result.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, for those of ordinary skill in the art
Speech, without creative efforts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is the flow diagram of the method for the invention embodiment 1;
Fig. 2 is the flow diagram of the method for the invention embodiment 2.
Specific embodiment
In order to clarify the technical characteristics of the invention, below by specific embodiment, and its attached drawing is combined, to this hair
It is bright to be described in detail.Following disclosure provides many different embodiments or example is used to realize different knots of the invention
Structure.In order to simplify disclosure of the invention, hereinafter the component of specific examples and setting are described.In addition, the present invention can be with
Repeat reference numerals and/or letter in different examples.This repetition is that for purposes of simplicity and clarity, itself is not indicated
Relationship between various embodiments and/or setting is discussed.It should be noted that illustrated component is not necessarily to scale in the accompanying drawings
It draws.Present invention omits the descriptions to known assemblies and treatment technology and process to avoid the present invention is unnecessarily limiting.
As shown in Figure 1, a kind of method based on software version number identification software loophole of the invention includes:
The querying command of software version number is placed in script or database by S1, and the querying command is called to obtain software
Version number;
S2, according to the version numbers match alignments got, the size by comparing version number judges that Current software is
It is no that there are loopholes.
In step S1, the main inquiry for realizing Local or Remote multiple software versions of version number's inquiry.It is prefixed in this step
The querying command and method of Common software, are stored in script or database in a manner of order, when executing inquiry
It is called, such as Tomcat software, current version number is obtained by order sh version.sh;By IP to Local or Remote
Host is checked, since partial software can only locally check version, by the judgement to IP, is then executed if it is local IP complete
Portion's audit function, then executing if it is remote I P can only long-range audit function.Multiple IP can be configured simultaneously to realize more hosts
Inquiry.New software if it exists can increase the query function of new software by hand, to adapt to the inquiry for increasing software newly.
In step S2, loophole version is specified by two ways, including definite value is specified specified with underrange.
It is that there are the versions of loophole to be preset in database or configuration file by software that definite value is specified, is executing comparison
When, loophole version is obtained from database or configuration file, takes the mode directly compared with loophole version, specifically:
Judge whether current version number is consistent with the length of loophole version number;If inconsistent, there is no leakages for current version
Hole;If consistent, version number is split, is compared one by one from left to right, different if it exists, then loophole is not present in current version,
Otherwise there are loopholes for current version.If the loophole version of Current software is there are multiple, by current version number and preset multiple leakages
Hole version is compared one by one.
It is to indicate loophole version with custom parameter that underrange is specified, is compared with custom parameter.Custom parameter packet
Customized version number and identifier are included, there are the ranges of loophole for customized version number and identifier co-determination.Such as customized version
This number is set as 2.4.6,2.4.9, and identifier is set as M, L and B, and M indicates to be greater than customized version number there are loophole, and L is indicated
Less than customized version number there are loophole, B indicates that there are loopholes between customized version number.2.4.6M indicating that current version is greater than
2.4.6 then there is loophole, 2.4.9L indicates that current version is less than 2.4.9 and then there is loophole, and 2.4.6 2.4.9B indicates current version
Then there is loophole between 2.4.6 and 2.4.9 in this.
The detailed process compared with custom parameter are as follows:
Judge whether current version number is consistent with the length of customized version number, if inconsistent, by the knot of short version number
0 cover of tail;Version number is split, is compared one by one from left to right, it is different if it exists, then judge the big of Liang Ge version number
It is small, while judging whether current version number falls within the scope of loophole.
Version number is split, comparing one by one from left to right includes situations such as comparison two-by-two, three or three comparisons and multistage compare.
It compares two-by-two and has the case where identifier is M or L more, by being split to version number, compare one by one since left
Compared with, first identical, continue to be compared to the right, there are it is different when, judge the size of Liang Ge version number, judge current version
Whether this number fall within the scope of loophole, judges whether current version is version there are loophole.
Three or three compare and mainly judge known version number whether in the centre of two indicated releases number, to judge that the version is
It is no that there are loopholes.It is first compared with the version number inquired with one in two customized version numbers, such as customized version
Number A and B, wherein A < B, current version number is compared with B first, if version number is greater than B, then it is assumed that loophole is not present;
If version number is less than B, it is compared with A, if version number is less than A, then it is assumed that loophole is not present, then thinks exist greater than A
Loophole.
Multistage comparison compares similar, such as customized version number A, B, C and D, and A < B < C < D with three or three, if version number
When between A and B or C and D, there are loopholes.First version number and C are compared with D, if it is greater than D, no loophole;C and D
Between it is leaky;Less than C, then continue to judge version number whether between A and B.
The matching of way of contrast according to Current software there are the range of the number of loophole version number and loophole version number (or
Say continuity) it determines, if Current software only has 1 there are the version number of loophole or version number is mutually discontinuous several,
Then it is compared in such a way that definite value is specified;If there are the version numbers of loophole multiple, and this multiple version for Current software
It is number continuous for continuous or part, then it is compared by the way of being specified using underrange.
As shown in Fig. 2, on the basis of embodiment 1, the present embodiment further comprises the steps of:
S3 will be deemed as being sent to loophole test software there are the software version number of loophole and comparison result, carry out loophole
Detection.
Hole Detection realizes the function that version number's comparison result is sent to third party software inquiry loophole, to being judged as
Further loophole is carried out there are the software of loophole to test, and guarantees the accuracy of final result.Specifically: configuration is obtained first
The title of loophole test software;It will be deemed as there are the software version number of loophole and comparison result output being that the title is corresponding
Parameter and format;Loophole test software is called, to being judged as that the software there are loophole detects.Such as with json or xml lattice
Formula is transmitted, and parameter includes the version number of Current software, and there are the version number of loophole, comparison results.
The above is the preferred embodiment of the present invention, for those skilled in the art,
Without departing from the principles of the invention, several improvements and modifications can also be made, these improvements and modifications are also regarded as this hair
Bright protection scope.
Claims (8)
1. a kind of method based on software version number identification software loophole, characterized in that the following steps are included:
The querying command of software version number is placed in script or database by S1, and the querying command is called to obtain the version of software
This number;
S2, according to the version numbers match alignments got, the size by comparing version number judges whether Current software is deposited
In loophole.
2. a kind of method based on software version number identification software loophole according to claim 1, characterized in that the side
Method further include:
S3 will be deemed as being sent to loophole test software there are the software version number of loophole and comparison result, carry out Hole Detection.
3. a kind of method based on software version number identification software loophole according to claim 2, characterized in that the hair
Loophole test software is given, the detailed process of the Hole Detection of software is carried out are as follows:
Obtain the title of the loophole test software of configuration;
It will be deemed as there are the software version number of loophole and comparison result output being the corresponding parameter of the title and format;
Loophole test software is called, to being judged as that the software there are loophole detects.
4. a kind of method based on software version number identification software loophole according to claim 1 or 2, characterized in that institute
State step S1 further include:
By identifying host ip, the inquiry of software version number is carried out to local or/and distance host.
5. a kind of method based on software version number identification software loophole according to claim 1 or 2, characterized in that root
According to the specific mode of loophole version, the alignments include directly comparing with loophole version, and by loophole version with making by oneself
Adopted parameter indicates, compares with custom parameter.
6. a kind of method based on software version number identification software loophole according to claim 5, characterized in that described straight
Connect the detailed process compared with loophole version are as follows:
Judge whether current version number is consistent with the length of loophole version number;
If inconsistent, loophole is not present in current version;
If consistent, version number is split, is compared one by one from left to right, different if it exists, then loophole is not present in current version,
Otherwise there are loopholes for current version.
7. a kind of method based on software version number identification software loophole according to claim 5, characterized in that it is described from
Defined parameters include customized version number and identifier, and there are the models of loophole for the customized version number and identifier co-determination
It encloses.
8. a kind of method based on software version number identification software loophole according to claim 7, characterized in that it is described with
The detailed process that custom parameter compares are as follows:
Judge whether current version number is consistent with the length of customized version number, if inconsistent, by the ending of short version number with 0
Cover;
Version number is split, is compared one by one from left to right, it is different if it exists, then judge the size of Liang Ge version number, simultaneously
Judge whether current version number falls within the scope of loophole.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811433420.3A CN109241748A (en) | 2018-11-28 | 2018-11-28 | A method of based on software version number identification software loophole |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811433420.3A CN109241748A (en) | 2018-11-28 | 2018-11-28 | A method of based on software version number identification software loophole |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109241748A true CN109241748A (en) | 2019-01-18 |
Family
ID=65074226
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811433420.3A Pending CN109241748A (en) | 2018-11-28 | 2018-11-28 | A method of based on software version number identification software loophole |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109241748A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110109699A (en) * | 2019-05-06 | 2019-08-09 | 重庆天蓬网络有限公司 | A kind of loophole component lookup method, system, medium and electronic equipment |
CN110569648A (en) * | 2019-09-16 | 2019-12-13 | 杭州安恒信息技术股份有限公司 | method and device for organizing version cave library |
CN111797402A (en) * | 2020-06-17 | 2020-10-20 | 北京世纪互联宽带数据中心有限公司 | Method, device and storage medium for detecting software vulnerability |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103473505A (en) * | 2012-06-06 | 2013-12-25 | 腾讯科技(深圳)有限公司 | Scanning prompt method and device for software vulnerabilities |
CN106650460A (en) * | 2016-11-15 | 2017-05-10 | 上海华为技术有限公司 | Version check method and device and terminal equipment |
-
2018
- 2018-11-28 CN CN201811433420.3A patent/CN109241748A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103473505A (en) * | 2012-06-06 | 2013-12-25 | 腾讯科技(深圳)有限公司 | Scanning prompt method and device for software vulnerabilities |
CN106650460A (en) * | 2016-11-15 | 2017-05-10 | 上海华为技术有限公司 | Version check method and device and terminal equipment |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110109699A (en) * | 2019-05-06 | 2019-08-09 | 重庆天蓬网络有限公司 | A kind of loophole component lookup method, system, medium and electronic equipment |
CN110569648A (en) * | 2019-09-16 | 2019-12-13 | 杭州安恒信息技术股份有限公司 | method and device for organizing version cave library |
CN110569648B (en) * | 2019-09-16 | 2021-07-27 | 杭州安恒信息技术股份有限公司 | Method and device for organizing version cave library |
CN111797402A (en) * | 2020-06-17 | 2020-10-20 | 北京世纪互联宽带数据中心有限公司 | Method, device and storage medium for detecting software vulnerability |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109241748A (en) | A method of based on software version number identification software loophole | |
TWI729472B (en) | Method, device and server for determining feature words | |
US9953639B2 (en) | Voice recognition system and construction method thereof | |
CN105336342B (en) | Speech recognition result evaluation method and system | |
US20110013527A1 (en) | System and method for deep packet inspection | |
JP2018014765A5 (en) | ||
CN109213844A (en) | A kind of text handling method, device and relevant device | |
CN104333483A (en) | Identification method, system and identification device for internet application flow | |
CN109460220A (en) | The predefined code generating method of message, device, electronic equipment and storage medium | |
CN109871289A (en) | A kind of remote procedure call service creation method and device | |
WO2019231665A1 (en) | Automatic intelligent cloud service testing tool | |
WO2023070803A1 (en) | Speech recognition method and apparatus, device, and storage medium | |
CN105302885A (en) | Full-text data extraction method and device | |
CN103905482B (en) | Method, push server and the system of pushed information | |
CN113946546B (en) | Abnormality detection method, computer storage medium, and program product | |
CN111343660A (en) | Application program testing method and device | |
CN109918619A (en) | A kind of pronunciation mask method and device based on basic dictionary mark | |
CN112235230A (en) | Malicious traffic identification method and system | |
CN109408379A (en) | One kind is based on promotion jmeter interface automatic test data matching method | |
CN109584881A (en) | Number identification method, device and terminal device based on speech processes | |
CN106486118A (en) | A kind of sound control method of application and device | |
CN109756479B (en) | Method and device for detecting forged requests in browser | |
CN105335466A (en) | Audio data retrieval method and apparatus | |
CN103810997A (en) | Method and device for determining confidence of voice recognition result | |
CN109087647A (en) | Application on Voiceprint Recognition processing method, device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190118 |