CN109255087B - Picture resource security detection method, storage medium, electronic device and system - Google Patents
Picture resource security detection method, storage medium, electronic device and system Download PDFInfo
- Publication number
- CN109255087B CN109255087B CN201710521868.XA CN201710521868A CN109255087B CN 109255087 B CN109255087 B CN 109255087B CN 201710521868 A CN201710521868 A CN 201710521868A CN 109255087 B CN109255087 B CN 109255087B
- Authority
- CN
- China
- Prior art keywords
- picture
- unsafe
- array
- resources
- resource
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/34—Graphical or visual programming
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Abstract
A method, a storage medium, an electronic device and a system for detecting the security of picture resources relate to the field of picture resource detection, and the method comprises the following steps: adding an intranet mark for the resources of the intranet server in advance; inquiring a database, acquiring character strings of all data of a page to be detected, and storing the character strings into variables of a scripting language JavaScript; setting a regular expression matched with the picture resources, extracting addresses of all the picture resources in the character string according to the regular expression, and storing the addresses in a picture resource array; removing the duplication of the picture resources in the picture resource array; appointing a domain name of a safe resource server, and setting an unsafe array for storing addresses of unsafe picture resources; and traversing the picture resource array, and adding the addresses of the picture resources without the domain name of the secure resource server or the intranet mark into the insecure array. The method and the device can acquire all cited picture resources in the page built by the WebMarket and detect the safety of the picture resources.
Description
Technical Field
The present invention relates to the field of picture resource detection, and in particular, to a method, a storage medium, an electronic device, and a system for detecting security of picture resources.
Background
webMarket is an online platform for developers to build web pages by dragging page presentation components. The platform can be accessed and used in a browser, provides a large number of visual page basic element components, and can complete related functions or display related contents such as text components, picture components and the like only by proper configuration. Dragging the components to corresponding positions of the canvas through mouse operation, editing the components by using a property editor, and finally splicing into a complete page for previewing and publishing.
The webMarket can upload the picture resources to a resource server of a company, then the uploaded picture resources can be directly used for webpage construction in the platform, and meanwhile page developers can also directly use the picture resources of a third party (the picture resources stored by a non-company resource server) in the assembly. Therefore, a page built through webMarket may refer to a plurality of picture resources, but each picture resource comes from a different server.
In a practical production environment, we should not trust any other third party resource, other than the resource provided by the resource server held by themselves, according to common sense. Because the third-party resource can stop service at any time and has potential safety hazard, the owner of the third-party resource server can attack our page by replacing the resource referred by us. In addition, there is a possibility that intranet picture resources, that is, resources that can be accessed only in a specific intranet environment, cannot be accessed in a public network, may be used in a development process. If the intranet resources are used in the web Market built page, normal performance can be achieved in development and test environments (all performed by the intranet), once the page is published, a common user can find that the page is abnormal in performance, and the intranet picture resources cannot be normally viewed. Therefore, the webMarket picture resource needs to be detected.
The most straightforward way to detect the source of all picture resources of a page is to check their resource links. The prior detection mode is that after a page html is requested, img labels in the page html are checked to extract links of picture resources; or the referred picture resource address is obtained by monitoring the picture resource request during page initialization. However, both methods exist: the method has the advantages that the picture resources quoted in the page built by the WebMarket cannot be obtained, and some picture resources may not be introduced in html at the beginning or in page initialization but only in the page data at a proper time. The problem that whether the picture resources are safe or not is also headache is detected, the front-end server cannot directly judge the safety of the resource server, and the safety is time-efficient.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a method, a storage medium, an electronic device and a system for detecting the security of picture resources, which can acquire all cited picture resources in a page built by WebMarket and detect the security of the picture resources.
In order to achieve the above purpose, the invention adopts a detection method of picture resource security, comprising the steps of:
s1, adding an intranet mark for the resources of an intranet server in advance; inquiring a database, acquiring character strings of all data of a page to be detected, and storing the character strings into variables of a scripting language JavaScript;
s2, setting a regular expression for matching picture resources, extracting addresses of all picture resources in the character string according to the regular expression, and storing the addresses in a picture resource array; removing the duplication of the picture resources in the picture resource array;
s3, specifying a domain name of a safe resource server, and setting an unsafe array for storing addresses of unsafe picture resources; and traversing the picture resource array, and adding the addresses of the picture resources without the domain name of the secure resource server or the intranet mark into the insecure array.
On the basis of the technical scheme, the regular expression comprises a website start, a website and a picture format, the website start comprises http and https, and the picture format comprises jpg, gif, png and jpeg.
On the basis of the above technical solution, the address of the unsafe picture resource in S3 is stored in an unsafe array in the form of a character string; and splicing the addresses of all the unsafe picture resources into hyperlinks so that all the unsafe picture resources are linked to an html page.
On the basis of the technical scheme, after S3, an unsafe array is checked, and if the element in the unsafe array is 0, no unsafe picture resource exists; and if the elements in the unsafe array are not 0, the number of the elements is the number of the unsafe picture resources.
The invention also provides a storage medium, wherein the storage medium is stored with a computer program, and the computer program realizes the detection method of the security of the picture resource when being executed by a processor.
The invention also provides an electronic device, which comprises a memory and a processor, wherein the memory is stored with a computer program running on the processor, and the processor realizes the detection method of the security of the picture resources when executing the computer program.
The invention also provides a detection system for the security of the picture resources, which comprises a database module, a setting module, an inquiry module, an array module and a detection module;
the database module is used for storing data of all components in the webMarket;
the setting module is used for adding an intranet mark to the resources of the intranet server and setting the domain name of the security resource server;
the extraction module is used for inquiring the database module, acquiring character strings of all data of the page to be detected and storing the character strings into a variable of JavaScript; the system is also used for extracting the addresses of all picture resources in the character string according to the regular expression;
the array module comprises a picture resource array and an unsafe array, wherein the picture resource array is used for storing the address of the picture resource extracted by the query module, and the unsafe array is used for storing the address of the unsafe picture resource;
and the detection module is used for detecting unsafe picture resources in the picture resource array, and the addresses of the unsafe picture resources do not have a safe resource server domain name or an intranet mark.
On the basis of the technical scheme, the extraction module sets a regular expression, the regular expression comprises a website start, a website and a picture format, the website start comprises http and https, and the picture format comprises jpg, gif, png and jpeg.
On the basis of the technical scheme, the system further comprises a report module for generating a report page of the picture resource security, wherein the report page comprises all unsafe picture resources.
On the basis of the technical scheme, when the element in the unsafe array is 0, no unsafe picture resource exists; and if the number of the elements in the unsafe array is not 0, the number of the elements is the number of the unsafe picture resources.
The invention has the beneficial effects that:
1. the regular expression is used for extracting the addresses of all picture resources in the source data of the page, and the addresses of all the picture resources are efficiently screened from the WebMarket construction page with huge data volume by removing duplication, so that the addresses can be obtained no matter which method is used for introducing the addresses into the page.
2. And setting an intranet mark and a safe resource server, and screening all picture resources to obtain unsafe picture resources. Moreover, some picture resources use a safe domain name, but in some cases, an intranet resource server is used in a development environment, and the picture resources can be distinguished through an intranet mark.
3. The method can generate the security report pages of all the picture resources in the webMarket construction page, indicate the addresses of the picture resources with security problems, view specific pictures in a browser and facilitate positioning and repairing.
Drawings
FIG. 1 is a flowchart of a method for detecting security of a chip resource according to an embodiment of the present invention;
FIG. 2 is a block diagram of the connection of an electronic device in an embodiment of the invention;
fig. 3 is a schematic diagram of a system for detecting security of picture resources according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
As shown in fig. 1, the method for detecting security of picture resources of the present invention specifically includes the following steps:
s1, adding an intranet mark for the resources of an intranet server in advance; and querying a database to obtain character strings of all data of the page to be detected.
Specifically, in order to distinguish intranet resource addresses, the resource file of the intranet server is set to have a special identifier, and in this embodiment, the intranet resources are set to have debugger identifiers. When the page built by the webMarket is used for storage, a collection of data of all components used by the page is actually stored, and the collection is stored in a database in a form of conversion into character strings. Therefore, by means of querying the database, the character strings of all data of the page to be detected can be obtained, and the character strings are stored as variables of JavaScript (a scripting language), so that subsequent operations are facilitated. The specific acquisition mode is as follows:
data content database string found for database
var pageString=res.data.content;
S2, detecting the sources of all picture resources of one page, wherein the most direct mode is to check the resource links of the picture resources. Therefore, a regular expression for matching the picture resources is established, the regular expression comprises a website start, a website and a picture format, the website start can be http or https, the picture format can be jpg, gif, png or jpeg, and the regular expression can also comprise a timestamp part and the like for matching the picture resources. And extracting the addresses of all picture resources in the character string according to the regular expression, and storing the addresses in a picture resource array. And the picture resources in the picture resource array are deduplicated in a from mode of the array object. Compared with manual checking, the method can efficiently screen the addresses of all picture resources from the page with huge data volume, no matter what method is used for introducing the picture resources into the page, such as JavaScript introduction, css introduction and html tag introduction. The steps are specifically realized as follows:
/regular expression for matching picture resource addresses
var regexp=
/(http:\/\/|https:\/\/)((\w|=|\?|\.|\/|&|-)+(jpg|gif|png|jpeg))(\?timestamp=(\d+))?/g;
Matching page data, returning images as resource address array of all pictures
var images=pageString.match(regexp);
// picture resource address deduplication
images=Array.from(new Set(images));
S3, because the acquisition of the resources depends on the resource addresses, different resource addresses can point to different resource servers, the key role in the resource addresses is the domain name in the addresses, and the domain name is resolved into a specific IP address through a Domain Name Server (DNS) and then points to an exact server on the Internet. The address of the picture resource is the picture link, and the domain name part in the picture link plays a role of determining a resource server, so that whether the domain names of all the picture links in the page to be detected belong to the safe domain names or not needs to be checked.
The specific steps of S3 are as follows:
s301, specify the domain name of the secure resource server, which is assumed to be abc.com in this embodiment, and resource addresses that are not under the domain name are considered to be insecure. And setting an unsafe array for storing the addresses of the unsafe picture resources.
S302, traversing the picture resource array, checking whether a domain name (abc.com) of a security resource server exists in the addresses of the picture resources, and if so, entering S304; if not, entering S303;
and S303, if the picture resource is unsafe, adding the address of the picture resource into an unsafe array, and ending. Specifically, the address of the unsafe picture resource is stored in the unsafe array in the form of a character string.
S304, temporarily considering the address of the picture resource to be safe, and entering S305;
s305, traversing the residual picture resources in the picture resource array, checking whether an intranet identifier (debogger) exists in the address of the picture resource, and if so, entering S306; if not, the process proceeds to S307.
S306, the corresponding picture resource is considered to be unsafe, the address of the picture resource is added into an unsafe array, and the operation is finished.
And S307, the corresponding picture resource is considered to be safe, and the method is ended.
The specific implementation of detecting picture resources and adding an unsafe array is as follows:
in practical application, after all unsafe picture resources in a page to be detected are obtained through S1-S3, the unsafe picture resource list can be output to be a report in an html (hypertext markup language) format. The detection of the security of the picture resources of the page to be detected is completed, but the report of the page is in a javascript array format and cannot be understood by non-professional personnel, so that the report needs to be generated into a popular and easily understood format and is provided for developers to evaluate and optimize the page.
The addresses of all the unsafe picture resources can be spliced into hyperlinks by traversing the unsafe array to form an html page containing links for clicking and viewing all the picture resources, so that a developer can open the page in a browser and view which pictures with problems are respectively. When traversing the unsafe array, firstly checking elements (addresses of unsafe picture resources) in the unsafe array, and if the elements in the unsafe array are 0, indicating that no unsafe picture resources exist; and if the elements in the unsafe array are not 0, the number of the elements is the number of the unsafe picture resources.
The concrete implementation is as follows:
therefore, a picture resource security report page developed by webMarket can be obtained, wherein the picture resources with security problems and the number of the picture resources are indicated, and specific pictures are allowed to be viewed in a browser, so that the positioning and the repairing are convenient.
The embodiment of the invention also provides a storage medium, wherein the storage medium is stored with a computer program, and the computer program is executed by a processor to realize the detection method for the security of the picture resources. The storage medium includes various media capable of storing program codes, such as a usb disk, a removable hard disk, a ROM (Read-Only Memory), a RAM (Random Access Memory), a magnetic disk, or an optical disk.
Referring to fig. 2, an embodiment of the present invention further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program running on the processor, and the processor implements the method for detecting security of picture resources when executing the computer program.
As shown in FIG. 3, the present invention provides a system for detecting security of picture resources, which includes a database module, a setting module, a query module, an array module, a detection module, and a report module.
And the database module is used for storing the data of all the components in the webMarket.
And the setting module is used for adding an intranet mark for the resources of the intranet server and setting the domain name of the security resource server.
And the extraction module is used for querying the database module and acquiring character strings of all data of the page to be detected. The extraction module is used for extracting addresses of all picture resources in the character string according to the regular expression, the regular expression is set by the extraction module, the regular expression comprises a website start, a website and a picture format, the website start comprises http and https, and the picture format comprises jpg, gif, png and jpeg. Regular expressions may also include content such as timestamps.
And the array module comprises a picture resource array and an unsafe array, wherein the picture resource array is used for storing the address of the picture resource extracted by the query module, and the unsafe array is used for storing the address of the unsafe picture resource. When the element in the unsafe array is 0, no unsafe picture resource exists; and if the number of the elements in the unsafe array is not 0, the number of the elements is the number of the unsafe picture resources.
And the detection module is used for detecting the addresses of the unsafe picture resources in the picture resource array, wherein the addresses of the unsafe picture resources do not have a safe resource server domain name or an intranet mark.
The report module can select settings for generating a report page of picture resource security, wherein the page includes all unsafe picture resources.
It should be noted that: in the system provided in the embodiment of the present invention, when performing inter-module communication, only the division of each functional module is illustrated, and in practical applications, the above function distribution may be completed by different functional modules as needed, that is, the internal structure of the system is divided into different functional modules to complete all or part of the above described functions.
The present invention is not limited to the above-described embodiments, and it will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and such modifications and improvements are also considered to be within the scope of the present invention. Those not described in detail in this specification are within the skill of the art.
Claims (8)
1. A method for detecting the security of picture resources is characterized by comprising the following steps:
s1, adding an intranet mark for the resources of an intranet server in advance; inquiring a database, acquiring character strings of all data of a page to be detected, and storing the character strings into variables of a scripting language JavaScript;
s2, setting a regular expression for matching picture resources, extracting addresses of all picture resources in the character string according to the regular expression, and storing the addresses in a picture resource array; removing the duplication of the picture resources in the picture resource array;
s3, specifying a domain name of a safe resource server, and setting an unsafe array for storing addresses of unsafe picture resources; traversing the picture resource array, and adding the addresses of the picture resources without the domain name of the secure resource server or the intranet mark into the unsecure array;
the regular expression comprises a website start, a website and a picture format, wherein the website start comprises http and https, and the picture format comprises jpg, gif, png and jpeg.
2. The method for detecting the security of the picture resource as claimed in claim 1, wherein: the addresses of the unsafe picture resources in the S3 are stored in an unsafe array in a character string mode; and splicing the addresses of all the unsafe picture resources into hyperlinks so that all the unsafe picture resources are linked to an html page.
3. The method for detecting the security of the picture resource as claimed in claim 1, wherein: after the step S3, checking an unsafe array, if the element in the unsafe array is 0, no unsafe picture resource exists; and if the elements in the unsafe array are not 0, the number of the elements is the number of the unsafe picture resources.
4. A system for detecting security of picture resources, applying the method for detecting security of picture resources according to claim 1, wherein: the system comprises a database module, a setting module, a query module, an array module and a detection module;
the database module is used for storing data of all components in the webMarket;
the setting module is used for adding an intranet mark to the resources of the intranet server and setting the domain name of the security resource server;
the extraction module is used for inquiring the database module, acquiring character strings of all data of the page to be detected and storing the character strings into a variable of JavaScript; the system is also used for extracting the addresses of all picture resources in the character string according to the regular expression;
the array module comprises a picture resource array and an unsafe array, wherein the picture resource array is used for storing the address of the picture resource extracted by the query module, and the unsafe array is used for storing the address of the unsafe picture resource;
the detection module is used for detecting unsafe picture resources in the picture resource array, and the addresses of the unsafe picture resources do not have a safe resource server domain name or an intranet mark;
the extraction module sets a regular expression, the regular expression comprises a website start, a website and a picture format, the website start comprises http and https, and the picture format comprises jpg, gif, png and jpeg.
5. The system for detecting the security of the picture resource as claimed in claim 4, wherein: the system also comprises a report module used for generating a report page of the picture resource security, wherein the page comprises all unsafe picture resources.
6. The system for detecting the security of the picture resource as claimed in claim 4, wherein: when the element in the unsafe array is 0, no unsafe picture resource exists; and if the number of the elements in the unsafe array is not 0, the number of the elements is the number of the unsafe picture resources.
7. A storage medium having a computer program stored thereon, characterized in that: the computer program, when executed by a processor, implements the method of any of claims 1 to 3.
8. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program that runs on the processor, characterized in that: a processor implementing the method of any one of claims 1 to 3 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710521868.XA CN109255087B (en) | 2017-06-30 | 2017-06-30 | Picture resource security detection method, storage medium, electronic device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710521868.XA CN109255087B (en) | 2017-06-30 | 2017-06-30 | Picture resource security detection method, storage medium, electronic device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109255087A CN109255087A (en) | 2019-01-22 |
| CN109255087B true CN109255087B (en) | 2021-03-16 |
Family
ID=65050870
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710521868.XA Active CN109255087B (en) | 2017-06-30 | 2017-06-30 | Picture resource security detection method, storage medium, electronic device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109255087B (en) |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040139171A1 (en) * | 2002-11-25 | 2004-07-15 | Chen Richard C. | Browser capable of regular expression-triggered advanced download of documents hyperlinked to current page |
| US20150031398A1 (en) * | 2013-07-29 | 2015-01-29 | Flybits, Inc | Zone-Based Information Linking, Systems and Methods |
| CN104580092B (en) * | 2013-10-21 | 2018-01-02 | 航天信息股份有限公司 | The method and apparatus that safety detection is carried out to Webpage |
| CN104615760B (en) * | 2015-02-13 | 2018-04-13 | 北京瑞星网安技术股份有限公司 | Fishing website recognition methods and system |
| CN106161427B (en) * | 2016-06-08 | 2020-02-11 | 北京兰云科技有限公司 | Webpage processing method, network analyzer and HTTP server |
| CN106776946A (en) * | 2016-12-02 | 2017-05-31 | 重庆大学 | A kind of detection method of fraudulent website |
-
2017
- 2017-06-30 CN CN201710521868.XA patent/CN109255087B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109255087A (en) | 2019-01-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108092962B (en) | Malicious URL detection method and device | |
| US9203720B2 (en) | Monitoring the health of web page analytics code | |
| US9614862B2 (en) | System and method for webpage analysis | |
| US9213832B2 (en) | Dynamically scanning a web application through use of web traffic information | |
| US20150178476A1 (en) | System and method of monitoring font usage | |
| CN110266661B (en) | Authorization method, device and equipment | |
| CN109376291B (en) | Website fingerprint information scanning method and device based on web crawler | |
| CN107085549B (en) | Method and device for generating fault information | |
| CN103279710B (en) | Method and system for detecting malicious codes of Internet information system | |
| CN108021598B (en) | Page extraction template matching method and device and server | |
| CN102063484B (en) | Discovery method and device of third-party WEB application program | |
| KR102090982B1 (en) | How to identify malicious websites, devices and computer storage media | |
| US11030384B2 (en) | Identification of sequential browsing operations | |
| CN104601573A (en) | Verification method and device for Android platform URL (Uniform Resource Locator) access result | |
| CN111104579A (en) | Identification method and device for public network assets and storage medium | |
| CN112579476B (en) | Method and device for aligning vulnerability and software and storage medium | |
| CN104021154B (en) | A kind of method and apparatus scanned in a browser | |
| CN103095530A (en) | Method and system for sensitive information monitoring and leakage prevention based on front-end gateway | |
| US20180075003A1 (en) | Verifying content of resources in markup language documents | |
| CN104899219A (en) | Screening method and system of pseudo-static URL (Uniform Resource Locator) and webpage crawling method and system | |
| CN111770079B (en) | Method and device for detecting vulnerability injection of web framework | |
| KR20190058141A (en) | Method for generating data extracted from document and apparatus thereof | |
| WO2015188604A1 (en) | Phishing webpage detection method and device | |
| Choudhary et al. | A cross-browser web application testing tool | |
| CN104361007B (en) | The processing method of browser and its collection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |