CN109828780A - A kind of recognition methods of open source software and device - Google Patents

A kind of recognition methods of open source software and device Download PDF

Info

Publication number
CN109828780A
CN109828780A CN201811627959.2A CN201811627959A CN109828780A CN 109828780 A CN109828780 A CN 109828780A CN 201811627959 A CN201811627959 A CN 201811627959A CN 109828780 A CN109828780 A CN 109828780A
Authority
CN
China
Prior art keywords
open source
source software
information
default
title
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811627959.2A
Other languages
Chinese (zh)
Other versions
CN109828780B (en
Inventor
章磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihu Ceteng Security Technology Co Ltd
Beijing Qianxin Technology Co Ltd
Original Assignee
Beijing Qihu Ceteng Security Technology Co Ltd
Beijing Qianxin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihu Ceteng Security Technology Co Ltd, Beijing Qianxin Technology Co Ltd filed Critical Beijing Qihu Ceteng Security Technology Co Ltd
Priority to CN201811627959.2A priority Critical patent/CN109828780B/en
Publication of CN109828780A publication Critical patent/CN109828780A/en
Application granted granted Critical
Publication of CN109828780B publication Critical patent/CN109828780B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Stored Programmes (AREA)

Abstract

The embodiment of the present invention provides recognition methods and the device of a kind of open source software, which comprises obtains the multi-level information of open source software to be identified;According to the multi-level information extraction various dimensions characteristic information;According to the various dimensions characteristic information and default open source software base library, the open source software title and version information of the open source software to be identified are identified;The default open source software base library is previously stored with the corresponding relationship between default open source software information and default characteristic information;Wherein, the default open source software information includes default open source software title and default version information.Described device executes the above method.The recognition methods of open source software provided in an embodiment of the present invention and device identify the open source software title and version information of open source software to be identified, can accurately identify open source software relevant information by various dimensions characteristic information and default open source software base library.

Description

A kind of recognition methods of open source software and device
Technical field
The present embodiments relate to open source software technical fields, and in particular to a kind of recognition methods of open source software and dress It sets.
Background technique
Open source software has the characteristics such as open, shared, free, plays an increasingly important role in software development, It is also the important component of software provisioning chain.With more and more open source softwares by be mounted directly or source code in the form of answered It uses among various systems, the problem of management of open source software can become to become increasingly complex.There is a large amount of peaces in open source software Full hidden danger, enterprise are also carry huge security risk while enjoying open source software bring convenience.
It detects in open source software with the presence or absence of security risk, it usually needs first identify it is which kind of open source software, and The version information of the open source software, still, the prior art is still without effective open source software recognition methods.
Therefore, how drawbacks described above is avoided, open source software can be accurately identified, becoming need solve the problems, such as.
Summary of the invention
In view of the problems of the existing technology, the embodiment of the present invention provides recognition methods and the device of a kind of open source software.
In a first aspect, the embodiment of the present invention provides a kind of recognition methods of open source software, which comprises
Obtain the multi-level information of open source software to be identified;
According to the multi-level information extraction various dimensions characteristic information;
According to the various dimensions characteristic information and default open source software base library, opening for the open source software to be identified is identified Source software title and version information;The default open source software base library is previously stored with default open source software information and default spy Corresponding relationship between reference breath;Wherein, the default open source software information includes default open source software title and default version Information.
Second aspect, the embodiment of the present invention provide a kind of identification device of open source software, and described device includes:
Acquiring unit, for obtaining the multi-level information of open source software to be identified;
Extraction unit, for according to the multi-level information extraction various dimensions characteristic information;
Recognition unit, for according to the various dimensions characteristic information and default open source software base library, identification to be described wait know The open source software title and version information of other open source software;It is soft that the default open source software base library is previously stored with default open source Corresponding relationship between part information and default characteristic information;Wherein, the default open source software information includes default open source software Title and default version information.
The third aspect, the embodiment of the present invention provide a kind of electronic equipment, comprising: processor, memory and bus, wherein
The processor and the memory complete mutual communication by the bus;
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to refer to Order is able to carry out following method:
Obtain the multi-level information of open source software to be identified;
According to the multi-level information extraction various dimensions characteristic information;
According to the various dimensions characteristic information and default open source software base library, opening for the open source software to be identified is identified Source software title and version information;The default open source software base library is previously stored with default open source software information and default spy Corresponding relationship between reference breath;Wherein, the default open source software information includes default open source software title and default version Information.
Fourth aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium, comprising:
The non-transient computer readable storage medium stores computer instruction, and the computer instruction makes the computer Execute following method:
Obtain the multi-level information of open source software to be identified;
According to the multi-level information extraction various dimensions characteristic information;
According to the various dimensions characteristic information and default open source software base library, opening for the open source software to be identified is identified Source software title and version information;The default open source software base library is previously stored with default open source software information and default spy Corresponding relationship between reference breath;Wherein, the default open source software information includes default open source software title and default version Information.
The recognition methods of open source software provided in an embodiment of the present invention and device are opened by various dimensions characteristic information with default Source software base library identifies the open source software title and version information of open source software to be identified, can accurately identify open source software Relevant information.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the recognition methods flow diagram of open source software of the embodiment of the present invention;
Fig. 2 is the identification device structural schematic diagram of open source software of the embodiment of the present invention;
Fig. 3 is electronic equipment entity structure schematic diagram provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Fig. 1 is the recognition methods flow diagram of open source software of the embodiment of the present invention, as shown in Figure 1, the embodiment of the present invention A kind of recognition methods of the open source software provided, comprising the following steps:
S101: the multi-level information of open source software to be identified is obtained.
Specifically, device obtains the multi-level information of open source software to be identified.Multi-level information may include oss message, At least one of binary message, package manager information, further, oss message may include source code file name, The information such as file type, file size, file path, file Hash;Binary message may include binary file title, two The information such as binary file type, binary file size, binary file path, binary file Hash;Package manager information It may include the information such as project organization unique identifier, project unique identifier, version, development language, package manager platform.
S102: according to the multi-level information extraction various dimensions characteristic information.
Specifically, device is according to the multi-level information extraction various dimensions characteristic information.By taking oss message as an example, various dimensions Characteristic information may include the file size specific value of the file X of source code, for example, 2MB, file X file path be path a b\c。
S103: according to the various dimensions characteristic information and default open source software base library, identify that the open source to be identified is soft The open source software title and version information of part;The default open source software base library be previously stored with default open source software information and Corresponding relationship between default characteristic information;Wherein, the default open source software information includes default open source software title and pre- If version information.
Specifically, device identifies described to be identified according to the various dimensions characteristic information and default open source software base library The open source software title and version information of open source software;The default open source software base library is previously stored with default open source software Corresponding relationship between information and default characteristic information;Wherein, the default open source software information includes default open source software name Title and default version information.In same software may in different positions there are multiple identical files, file path information, The characteristic value of the information such as filename, file size can effectively distinguish it;The different editions of same software may be big Partial source symbols have identical content, and the file name of open source software sound code file, type, size, path, hash value etc. are carried out Various combination forms the characteristic value of different levels, only has partial feature value consistent between two different editions as a result, but still deposits In the characteristic value that can distinguish different editions.
The default open source software title may include that (i.e. the software of the title passes through same the first default open source software title A part of characteristic information can identify open source software title and version information), according to the various dimensions characteristic information and preset Open source software base library identifies the open source software title and version information of the open source software to be identified, can specifically include:
At least one characteristic information is extracted from the various dimensions characteristic information.Such as the characteristic information of extraction is file road Diameter a b c.
Target signature information corresponding with all characteristic informations is obtained in the default characteristic information.Due to default to open Source software base library is previously stored with the corresponding relationship between all default open source software information and all default characteristic informations, because This, can be got in default characteristic information target signature information be file path a b c.
If the corresponding target open source software of the target signature information entitled described first is known in judgement, default open source is soft Part title then continues according to the corresponding of default characteristic information corresponding with the target signature information and the default version information Relationship determines target version information corresponding with the target signature information.I.e. according to above-mentioned corresponding relationship, available target Open source software title, for example, x, if x be the first default open source software title, i.e., only by above-mentioned file path a b c, Target version information can be got, then by above-mentioned corresponding relationship obtain this document path a b the corresponding target version of c Information is V1.1.
Respectively using the target open source software title and the target version information as the open source software to be identified Open source software title and version information.The entitled x of open source software, the version information V1.1 of open source software i.e. to be identified.
Further, the default open source software title may include the second default open source software title (i.e. title Software, which needs different piece characteristic information to combine, can just identify open source software title and version information), according to described more Dimensional characteristics information and default open source software base library identify the open source software title and version letter of the open source software to be identified Breath, can specifically include:
If the corresponding target open source software of the target signature information entitled described second is known in judgement, default open source is soft Part title, then according to the more correlated characteristic information of all feature information extractions.I.e. according to above-mentioned corresponding relationship, available target Open source software title, for example, y, if y be the second default open source software title, i.e., only by above-mentioned file path a b c, Target version information cannot also be got, then according to by file path a b c, obtain file X file size 2MB it is (right Correlated characteristic information is answered, is not limited to one).
According to the corresponding relationship of the corresponding default characteristic information of assemblage characteristic and the default version information, it is determining with it is described The corresponding target version information of target signature information;Wherein, the assemblage characteristic includes the correlated characteristic information and all spies Reference breath.If the file path a of file X b c and file X file size 2MB corresponding default characteristic information as a whole With the corresponding relationship of the default version information be " the file path a of file X b c and file X file size 2MB~it is default Version information is V2.0 ", then target version information is V2.0.The entitled y of open source software of the i.e. described open source software to be identified, version This information is V2.0.
The recognition methods of open source software provided in an embodiment of the present invention passes through various dimensions characteristic information and default open source software Base library identifies the open source software title and version information of open source software to be identified, can accurately identify open source software correlation letter Breath.
On the basis of the above embodiments, the default open source software title includes the first default open source software title;Phase It answers, it is described according to the various dimensions characteristic information and default open source software base library, identify the open source software to be identified Open source software title and version information, comprising:
At least one characteristic information is extracted from the various dimensions characteristic information.
Specifically, device extracts at least one characteristic information from the various dimensions characteristic information.It can refer to above-mentioned implementation Example, repeats no more.
Target signature information corresponding with all characteristic informations is obtained in the default characteristic information.
Specifically, device obtains target signature information corresponding with all characteristic informations in the default characteristic information. It can refer to above-described embodiment, repeat no more.
If the corresponding target open source software of the target signature information entitled described first is known in judgement, default open source is soft Part title then continues according to the corresponding of default characteristic information corresponding with the target signature information and the default version information Relationship determines target version information corresponding with the target signature information.
Specifically, if the corresponding target open source software of the target signature information entitled described first is known in device judgement Default open source software title, then continue according to default characteristic information corresponding with the target signature information and the default version The corresponding relationship of information determines target version information corresponding with the target signature information.It can refer to above-described embodiment, no longer It repeats.
Respectively using the target open source software title and the target version information as the open source software to be identified Open source software title and version information.
Specifically, device is respectively using the target open source software title and the target version information as described to be identified The open source software title and version information of open source software.It can refer to above-described embodiment, repeat no more.
The recognition methods of open source software provided in an embodiment of the present invention can recognize open source only by all characteristic informations Software relevant information can accurately, quickly identify open source software relevant information.
On the basis of the above embodiments, the default open source software title further includes the second default open source software title; Correspondingly, the method also includes:
If the corresponding target open source software of the target signature information entitled described second is known in judgement, default open source is soft Part title, then according to the more correlated characteristic information of all feature information extractions.
Specifically, if the corresponding target open source software of the target signature information entitled described second is known in device judgement Default open source software title, then according to the more correlated characteristic information of all feature information extractions.It can refer to above-described embodiment, no longer It repeats.
According to the corresponding relationship of the corresponding default characteristic information of assemblage characteristic and the default version information, it is determining with it is described The corresponding target version information of target signature information;Wherein, the assemblage characteristic includes the correlated characteristic information and all spies Reference breath.
Specifically, device is closed according to the corresponding default characteristic information of assemblage characteristic and the corresponding of the default version information System determines target version information corresponding with the target signature information;Wherein, the assemblage characteristic includes the correlated characteristic Information and all characteristic informations.It can refer to above-described embodiment, repeat no more.
The recognition methods of open source software provided in an embodiment of the present invention is further able to accurately identify by assemblage characteristic Open source software relevant information.
On the basis of the above embodiments, the open source software title and version letter of the identification open source software to be identified After the step of breath, the method also includes:
According to the open source software title and the version information, acquisition is stored in advance in the default open source software basis Original open source software in library.
Specifically, device, according to the open source software title and the version information, acquisition is stored in advance in described default Original open source software in open source software base library.Original open source software can be understood as original publication, without any modification Open source software.
The comparison result between the original open source software and the open source software to be identified is obtained, if judging to know described Comparison result has differences, then records the file where the difference.
Specifically, device obtains the comparison result between the original open source software and the open source software to be identified, if Judgement knows that the comparison result has differences, then records the file where the difference.If having differences e by comparing, And difference e is then recorded in file X in file X and is had differences e.
Generate the prompting message of difference corresponding with the file.
Specifically, device generates the prompting message of difference corresponding with the file.It generates in file X and has differences e Prompt information, to prompt user to have differences e in file X, so that user determines that difference e is according to the prompt information It is no be the open source software to be identified is modified by oneself it is caused, if it is, illustrate the open source software to be identified not by Malicious modification, if it is not, then illustrating that the open source software to be identified may need to take counter-measure by malicious modification, modification can To include increase and decrease content, modification content etc..
The recognition methods of open source software provided in an embodiment of the present invention, can effectively prompt original open source software and it is described to It identifies the difference between open source software, checks security risk convenient for related personnel.
On the basis of the above embodiments, the multi-level information includes oss message, binary message, package manager letter At least one of breath.
Specifically, the multi-level information in device includes oss message, binary message, in package manager information It is at least one.It can refer to above-described embodiment, repeat no more.
The recognition methods of open source software provided in an embodiment of the present invention can be extracted more by specific multi-level information Comprehensive various dimensions characteristic information, and then can more accurately identify open source software relevant information.
Fig. 2 is the identification device structural schematic diagram of open source software of the embodiment of the present invention, as shown in Fig. 2, the embodiment of the present invention Provide a kind of identification device of open source software, including acquiring unit 201, extraction unit 202 and recognition unit 203, in which:
Acquiring unit 201 is used to obtain the multi-level information of open source software to be identified;Extraction unit 202 is used for according to Multi-level information extraction various dimensions characteristic information;Recognition unit 203 is used for according to the various dimensions characteristic information and default open source Basis of software library identifies the open source software title and version information of the open source software to be identified;The default open source software base Plinth library is previously stored with the corresponding relationship between default open source software information and default characteristic information;Wherein, the default open source Software information includes default open source software title and default version information.
Specifically, acquiring unit 201 is used to obtain the multi-level information of open source software to be identified;Extraction unit 202 is used for According to the multi-level information extraction various dimensions characteristic information;Recognition unit 203 be used for according to the various dimensions characteristic information and Default open source software base library, identifies the open source software title and version information of the open source software to be identified;Described preset is opened Source software base library is previously stored with the corresponding relationship between default open source software information and default characteristic information;Wherein, described Default open source software information includes default open source software title and default version information.
The identification device of open source software provided in an embodiment of the present invention passes through various dimensions characteristic information and default open source software Base library identifies the open source software title and version information of open source software to be identified, can accurately identify open source software correlation letter Breath.
On the basis of the above embodiments, the default open source software title includes the first default open source software title;Phase It answers, the recognition unit 203 is specifically used for: extracting at least one characteristic information from the various dimensions characteristic information;Institute It states and obtains target signature information corresponding with all characteristic informations in default characteristic information;If the target signature letter is known in judgement The corresponding entitled first default open source software title of target open source software is ceased, then continues to believe according to the target signature The corresponding relationship of corresponding default characteristic information and the default version information is ceased, determination is corresponding with the target signature information Target version information;It is respectively that the target open source software title and the target version information is soft as the open source to be identified The open source software title and version information of part.
Specifically, the recognition unit 203 is specifically used for: extracting at least one feature from the various dimensions characteristic information Information;Target signature information corresponding with all characteristic informations is obtained in the default characteristic information;If judgement is known described The entitled first default open source software title of the corresponding target open source software of target signature information, then continue according to it is described The corresponding relationship of the corresponding default characteristic information of target signature information and the default version information, the determining and target signature The corresponding target version information of information;Respectively using the target open source software title and the target version information as it is described to Identify the open source software title and version information of open source software.
The identification device of open source software provided in an embodiment of the present invention can recognize open source only by all characteristic informations Software relevant information can accurately, quickly identify open source software relevant information.
On the basis of the above embodiments, the default open source software title further includes the second default open source software title; Correspondingly, described device is also used to: if judgement knows that the corresponding target open source software of the target signature information is entitled described Second default open source software title, then according to the more correlated characteristic information of all feature information extractions;It is corresponding according to assemblage characteristic Default characteristic information and the default version information corresponding relationship, determine corresponding with target signature information target version This information;Wherein, the assemblage characteristic includes the correlated characteristic information and all characteristic informations.
Specifically, described device is also used to: if the corresponding target open source software name of the target signature information is known in judgement The referred to as described second default open source software title, then according to the more correlated characteristic information of all feature information extractions;According to combination The corresponding relationship of the corresponding default characteristic information of feature and the default version information, determination are corresponding with the target signature information Target version information;Wherein, the assemblage characteristic includes the correlated characteristic information and all characteristic informations.
The identification device of open source software provided in an embodiment of the present invention is further able to accurately identify by assemblage characteristic Open source software relevant information.
On the basis of the above embodiments, described device is also used to: being believed according to the open source software title and the version Breath obtains the original open source software being stored in advance in the default open source software base library;Obtain the original open source software With the comparison result between the open source software to be identified, if judgement know that the comparison result has differences, record described in File where difference;Generate the prompting message of difference corresponding with the file.
Specifically, described device is also used to: being stored in advance according to the open source software title and the version information, acquisition Original open source software in the default open source software base library;Obtain the original open source software and the open source to be identified Comparison result between software records the file where the difference if judgement knows that the comparison result has differences;It is raw At the prompting message of difference corresponding with the file.
The identification device of open source software provided in an embodiment of the present invention, can effectively prompt original open source software and it is described to It identifies the difference between open source software, checks security risk convenient for related personnel.
On the basis of the above embodiments, the multi-level information includes oss message, binary message, package manager letter At least one of breath.
Specifically, the multi-level information in device includes oss message, binary message, in package manager information It is at least one.
The identification device of open source software provided in an embodiment of the present invention can be extracted more by specific multi-level information Comprehensive various dimensions characteristic information, and then can more accurately identify open source software relevant information.
The identification device of open source software provided in an embodiment of the present invention specifically can be used for executing above-mentioned each method embodiment Process flow, details are not described herein for function, is referred to the detailed description of above method embodiment.
Fig. 3 is electronic equipment entity structure schematic diagram provided in an embodiment of the present invention, as shown in figure 3, the electronic equipment It include: processor (processor) 301, memory (memory) 302 and bus 303;
Wherein, the processor 301, memory 302 complete mutual communication by bus 303;
The processor 301 is used to call the program instruction in the memory 302, to execute above-mentioned each method embodiment Provided method, for example, obtain the multi-level information of open source software to be identified;It is more according to the multi-level information extraction Dimensional characteristics information;According to the various dimensions characteristic information and default open source software base library, identify that the open source to be identified is soft The open source software title and version information of part;The default open source software base library be previously stored with default open source software information and Corresponding relationship between default characteristic information;Wherein, the default open source software information includes default open source software title and pre- If version information.
The present embodiment discloses a kind of computer program product, and the computer program product includes being stored in non-transient calculating Computer program on machine readable storage medium storing program for executing, the computer program include program instruction, when described program instruction is calculated When machine executes, computer is able to carry out method provided by above-mentioned each method embodiment, for example, it is soft to obtain open source to be identified The multi-level information of part;According to the multi-level information extraction various dimensions characteristic information;According to the various dimensions characteristic information and Default open source software base library, identifies the open source software title and version information of the open source software to be identified;Described preset is opened Source software base library is previously stored with the corresponding relationship between default open source software information and default characteristic information;Wherein, described Default open source software information includes default open source software title and default version information.
The present embodiment provides a kind of non-transient computer readable storage medium, the non-transient computer readable storage medium Computer instruction is stored, the computer instruction makes the computer execute method provided by above-mentioned each method embodiment, example It such as include: the multi-level information for obtaining open source software to be identified;According to the multi-level information extraction various dimensions characteristic information;Root According to the various dimensions characteristic information and default open source software base library, the open source software title of the open source software to be identified is identified And version information;The default open source software base library is previously stored between default open source software information and default characteristic information Corresponding relationship;Wherein, the default open source software information includes default open source software title and default version information.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above method embodiment can pass through The relevant hardware of program instruction is completed, and program above-mentioned can be stored in a computer readable storage medium, the program When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes: ROM, RAM, magnetic disk or light The various media that can store program code such as disk.
The embodiments such as electronic equipment described above are only schematical, wherein it is described as illustrated by the separation member Unit may or may not be physically separated, and component shown as a unit may or may not be object Manage unit, it can it is in one place, or may be distributed over multiple network units.It can select according to the actual needs Some or all of the modules therein is selected to achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying wound In the case where the labour for the property made, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation Method described in certain parts of example or embodiment.
Finally, it should be noted that the above various embodiments is only to illustrate the technical solution of the embodiment of the present invention, rather than it is right It is limited;Although the embodiment of the present invention is described in detail referring to foregoing embodiments, the ordinary skill of this field Personnel are it is understood that it is still possible to modify the technical solutions described in the foregoing embodiments, or to part Or all technical features are equivalently replaced;And these are modified or replaceed, it does not separate the essence of the corresponding technical solution The range of various embodiments of the present invention technical solution.

Claims (12)

1. a kind of recognition methods of open source software characterized by comprising
Obtain the multi-level information of open source software to be identified;
According to the multi-level information extraction various dimensions characteristic information;
According to the various dimensions characteristic information and default open source software base library, identify that the open source of the open source software to be identified is soft Part title and version information;The default open source software base library is previously stored with default open source software information and default feature letter Corresponding relationship between breath;Wherein, the default open source software information includes default open source software title and default version information.
2. the method according to claim 1, wherein the default open source software title includes the first default open source Dbase;Correspondingly, it is described according to the various dimensions characteristic information and default open source software base library, it identifies described to be identified The open source software title and version information of open source software, comprising:
At least one characteristic information is extracted from the various dimensions characteristic information;
Target signature information corresponding with all characteristic informations is obtained in the default characteristic information;
If the entitled first default open source software name of the corresponding target open source software of the target signature information is known in judgement Claim, then continues the corresponding pass according to default characteristic information corresponding with the target signature information and the default version information System determines target version information corresponding with the target signature information;
Respectively using the target open source software title and the target version information as the open source of the open source software to be identified Dbase and version information.
3. according to the method described in claim 2, it is characterized in that, the default open source software title further includes second default opening Source software title;Correspondingly, the method also includes:
If the entitled second default open source software name of the corresponding target open source software of the target signature information is known in judgement Claim, then according to the more correlated characteristic information of all feature information extractions;
According to the corresponding relationship of the corresponding default characteristic information of assemblage characteristic and the default version information, the determining and target The corresponding target version information of characteristic information;Wherein, the assemblage characteristic includes the correlated characteristic information and all features letter Breath.
4. method according to any one of claims 1 to 3, which is characterized in that the identification open source software to be identified After the step of open source software title and version information, the method also includes:
According to the open source software title and the version information, acquisition is stored in advance in the default open source software base library Original open source software;
The comparison result between the original open source software and the open source software to be identified is obtained, if the comparison is known in judgement As a result it has differences, then records the file where the difference;
Generate the prompting message of difference corresponding with the file.
5. method according to any one of claims 1 to 3, which is characterized in that the multi-level information includes oss message, two At least one of binary information, package manager information.
6. a kind of identification device of open source software characterized by comprising
Acquiring unit, for obtaining the multi-level information of open source software to be identified;
Extraction unit, for according to the multi-level information extraction various dimensions characteristic information;
Recognition unit, for according to the various dimensions characteristic information and default open source software base library, identifying described to be identified open The open source software title and version information of source software;The default open source software base library is previously stored with default open source software letter Corresponding relationship between breath and default characteristic information;Wherein, the default open source software information includes default open source software title With default version information.
7. device according to claim 6, which is characterized in that the default open source software title includes the first default open source Dbase;Correspondingly, the recognition unit is specifically used for:
At least one characteristic information is extracted from the various dimensions characteristic information;
Target signature information corresponding with all characteristic informations is obtained in the default characteristic information;
If the entitled first default open source software name of the corresponding target open source software of the target signature information is known in judgement Claim, then continues the corresponding pass according to default characteristic information corresponding with the target signature information and the default version information System determines target version information corresponding with the target signature information;
Respectively using the target open source software title and the target version information as the open source of the open source software to be identified Dbase and version information.
8. device according to claim 7, which is characterized in that the default open source software title further includes second default opening Source software title;Correspondingly, described device is also used to:
If the entitled second default open source software name of the corresponding target open source software of the target signature information is known in judgement Claim, then according to the more correlated characteristic information of all feature information extractions;
According to the corresponding relationship of the corresponding default characteristic information of assemblage characteristic and the default version information, the determining and target The corresponding target version information of characteristic information;Wherein, the assemblage characteristic includes the correlated characteristic information and all features letter Breath.
9. according to any device of claim 6 to 8, which is characterized in that described device is also used to:
According to the open source software title and the version information, acquisition is stored in advance in the default open source software base library Original open source software;
The comparison result between the original open source software and the open source software to be identified is obtained, if the comparison is known in judgement As a result it has differences, then records the file where the difference;
Generate the prompting message of difference corresponding with the file.
10. according to any device of claim 6 to 8, which is characterized in that the multi-level information include oss message, At least one of binary message, package manager information.
11. a kind of electronic equipment characterized by comprising processor, memory and bus, wherein
The processor and the memory complete mutual communication by the bus;
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to instruct energy Enough execute method as claimed in claim 1 to 5.
12. a kind of non-transient computer readable storage medium, which is characterized in that the non-transient computer readable storage medium is deposited Computer instruction is stored up, the computer instruction makes the computer execute method as claimed in claim 1 to 5.
CN201811627959.2A 2018-12-28 2018-12-28 Open source software identification method and device Active CN109828780B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811627959.2A CN109828780B (en) 2018-12-28 2018-12-28 Open source software identification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811627959.2A CN109828780B (en) 2018-12-28 2018-12-28 Open source software identification method and device

Publications (2)

Publication Number Publication Date
CN109828780A true CN109828780A (en) 2019-05-31
CN109828780B CN109828780B (en) 2022-09-16

Family

ID=66861384

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811627959.2A Active CN109828780B (en) 2018-12-28 2018-12-28 Open source software identification method and device

Country Status (1)

Country Link
CN (1) CN109828780B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112835993A (en) * 2021-02-01 2021-05-25 中国工商银行股份有限公司 Grading method, open source software scanning method and device
CN112905227A (en) * 2021-02-09 2021-06-04 中国工商银行股份有限公司 Open source software version registration method and device
US11263337B2 (en) 2020-02-11 2022-03-01 International Business Machines Corporation Continuous engineering migration of digital twin files from private to open sourced
CN114489787A (en) * 2022-04-06 2022-05-13 奇安信科技集团股份有限公司 Software component analysis method, device, electronic equipment and storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080209399A1 (en) * 2007-02-27 2008-08-28 Michael Bonnet Methods and systems for tracking and auditing intellectual property in packages of open source software
CN102779257A (en) * 2012-06-28 2012-11-14 奇智软件(北京)有限公司 Security detection method and system of Android application program
CN104123493A (en) * 2014-07-31 2014-10-29 百度在线网络技术(北京)有限公司 Method and device for detecting safety performance of application program
CN104699611A (en) * 2015-03-18 2015-06-10 北京航空航天大学 Defect information extraction method based on open-source software defect code modification mode
CN104899009A (en) * 2014-03-03 2015-09-09 可牛网络技术(北京)有限公司 Identification method and device of Android application
US20160170745A1 (en) * 2014-12-15 2016-06-16 Red Hat, Inc. Tagging non-upstream source code
CN106372511A (en) * 2016-08-24 2017-02-01 北京奇虎测腾安全技术有限公司 Source code detection system and method
CN106446691A (en) * 2016-11-24 2017-02-22 工业和信息化部电信研究院 Method and device for detecting integrated or customized open source project bugs in software
CN108763928A (en) * 2018-05-03 2018-11-06 北京邮电大学 A kind of open source software leak analysis method, apparatus and storage medium
CN109063421A (en) * 2018-06-28 2018-12-21 东南大学 A kind of analysis of open source licensing compliance and conflicting detection method

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080209399A1 (en) * 2007-02-27 2008-08-28 Michael Bonnet Methods and systems for tracking and auditing intellectual property in packages of open source software
CN102779257A (en) * 2012-06-28 2012-11-14 奇智软件(北京)有限公司 Security detection method and system of Android application program
CN104899009A (en) * 2014-03-03 2015-09-09 可牛网络技术(北京)有限公司 Identification method and device of Android application
CN104123493A (en) * 2014-07-31 2014-10-29 百度在线网络技术(北京)有限公司 Method and device for detecting safety performance of application program
US20160170745A1 (en) * 2014-12-15 2016-06-16 Red Hat, Inc. Tagging non-upstream source code
CN104699611A (en) * 2015-03-18 2015-06-10 北京航空航天大学 Defect information extraction method based on open-source software defect code modification mode
CN106372511A (en) * 2016-08-24 2017-02-01 北京奇虎测腾安全技术有限公司 Source code detection system and method
CN106446691A (en) * 2016-11-24 2017-02-22 工业和信息化部电信研究院 Method and device for detecting integrated or customized open source project bugs in software
CN108763928A (en) * 2018-05-03 2018-11-06 北京邮电大学 A kind of open source software leak analysis method, apparatus and storage medium
CN109063421A (en) * 2018-06-28 2018-12-21 东南大学 A kind of analysis of open source licensing compliance and conflicting detection method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李学彬: "开源软件依赖可满足性识别方法研究与实现", 《中国优秀博硕士学位论文全文数据库(硕士) 信息科技辑》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11263337B2 (en) 2020-02-11 2022-03-01 International Business Machines Corporation Continuous engineering migration of digital twin files from private to open sourced
CN112835993A (en) * 2021-02-01 2021-05-25 中国工商银行股份有限公司 Grading method, open source software scanning method and device
CN112835993B (en) * 2021-02-01 2024-03-22 中国工商银行股份有限公司 Grading method, open source software scanning method and device
CN112905227A (en) * 2021-02-09 2021-06-04 中国工商银行股份有限公司 Open source software version registration method and device
CN114489787A (en) * 2022-04-06 2022-05-13 奇安信科技集团股份有限公司 Software component analysis method, device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN109828780B (en) 2022-09-16

Similar Documents

Publication Publication Date Title
CN109828780A (en) A kind of recognition methods of open source software and device
EP2975873A1 (en) A computer implemented method for classifying mobile applications and computer programs thereof
US11175909B2 (en) Software discovery using exclusion
CN110022298A (en) The method, apparatus of proof validation based on block chain, electronic equipment
US9813450B1 (en) Metadata-based verification of artifact quality policy compliance
WO2016022720A2 (en) Method and apparatus of identifying a transaction risk
CN109918285A (en) A kind of safety recognizing method and device of open source software
US20180367547A1 (en) Detecting malicious beaconing communities using lockstep detection and co-occurrence graph
CN106685894B (en) Risk identification method, device and system
CN105653949B (en) A kind of malware detection methods and device
CN112073807B (en) Video data processing method and device based on block chain
CN110032568B (en) Data structure reading and updating method and device, and electronic equipment
US20190163901A1 (en) Computer device and method of identifying whether container behavior thereof is abnormal
AU2012211490A1 (en) Systems and methods for identifying associations between malware samples
CN111683084B (en) Intelligent contract intrusion detection method and device, terminal equipment and storage medium
CN114244611B (en) Abnormal attack detection method, device, equipment and storage medium
CN109543457A (en) The method and device called between control intelligent contract
US20230205849A1 (en) Digital and physical asset tracking and authentication via non-fungible tokens on a distributed ledger
CN110135162A (en) The recognition methods of the back door WEBSHELL, device, equipment and storage medium
CN105550573B (en) The method and apparatus for intercepting bundled software
CN109800571B (en) Event processing method and device, storage medium and electronic device
CN105701405B (en) The system and method that anti-virus inspection is carried out to the machine image of software program collection
CN112099870B (en) Document processing method, device, electronic equipment and computer readable storage medium
CN110532773A (en) Malicious access Activity recognition method, data processing method, device and equipment
WO2003032136A1 (en) Method and system for identifying and verifying content of multimedia documents

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088

Applicant after: QAX Technology Group Inc.

Applicant after: BEIJING QIHU CETENG SECURITY TECHNOLOGY Co.,Ltd.

Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing.

Applicant before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd.

Applicant before: BEIJING QIHU CETENG SECURITY TECHNOLOGY Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant