CN109902022A - The method and relevant device tested automatically for loophole of vertically going beyond one's commission - Google Patents
The method and relevant device tested automatically for loophole of vertically going beyond one's commission Download PDFInfo
- Publication number
- CN109902022A CN109902022A CN201910195289.XA CN201910195289A CN109902022A CN 109902022 A CN109902022 A CN 109902022A CN 201910195289 A CN201910195289 A CN 201910195289A CN 109902022 A CN109902022 A CN 109902022A
- Authority
- CN
- China
- Prior art keywords
- account
- operating right
- test request
- commission
- loophole
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000012360 testing method Methods 0.000 claims abstract description 155
- 239000000284 extract Substances 0.000 claims description 5
- 235000013399 edible fruits Nutrition 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 2
- 238000012545 processing Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000005291 magnetic effect Effects 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 241000208340 Araliaceae Species 0.000 description 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 1
- 235000003140 Panax quinquefolius Nutrition 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 210000004027 cell Anatomy 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 235000008434 ginseng Nutrition 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 210000000352 storage cell Anatomy 0.000 description 1
- 239000011800 void material Substances 0.000 description 1
Abstract
The invention discloses a kind of method tested automatically for loophole of vertically going beyond one's commission and relevant devices, it is related to contrast test field, this method comprises: the first account of creation and the second account, first account, which has, summarizes all account operating rights in account operating right list, and the second account, which has, summarizes partial account number operating right in account operating right list;Determine the account operating right that second account lacks compared with first account;Using first account, each account operating right of the missing obtain with reference to test request with reference to test request result;Using second account, control test request is carried out to each account operating right of the missing, obtains control test request result;Based on described with reference to test request result and the comparing result of the control test request result, it is determined whether exist and vertically go beyond one's commission loophole.The method increase the efficiency tested for loophole of vertically going beyond one's commission.
Description
Technical field
The present invention relates to contrast test field, more particularly to for vertically go beyond one's commission method that loophole is tested automatically and
Relevant device.
Background technique
One framework is perfect, regular safe system, should accomplish every request to receiving, first to sending the request
User carry out permission judgement, then it is serviced accordingly.And in actual life, due to the engineering staff for the system of building
Careless omission, system can't carry out permission judgement to the transmission user of the request for the permission in certain permissions, and directly right
The user for sending request services.It could be used that the permission so as to cause the user without the permission, i.e., sent out in the permission
It has given birth to and has gone beyond one's commission.In going beyond one's commission, a kind of override mode is loophole of vertically going beyond one's commission, i.e. its accessible affiliated permission group institute of attacker
No permission, such as: ordinary user is able to access that the administration page of system manager, and such case is exactly vertically to go beyond one's commission.
It in the prior art, is all experience by tester according to itself to the test for loophole progress of vertically going beyond one's commission,
Part system permission is tested.In this process, it may occur that the case where omission, and also can during manual test
Mistake occurs, efficiency is lower.
Summary of the invention
Based on this, for solve in the related technology how from technological layer it is more efficiently automatic for vertically loophole of going beyond one's commission
Tested the technical issues of faced, the present invention provides a kind of method tested automatically for loophole of vertically going beyond one's commission and
Relevant device.
In a first aspect, providing a kind of method tested automatically for loophole of vertically going beyond one's commission, comprising:
The first account and the second account are created, the first account, which has, summarizes all account operations in account operating right list
Permission, the second account, which has, summarizes partial account number operating right in account operating right list;
Determine the account operating right that second account lacks compared with first account;
Using first account, each account operating right of the missing joined with reference to test request
Examine test request result;
Using second account, control test request is carried out to each account operating right of the missing, is obtained pair
According to test request result;
Based on it is described with reference to test request result and it is described control test request result comparing result, it is determined whether exist
Vertical loophole of going beyond one's commission.
In an exemplary embodiment of the disclosure, the first account of the creation and the second account include: every time from summarizing
Successively remove an account operating right in account operating right list, the remaining account behaviour of account operating right list will be summarized
Make permission, the partial account number operating right having as second account.
In an exemplary embodiment of the disclosure, account that second account of determination lacks compared with first account
Number operating right, comprising:
Extract the account operating right list of first account;
Extract the account operating right list of second account;
The account operating right list of first account and the account operating right list of second account are compared, really
The account operating right that fixed second account lacks compared with first account.
It is described to use first account in an exemplary embodiment of the disclosure, to each account of the missing
Operating right obtain with reference to test request result, comprising: with reference to test request to each account operating rights of the missing
Each of limit account operating right sends the request of corresponding uniform resource position mark URL using first account,
And using corresponding returned packet as corresponding described with reference to test request result.
It is described to use second account in an exemplary embodiment of the disclosure, to each account of the missing
Operating right carries out control test request, obtains control test request result, comprising: to each account operating rights of the missing
Each of limit account operating right is sent the URL that is transmitted across corresponding with first account and is asked using second account
Identical URL request is sought, and using corresponding returned packet as the corresponding control test request result.
It is described based on reference to test request result and control test request result in an exemplary embodiment of the disclosure
Comparing result, it is determined whether exist and vertically go beyond one's commission loophole, comprising: to any in each account operating right of the missing
Account operating right, if corresponding consistent with corresponding control test request result with reference to test request result, it is determined that
There is loophole of vertically going beyond one's commission in the configuration of the account operating right.
It is described based on reference to test request result and control test request result in an exemplary embodiment of the disclosure
Comparing result, it is determined whether exist and vertically go beyond one's commission after loophole, comprising: will have the account for loophole of vertically going beyond one's commission in the configuration
The information of number operating right is sent to management end.
According to the second aspect of the disclosure, a kind of device tested automatically for loophole of vertically going beyond one's commission is provided, is wrapped
It includes:
Creation module, for creating the first account and the second account, the first account, which has, summarizes account operating right list
In all account operating rights, the second account have summarizes partial account number operating right in account operating right list;
First determining module, the account operating rights lacked compared with first account for determining second account
Limit;
With reference to test request module, for using first account, to each account operating right of the missing into
Row refers to test request, obtains with reference to test request result;
Compare test request module, for using second account, to each account operating right of the missing into
Row control test request, obtains control test request result;
Second determining module, for based on it is described with reference to test request result and it is described control test request result comparison
As a result, determining whether there is loophole of vertically going beyond one's commission.
According to the third aspect of the disclosure, provides a kind of electronics tested automatically for loophole of vertically going beyond one's commission and set
It is standby, comprising:
Memory is configured to storage executable instruction;
Processor is configured to execute the executable instruction stored in memory, to realize the process described above.
According to the fourth aspect of the disclosure, a kind of computer-readable program medium is provided, computer program is stored with and refers to
It enables, when the computer instruction is computer-executed, computer is made to execute the process described above.
It is voluntarily to be judged by tester, then carry out with test is carried out automatically for vertical loophole of going beyond one's commission in traditional technology
Manual test is compared, and embodiment of the disclosure is by automatically creating the first account and the second account, to the account of the second account missing
Number operating right is tested, and the efficiency tested loophole of vertically going beyond one's commission is improved.
Other characteristics and advantages of the disclosure will be apparent from by the following detailed description, or partially by the disclosure
Practice and acquistion.
It should be understood that the above general description and the following detailed description are merely exemplary, this can not be limited
It is open.
Detailed description of the invention
Fig. 1 shows the process tested automatically for loophole of vertically going beyond one's commission according to one example embodiment of the disclosure
Figure.
Fig. 2 shows according to the disclosure one example embodiment for the device that loophole is tested automatically of vertically going beyond one's commission
Block diagram.
Fig. 3 is shown to be lacked compared with first account according to determination second account of one example embodiment of the disclosure
The detail flowchart of the account operating right of mistake.
Fig. 4 shows the system tray tested automatically for loophole of vertically going beyond one's commission according to one example embodiment of the disclosure
Composition.
Fig. 5 shows setting for the electronics that loophole is tested automatically of vertically going beyond one's commission according to one example embodiment of the disclosure
Standby figure.
Fig. 6 shows the computer tested automatically for loophole of vertically going beyond one's commission according to one example embodiment of the disclosure
Readable storage medium storing program for executing figure.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be with a variety of shapes
Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, thesing embodiments are provided so that the disclosure will more
Fully and completely, and by the design of example embodiment comprehensively it is communicated to those skilled in the art.Described feature, knot
Structure or characteristic can be incorporated in any suitable manner in one or more embodiments.In the following description, it provides perhaps
More details fully understand embodiment of the present disclosure to provide.It will be appreciated, however, by one skilled in the art that can
It is omitted with technical solution of the disclosure one or more in the specific detail, or others side can be used
Method, constituent element, device, step etc..In other cases, be not shown in detail or describe known solution to avoid a presumptuous guest usurps the role of the host and
So that all aspects of this disclosure thicken.
In addition, attached drawing is only the schematic illustrations of the disclosure, it is not necessarily drawn to scale.Identical attached drawing mark in figure
Note indicates same or similar part, thus will omit repetition thereof.Some block diagrams shown in the drawings are function
Energy entity, not necessarily must be corresponding with physically or logically independent entity.These function can be realized using software form
Energy entity, or these functional entitys are realized in one or more hardware modules or integrated circuit, or at heterogeneous networks and/or place
These functional entitys are realized in reason device device and/or microcontroller device.
The purpose of the disclosure is to be tested automatically from technical aspect for loophole of vertically going beyond one's commission, and improves the effect of test
Rate.According to the method tested automatically for loophole of vertically going beyond one's commission of an embodiment of the present disclosure, comprising: the first account of creation
With the second account, the first account, which has, summarizes all account operating rights in account operating right list, and the second account, which has, converges
Partial account number operating right in total account operating right list;Determine what second account lacked compared with first account
Account operating right;Using first account, each account operating right of the missing obtain with reference to test request
To reference test request result;Using second account, control test is carried out to each account operating right of the missing
Request obtains control test request result;Based on it is described with reference to test request result and it is described control test request result pair
Than as a result, determining whether there is loophole of vertically going beyond one's commission.It is logical with test is carried out automatically for vertical loophole of going beyond one's commission in traditional technology
It crosses tester voluntarily to judge, then carries out manual test and compare, embodiment of the disclosure is by automatically creating the first account and the
Two accounts test the account operating right of the second account missing, improve the effect tested loophole of vertically going beyond one's commission
Rate.
Fig. 1 shows the process tested automatically for loophole of vertically going beyond one's commission according to one example embodiment of the disclosure
Figure:
Step S100: the first account of creation and the second account, the first account, which has, summarizes institute in account operating right list
There is account operating right, the second account, which has, summarizes partial account number operating right in account operating right list;
Step S110: the account operating right that second account lacks compared with first account is determined;
Step S120: using first account, ask with reference to test to each account operating right of the missing
It asks, obtains with reference to test request result;
Step S130: using second account, carries out control test to each account operating right of the missing and asks
It asks, obtains control test request result;
Step S140: based on it is described with reference to test request result and it is described control test request result comparing result, really
It is fixed to whether there is loophole of vertically going beyond one's commission.
In the following, by conjunction with attached drawing in this example embodiment it is above-mentioned test automatically for loophole of vertically going beyond one's commission it is each
Step carries out detailed explanation and explanation.
In the step s 100, the first account and the second account are created, the first account, which has, summarizes account operating right list
In all account operating rights, the second account have summarizes partial account number operating right in account operating right list.
There is the first account and the second account of different account operating rights by creating, reached and partial account number is operated
Permission has two accounts of Relative vertical relationship, so as to the purpose tested the partial account number operating right.
In one embodiment, the first account of the creation and the second account include: every time from summarize account operating right column
Successively remove an account operating right in table, the remaining account operating right of account operating right list will be summarized, as institute
State the partial account number operating right that the second account has.Such as: test macro is treated, is extracted all possible in the system
Account operating right is summarized and is listed, by open the first account given of all account operating rights in list.First
It is secondary that the account operating right of first account is constant when being tested, and to the second account, it will summarize in account operating right list
First account operating right remove, by open the second account to creation of remaining account operating right.Second of progress
When test, the account operating right of the first account is constant, and to the second account, second in account operating right list will be summarized
A account operating right removes, by open the second account ... and so on to creation of remaining account operating right.Every time
When test, the second account can all lack an account operating right compared with the first account, and the account operating right of the shortage
It as will be to the account operating right that it is tested.
In step s 110, the account operating right that second account lacks compared with first account is determined.
Since the first account has all account operating rights summarized in account operating right list, the second account has
Summarize the partial account number operating right in account operating right list, by determining what the second account lacked compared with the first account
Account operating right enables the server to the account operating right for the missing, carries out whether vertical loophole of going beyond one's commission is deposited
Test.
In one embodiment, as shown in figure 3, step S110 includes:
Step S1101: the account operating right list of first account is extracted;
Step S1102: the account operating right list of second account is extracted;
Step S1103: the account operating right list of comparison first account and the account of second account operate
Permissions list determines the account operating right that second account lacks compared with first account.
The account operating right lacked compared with first account by determination second account has reached determination and has wanted
Which account operating right to carry out the purpose of vertical loophole test of going beyond one's commission to.
In one embodiment, extracting for operating right list can check that the order of permissions list is carried out by calling, such as:
Getfacl order.It executes the order for checking permissions list respectively to the first account and the second account, thus extracts the first account
With the permissions list of the second account, and recorded.The permissions list of the two is compared again, determines the second account and first
Account operating right of the account compared to missing.
In the step s 120, using first account, each account operating right of the missing is carried out with reference to survey
Examination request, obtains with reference to test request result.
It is that the second account of confession under directions is referred to, sent from first account to tested test system with reference to test request
Uniform resource position mark URL request.
Refer to tested system in response to described with reference to test request, the corresponding response of return with reference to test request result
Message.
It the reference test request that carries out by this method and obtains with reference to test request as a result, enabling the second account
As reference, identical request is carried out so as to each account operating right to the missing.
In one embodiment, described to use first account, each account operating right of the missing is joined
Test request is examined, is obtained with reference to test request result, comprising: to each of each account operating right of missing account
Number operating right sends the request of corresponding uniform resource position mark URL using first account, and by corresponding return
Message is as corresponding described with reference to test request result.
In step s 130, using second account, control survey is carried out to each account operating right of the missing
Examination request obtains control test request result.
Control test request refers to reference to described with reference to test request, is sent from second account to tested test system
URL request.
Control test request result refers to tested system in response to the control test request, the corresponding response of return
Message, the control test request result are used to be compareed with described with reference to test request result.
The control test request carried out by this method compares test request as a result, make it possible to will be described with what is obtained
It is compared with reference to test request result with the test request result that compares, to judge the account operating rights to the missing
Limit, if loophole of vertically going beyond one's commission has occurred.
In one embodiment, described to use second account, each account operating right of the missing is carried out pair
According to test request, control test request result is obtained, comprising: to each of each account operating right of missing account
Number operating right is sent the URL request identical URL that is transmitted across corresponding with first account and is asked using second account
It asks, and using corresponding returned packet as the corresponding control test request result.The i.e. described control test request is, to
Each permission of missing described in two accounts, the URL request that the second account sends the first account is copied next, then by the second account
Send this it is copied come URL request, and the message content that system returns to the second account is as the control test request
As a result.
In step S140, based on it is described with reference to test request result and it is described control test request result comparison knot
Fruit, it is determined whether there is loophole of vertically going beyond one's commission.
By this method, the loophole test of vertically going beyond one's commission to the account operating right of the missing is realized.
In one embodiment, the comparing result based on reference test request result and control test request result, really
It is fixed that loophole of vertically going beyond one's commission whether has occurred, comprising: to any account operating rights in each account operating right of the missing
Limit, if corresponding consistent with control test request result with reference to test request result, it is determined that the account operating right is matched
It sets in the presence of loophole of vertically going beyond one's commission.To the account operating right of the missing, if system is in the account operating right of the missing
It is upper to design loophole without existing, there is no if loophole of vertically going beyond one's commission, any account operating right to the missing is carried out
Request, whether system should all be verified sends the user account of URL request and has permission and operates to the account operating right.This
Sample one, although the URL request that the second account replicates the transmission of the first account is sent, system carries out permission to the second account
After judgement, operation of second account to the account operating right will be refused.Therefore the message for returning to the second account will be with
The message for returning to the first account is different, i.e., control test request result is different from reference to test request result.On the contrary, if being
There is design loophole in system, it may occur that if loophole of vertically going beyond one's commission, send to the second account on the account operating right of the missing
Replicate the first account transmission URL request, system will not to the second account carry out permission judgement, thus allow the second account
The account operating right is operated.Therefore the message for returning to the second account will be with the message phase that returns to the first account
Together, i.e., control test request result is identical as with reference to test request result.Therefore, by this method, it can be realized and this lacked
The account operating right of mistake whether there is the test for loophole of vertically going beyond one's commission.
In one embodiment, based on reference test request result and the comparing result for compareing test request result, determination is
No have occurred vertically is gone beyond one's commission after loophole, comprising: by the letter for the account operating right that there is loophole of vertically going beyond one's commission in the configuration
Breath is sent to management end.That is, after loophole of vertically going beyond one's commission has occurred to account operating right determination, to described in management end transmission
There is the information for loophole loophole of vertically going beyond one's commission in account operating right.
In one embodiment, as shown in Fig. 2, providing a kind of device tested automatically for loophole of vertically going beyond one's commission,
Specifically include: creation module 210, the first determining module 220, with reference to test request module 230, control test request module 240,
Second determining module 250.
Creation module 210, for creating the first account and the second account, the first account, which has, summarizes account operating right column
All account operating rights in table, the second account, which has, summarizes partial account number operating right in account operating right list;
First determining module 220, the account operation lacked compared with first account for determining second account
Permission;
With reference to test request module 230, for using first account, to each account operating right of the missing
Obtain with reference to test request with reference to test request result;
Test request module 240 is compareed, for using second account, to each account operating right of the missing
Control test request is carried out, control test request result is obtained;
Second determining module 250, for based on described with reference to test request result and the control test request result
Comparing result, it is determined whether there is loophole of vertically going beyond one's commission.
The function of modules and the realization process of effect are specifically detailed in above-mentioned for loophole of vertically going beyond one's commission in above-mentioned apparatus
Automatically the realization process of step is corresponded in the method tested, details are not described herein.
It should be noted that although being referred to several modules or list for acting the equipment executed in the above detailed description
Member, but this division is not enforceable.In fact, according to embodiment of the present disclosure, it is above-described two or more
Module or the feature and function of unit can embody in a module or unit.Conversely, an above-described mould
The feature and function of block or unit can be to be embodied by multiple modules or unit with further division.
In addition, although describing each step of method in the disclosure in the accompanying drawings with particular order, this does not really want
These steps must be executed in this particular order by asking or implying, or having to carry out step shown in whole could realize
Desired result.Additional or alternative, it is convenient to omit multiple steps are merged into a step and executed by certain steps, and/
Or a step is decomposed into execution of multiple steps etc..
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented
Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the disclosure
The technical solution of embodiment can be embodied in the form of software products, which can store non-volatile at one
Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating
Equipment (can be personal computer, server, mobile terminal or network equipment etc.) is executed according to disclosure embodiment
Method.
Fig. 4 shows the system tray tested automatically for loophole of vertically going beyond one's commission according to one example embodiment of the disclosure
Composition.The system architecture includes: test system 310 to be measured, database 320, the first virtual client 330, the second virtual client
340.Wherein, the first virtual client 330 carries out test operation using the first account, and the second virtual client 340 uses second
Account carries out test operation.
In one embodiment, the first virtual client 330 is sent to test system 310 to be measured refers to test request, to be tested
System 310 to the first virtual client 330 referring back to test request as a result, database 320 by it is described with reference to test request with
It is corresponding to be stored with reference to test request result.The described of storage is sent to the second void with reference to test request by database 320
The reference test request received is sent to by quasi- client 340, the second virtual client 340 as control test request
Test system 310 to be measured, and receive the control test request result returned by test system 310 to be measured.
By the way that above to the description of system architecture, those skilled in the art is it can be readily appreciated that system architecture described herein
It can be realized the function shown in Fig. 2 for modules in the device that loophole is tested automatically of vertically going beyond one's commission.
In an exemplary embodiment of the disclosure, a kind of electronic equipment that can be realized the above method is additionally provided.
Person of ordinary skill in the field it is understood that various aspects of the invention can be implemented as system, method or
Program product.Therefore, various aspects of the invention can be embodied in the following forms, it may be assumed that complete hardware embodiment, complete
The embodiment combined in terms of full Software Implementation (including firmware, microcode etc.) or hardware and software, can unite here
Referred to as circuit, " module " or " system ".
The electronic equipment 400 of this embodiment according to the present invention is described referring to Fig. 5.The electronics that Fig. 5 is shown
Equipment 400 is only an example, should not function to the embodiment of the present invention and use scope bring any restrictions.
As shown in figure 5, electronic equipment 400 is showed in the form of universal computing device.The component of electronic equipment 400 can wrap
It includes but is not limited to: at least one above-mentioned processing unit 410, at least one above-mentioned storage unit 420, the different system components of connection
The bus 430 of (including storage unit 420 and processing unit 410).
Wherein, the storage unit is stored with program code, and said program code can be held by the processing unit 410
Row, so that various according to the present invention described in the execution of the processing unit 410 above-mentioned " illustrative methods " part of this specification
The step of illustrative embodiments.For example, the processing unit 410 can execute step S100 as shown in fig. 1: creation first
Account and the second account, the first account, which has, summarizes all account operating rights in account operating right list, the second account tool
Have and summarizes partial account number operating right in account operating right list;Step S110: second account and described first is determined
Account operating right of the account compared to missing;Step S120: using first account, operates to each account of the missing
Permission obtain with reference to test request with reference to test request result;Step S130: using second account, lacks to described
The each account operating right lost carries out control test request, obtains control test request result;Step S140: it is based on the ginseng
Examine the comparing result of test request result and the control test request result, it is determined whether there is loophole of vertically going beyond one's commission.
Storage unit 420 may include the readable medium of volatile memory cell form, such as Random Access Storage Unit
(RAM) 4201 and/or cache memory unit 4202, it can further include read-only memory unit (ROM) 4203.
Storage unit 420 can also include program/utility with one group of (at least one) program module 4205
4204, such program module 4205 includes but is not limited to: operating system, one or more application program, other program moulds
It may include the realization of network environment in block and program data, each of these examples or certain combination.
Bus 430 can be to indicate one of a few class bus structures or a variety of, including storage unit bus or storage
Cell controller, peripheral bus, graphics acceleration port, processing unit use any bus structures in a variety of bus structures
Local bus.
Electronic equipment 400 can also be with one or more external equipments 500 (such as keyboard, sensing equipment, bluetooth equipment
Deng) communication, can also be enabled a user to one or more equipment interact with the electronic equipment 400 communicate, and/or with make
Any equipment (such as the router, modulation /demodulation that the electronic equipment 400 can be communicated with one or more of the other calculating equipment
Device etc.) communication.This communication can be carried out by input/output (I/O) interface 450.Also, electronic equipment 400 can be with
By network adapter 460 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public network,
Such as internet) communication.As shown, network adapter 460 is communicated by bus 430 with other modules of electronic equipment 400.
It should be understood that although not shown in the drawings, other hardware and/or software module can not used in conjunction with electronic equipment 400, including but not
Be limited to: microcode, device driver, redundant processing unit, external disk drive array, RAID system, tape drive and
Data backup storage system etc..
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented
Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the disclosure
The technical solution of embodiment can be embodied in the form of software products, which can store non-volatile at one
Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating
Equipment (can be personal computer, server, terminal installation or network equipment etc.) is executed according to disclosure embodiment
Method.
In an exemplary embodiment of the disclosure, a kind of computer readable storage medium is additionally provided, energy is stored thereon with
Enough realize the program product of this specification above method.In some possible embodiments, various aspects of the invention may be used also
In the form of being embodied as a kind of program product comprising program code, when described program product is run on the terminal device, institute
Program code is stated for executing the terminal device described in above-mentioned " illustrative methods " part of this specification according to this hair
The step of bright various illustrative embodiments.
Refering to what is shown in Fig. 6, describing the program product for realizing the above method of embodiment according to the present invention
600, can using portable compact disc read only memory (CD-ROM) and including program code, and can in terminal device,
Such as it is run on PC.However, program product of the invention is without being limited thereto, in this document, readable storage medium storing program for executing can be with
To be any include or the tangible medium of storage program, the program can be commanded execution system, device or device use or
It is in connection.
Described program product can be using any combination of one or more readable mediums.Readable medium can be readable letter
Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example can be but be not limited to electricity, magnetic, optical, electromagnetic, infrared ray or
System, device or the device of semiconductor, or any above combination.The more specific example of readable storage medium storing program for executing is (non exhaustive
List) include: electrical connection with one or more conducting wires, portable disc, hard disk, random access memory (RAM), read-only
Memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read only memory
(CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
Computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal,
In carry readable program code.The data-signal of this propagation can take various forms, including but not limited to electromagnetic signal,
Optical signal or above-mentioned any appropriate combination.Readable signal medium can also be any readable Jie other than readable storage medium storing program for executing
Matter, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or and its
The program of combined use.
The program code for including on readable medium can transmit with any suitable medium, including but not limited to wirelessly, have
Line, optical cable, RF etc. or above-mentioned any appropriate combination.
The program for executing operation of the present invention can be write with any combination of one or more programming languages
Code, described program design language include object oriented program language-Java, C++ etc., further include conventional
Procedural programming language-such as " C " language or similar programming language.Program code can be fully in user
It calculates and executes in equipment, partly executes on a user device, being executed as an independent software package, partially in user's calculating
Upper side point is executed on a remote computing or is executed in remote computing device or server completely.It is being related to far
Journey calculates in the situation of equipment, and remote computing device can pass through the network of any kind, including local area network (LAN) or wide area network
(WAN), it is connected to user calculating equipment, or, it may be connected to external computing device (such as utilize ISP
To be connected by internet).
In addition, above-mentioned attached drawing is only the schematic theory of processing included by method according to an exemplary embodiment of the present invention
It is bright, rather than limit purpose.It can be readily appreciated that the time that above-mentioned processing shown in the drawings did not indicated or limited these processing is suitable
Sequence.In addition, be also easy to understand, these processing, which can be, for example either synchronously or asynchronously to be executed in multiple modules.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the disclosure
His embodiment.This application is intended to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes or
Adaptive change follow the general principles of this disclosure and including the undocumented common knowledge in the art of the disclosure or
Conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the disclosure are by claim
It points out.
Claims (10)
1. a kind of method tested automatically for loophole of vertically going beyond one's commission characterized by comprising
The first account and the second account are created, the first account, which has, summarizes all account operating rights in account operating right list
Limit, the second account, which has, summarizes partial account number operating right in account operating right list;
Determine the account operating right that second account lacks compared with first account;
Using first account, each account operating right of the missing obtain with reference to test request with reference to survey
Try request results;
Using second account, control test request is carried out to each account operating right of the missing, control is obtained and surveys
Try request results;
Based on described with reference to test request result and the comparing result of the control test request result, it is determined whether exist vertical
It goes beyond one's commission loophole.
2. the method according to claim 1, wherein the first account of the creation and the second account include: each
Successively remove an account operating right in account operating right list from summarizing, it is remaining that account operating right list will be summarized
Account operating right, the partial account number operating right having as second account.
3. the method according to claim 1, wherein the second account of the determination lacks compared with first account
The account operating right of mistake, comprising:
Extract the account operating right list of first account;
Extract the account operating right list of second account;
The account operating right list of first account and the account operating right list of second account are compared, determines institute
State the account operating right that the second account lacks compared with first account.
4. the method according to claim 1, wherein described use first account, to each of the missing
A account operating right obtain with reference to test request result, comprising: with reference to test request to each account of the missing
Each of operating right account operating right sends corresponding uniform resource position mark URL using first account
Request, and using corresponding returned packet as corresponding described with reference to test request result.
5. the method according to claim 1, wherein described use second account, to each of the missing
A account operating right carries out control test request, obtains control test request result, comprising: to each account of the missing
Each of operating right account operating right sends be transmitted across corresponding with first account using second account
The identical URL request of URL request, and using corresponding returned packet as the corresponding control test request result.
6. the method according to claim 1, wherein described be based on asking with reference to test request result and control test
Seek the comparing result of result, it is determined whether there is loophole of vertically going beyond one's commission, comprising:
To any account operating right in each account operating right of the missing, if corresponding refer to test request knot
Fruit is consistent with corresponding control test request result, it is determined that there is leakage of vertically going beyond one's commission in the configuration of the account operating right
Hole.
7. the method according to claim 1, wherein described be based on asking with reference to test request result and control test
Seek the comparing result of result, it is determined whether exist after vertically going beyond one's commission loophole, comprising:
The information for the account operating right that there is loophole of vertically going beyond one's commission in the configuration is sent to management end.
8. a kind of device tested automatically for loophole of vertically going beyond one's commission characterized by comprising
Creation module, for creating the first account and the second account, the first account, which has, summarizes institute in account operating right list
There is account operating right, the second account, which has, summarizes partial account number operating right in account operating right list;
First determining module, the account operating right lacked compared with first account for determining second account;
Each account operating right of the missing is joined for using first account with reference to test request module
Test request is examined, is obtained with reference to test request result;
Test request module is compareed, for using second account, each account operating right of the missing is carried out pair
According to test request, control test request result is obtained;
Second determining module, for based on it is described with reference to test request result and it is described control test request result comparison knot
Fruit, it is determined whether there is loophole of vertically going beyond one's commission.
9. a kind of electronic equipment tested automatically for loophole of vertically going beyond one's commission characterized by comprising
Memory is configured to storage executable instruction;
Processor is configured to execute the executable instruction stored in memory, to realize any of -7 institute according to claim 1
The method stated.
10. a kind of computer readable storage medium, which is characterized in that it is stored with computer program instructions, when the computer
When instruction is computer-executed, computer is made to execute method described in any of -7 according to claim 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910195289.XA CN109902022A (en) | 2019-03-14 | 2019-03-14 | The method and relevant device tested automatically for loophole of vertically going beyond one's commission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910195289.XA CN109902022A (en) | 2019-03-14 | 2019-03-14 | The method and relevant device tested automatically for loophole of vertically going beyond one's commission |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109902022A true CN109902022A (en) | 2019-06-18 |
Family
ID=66953241
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910195289.XA Pending CN109902022A (en) | 2019-03-14 | 2019-03-14 | The method and relevant device tested automatically for loophole of vertically going beyond one's commission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109902022A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110399727A (en) * | 2019-06-25 | 2019-11-01 | 苏州浪潮智能科技有限公司 | A kind of BMC permission automatic test approach, system, terminal and storage medium |
| WO2020181841A1 (en) * | 2019-03-14 | 2020-09-17 | 深圳壹账通智能科技有限公司 | Method for automatically testing horizontal over-permission vulnerabilities and related device |
| CN111767542A (en) * | 2020-02-06 | 2020-10-13 | 北京沃东天骏信息技术有限公司 | Unauthorized detection method and device |
| CN112491807A (en) * | 2020-11-05 | 2021-03-12 | 杭州孝道科技有限公司 | Horizontal override vulnerability detection method based on interactive application detection technology |
| CN113949578A (en) * | 2021-10-20 | 2022-01-18 | 重庆邮电大学 | Automatic detection method and device for unauthorized vulnerability based on flow and computer equipment |
| CN114884720A (en) * | 2022-04-29 | 2022-08-09 | 北京达佳互联信息技术有限公司 | Resource request processing method and device, electronic equipment and storage medium |
| CN116502202A (en) * | 2023-06-25 | 2023-07-28 | 深圳开源互联网安全技术有限公司 | Method and device for judging consistency of user permission model based on NLP technology |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566537A (en) * | 2017-10-30 | 2018-01-09 | 郑州云海信息技术有限公司 | A kind of web applies the method for semi-automatically detecting and system of longitudinal leak of going beyond one's commission |
| WO2018188558A1 (en) * | 2017-04-11 | 2018-10-18 | 腾讯科技(深圳)有限公司 | Method and apparatus for identifying account permission |
| CN108769070A (en) * | 2018-06-30 | 2018-11-06 | 平安科技(深圳)有限公司 | One kind is gone beyond one's commission leak detection method and device |
| CN108833365A (en) * | 2018-05-24 | 2018-11-16 | 杭州默安科技有限公司 | A kind of service logic leak detection method and its system based on flow |
| CN108932426A (en) * | 2018-06-27 | 2018-12-04 | 平安科技(深圳)有限公司 | It goes beyond one's commission leak detection method and device |
-
2019
- 2019-03-14 CN CN201910195289.XA patent/CN109902022A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018188558A1 (en) * | 2017-04-11 | 2018-10-18 | 腾讯科技(深圳)有限公司 | Method and apparatus for identifying account permission |
| CN108696490A (en) * | 2017-04-11 | 2018-10-23 | 腾讯科技(深圳)有限公司 | The recognition methods of account permission and device |
| CN107566537A (en) * | 2017-10-30 | 2018-01-09 | 郑州云海信息技术有限公司 | A kind of web applies the method for semi-automatically detecting and system of longitudinal leak of going beyond one's commission |
| CN108833365A (en) * | 2018-05-24 | 2018-11-16 | 杭州默安科技有限公司 | A kind of service logic leak detection method and its system based on flow |
| CN108932426A (en) * | 2018-06-27 | 2018-12-04 | 平安科技(深圳)有限公司 | It goes beyond one's commission leak detection method and device |
| CN108769070A (en) * | 2018-06-30 | 2018-11-06 | 平安科技(深圳)有限公司 | One kind is gone beyond one's commission leak detection method and device |
Non-Patent Citations (1)
| Title |
|---|
| 吴中超;: "安卓系统安全攻防简析", 网络安全技术与应用, no. 08 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020181841A1 (en) * | 2019-03-14 | 2020-09-17 | 深圳壹账通智能科技有限公司 | Method for automatically testing horizontal over-permission vulnerabilities and related device |
| CN110399727A (en) * | 2019-06-25 | 2019-11-01 | 苏州浪潮智能科技有限公司 | A kind of BMC permission automatic test approach, system, terminal and storage medium |
| CN111767542A (en) * | 2020-02-06 | 2020-10-13 | 北京沃东天骏信息技术有限公司 | Unauthorized detection method and device |
| CN112491807A (en) * | 2020-11-05 | 2021-03-12 | 杭州孝道科技有限公司 | Horizontal override vulnerability detection method based on interactive application detection technology |
| CN113949578A (en) * | 2021-10-20 | 2022-01-18 | 重庆邮电大学 | Automatic detection method and device for unauthorized vulnerability based on flow and computer equipment |
| CN113949578B (en) * | 2021-10-20 | 2023-11-24 | 广州名控网络科技有限公司 | Automatic detection method and device for unauthorized loopholes based on flow and computer equipment |
| CN114884720A (en) * | 2022-04-29 | 2022-08-09 | 北京达佳互联信息技术有限公司 | Resource request processing method and device, electronic equipment and storage medium |
| CN114884720B (en) * | 2022-04-29 | 2023-12-12 | 北京达佳互联信息技术有限公司 | Resource request processing method, device, electronic equipment and storage medium |
| CN116502202A (en) * | 2023-06-25 | 2023-07-28 | 深圳开源互联网安全技术有限公司 | Method and device for judging consistency of user permission model based on NLP technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109902022A (en) | The method and relevant device tested automatically for loophole of vertically going beyond one's commission | |
| CN110084044A (en) | For the horizontal method and relevant device that loophole is tested automatically of going beyond one's commission | |
| CN109598117A (en) | Right management method, device, electronic equipment and storage medium | |
| CN109446071A (en) | Interface test method, interface test device, electronic equipment and storage medium | |
| CN109670297A (en) | Activating method, device, storage medium and the electronic equipment of service authority | |
| WO2020177385A1 (en) | Virtual machine function detection method and apparatus, electronic device and storage medium | |
| US20190147099A1 (en) | Automatic identification of retraining data in a classifier-based dialogue system | |
| CN110471728A (en) | Method and relevant apparatus based on user right display interface | |
| CN109783359A (en) | The method, apparatus and computer equipment that automatic detection interface effectively identifies | |
| CN107635010A (en) | Traffic scheduling method, device, computer-readable recording medium and electronic equipment | |
| CN105069366B (en) | A kind of Account Logon and management method and device | |
| CN109710675A (en) | A kind of storing data library switching method, device, server and storage medium | |
| CN109951553A (en) | Data processing method, system, electronic equipment and computer readable storage medium | |
| US9684750B1 (en) | Concurrent design process | |
| CN110109824A (en) | Big data automatic regression test method, apparatus, computer equipment and storage medium | |
| CN108769175A (en) | Remote real machine access control method, device, storage medium and electronic equipment | |
| KR20220083988A (en) | Method, device, electronic equipment and storage medium for synchronization of verification code | |
| CN108459910A (en) | A kind of method and apparatus for deleting resource | |
| CN105453033A (en) | Program testing service | |
| CN108574733A (en) | Network agent method and device, storage medium and electronic equipment | |
| US10404700B1 (en) | Concurrent design process | |
| CN109460363A (en) | Automated testing method, device, electronic equipment and computer-readable medium | |
| CN108111374B (en) | Method, apparatus, equipment and the computer storage medium of synchronizer list | |
| CN110347591A (en) | Method, apparatus, electronic equipment and storage medium based on use-case test macro | |
| CN105760456B (en) | A kind of method and apparatus keeping data consistency |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| CB02 | Change of applicant information |
Address after: 201, room 518000, building A, No. 1, front Bay Road, Qianhai Shenzhen Guangdong Shenzhen Hong Kong cooperation zone (Qianhai business secretary) Applicant after: Shenzhen one ledger Intelligent Technology Co., Ltd. Address before: 518000 Guangdong city of Shenzhen province Qianhai Shenzhen Hong Kong cooperation zone before Bay Road No. 1 building 201 room A Applicant before: Shenzhen one ledger Intelligent Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |