CN110096868A - Auditing method, device, equipment and the computer readable storage medium of operation code - Google Patents
Auditing method, device, equipment and the computer readable storage medium of operation code Download PDFInfo
- Publication number
- CN110096868A CN110096868A CN201910352487.2A CN201910352487A CN110096868A CN 110096868 A CN110096868 A CN 110096868A CN 201910352487 A CN201910352487 A CN 201910352487A CN 110096868 A CN110096868 A CN 110096868A
- Authority
- CN
- China
- Prior art keywords
- operation code
- index
- code
- rule
- score value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of auditing method of operation code, device, equipment and computer readable storage mediums, the method comprising the steps of: when receiving after operation code, calculate the index score value to operation code in weight index, wherein, described at least to correspond to two weight indexs to operation code;The corresponding default weighted value of each weight index is obtained, the index product between each index score value and the corresponding default weighted value is calculated;If each index sum of products is not in pre-set level score range, it is determined that it is described not pass through audit to operation code, and forbid being sent to described in preset production environment to operation code.The present invention improves the safety of financial industry production environment, and improves the safety of funds transaction in the production environment of financial infrastructure (such as distribution, cloud computing, block chain).
Description
Technical field
The present invention relates to the technical field of financial technology (Fintech) safety detection more particularly to a kind of operation codes
Auditing method, device, equipment and computer readable storage medium.
Background technique
With financial technology, the especially continuous development of internet techno-financial (Fintech), more and more technologies
(such as distributed, block chain Blockchain, artificial intelligence) is applied in financial field, but financial circles also propose more technology
High requirement.
In IT (Internet Technology, Internet technology) production environment of financial industry, financial institution and its
Its commercial undertaking can operate with screen operator record and keyword warning technology to the behaviour of IT personnel for various IT personnel
It is monitored and audits, but this method cannot be by way of prior involvement come the dangerous production exercise to some IT personnel
Prevented, if the corresponding code of viruliferous new product is taken in publication, to cause a large amount of violation operation that cannot shift to an earlier date
Containment.After the maloperation and/or intentional violation operation for IT personnel occur, it is also desirable to by the long period come to IT personnel
Maloperation and/or intentional violation operation checked and audited, throwing into question cannot be solved for a long time, and in this way
Mode is monitored the production operation of IT personnel, can only accomplish the problem of occurring in post-incident review operating process, and subsequent
Reappear the problem of occurred, this not only needs to put into more manpower, and the time found the problem is longer, reduces operation code
Production environment safety.
Summary of the invention
The main purpose of the present invention is to provide a kind of auditing method of operation code, device, equipment and computer-readable
Storage medium, it is intended to solve the technical issues of how improving the safety of the production environment of operation code.
To achieve the above object, the present invention provides a kind of auditing method of operation code, the auditing party of the operation code
Method comprising steps of
When receiving after operation code, the index score value to operation code in weight index is calculated, wherein institute
It states and at least corresponds to two weight indexs to operation code;
The corresponding default weighted value of each weight index is obtained, each index score value and the corresponding default power are calculated
Index product between weight values;
If each index sum of products is not in pre-set level score range, it is determined that it is described do not pass through to operation code it is careful
Meter, and forbid being sent to described in preset production environment to operation code.
Preferably, described when receiving after operation code when the weight index is production O&M index, calculate institute
The step of stating the index score value to operation code in weight index include:
When receiving after operation code, the corresponding production O&M audit regulation collection of production O&M index is obtained, and calculate
The first regular quantity that the production O&M audit regulation is concentrated;
It calculates and is concentrated in the production O&M audit regulation, with described to the matched production O&M audit regulation of operation code
Second Rule quantity;
Refer to operation code in production O&M according to the described first regular quantity and Second Rule quantity calculating are described
Production O&M index score value in mark.
Preferably, described when receiving after operation code when the weight index is algorithm Walkthrough index, calculate institute
The step of stating the index score value to operation code in weight index include:
When receiving after operation code, the corresponding each code security rule set of acquisition algorithm Walkthrough index;
It compares described to operation code and each code security rule set, is tied according to resulting comparison is compared
Fruit determines the regular score to operation code in each code security rule set;
The corresponding regular weight of each code security rule set is obtained, and calculates each regular score and rule of correspondence weight
Regular product, to obtain the algorithm Walkthrough index score value to operation code in the algorithm Walkthrough index.
Preferably, described when receiving after operation code when the weight index is that code compares index, calculate institute
The step of stating the index score value to operation code in weight index include:
When receiving after operation code, acquisition is described to the corresponding history codes of operation code, and calculates described wait grasp
Make the dispersion degree value between code and the history codes;
If the dispersion degree value is less than predeterminable level value, calculate the dispersion degree value and the predeterminable level value it
Between degree difference;
The code comparison index to operation code in code comparison index is determined according to the degree difference
Score value.
Preferably, described when receiving after operation code when the weight index is database manipulation index, it calculates
The step of index score value to operation code in weight index includes:
When receiving after operation code, described in detection in the process of running to operation code, if there are illegal connections
The operation of database;
If it is described to operation code in the process of running, not there is no the operation of illegal connection database, then obtain the number
According to the private data collection of library operation index;
It determines that the private data is concentrated, with described to the matched target private data of operation code, and obtains the mesh
Mark the corresponding private data score value of private data;
The operation index to operation code in database manipulation index point is calculated according to the private data score value
Value.
Preferably, described when receiving after operation code when the weight index is that business operation closes rule index, it counts
The step of calculating the index score value to operation code in weight index include:
When receiving after operation code, obtains business operation and close the corresponding business conjunction rule rule of rule index, and determine institute
It states business to close in rule rule, closes rule rule to the matched target service of operation code with described;
It obtains each target service and closes the corresponding conjunction rule score value of rule rule, and obtain to close and advise default score value;
Default score value is advised into the conjunction and subtracts the corresponding conjunction rule score value of each target service conjunction rule rule, is obtained described wait grasp
Make code and closes the conjunction rule index score value advised in index in the business operation.
Preferably, before described the step of obtaining each weight index corresponding default weighted value, further includes:
It determines the corresponding approval node of the weight index, it is default in each weight index to obtain each approval node
Score value;
According to the corresponding default weighted value for calculating each weight index of the corresponding default score value of each weight index.
Preferably, described when receiving after operation code, calculate the index to operation code in weight index
The step of score value includes:
When receiving after operation code, obtains default approval node and authorize the authorization to operation code operation permission
As a result;
If determined according to the Authorization result authorize the approval node quantity to operation code operation permission be greater than or
Person is equal to default number of nodes, then calculates the index score value to operation code in weight index.
Preferably, if each index sum of products is not in pre-set level score range, it is determined that described wait operate
Code does not pass through audit, and forbidding will be after the step that be sent in preset production environment to operation code, further includes:
The security audit to operation code is generated to report;
Security audit report is sent to it is described in the corresponding terminal of operation code, so that the terminal is receiving
To after security audit report, described reported to the corresponding technical staff of operation code according to the security audit is prompted to modify
It is described to operation code.
Preferentially, described to obtain the corresponding default weighted value of each weight index, calculate each index score value and right
After the step of answering the index product between the default weighted value, further includes:
If each index sum of products is in pre-set level score range, it is determined that it is described to pass through audit to operation code,
And corresponding operating parameter is configured to operation code to be described, is obtained to the corresponding parameter to be configured of operation code according to described
It is described to operation code after configuring operating parameter;
Will after configuration operating parameter described in be sent in preset production environment and run to operation code.
In addition, to achieve the above object, the present invention also provides a kind of audit device of operation code, the operation code
Audit device includes:
Computing module, for calculating the finger to operation code in weight index when receiving after operation code
Mark score value, wherein described at least to correspond to two weight indexs to operation code;
Module is obtained, for obtaining the corresponding default weighted value of each weight index;
The computing module is also used to calculate the index between each index score value and the corresponding default weighted value
Product;
Determining module, if for each index sum of products not in pre-set level score range, it is determined that described wait grasp
Make code and does not pass through audit;
Disabled module is sent to described in preset production environment to operation code for forbidding.
In addition, to achieve the above object, the present invention also provides a kind of audit device of operation code, the operation code
Audit device includes memory, processor and is stored in the operation code that can be run on the memory and on the processor
Auditing procedure, the auditing procedure of the operation code realized when being executed by the processor operation code as described above examine
The step of meter method.
In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer readable storage medium
It is stored with the auditing procedure of operation code on storage medium, is realized such as when the auditing procedure of the operation code is executed by processor
The step of auditing method of the upper operation code.
The present invention passes through when receiving after operation code, calculates the index score value to operation code in weight index,
The corresponding default weighted value of each weight index is obtained, the index between each index score value and corresponding default weighted value is calculated
Product, if each index sum of products is in pre-set level score range, it is determined that pass through audit to operation code.It realizes
It receives after operation code, will not be sent to production environment operation to operation code at once, but treat operation code progress
Audit, if not passing through audit to operation code, forbids to be sent in production environment to operation code, to avoid peace will be present
Being sent in production environment to operation code for full property problem, improves the safety of production environment, and improve production ring
The safety of funds transaction in border.
Detailed description of the invention
Fig. 1 is the flow diagram of the auditing method first embodiment of operation of the present invention code;
Fig. 2 is the flow diagram of the auditing method 3rd embodiment of operation of the present invention code;
Fig. 3 is the flow diagram of the auditing method fourth embodiment of operation of the present invention code;
Fig. 4 is the functional schematic module map of the audit device preferred embodiment of operation of the present invention code;
Fig. 5 is the structural schematic diagram for the hardware running environment that the embodiment of the present invention is related to.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of auditing method of operation code, and referring to Fig.1, Fig. 1 is the auditing party of operation of the present invention code
The flow diagram of method first embodiment.
The embodiment of the invention provides the embodiments of the auditing method of operation code, it should be noted that although in process
Logical order is shown in figure, but in some cases, it can be to be different from shown or described by sequence execution herein
Step.
The auditing method of operation code is applied to the audit device of operation code.The audit device of operation code can be service
Device or terminal, terminal may include such as mobile phone, tablet computer, laptop, palm PC, personal digital assistant
Mobile terminals such as (Personal Digital Assistant, PDA), and number TV, desktop computer etc. are fixed eventually
End.In each embodiment of the auditing method of operation code, for ease of description, omits executing subject and be illustrated each reality
Apply example.The auditing method of operation code includes:
Step S10 calculates the index to operation code in weight index point when receiving after operation code
Value, wherein described at least to correspond to two weight indexs to operation code.
It should be noted that technical staff is various in the terminal progress of the corresponding financial institution such as bank, security and fund
In operating process, such as in publication new product, update existing procucts, acquisition data operating process, many needs can be encountered and examined
Operation is advised in the conjunction of core.Specifically, technical staff is executed in financial institution's counterpart terminal in various operating process, is all to pass through hair
Cloth it is some can operation code realize.Therefore, receive technical staff publication after operation code, calculate generation to be operated
Index score value of the code in preset weight index.It in embodiments of the present invention, include two types to operation code, one is
Script to be operated, one is to operation version.Script to be operated and language of writing to operation version can be identical, can also not
Together, script such as to be operated can be write with Python, can be write with Java language to operation version, script to be operated
Major function may be configured as extracting data and modify data, and the major function to operation version may be configured as updating financial institution's life
At code release existing in environment.The weight index at least two to operation code is evaluated, in embodiments of the present invention, power
Weight index include but is not limited to produce O&M index, algorithm Walkthrough index, database manipulation index, business operation close rule index and
Code compares index.
Further, receiving after operation code, obtain with to the corresponding parameter to be configured of operation code.Wherein,
Technical staff of the parameter to be configured by publication to operation code fills in the audit device of operation code according to specific needs
, parameter to be configured includes but is not limited to the examination & approval authorized to the corresponding production environment of operation code, routing, database, needs
Node, risk point, relating dot, modifying point and publication user information.Production environment is is run after operation code is by audit
Environment;Routing is i.e. to the operation code required routing being arranged in production environment;Database is to produce to operation code
The database to be connected in environment operational process;The approval node for needing to authorize is to treat operation code to carry out audit process
In;Have permission the approval node authorized to operation code operation permission;Risk point is to which there are risk, Huo Zherong in operation code
The code region of easy occurrence risk;Relating dot is to wait for the associated other codes of operation code with this, if some complete fund is handed over
It is easily operating process are as follows: A → B → C, if current is to update the corresponding code of B to operation code, relating dot is that A is corresponding
Code and the corresponding code of C;Modifying point is the place modified to operation code relative to history codes, which is wait grasp
Make the code of the last update of code, such as exists respectively to the corresponding source code of operation code (code generated for the first time)
On April 1st, 2019, on April 10th, 2019 and on April 18th, 2019 are updated primary, are April 20 in 2019 to operation code
It number receives, then history codes are updated source code on April 18 in 2019, it is to be understood that are only being updated
In the case where existing code, can just there be modifying point to operation code, if to operation code should be the generation for realizing a new function
Code is then that there is no modifying points to operation code;The information of publication user is to issue the surname of the technical staff for waiting for operation code
Name, position and place company etc..By first obtaining to the corresponding parameter to be configured of operation code, operation is carried out to operation code
Preparation can be published to immediately in corresponding production environment and run, improve wait operate after operation code is by audit
The operational efficiency of code.
Further, when the weight index is production O&M index, step S10 includes:
Step a obtains the corresponding production O&M audit regulation collection of production O&M index when receiving after operation code,
And calculate the first regular quantity that the production O&M audit regulation is concentrated.
Specifically, it when weight index is production O&M index, is receiving after operation code, is obtaining production O&M and refer to
Corresponding production O&M audit regulation collection is marked, and calculates the quantity of production O&M audit regulation centralized production O&M audit regulation,
The quantity for producing O&M audit regulation centralized production O&M audit regulation is denoted as the first regular quantity.Such as in production O&M audit
Production O&M audit regulation in rule set can are as follows: 1. forbids to occur " rm-rf* " instruction in operation code, which is batch
Amount deletes instruction, in the case that " rm-rf* " instruction is in root, will lead to the system crash where operation code;②
Forbid to occur in operation code ": {: |: & };: " instruction, which, which passes through, defines ': ' function, and repetition is called itself, be will lead to
It is collapsed to the system where operation code;3. forbidding to " mv.txt/.sh/.py/dev/null " occur in operation code
Instruction, the instruction can all rename the file under destination path as sky, cause be to system where operation code
The other mistake of irrespective of size;4. forbid to occur " dd if=/dev/random of=/dev/sda " order in operation code, this
Random garbage files can be written to block device sda to clash data in order, allow and are easily trapped into system where operation code
Chaotic and expendable state;5. forbidding to occur " ' > ' " instruction in operation code, which can produce redirection rule,
If saving in production using ' > ' Lai Jinhang data, need to carry out source file very rigorous examination, otherwise once by ' > ' weight
After oriented cover, the data that will lead to system level can not be restored.
Step b is calculated and is concentrated in the production O&M audit regulation, is examined with described to the matched production O&M of operation code
Count the Second Rule quantity of rule.
It, will be to the production of operation code and production O&M audit regulation concentration after getting production O&M audit regulation collection
O&M audit regulation compares, and to determine that production O&M audit regulation is concentrated, examines with to the matched production O&M of operation code
Meter rule.If being instructed to there is " rm-rf* " in operation code, it is determined that operation code and production O&M audit regulation collection
In first production O&M audit regulation matching.When determining production O&M audit regulation concentration, matched with to operation code
Production O&M audit regulation after, calculate production O&M audit regulation and concentrate, and it is careful to the matched production O&M of operation code institute
The quantity of rule is counted, and production O&M audit regulation is concentrated, and produces O&M audit regulation to operation code institute is matched
Quantity is denoted as Second Rule quantity.
Step c is being produced according to described in the described first regular quantity and Second Rule quantity calculating to operation code
Production O&M index score value in O&M index.
After determining the first regular quantity and Second Rule quantity, the corresponding rule of each item production O&M audit regulation is determined
For ease of calculation, the preset rules total score for producing O&M audit regulation collection is all arranged in embodiments of the present invention for score value
It is 100.Specifically, it is determined that the process that each item produces the corresponding regular score value of O&M audit regulation can are as follows: by preset rules total score
Value obtains the corresponding rule point of each item production O&M audit regulation divided by the first regular quantity of production O&M audit regulation collection
Value, if the first regular quantity of production O&M audit regulation collection is 20, then each item produces the regular score value of O&M audit regulation
Are as follows: 100 ÷ 20=5.It should be noted that in other embodiments, can be preset and quite produce O&M audit regulation concentration respectively
Item produces the corresponding regular score value of O&M audit regulation, at this point, the corresponding regular score value of production O&M audit regulation collection is set as
At least two score values can wherein will then be examined 2 production O&Ms if the first regular quantity of production O&M audit regulation collection is 10
The regular score value of meter rule is respectively set to a, and in addition the regular score value of 3 production O&M audit regulations is respectively set to b, remaining
The regular score value of 5 production O&M audit regulations is respectively c, makes 2 × a+3 × b+5 × c=100.
After determining the corresponding regular score value of each item production O&M audit regulation, Second Rule quantity and regular score value are calculated
Product, obtain the first matching rule score value, preset rules total score then subtracted into the first matching rule score value, obtain to
Production O&M index score value of the operation code in production O&M index.It is such as concentrated in production O&M audit regulation, each production
The regular score value of O&M audit regulation is 5, and Second Rule quantity is 6, then is to the production O&M index score value of operation code
100-5 × 6=70.
It should be noted that if production O&M audit regulation concentrates the regular score value of each item production O&M audit regulation different
Sample will be to the matched production O&M of operation code institute then after determining the corresponding regular score value of each item production O&M audit regulation
The corresponding regular score value of audit regulation is added, and obtains the first matching rule score value.
Further, however, it is determined that production O&M index score value then can determine generation to be operated less than the first pre-set level score value
Code does not pass through audit;If it is determined that production O&M index score value is more than or equal to the first pre-set level score value, then can determine wait grasp
Pass through audit as code, wherein the first pre-set level score value is arranged according to specific needs, such as may be configured as 50 points, 58 points
Or 60 points etc..
Further, when the weight index is algorithm Walkthrough index, step S10 further include:
Step d, when receiving after operation code, the corresponding each code security rule set of acquisition algorithm Walkthrough index.
When weight index is algorithm Walkthrough index, the corresponding each code security rule set of acquisition algorithm Walkthrough index,
Each code security rule is concentrated at least one code security rule, and each code security rule set realizes different functions,
For determining whether meet compliance to operation code.Specifically, in embodiments of the present invention, code security rule set include but
It is not limited to code logic rule set, variable uses rule set, parameter setting rule set and security control rule set, code logic rule
Then collect and whether meet set code logic mainly for detection of the logic to operation code, variable uses rule set is mainly used
Whether meet set requirement to the variable uses in operation code in detection, parameter setting rule set mainly for detection of to
Whether the setting of parameters is correct in operation code, and whether security control rule set meets mainly for detection of to operation code
Set safety regulation.
Step e is compared described to operation code and each code security rule set, resulting according to comparing
Comparing result determines the regular score to operation code in each code security rule set.
It will compare, be determined in each code security rule set to operation code and each code security rule set, with
To the matched object code safety regulation of operation code, comparing result is obtained.It is understood that comparing result is exactly target generation
Code safety regulation.Obtain the corresponding code security rule score value of each object code safety regulation, wherein in each code security
The corresponding code security rule score value of each code security rule, each code security rule set have been pre-set in rule set
Code security rule total score be 100 points.Concentrate each object code safety regulation corresponding identical code safety regulation
Code security rule score value is added, and obtains the second matching rule score value, and code security rule total score is subtracted the second matching rule
Then score value, correspondence obtain the regular score to operation code in each code security rule set.
Step f obtains the corresponding regular weight of each code security rule set, and calculates each regular score and corresponding rule
The then regular product of weight, to obtain the algorithm Walkthrough index score value to operation code in the algorithm Walkthrough index.
Obtain the corresponding regular weight of each security code rule set, and by each regular score and rule of correspondence weight phase
Multiply, obtain corresponding regular product, resulting each regular product addition is obtained to operation code in algorithm Walkthrough index
Algorithm Walkthrough index score value.It should be noted that the corresponding regular weight of each security code rule set can be according to specific need
It wants and is arranged, the sum of corresponding regular weight of each security code rule set is equal to 1.Such as the regular weight of code logic rule set
For f, the regular weight of variable uses rule set is k, and the regular weight of parameter setting rule set is l, security control rule set
Regular weight is u, then f+k+l+u=1.
If it is 80, f=0.3 that the regular score to operation code in code logic rule set, which is calculated, then correspond to
Regular product are as follows: 80 × 0.3;It is if being 90, k=0.2 to regular score of the operation code in variable uses rule set, then right
The regular product answered are as follows: 90 × 0.2;If being 100, l=0.1 to regular score of the operation code in parameter setting rule set,
Then corresponding regular product are as follows: 100 × 0.1;If being 70, u=to regular score of the operation code in security control rule set
0.4, then corresponding regular product are as follows: 70 × 0.4;At this time to algorithm Walkthrough index score value=80 × 0.3+90 of operation code ×
0.2+100 × 0.1+70 × 0.4=80.
Further, after algorithm Walkthrough index score value is calculated, judge whether algorithm Walkthrough index score value is less than pair
The the second pre-set level score value answered, however, it is determined that algorithm Walkthrough index score value then can determine less than the second pre-set level score value wait grasp
Make code and does not pass through audit;If it is determined that algorithm Walkthrough index score value is more than or equal to the second pre-set level score value, then can determine
Pass through audit to operation code, wherein the second pre-set level score value can be equal with the first preset rules score value, can also be with first in advance
If regular score value is unequal.
Further, when the weight index is that code compares index, step S10 further include:
Step g, when receiving after operation code, acquisition is described to the corresponding history codes of operation code, and calculates institute
It states to the dispersion degree value between operation code and the history codes.
When weight index is that code compares index, is receiving after operation code, obtaining corresponding to operation code
History codes.After getting history codes, calculated using Nonlinear Quasi hop algorithm between operation code and history codes
Dispersion degree value can specifically be obtained to the modifying point in operation code, and be obtained corresponding with the modifying point in history codes
History codes point, discrete figure is then depicted according to modifying point and history codes point, is somebody's turn to do by Nonlinear Quasi hop algorithm
The corresponding degree of fitting of discrete figure, wherein the degree of fitting is to the dispersion degree value between operation code and history codes.
Further, it in order to improve the audit efficiency to operation code, is receiving after operation code, is first detecting wait grasp
Make code with the presence or absence of corresponding history codes, if corresponding history codes are not present to operation code, do not need to calculate to
The code of operation code compares index score value;If to operation code, there are corresponding history codes, obtain to operation code pair
The history codes answered.Specifically, in operation code, modifying point if it does not exist, it may be determined that there is no correspond to operation code
History codes.It is understood that can also be determined by the version number to operation code to operation code with the presence or absence of pair
The history codes answered can determine that there is no history generations to operation code if the version number to operation code is first version number
Code;If can determine that there are history generations to operation code after the version number of operation code is the subsequent version of first version number
Code.
Step h calculates the dispersion degree value and the default journey if the dispersion degree value is less than predeterminable level value
Degree difference between angle value.
Step i determines the code ratio to operation code in code comparison index according to the degree difference
To index score value.
After dispersion degree value is calculated, judge whether dispersion degree value is less than predeterminable level value, wherein predeterminable level
Value is arranged according to specific needs, is not particularly limited in the present embodiment to predeterminable level value.If it is determined that dispersion degree value
Less than predeterminable level value, then the degree difference between dispersion degree value and predeterminable level value is calculated, and determine according to degree difference
The code in index, which is compared, in institute's code to operation code compares index score value.Specifically, pre-set degree difference with
Code compares the mapping relations between index score value, therefore, according to degree difference, can determine wait operate by the mapping relations
Code compares the code in index in code and compares index score value.In mapping relations, may be configured as when degree difference (0, A]
When, it is 100 points that corresponding code, which compares index score value,;(A, B] when, it is 90 points that corresponding code, which compares index score value,;(B,
C] when, it is 80 points that corresponding code, which compares index score value,;(C, D] when, it is 70 points that corresponding code, which compares index score value,;?
(D, E] when, it is 60 points that corresponding code, which compares index score value,;When being greater than E, it is zero that corresponding code, which compares index score value,
That is the index score value of code comparison at this time shows to pass through audit to operation code, wherein 0 < A < B < C < D < E.
Further, if dispersion degree is more than or equal to predeterminable level value, it is determined that do not pass through audit to operation code.
Further, when the weight index is database manipulation index, step S10 further include:
Step j, when receiving after operation code, described in detection in the process of running to operation code, if there are non-
The operation of method connection database.
Step k, if it is described to operation code in the process of running, not there is no the operation of illegal connection database, then obtain
The private data collection of the database manipulation index.
It when weight index is database manipulation index, is receiving after operation code, detection is being transported to operation code
During row, if there are the operations of illegal connection database.Specifically, if detecting to operation code in the process of running,
In the presence of the operation for using clear-text passwords connection database, it is determined that there are illegal connection data in the process of running to operation code
The operation in library;If detecting to operation code, in the process of running, there is no the operations for using clear-text passwords connection database, then
Determine the operation that illegal connection database is not present in the process of running to operation code.If it is determined that being run to operation code
, there is no the operation of illegal connection database in Cheng Zhong, then the corresponding private data collection of database manipulation index is obtained, in the present invention
In embodiment, database manipulation index has one's own private data collection, concentrates in private data, is stored with private data,
Private data can be the personal information such as name, phone and the age of financial institution employee and employee family members.
Further, however, it is determined that in the process of running to operation code, there are the operations of illegal connection database, it is determined that
Audit is not passed through to operation code.
Step l determines that each private data is concentrated, with described to the matched target private data of operation code, and obtains
The corresponding private data score value of the target private data.
After getting private data collection, determine that each private data is concentrated, and to the matched target privacy of operation code
Data, and obtain the corresponding private data score value of each target private data.In the present embodiment, it can be concentrated for private data
Corresponding privacy score value is arranged in each private data, i.e., each target private data is all provided with corresponding privacy score value, each
The total score of private data collection is 100 points, at this point, the corresponding private data score value of target private data is each target privacy number
According to the sum of corresponding privacy score value;Personal information to occur an employee and its employee family members in operation code can also be denoted as
All there is corresponding violation score in violation operation, each violation operation, then according to violation operation number and it is corresponding disobey
The corresponding private data score value of target private data is calculated in rule score, will such as carry out to operation code and private data collection pair
Than determining to occur personal information relevant to 5 employees in operation code, therefore, to the corresponding violation behaviour of operation code
Making number is 5 times, and the corresponding violation score of each violation operation is 5 points, then the corresponding private data score value of target private data
Are as follows: 5 × 5=25.
Step m calculates the operation to operation code in database manipulation index according to the private data score value
Index score value.
After getting the corresponding private data score value of target private data, according to the corresponding privacy number of target private data
The operational order score value to operation code in database manipulation index is calculated according to score value.Specifically, if by operation index score value
Full marks be set as 100 points, then operation index score value are as follows: 100- private data score value, i.e. operation index score value are operation index
The full marks of score value subtract private data score value.
Further, after operation index score value is calculated, judge whether operation index score value is less than the default finger of third
Mark score value, however, it is determined that operation index score value is less than third pre-set level score value, then can determine and do not pass through audit to operation code;If
It determines that operation index score value is more than or equal to third pre-set level score value, then can determine and pass through audit to operation code, wherein
Third pre-set level score value can be equal with the first preset rules score value, can also be unequal with the first preset rules score value.
Further, when the weight index is that business operation closes rule index, step S10 further include:
Step n obtains business operation and closes the corresponding business conjunction rule rule of rule index when receiving after operation code, and
It determines that the business is closed in rule rule, closes rule rule to the matched target service of operation code with described.
When weight index is that business operation closes rule index, is receiving after operation code, obtaining business operation and close rule
The corresponding business of index closes rule rule, and closes in rule rule in business, determines and closes rule rule to the matched target service of operation code
Then.Wherein, at least there is a business conjunction rule rule in business operation conjunction rule index, and the regular particular content of business conjunction rule can basis
Need and be arranged, as business close rule rule may be configured as: occur related service rule and promote marketing method violate silver protect prison
Financial product business processing method;The business of user and account information Authorization class closes rule operation;The control of related service capital scale;
Product and business processing people's correlation check power of examination and approval control etc..Specifically, if being advised to be closed in operation code there are some business
Forbid Database field value or certain global variables for forbidding occurring occur in rule, it is determined that operation code and the industry
Rule rule match is closed in business.
Step o obtains each target service and closes the corresponding conjunction rule score value of rule rule, and obtains to close and advise default score value.
It obtains each target service and closes the corresponding conjunction rule score value of rule rule, and obtain to close and advise default score value, in this implementation
In example, closing rule, default score value is identical is set as 100 points.Since each business is closed, rule Rule content is different, and corresponding close is advised
Score value is different, such as closes in rule rule in A business, may be configured as every appearance and once forbids the field value occurred, corresponding conjunction rule
Score value is 5 points, and the global variable occurred is once forbidden in every appearance, and corresponding conjunction rule score value is 3 points, if the numerical value occurred in code
Maximum value set in rule rule is closed greater than business, corresponding conjunction rule score value is 5 points.
The default score value of conjunction rule is subtracted each target service and closes the corresponding conjunction rule score value of rule rule, obtains institute by step p
It states and closes the conjunction rule index score value advised in index in the business operation to operation code.
After getting the corresponding conjunction rule score value of each target service rule, the default score value of rule will be closed and subtract each target industry
Business closes the corresponding each conjunction of rule rule and advises score value, obtains closing the conjunction rule index point in rule index in business operation to operation code
Value.Such as be 3 to the matched target service rule of operation code, it is respectively 5 points, 3 points and 5 that score value is advised in every corresponding conjunctions
Point, then close index score value=100-5-3-5=87 points of rule.
Further, after conjunction rule index score value is calculated, judge to close whether rule index score value is less than the corresponding 4th
Pre-set level score value, however, it is determined that close rule index score value less than the 4th pre-set level score value, then can determine and do not pass through to operation code
Audit;If it is determined that closing rule index score value is more than or equal to the 4th pre-set level score value, then can determine to operation code by examining
Meter, wherein the 4th pre-set level score value can be equal with the first preset rules score value, can also be with the first preset rules score value not phase
Deng.
Step S20 obtains the corresponding default weighted value of each weight index, calculates each index score value and corresponding institute
State the index product between default weighted value.
Obtain the corresponding default weighted value of each weight index, wherein the corresponding default weighted value of each weight index can
It is set as desired, the present embodiment default weighted value corresponding to each weight index is not particularly limited.It can will such as produce
The default weighted value of O&M index is set as 0.2, sets 0.1 for the default weighted value of algorithm Walkthrough index, code is compared
The default weighted value of index is set as 0.3, sets 0.3 for the default weighted value of database manipulation index, business operation is closed
The default weighted value of rule index is set as 0.1.After getting each weight index corresponding default weighted value, each finger is calculated
The product between score value and corresponding default weighted value is marked, the product between each index score value and corresponding default weighted value is denoted as
Index product.
Further, the auditing method of the operation code further include:
Step q determines the corresponding approval node of the weight index, obtains each approval node in each weight index
Default score value.
It determines the corresponding approval node of weight index, and obtains default point of each approval node in each weight index
Value.It should be noted that requirement of each approval node for each weight index be it is different, default score value is according to each
Requirement of the approval node to weight index is arranged, during each approval node corresponding default score value is arranged, it is desirable that
For each approval node, the sum of default score value of each weight index is corresponded to equal to fixed value, the fixed value is settable
It is 100, or is set as 1 etc..Such as producing O&M index, relative to business approval node, exploitation approval node and safety
Approval node, O&M approval node have higher requirement, and therefore, the corresponding default score value of O&M approval node is than other examination & approval
Node wants high;Rule index such as is closed for business operation, relative to O&M approval node, exploitation approval node and safety examination & approval section
Point, business approval node have higher requirement, and therefore, the corresponding default score value of business approval node is than other approval nodes
It is high.
In order to make it easy to understand, being illustrated by taking the relation table between weight index and default score value as an example below, it is below
By taking fixed value is 100 as an example.
In above table, production O&M index is indicated with x, indicates algorithm Walkthrough index with y, indicate that code compares with z
Index indicates that business operation closes rule index with h with g identification database operation index, in production O&M index, O&M examination & approval
The corresponding default score value of node is 30 points, and the corresponding default score value of business approval node is 10 points, and exploitation approval node is corresponding
Default score value is 20 points, and the corresponding default score value of safe approval node is 20 points, compares index in algorithm Walkthrough index and code
In, the default score value of O&M approval node is 10 points, and in database manipulation index, the default score value of O&M approval node is 30
Point, it being closed in rule index in business operation, the default score value of O&M approval node is 20 points, therefore, and in each weight index, fortune
The corresponding default total score=30+10+10+30+20=100 of approval node is tieed up, i.e., for O&M approval node, is corresponded to each
The sum of default score value of weight index is equal to fixed value.
Step w, according to the corresponding default weighted value for calculating each weight index of the corresponding default score value of each weight index.
After getting each weight index corresponding default score value, it is each default point corresponding to calculate same weight index
The sum of value, obtains pre-set level score value, by pre-set level score value divided by the quantity of approval node, obtains the pre- of respective weights index
If weighted value, to obtain the default weighted value of each weight index.As code compares default weighted value=(10+15+ of index
25+10) 4 ÷ 100=0.15 of ÷.It should be noted that being needed during calculating default weighted value when fixed value is 100
Divided by 100, default weighted value is converted into the numerical value less than 1, in order to calculate.It is understood that calculating default power
It can not also only need to adjust the corresponding upper limit value of pre-set level score range and lower limit value at this time divided by 100 during weight values
, to guarantee it can be concluded that whether passing through the result of audit to operation code.
Step S30, if each index sum of products is not in pre-set level score range, it is determined that described to operation code
Not by audit, and forbid being sent to described in preset production environment to operation code.
After obtaining index product, the index sum of products is denoted as index total score, and judged by the parameter sum of products
Whether index total score is in pre-set level score range.If index total score does not divide in range in pre-set level score value, really
It is fixed not pass through audit to operation code, forbid to be sent to operation code in preset production environment and run, wherein produces ring
Border is to pre-set, and runs the production environment to operation code;If index total score is in pre-set level score range, really
It is fixed to pass through audit to operation code.
With continued reference to above table, if indicating index total score with s, s=x × 0.2+y × 0.175+z × 0.15+g ×
0.3+h×0.175.Wherein, pre-set level score range is arranged according to specific needs, can such as incite somebody to action (85,100] it is set as pre-
If index score value, i.e., when index total score is greater than 85 timesharing, it may be determined that pass through audit to operation code;When index total score is less than
Or when being equal to 85, determination does not pass through audit to operation code.Further, it is corresponding that each index grade of setting can also be preset
Score range, can such as set the score range of A index grade to (80,100], the score range of B index grade is set as
(60,80], the score range of C index grade be set as (40,60], the score range of D index grade be set as (0,40].When true
When determining index total score and belonging to A index grade, determines and pass through audit to operation code;When determining that index total score is B index etc.
When grade, C index grade and D index grade, determination does not pass through audit to operation code.
Further, however, it is determined that operation code by audit, then life is determined according to the parameter to be configured to operation code
Environment is produced, will be sent in identified production environment and run to operation code.Specifically, if identified production environment
Subject to production environment, then after operation code quasi- production environment operation after, obtaining operation result, only operation result meets out
When the expection of hair personnel, operation maintenance personnel and business personnel, it can just be run final production environment is sent to operation code.It can
With understanding, expectation index is can be set in developer, operation maintenance personnel and business personnel, when the data in operation result reach
When expectation index, that is, it can determine that operation result meets the expection of counterpart personnel.
The present embodiment passes through the index point calculated when receiving after operation code to operation code in weight index
Value, obtains the corresponding default weighted value of each weight index, calculates between each index score value and corresponding default weighted value
Index product, if each index sum of products is in pre-set level score range, it is determined that pass through audit to operation code.It realizes
It is receiving after operation code, will not be sent to production environment operation to operation code at once, but treat operation code
It audits, if not passing through audit to operation code, forbids to be sent to operation code in production environment, to avoid that will deposit
In being sent in production environment to operation code for safety issue, the safety of production environment is improved, and improves life
Produce the safety of funds transaction in environment.
Further, the auditing method second embodiment of operation of the present invention code is proposed.
The auditing method first embodiment of the auditing method second embodiment and operation code of the operation code
Difference is that step S10 includes:
Step y, when receiving after operation code, the default approval node of acquisition is authorized described to operation code operation permission
Authorization result.
When receiving after operation code, obtains default approval node and authorize the authorization knot for running permission to operation code
Fruit.Specifically, it can will receive and be sent to the corresponding examination & approval terminal of each approval node to operation code, when examination & approval terminal receives
To after operation code, output prompt information prompts whether corresponding approving person's audit authorizes to operation code in production environment
The operation permission of middle operation.Wherein, approving person decides whether to authorize to operation code in production environment according to specific needs
The operation permission of middle operation.Decide whether to authorize to operation code operation permission when audit terminal receives corresponding approving person
After authorizing instruction, returns to this and authorize instruction.Instruction is authorized when receiving this, instruction is authorized according to this and corresponding authorizes mark
Determine whether each approval node authorizes the Authorization result to operation code operation permission.Specifically, permission is identified as when authorizing
When operation mark, show that the approval node authorizes the operation permission run in production environment to operation code;It is identified when authorizing
When to forbid operation to identify, show that the approval node does not authorize the operation permission run in production environment to operation code.?
In the present embodiment, not limiting allows to run the form of expression for identifying and operation being forbidden to identify.In authorizing instruction, node is carried
Mark, can determine that this authorizes index by node identification is that the corresponding examination & approval terminal of which approval node is sent.
Step z authorizes the approval node quantity to operation code operation permission if determining according to the Authorization result
More than or equal to default number of nodes, then the index score value to operation code in weight index is calculated.
If after getting Authorization result, calculating in Authorization result and authorizing the operation run in production environment to operation code
The approval node quantity of permission, that is, calculating institute, received to authorize in instruction how many authorizes instruction be to carry to allow to run to identify
's.It is more than or equal to default number of nodes to the approval node quantity of operation code operation permission if it is determined that authorizing, then calculates
To index score value of the operation code in weight index.Wherein, default number of nodes can be determined according to the quantity of approval node,
The quantity of approval node is more, and default number of nodes is bigger, such as when there are 4 approval nodes, can set default number of nodes
It is set to 3;When there are 8 approval nodes, 6 can be set by default number of nodes.Further, however, it is determined that authorize generation to be operated
The approval node quantity of code operation permission is less than default number of nodes, it is determined that does not pass through audit to operation code.
The present embodiment obtains default approval node and authorizes to operation code operation power by receiving after operation code
The Authorization result of limit is greater than or waits to the approval node quantity of operation code operation permission being determined to authorize according to Authorization result
When default number of nodes, the index score value to operation code in weight index is just calculated, avoids and is authorizing generation to be operated
When the approval node quantity of code operation permission is less than default number of nodes, the index to operation code in weight index is also calculated
Score value simplifies the audit process audited to operation code.
Further, the auditing method 3rd embodiment of operation of the present invention code is proposed.
The auditing method 3rd embodiment of the operation code and the auditing method first or second of the operation code are real
The difference for applying example is, referring to Fig. 2, the auditing method of operation code further include:
Step S40 generates the security audit to operation code and reports.
When determining after operation code does not pass through audit, it will be returned to operation code to operation code counterpart terminal, and
It generates and is reported to the security audit of operation code, wherein to operation code counterpart terminal be the technology people write to operation code
Member's used terminal.It include matched to the matched production O&M audit regulation of operation code institute, institute in security audit report
Code security rule, the operation to dispersion degree value, illegal connection database between operation code and history codes and institute
The data such as the target private data matched.
Step S50, security audit report is sent to it is described in the corresponding terminal of operation code, for the end
End is after receiving the security audit report, to the corresponding technical staff of operation code according to the security audit described in prompt
Report modification is described to operation code.
After generating security audit report, security audit report is sent to the corresponding terminal of operation code, for
Operation code counterpart terminal is after receiving security audit report, according to security audit report prompt to the corresponding skill of operation code
Art personnel, the place to need to modify in operation code, in order to modify generation to be operated to the corresponding technical staff of operation code
Code.
Further, after generating security audit report, the corresponding modification side of each data in security audit report is obtained
Case sends jointly to the modification and security audit report to the corresponding terminal of operation code, in order to technical staff's root
It quickly modifies according to the modification to operation code.In embodiments of the present invention, it is corresponding to be previously stored with each weight index
Modification is such as stored in advance each item production O&M audit regulation and corresponds to modification, and each code security rule is corresponding to repair
Change scheme etc..
The present embodiment generates the security audit report to operation code by determining after operation code does not pass through audit
It accuses, security audit report is sent to in the corresponding terminal of operation code, so that terminal is after receiving security audit report,
Prompt is modified according to security audit report to operation code, in order to operation code pair to the corresponding technical staff of operation code
The technical staff answered quickly determines the place for needing to modify to operation code.
Further, the auditing method fourth embodiment of operation of the present invention code is proposed.
The auditing method fourth embodiment of the operation code and the auditing method the first, second or the of the operation code
The difference of three embodiments is, referring to Fig. 3, the auditing method of operation code further include:
Step S60, if each index sum of products is in pre-set level score range, it is determined that described logical to operation code
Audit is crossed, then configures corresponding operation ginseng to operation code to be described to the corresponding parameter to be configured of operation code according to described
Number, it is described to operation code after obtaining configuration operating parameter.
Step S70, will after configuration operating parameter described in be sent in preset production environment and run to operation code.
When determining that each index sum of products is in pre-set level score range, determine to operation code by auditing,
It obtains to the corresponding parameter to be configured of operation code, and according to the parameter to be configured, to configure corresponding operation to operation code
Parameter, after obtaining configuration operating parameter to operation code, such as configuration needed for operation code operational process to route and institute
The database etc. that need to be connected.When obtain configuration operating parameter after after operation code, by configure operating parameter after wait operate
Code is sent in preset production environment and runs, which can determine according to parameter to be configured.
The present embodiment is by determining after operation code is by audit, according to the corresponding ginseng to be configured of operation code
Number, to configure corresponding operating parameter to operation code, and being sent to after configuration operating parameter to operation code is preset
It runs, is avoided before whether determination passes through audit to operation code in production environment, to configure operation ginseng to operation code
Number simplifies the audit process audited to operation code.
In addition, the present invention also provides a kind of audit device of operation code, the audit of the operation code fills referring to Fig. 4
It sets and includes:
Computing module 10, for when receiving after operation code, calculate it is described to operation code in weight index
Index score value, wherein described at least to correspond to two weight indexs to operation code;
Module 20 is obtained, for obtaining the corresponding default weighted value of each weight index;
The computing module 10 is also used to calculate the finger between each index score value and the corresponding default weighted value
Scalar multiplication product;
Determining module 30, if for each index sum of products not in pre-set level score range, it is determined that it is described to
Operation code does not pass through audit;
Disabled module 40 is sent to described in preset production environment to operation code for forbidding.
Further, when the weight index is production O&M index, the computing module 10 includes:
First acquisition unit, for when receiving after operation code, obtaining the corresponding production O&M of production O&M index
Audit regulation collection;
First computing unit, the first regular quantity concentrated for calculating the production O&M audit regulation;It calculates in institute
It states production O&M audit regulation to concentrate, with the Second Rule quantity to the matched production O&M audit regulation of operation code;
The life to operation code in production O&M index is calculated according to the described first regular quantity and the Second Rule quantity
Produce O&M index score value.
Further, when the weight index is algorithm Walkthrough index, the computing module 10 further include:
Second acquisition unit, for when receiving after operation code, the corresponding each code of acquisition algorithm Walkthrough index
Safety regulation collection;
Comparison unit, for being compared described to operation code and each code security rule set;
First determination unit, for according to compare resulting comparing result determine it is described to operation code in each generation
The regular score that code safety regulation is concentrated;
The second acquisition unit is also used to obtain the corresponding regular weight of each code security rule set;
Second computing unit, it is described to obtain for calculating the regular product of each regular score and rule of correspondence weight
To algorithm Walkthrough index score value of the operation code in the algorithm Walkthrough index.
Further, when the weight index is that code compares index, the computing module 10 includes:
Third acquiring unit, it is described to operation code corresponding history generation for obtaining when receiving after operation code
Code;
Third computing unit, it is described to the dispersion degree value between operation code and the history codes for calculating;If
The dispersion degree value is less than predeterminable level value, then the degree calculated between the dispersion degree value and the predeterminable level value is poor
Value;
Second determination unit, for comparing index in the code to operation code according to degree difference determination is described
In code compare index score value.
Further, when the weight index is database manipulation index, the computing module 10 includes:
Detection unit, for when receiving after operation code, detection it is described to operation code in the process of running, if
There are the operations of illegal connection database;
4th acquiring unit, if for it is described to operation code in the process of running, not there is no illegal connection database
Operation, then obtain the private data collection of the database manipulation index;
Third determination unit, for determining that the private data is concentrated, with described to the matched target privacy of operation code
Data;
4th acquiring unit is also used to obtain the corresponding private data score value of the target private data;
4th computing unit, for referring to operation code in database manipulation according to private data score value calculating is described
Operation index score value in mark.
Further, when the weight index is that business operation closes rule index, the computing module 10 includes:
5th acquiring unit closes the corresponding business of rule index for when receiving after operation code, obtaining business operation
Close rule rule;
4th determination unit, for determining that the business is closed in rule rule, with described to the matched target industry of operation code
Rule rule is closed in business;
5th acquiring unit is also used to obtain each article of target service and closes the corresponding conjunction rule score value of rule rule, and obtains
It closes and advises default score value;
5th computing unit closes the corresponding conjunction rule of rule rule for the default score value of conjunction rule to be subtracted each target service
Score value obtains the conjunction rule index score value closed to operation code in the business operation in rule index.
Further, the determining module 30 is also used to determine the corresponding approval node of the weight index;
The acquisition module 20 is also used to obtain default score value of each approval node in each weight index;
The computing module 10 is also used to be referred to according to the corresponding each weight of calculating of the corresponding default score value of each weight index
Target presets weighted value.
Further, the computing module 10 further include:
6th acquiring unit, for when receiving after operation code, the default approval node of acquisition to be authorized described wait operate
The Authorization result of code operation permission;
6th computing unit, if authorizing the examining to operation code operation permission for determining according to the Authorization result
It criticizes number of nodes and is more than or equal to default number of nodes, then calculate the index to operation code in weight index and divide
Value.
Further, the audit device of the operation code further include:
Generation module is reported for generating the security audit to operation code;
First sending module, it is described in the corresponding terminal of operation code for security audit report to be sent to,
So that the terminal is after receiving the security audit report, to the corresponding technical staff of operation code according to institute described in prompt
It is described to operation code to state security audit report modification.
Further, if the determining module 30 is also used to each index sum of products in pre-set level score range,
Pass through audit to operation code described in then determining;
The audit device of the operation code further include:
Configuration module, for, to the corresponding parameter to be configured of operation code, being configured to be described to operation code according to described
Corresponding operating parameter, it is described to operation code after obtaining configuration operating parameter;
Second sending module, for being sent to preset production environment to operation code described in configuring after operating parameter
Middle operation.
It should be noted that the auditing method of each embodiment of the audit device of operation code and aforesaid operations code
Each embodiment is essentially identical, and in this not go into detail.
In addition, the present invention also provides a kind of audit devices of operation code.As shown in figure 5, Fig. 5 is embodiment of the present invention side
The structural schematic diagram for the hardware running environment that case is related to.
It should be noted that Fig. 5 can be the structural schematic diagram of the hardware running environment of the audit device of operation code.This
The audit device of inventive embodiments operation code can be PC, the terminal devices such as portable computer.
As shown in figure 5, the audit device of the operation code may include: processor 1001, such as CPU, memory 1005,
User interface 1003, network interface 1004, communication bus 1002.Wherein, communication bus 1002 is for realizing between these components
Connection communication.User interface 1003 may include display screen (Display), input unit such as keyboard (Keyboard), can
Selecting user interface 1003 can also include standard wireline interface and wireless interface.Network interface 1004 optionally may include mark
Wireline interface, the wireless interface (such as WI-FI interface) of standard.Memory 1005 can be high speed RAM memory, be also possible to stablize
Memory (non-volatile memory), such as magnetic disk storage.Memory 1005 optionally can also be independently of preceding
State the storage device of processor 1001.
Optionally, the audit device of operation code can also include camera, RF (Radio Frequency, radio frequency) electricity
Road, sensor, voicefrequency circuit, WiFi module etc..
It will be understood by those skilled in the art that the audit device structure of operation code shown in Fig. 5 is not constituted to behaviour
The restriction for making the audit device of code may include perhaps combining certain components or not than illustrating more or fewer components
Same component layout.
As shown in figure 5, as may include that operating system, network are logical in a kind of memory 1005 of computer storage medium
Believe the auditing procedure of module, Subscriber Interface Module SIM and operation code.Wherein, operating system manages and controls operation code
The program of audit device hardware and software resource supports the auditing procedure of operation code and the operation of other softwares or program.
In the audit device of operation code shown in Fig. 5, user interface 1003 is mainly used for connecting client (user
End), data communication is carried out with client;Network interface 1004 is mainly used for connecting background server, carries out with background server
Data communication;Processor 1001 can be used for calling the auditing procedure of the operation code stored in memory 1005, and execute such as
The step of auditing method of the upper operation code.
The audit device specific embodiment of operation of the present invention code and each embodiment of auditing method of aforesaid operations code
Essentially identical, details are not described herein.
In addition, the embodiment of the present invention also proposes a kind of computer readable storage medium, the computer readable storage medium
On be stored with the auditing procedure of operation code, realized when the auditing procedure of the operation code is executed by processor as described above
The step of auditing method of operation code.
Each embodiment of auditing method of computer readable storage medium specific embodiment of the present invention and aforesaid operations code
Essentially identical, details are not described herein.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or the device that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, method of element, article or device.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in a storage medium
In (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, computer, clothes
Business device, air conditioner or the network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (18)
1. a kind of auditing method of operation code, which is characterized in that the auditing method of the operation code the following steps are included:
When receiving after operation code, calculate the index score value to operation code in weight index, wherein it is described to
Operation code at least corresponds to two weight indexs;
The corresponding default weighted value of each weight index is obtained, each index score value and the corresponding default weighted value are calculated
Between index product;
If each index sum of products is not in pre-set level score range, it is determined that it is described not pass through audit to operation code,
And forbid being sent to described in preset production environment to operation code.
2. the auditing method of operation code as described in claim 1, which is characterized in that when the weight index is production O&M
It is described when receiving after operation code when index, calculate the step of the index score value to operation code in weight index
Suddenly include:
When receiving after operation code, the corresponding production O&M audit regulation collection of production O&M index is obtained, and described in calculating
Produce the O&M audit regulation is concentrated first regular quantity;
It calculates and is concentrated in the production O&M audit regulation, produce the of O&M audit regulation to operation code is matched with described
Two regular quantity;
According to the described first regular quantity and the Second Rule quantity calculate it is described to operation code in production O&M index
Production O&M index score value.
3. the auditing method of operation code as described in claim 1, which is characterized in that when the weight index is algorithm Walkthrough
It is described when receiving after operation code when index, calculate the step of the index score value to operation code in weight index
Suddenly include:
When receiving after operation code, the corresponding each code security rule set of acquisition algorithm Walkthrough index;
It is compared described to operation code and each code security rule set, according to comparing, resulting comparing result is true
The fixed regular score to operation code in each code security rule set;
The corresponding regular weight of each code security rule set is obtained, and calculates the rule of each regular score and rule of correspondence weight
Then product, to obtain the algorithm Walkthrough index score value to operation code in the algorithm Walkthrough index.
4. the auditing method of operation code as described in claim 1, which is characterized in that when the weight index is code comparison
It is described when receiving after operation code when index, calculate the step of the index score value to operation code in weight index
Suddenly include:
When receiving after operation code, acquisition is described to the corresponding history codes of operation code, and calculates the generation to be operated
Dispersion degree value between code and the history codes;
If the dispersion degree value is less than predeterminable level value, calculate between the dispersion degree value and the predeterminable level value
Degree difference;
The code comparison index score value to operation code in code comparison index is determined according to the degree difference.
5. the auditing method of operation code as described in claim 1, which is characterized in that when the weight index is database behaviour
It is described when receiving after operation code when making index, calculate the index score value to operation code in weight index
Step includes:
When receiving after operation code, described in detection in the process of running to operation code, if there are illegal connection data
The operation in library;
If it is described to operation code in the process of running, not there is no the operation of illegal connection database, then obtain the database
The private data collection of operation index;
Determine that the private data is concentrated, with described to the matched target private data of operation code, and it is hidden to obtain the target
The corresponding private data score value of private data;
The operation index score value to operation code in database manipulation index is calculated according to the private data score value.
6. the auditing method of operation code as described in claim 1, which is characterized in that when the weight index is business operation
It is described when receiving after operation code when closing rule index, calculate the index score value to operation code in weight index
The step of include:
When receiving after operation code, obtains business operation and close the corresponding business conjunction rule rule of rule index, and determine the industry
Business is closed in rule rule, closes rule rule to the matched target service of operation code with described;
It obtains each target service and closes the corresponding conjunction rule score value of rule rule, and obtain to close and advise default score value;
Default score value is advised into the conjunction and subtracts the corresponding conjunction rule score value of each target service conjunction rule rule, obtains the generation to be operated
Code closes the conjunction in rule index in the business operation and advises index score value.
7. the auditing method of operation code as described in claim 1, which is characterized in that each weight index of acquisition is corresponding
Default weighted value the step of before, further includes:
It determines the corresponding approval node of the weight index, obtains default point of each approval node in each weight index
Value;
According to the corresponding default weighted value for calculating each weight index of the corresponding default score value of each weight index.
8. the auditing method of operation code as described in claim 1, which is characterized in that described to receive to operation code
Afterwards, the step of calculating the index score value to operation code in weight index include:
When receiving after operation code, obtains default approval node and authorize the authorization knot to operation code operation permission
Fruit;
It is greater than or waits if is determined according to the Authorization result and authorizing the approval node quantity to operation code operation permission
In default number of nodes, then the index score value to operation code in weight index is calculated.
9. the auditing method of operation code as claimed in any one of claims 1 to 8, which is characterized in that if each index
The sum of products is not in pre-set level score range, it is determined that it is described not pass through audit to operation code, and forbid by it is described to
Operation code is sent to after the step in preset production environment, further includes:
The security audit to operation code is generated to report;
Security audit report is sent to it is described in the corresponding terminal of operation code, so that the terminal is receiving
After stating security audit report, described in prompt to the corresponding technical staff of operation code according to security audit report modification
To operation code.
10. the auditing method of operation code as claimed in any one of claims 1 to 8, which is characterized in that described to obtain each power
The corresponding default weighted value of weight index calculates the index product between each index score value and the corresponding default weighted value
The step of after, further includes:
If each index sum of products is in pre-set level score range, it is determined that described to pass through audit, and root to operation code
According to described to the corresponding parameter to be configured of operation code, corresponding operating parameter is configured to operation code to be described, is configured
It is described to operation code after operating parameter;
Will after configuration operating parameter described in be sent in preset production environment and run to operation code.
11. a kind of audit device of operation code, which is characterized in that the audit device of the operation code includes:
Computing module, for calculating the index to operation code in weight index point when receiving after operation code
Value, wherein described at least to correspond to two weight indexs to operation code;
Module is obtained, for obtaining the corresponding default weighted value of each weight index;
The computing module is also used to calculate the index product between each index score value and the corresponding default weighted value;
Determining module, if for each index sum of products not in pre-set level score range, it is determined that the generation to be operated
Code does not pass through audit;
Disabled module is sent to described in preset production environment to operation code for forbidding.
12. the audit device of operation code as claimed in claim 11, which is characterized in that when the weight index is production fortune
When tieing up index, the computing module includes:
First acquisition unit, for when receiving after operation code, obtaining the corresponding production O&M audit of production O&M index
Rule set;
First computing unit, the first regular quantity concentrated for calculating the production O&M audit regulation;It calculates in the life
It produces O&M audit regulation to concentrate, with the Second Rule quantity to the matched production O&M audit regulation of operation code;According to
Described first regular quantity and the Second Rule quantity calculate the production fortune to operation code in production O&M index
Tie up index score value.
13. the audit device of operation code as claimed in claim 11, which is characterized in that when the weight index is walked for algorithm
When looking into index, the computing module further include:
Second acquisition unit, for when receiving after operation code, the corresponding each code security of acquisition algorithm Walkthrough index
Rule set;
Comparison unit, for being compared described to operation code and each code security rule set;
First determination unit, for described pacifying to operation code in each code according to comparing resulting comparing result and determine
Regular score in full rule set;
The second acquisition unit is also used to obtain the corresponding regular weight of each code security rule set;
Second computing unit, it is described wait grasp to obtain for calculating the regular product of each regular score and rule of correspondence weight
Make algorithm Walkthrough index score value of the code in the algorithm Walkthrough index.
14. the audit device of operation code as claimed in claim 11, which is characterized in that when the weight index is code ratio
When to index, the computing module includes:
Third acquiring unit, it is described to the corresponding history codes of operation code for obtaining when receiving after operation code;
Third computing unit, it is described to the dispersion degree value between operation code and the history codes for calculating;If described
Dispersion degree value is less than predeterminable level value, then calculates the degree difference between the dispersion degree value and the predeterminable level value;
Second determination unit, for being compared in index to operation code in the code according to degree difference determination is described
Code compares index score value.
15. the audit device of operation code as claimed in claim 11, which is characterized in that when the weight index is database
When operation index, the computing module includes:
Detection unit, for when receiving after operation code, detection it is described to operation code in the process of running, if exist
The operation of illegal connection database;
4th acquiring unit, if for it is described to operation code in the process of running, not there is no the operation of illegal connection database,
Then obtain the private data collection of the database manipulation index;
Third determination unit, for determining that the private data is concentrated, with described to the matched target private data of operation code;
4th acquiring unit is also used to obtain the corresponding private data score value of the target private data;
4th computing unit, for according to the private data score value calculate it is described to operation code in database manipulation index
Operation index score value.
16. the audit device of operation code as claimed in claim 11, which is characterized in that when the weight index is business behaviour
When making to close rule index, the computing module includes:
5th acquiring unit closes the corresponding business conjunction rule of rule index for when receiving after operation code, obtaining business operation
Rule;
4th determination unit is closed with described to the matched target service of operation code for determining that the business is closed in rule rule
Rule rule;
5th acquiring unit is also used to obtain each article of target service and closes the corresponding conjunction rule score value of rule rule, and obtains and close rule
Default score value;
5th computing unit subtracts the corresponding conjunction rule point of each target service conjunction rule rule for default score value to be advised in the conjunction
Value obtains the conjunction rule index score value closed to operation code in the business operation in rule index.
17. a kind of audit device of operation code, which is characterized in that the audit device of the operation code includes memory, place
Reason device and the auditing procedure for being stored in the operation code that can be run on the memory and on the processor, the operation generation
The audit of the operation code as described in any one of claims 1 to 10 is realized when the auditing procedure of code is executed by the processor
The step of method.
18. a kind of computer readable storage medium, which is characterized in that be stored with operation generation on the computer readable storage medium
The auditing procedure of code realizes such as any one of claims 1 to 10 when the auditing procedure of the operation code is executed by processor
The step of auditing method of the operation code.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910352487.2A CN110096868A (en) | 2019-04-28 | 2019-04-28 | Auditing method, device, equipment and the computer readable storage medium of operation code |
PCT/CN2020/081447 WO2020220881A1 (en) | 2019-04-28 | 2020-03-26 | Method, apparatus and device for auditing operation code, and computer-readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910352487.2A CN110096868A (en) | 2019-04-28 | 2019-04-28 | Auditing method, device, equipment and the computer readable storage medium of operation code |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110096868A true CN110096868A (en) | 2019-08-06 |
Family
ID=67446211
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910352487.2A Pending CN110096868A (en) | 2019-04-28 | 2019-04-28 | Auditing method, device, equipment and the computer readable storage medium of operation code |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110096868A (en) |
WO (1) | WO2020220881A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110990249A (en) * | 2019-10-11 | 2020-04-10 | 平安科技(深圳)有限公司 | Code scanning result processing method and device, computer equipment and storage medium |
WO2020220881A1 (en) * | 2019-04-28 | 2020-11-05 | 深圳前海微众银行股份有限公司 | Method, apparatus and device for auditing operation code, and computer-readable storage medium |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103581186B (en) * | 2013-11-05 | 2016-09-07 | 中国科学院计算技术研究所 | A kind of network security situational awareness method and system |
US20160197943A1 (en) * | 2014-06-24 | 2016-07-07 | Leviathan, Inc. | System and Method for Profiling System Attacker |
CN109101511A (en) * | 2017-06-20 | 2018-12-28 | 平安科技(深圳)有限公司 | Products Show method, equipment and computer readable storage medium |
CN109688183B (en) * | 2018-08-20 | 2022-08-19 | 深圳壹账通智能科技有限公司 | Group control equipment identification method, device, equipment and computer readable storage medium |
CN110096868A (en) * | 2019-04-28 | 2019-08-06 | 深圳前海微众银行股份有限公司 | Auditing method, device, equipment and the computer readable storage medium of operation code |
-
2019
- 2019-04-28 CN CN201910352487.2A patent/CN110096868A/en active Pending
-
2020
- 2020-03-26 WO PCT/CN2020/081447 patent/WO2020220881A1/en active Application Filing
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020220881A1 (en) * | 2019-04-28 | 2020-11-05 | 深圳前海微众银行股份有限公司 | Method, apparatus and device for auditing operation code, and computer-readable storage medium |
CN110990249A (en) * | 2019-10-11 | 2020-04-10 | 平安科技(深圳)有限公司 | Code scanning result processing method and device, computer equipment and storage medium |
CN110990249B (en) * | 2019-10-11 | 2023-11-14 | 平安科技(深圳)有限公司 | Code scanning result processing method, device, computer equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
WO2020220881A1 (en) | 2020-11-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Wickramasinghe et al. | Trustworthy AI development guidelines for human system interaction | |
Seifermann et al. | Data-driven software architecture for analyzing confidentiality | |
US8935191B2 (en) | Reuse of on-demand enterprise system customization knowledge utilizing collective experience | |
CN105095970B (en) | The execution method and system of third-party application | |
CN105844422A (en) | Business flow execution method and device | |
del Mar Roldán-García et al. | Enhancing semantic consistency in anti-fraud rule-based expert systems | |
CN110096868A (en) | Auditing method, device, equipment and the computer readable storage medium of operation code | |
Khan et al. | Transforming the capabilities of artificial intelligence in GCC financial sector: a systematic literature review | |
US20220358509A1 (en) | Methods and System for Authorizing a Transaction Related to a Selected Person | |
Awad et al. | Adaptive learning of contractor default prediction model for surety bonding | |
CN106910071A (en) | The verification method and device of user identity | |
CN114219596A (en) | Data processing method based on decision tree model and related equipment | |
Ma et al. | Combining Fine-Tuning and LLM-based Agents for Intuitive Smart Contract Auditing with Justifications | |
CN117436112A (en) | User permission data processing method and device | |
Mazeika et al. | Identifying security issues with mbse while rebuilding legacy software systems | |
US20190197440A1 (en) | Systems and methods for an attribute generator tool workflow | |
CN115563164A (en) | Rule engine generation method, device, equipment and readable storage medium | |
Alzahrani et al. | Secure software design evaluation and decision making model for ubiquitous computing: A two-stage ANN-Fuzzy AHP approach | |
Ghiduk et al. | An empirical study of local‐decision‐making‐based software customization in distributed development | |
Elsaid et al. | Proposed framework for planning software releases using fuzzy rule‐based system | |
Naik et al. | Robustness Contracts for Scalable Verification of Neural Network-Enabled Cyber-Physical Systems | |
Bhat et al. | Automatic Method to Rate Websites Based on Terms of Services | |
Bak et al. | Ontological modeling of a class of linked economic crimes | |
US20090276382A1 (en) | Detection of unknown scenarios | |
CN114996149B (en) | Code defect prediction method based on program slice measurement |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |