CN110245848B - Method and device for evaluating risk of program code - Google Patents
Method and device for evaluating risk of program code Download PDFInfo
- Publication number
- CN110245848B CN110245848B CN201910468789.6A CN201910468789A CN110245848B CN 110245848 B CN110245848 B CN 110245848B CN 201910468789 A CN201910468789 A CN 201910468789A CN 110245848 B CN110245848 B CN 110245848B
- Authority
- CN
- China
- Prior art keywords
- function
- program code
- weight
- target program
- external interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000012502 risk assessment Methods 0.000 claims abstract description 55
- 238000004364 calculation method Methods 0.000 claims abstract description 24
- 230000008859 change Effects 0.000 claims abstract description 6
- 238000011156 evaluation Methods 0.000 claims description 15
- 238000010606 normalization Methods 0.000 claims description 11
- 238000012545 processing Methods 0.000 claims description 11
- 238000012546 transfer Methods 0.000 claims description 8
- 230000006870 function Effects 0.000 description 254
- 239000010410 layer Substances 0.000 description 9
- 238000010586 diagram Methods 0.000 description 6
- 239000012792 core layer Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002688 persistence Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000013499 data model Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 229920001690 polydopamine Polymers 0.000 description 1
- 238000000275 quality assurance Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Entrepreneurship & Innovation (AREA)
- Economics (AREA)
- Strategic Management (AREA)
- General Physics & Mathematics (AREA)
- Marketing (AREA)
- Multimedia (AREA)
- Tourism & Hospitality (AREA)
- Operations Research (AREA)
- General Business, Economics & Management (AREA)
- Educational Administration (AREA)
- Game Theory and Decision Science (AREA)
- Quality & Reliability (AREA)
- Development Economics (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Stored Programmes (AREA)
Abstract
One or more embodiments of the present specification provide a method and apparatus for risk assessment of program code, the method comprising: calculating the weight of a function in the target program code to be evaluated based on a preset weight calculation rule; determining an objective function in which a change occurs in the object program code; and performing risk assessment on the target program code based on the weight of the target function.
Description
Technical Field
One or more embodiments of the present disclosure relate to the field of computer application technologies, and in particular, to a method and an apparatus for risk assessment of program code.
Background
Nowadays, internet software is updated frequently, and the updating time interval is also shorter. Generally, before software is released for users, risk assessment needs to be performed on the software, so that corresponding quality assurance and human input decision can be made according to the risk. So far, the risk assessment of the software needs to be performed by a technician, that is, the technician performs risk scene analysis on the software by virtue of his own experience to assess the risk of the software. However, on the one hand, the risk assessment of the software is inefficient; on the other hand, because there is no unified standard for risk assessment of software, accuracy is poor, and it is also difficult to compare and analyze risks of different software.
Disclosure of Invention
The present specification proposes a method of risk assessment of program code, the method comprising:
calculating the weight of a function in the target program code to be evaluated based on a preset weight calculation rule;
determining an objective function in which a change occurs in the object program code;
and performing risk assessment on the target program code based on the weight of the target function.
Optionally, the weight calculation rule includes: a weight distribution sub-rule; and, weight passing sub-rules;
the calculating the weight of the function in the target program code to be evaluated based on the preset weight calculation rule comprises the following steps:
distributing weights for external interface functions in the target program codes to be evaluated based on the weight distribution sub-rules;
and calculating the weight of a function which has a calling relationship with the external interface function in the target program code based on the weight transfer sub-rule and the weight of the external interface function.
Optionally, the assigning a weight to an external interface function in the target program code to be evaluated based on the weight assignment sub-rule includes:
counting the number of times of calling the external interface function in a preset time period;
normalizing the called times;
and distributing weight to the external interface function based on the called times after the normalization processing.
Optionally, the weight passing sub-rule includes:
and averagely distributing the weight of the calling function to the called function corresponding to the calling function.
Optionally, the method further comprises:
and determining the weight of a function which does not have a calling relationship with the external interface function in the target program code as 0.
Optionally, the determining an objective function that changes in the object program code includes:
and determining an objective function changed in the target program code based on the version information of the target program code.
Optionally, the performing risk assessment on the target program code based on the weight of the target function includes:
and calculating the sum of the weights of the target function, and outputting the sum of the weights to a user as a risk score of the target program code so as to carry out risk assessment on the target program code by the user based on the risk score.
The present specification also proposes a risk assessment device of program code, the device comprising:
the calculation module is used for calculating the weight of a function in the target program code to be evaluated based on a preset weight calculation rule;
a first determining module, configured to determine an objective function that changes in the object program code;
and the evaluation module is used for carrying out risk evaluation on the target program code based on the weight of the target function.
Optionally, the weight calculation rule includes: a weight distribution sub-rule; and, weight passing sub-rules;
the calculation module is specifically configured to:
distributing weights for external interface functions in the target program codes to be evaluated based on the weight distribution sub-rules;
and calculating the weight of a function which has a calling relationship with the external interface function in the target program code based on the weight transfer sub-rule and the weight of the external interface function.
Optionally, the calculation module is specifically configured to:
counting the number of times of calling the external interface function in a preset time period;
normalizing the called times;
and distributing weight to the external interface function based on the called times after the normalization processing.
Optionally, the weight passing sub-rule includes:
and averagely distributing the weight of the calling function to the called function corresponding to the calling function.
Optionally, the apparatus further comprises:
and the second determining module is used for determining the weight of a function which does not have a calling relationship with the external interface function in the target program code as 0.
Optionally, the first determining module is specifically configured to:
and determining an objective function changed in the target program code based on the version information of the target program code.
Optionally, the evaluation module is specifically configured to:
and calculating the sum of the weights of the target function, and outputting the sum of the weights to a user as a risk score of the target program code so as to carry out risk assessment on the target program code by the user based on the risk score.
In the above technical solution, by calculating the weight of the function in the program code to be evaluated and performing risk evaluation on the program code based on the weight of the function that changes in the program code, quantitative risk evaluation for the program code can be realized. By adopting the mode, on one hand, because the electronic equipment can carry out risk assessment on the locally stored program codes and technical personnel do not need to finish the risk assessment by themselves, the risk assessment efficiency aiming at the program codes can be improved; on the other hand, since the weights of the respective functions in the program code can be determined based on the specific rule and the quantitative risk of the program code can be determined based on the weight of the function that has changed, the accuracy of risk assessment for the program code can be improved, and different program codes can be compared and analyzed based on the quantitative risk.
Drawings
FIG. 1 is a flow chart of a method for risk assessment of program code shown in an exemplary embodiment of the present description;
FIG. 2 is a schematic diagram of a software system shown in an exemplary embodiment of the present description;
FIG. 3 is a block diagram of an electronic device with a risk assessment device of program code according to an exemplary embodiment of the present disclosure;
FIG. 4 is a block diagram of a risk assessment device of program code shown in an exemplary embodiment of the present description.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of one or more embodiments of the specification, as detailed in the claims which follow.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The application provides a technical scheme for performing risk assessment on a program code by calculating the weight of a function in the program code to be assessed and based on the weight of a function which changes in the program code.
In a specific implementation, a technician may set weight calculation rules on the electronic device in advance. The electronic device may calculate weights for functions in the program code to be evaluated based on the weight calculation rule.
Subsequently, the electronic device can determine a changed function in the program code and perform a quantitative risk assessment of the program code based on the weight of the changed function.
In the above technical solution, by calculating the weight of the function in the program code to be evaluated and performing risk evaluation on the program code based on the weight of the function that changes in the program code, quantitative risk evaluation for the program code can be realized. By adopting the mode, on one hand, because the electronic equipment can carry out risk assessment on the locally stored program codes and technical personnel do not need to finish the risk assessment by themselves, the risk assessment efficiency aiming at the program codes can be improved; on the other hand, since the weights of the respective functions in the program code can be determined based on the specific rule and the quantitative risk of the program code can be determined based on the weight of the function that has changed, the accuracy of risk assessment for the program code can be improved, and different program codes can be compared and analyzed based on the quantitative risk.
The present specification is described below by way of specific examples.
Referring to fig. 1, fig. 1 is a flowchart illustrating a risk assessment method for program code according to an exemplary embodiment of the present disclosure. The method can be applied to electronic devices such as servers, computers, mobile phones, tablet devices, notebook computers or palm computers (PDAs), and the description does not limit the method. The method may comprise the steps of:
And 103, performing risk assessment on the target program code based on the weight of the target function.
In this embodiment, a technician may set a weight calculation rule for a function in the program code on the electronic device in advance, and the subsequent electronic device may calculate the weight of the function in the program code based on the weight calculation rule.
When the electronic device detects a risk assessment instruction for a certain locally stored program code (for example, a program code of a certain software system, or a program code for implementing a certain business function, etc.), the electronic device may take the certain program code as a target program code, obtain a function in the target program code, and calculate a weight of the function in the target program function based on the weight calculation rule.
For example, when a user needs to perform risk assessment on the target program code, the user may select the target program code through a user interface provided by the electronic device, and click a "risk assessment" button in the user interface to initiate a risk assessment operation for the target program code. When the electronic device detects the click operation of the user on the "risk assessment" button, it may be regarded as detecting the risk assessment operation on the target program code, so that the function in the target program code may be acquired, and the weight of the function in the target program function may be calculated based on the weight calculation rule.
Alternatively, the electronic device may regard that a risk assessment operation for the object program code is detected when the object program code is detected to be changed, so that a function in the object program code may be acquired, and a weight of the function in the object program function may be calculated based on the weight calculation rule.
In one embodiment, the preset weight calculation rule may include: a weight distribution sub-rule; and, the weight passes the sub-rule.
The electronic device may assign a weight to the external interface function in the target program code based on the weight assignment sub-rule. After the weight assignment for the external interface function is completed, the electronic device may calculate, based on the weight transfer sub-rule and the weight assigned to the external interface function, a weight of a function in the target program code, which has a call relationship with the external interface function.
It should be noted that, for a program code, an external interface function therein is a function that can be called by an external program outside the program code; the functions with calling relation with the external interface function comprise: a function directly called by the external interface function (called a direct call function); and, functions indirectly called by the external interface function, such as: functions called further by the direct calling function (called indirect calling functions of the first kind); or a function further called by the first type of indirect calling function (called a second type of indirect calling function); and so on.
In practical applications, the preset weight distribution sub-rule may include: distributing weight to the external interface function based on the called times of the external interface function; the external interface function with a larger number of times is assigned a larger weight.
Since the external interface function has a specific function format, after acquiring a certain function in the target program code, the electronic device may determine whether the function is an external interface function by analyzing the function format of the function, that is, in this way, the electronic device may acquire all external interface functions in the target program code.
After the external interface function is obtained, the electronic device may count the number of times the external interface function is called in a preset time period. The preset time period may be set by the user, for example: the user may set the previous hour of the current time as the time period; alternatively, the preset time period may be a default value, such as: a time period from a start time of the electronic device to a current time.
Specifically, when a certain external interface function in the electronic device is called, the electronic device may generally generate corresponding log information to record the call of the external interface function, so that the electronic device may count the number of times that the external interface function is called in the time period based on all log information corresponding to the external interface function in the time period.
Or, the electronic device may record the number of times the external interface function is called in the time period. Wherein the initial value of the called times is 0; the electronic device may add 1 to the number of times the external interface function is called.
After determining the number of times of the external interface function being called within a preset time period, the electronic device may perform normalization processing on the number of times of being called, and assign a weight to the external interface function based on the number of times of being called after the normalization processing.
For example, assume that the target program code includes 3 external interface functions, which are external interface function 1, external interface function 2, and external interface function 3; further, assuming that the number of times of call of the external interface function 1 obtained by statistics is 1200 times, the number of times of call of the external interface function 2 is 400 times, and the number of times of call of the external interface function 3 is 1000 times, after normalization processing is performed on the number of times of call of the three external interface functions, the weight assigned to the external interface function 1 by the electronic device may be 3, the weight assigned to the external interface function 2 may be 1, and the weight assigned to the external interface function 3 may be 2.5.
In practical applications, for a function in the program code having a calling relationship with an external interface function, the weight set for the function called by the function with the higher weight may be generally larger. In this case, the preset weight transfer sub-rule may include: and averagely distributing the weight of the calling function to the called function corresponding to the calling function.
After the weight distribution for the external interface function is completed, the electronic device may obtain all functions called by the external interface function, that is, obtain all direct calling functions of the external interface function, and averagely distribute the weight of the external interface function to the direct calling functions; after the weight distribution for a certain direct call function is completed, the electronic device may further obtain all functions called by the direct call function, that is, obtain all first-class indirect call functions corresponding to the direct call function, and averagely distribute the weight of the direct call function to the first-class indirect call functions; and so on.
For example, assuming that the weight of an external interface function in the target program code is 3, the external interface function calls 2 direct call functions, namely, the direct call function 1 and the direct call function 2, the electronic device may equally allocate the weight of the external interface function to the 2 direct call functions, that is, the weight allocated to the direct call function 1 by the electronic device may be 1.5, and the weight allocated to the direct call function 2 may also be 1.5.
It should be noted that, in the program code, if there is no call relationship between a certain function and any external interface function in the program code, it indicates that the function does not call other functions in the program code, and is not called by other functions in the program code, that is, the change of the function has little influence on the operation of the program code, and therefore, the weight of the function may be determined to be 0.
In practical application, a weight may also be set for a function in the program code, which does not have a call relationship with the external interface function, according to an actual requirement, which is not limited in this specification.
After determining the weights of the functions in the object program code, the electronic device may further determine an object function that changes in the object program code.
In one embodiment, the electronic device may determine an objective function of the object program code, which is changed based on the version information of the object program code.
Generally, after a technician updates program code in an electronic device, the electronic device may generate corresponding version information. Wherein, the version information may include: a version number of the updated program code; and a function that changes in the updated program code as compared with the original program code. For example, after a technician updates the program code with the version number of 1.0 in the electronic device, the electronic device may update the version number of the updated program code to 2.0, and determine a function that is changed compared to the program code of the version 1.0 in the program code of the version 2.0, so that version information including the updated version number and the changed function may be generated.
In this case, the electronic device may acquire the changed function recorded in the latest version information of the object program code and determine the function as the changed object function in the object program code.
In practical applications, a technician may designate a standard program code, and the electronic device may compare the target program code with the standard program code to determine a function different from the standard program code in the target program code as a changed target function.
After determining the objective function that changes in the object program code, the electronic device may perform risk assessment on the object program code based on the weight of the objective function.
In one embodiment, the electronic device may sum the weights of all objective functions in the target program code and use the sum of the weights as the risk score of the target program code. Subsequently, the electronic device may output the risk score to the user for viewing by the user, so that the user may perform risk assessment on the target program code based on the risk score.
It should be noted that, for a program code, if the risk score of a certain program code is higher, it indicates that the function that changes in the program code has a larger influence on the operation of the program code, that is, it can be considered that the risk of the program code is higher; accordingly, if the risk score of a program code is low, the function indicating the change in the program code has a small influence on the operation of the program code, and the risk of the program code can be considered to be low.
In practical application, the electronic device may also output the weights of all objective functions in the object program code to a user for the user to view, so that the user may analyze the weights to evaluate the risk of the object program code.
In addition, the electronic device may calculate the weight of the function in the object program code in advance based on the weight calculation rule. Subsequently, the electronic device may determine a changed objective function in the target program code when detecting a risk assessment instruction for a certain locally stored program code, and perform risk assessment on the target program code based on the weight of the changed objective function.
Referring to fig. 2, fig. 2 is a schematic diagram of a software system shown in an exemplary embodiment of the present description. As shown in fig. 2, the program code of the software system may include: interface layer (Interface) program code; service layer (Service) program code; core layer (Core) program code; persistence layer (Database) program code; and, a kit (Utility) program code.
The interface layer may be used to provide services to the outside, including external interfaces, such as: an RPC (Remote Procedure Call) interface, etc.; the service layer is typically a collection of internal service algorithms of the software system, in which the internal business logic is encapsulated; the core layer is a bottom logic layer of the software system, and usually comprises logic for realizing functions such as data model conversion, external service invocation and the like; the persistence layer is a link layer facing the database in the software system; the kit may provide tools for each of the above layers.
In the software system, the function in the interface layer program code is an external interface function in the program code of the software system.
The present specification will be described below by taking the software system shown in fig. 2 as an example.
Assuming that the number of times of call of the external interface function I2 counted in the preset time period is 3 times of the number of times of call of the external interface function I1, after normalization processing, the weight assigned to the function I1 may be 1, and the weight assigned to the function I2 may be 3.
Since the function I1 only calls the function S1, the weight assigned to the function S1 may be 1; since the function I2 calls the function S2 and the function S3, the weight of the function I2 may be equally assigned to the function S2 and the function S3, that is, the weight assigned to the function S2 and the function S3 may be 1.5.
Since the function S1 calls the function C1 and the function C2, the weights assigned to both the function C1 and the function C2 may be 0.5; since the function S2 only calls the function C2, the weight assigned to the function C2 may be 1.5; since the function S3 calls the functions C3, U2, and U3, the weights assigned to the functions C3, U2, and U3 may all be 0.5.
Note that, since the function C2 is called by both the function S1 and the function S2, the weight of the function C2 may be finally determined to be 0.5+1.5 — 2.
Since the function C1 only calls the function D1, the weight assigned to the function D1 may be 0.5; since the function C2 only calls the function D2, the weight assigned to the function D2 may be 2; since the function C3 calls the function D2 and the function U4, the weight assigned to both the function D2 and the function U4 may be 0.25.
Likewise, since the function D2 is called by both the function C2 and the function C3, the weight of the function D2 can be finally determined to be 2+0.25 — 2.25.
Since the function U1 is not an external interface function, and there is no call relation with the function I1, nor with the function I2, the weight of the function U1 can be determined to be 0.
Subsequently, assuming that the function S2, the function D2, and the function U3 are changed in the program code of the software system, the risk score of the program code of the software system is 1.5+2.25+0.5 — 4.25.
In the above technical solution, by calculating the weight of the function in the program code to be evaluated and performing risk evaluation on the program code based on the weight of the function that changes in the program code, quantitative risk evaluation for the program code can be realized. By adopting the mode, on one hand, because the electronic equipment can carry out risk assessment on the locally stored program codes and technical personnel do not need to finish the risk assessment by themselves, the risk assessment efficiency aiming at the program codes can be improved; on the other hand, since the weights of the respective functions in the program code can be determined based on the specific rule and the quantitative risk of the program code can be determined based on the weight of the function that has changed, the accuracy of risk assessment for the program code can be improved, and different program codes can be compared and analyzed based on the quantitative risk.
In correspondence with the embodiments of the risk assessment method of the program code described above, the present specification also provides embodiments of a risk assessment apparatus of the program code.
The embodiment of the risk assessment device of the program code can be applied to electronic equipment. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. Taking a software implementation as an example, as a logical device, the device is formed by reading, by a processor of the electronic device where the device is located, a corresponding computer program instruction in the nonvolatile memory into the memory for operation. From a hardware aspect, as shown in fig. 3, the hardware structure diagram of the electronic device in which the risk assessment apparatus of the program code is located in this specification is shown, except for the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 3, the electronic device in which the apparatus is located in the embodiment may also include other hardware according to the actual function of the risk assessment of the program code, which is not described again.
Referring to fig. 4, fig. 4 is a block diagram of a risk assessment device of program code shown in an exemplary embodiment of the present specification. The apparatus 40 can be applied to the electronic device shown in fig. 3, and includes:
a calculating module 401, configured to calculate a weight of a function in the target program code to be evaluated based on a preset weight calculation rule;
a first determining module 402, configured to determine an objective function of the target program code that changes;
an evaluation module 403, configured to perform risk evaluation on the target program code based on the weight of the objective function.
In this embodiment, the weight calculation rule may include: a weight distribution sub-rule; and, weight passing sub-rules;
the calculation module 401 may specifically be configured to:
distributing weights for external interface functions in the target program codes to be evaluated based on the weight distribution sub-rules;
and calculating the weight of a function which has a calling relationship with the external interface function in the target program code based on the weight transfer sub-rule and the weight of the external interface function.
In this embodiment, the calculation module 401 may specifically be configured to:
counting the number of times of calling the external interface function in a preset time period;
normalizing the called times;
and distributing weight to the external interface function based on the called times after the normalization processing.
In this embodiment, the weight transfer sub-rule may include:
and averagely distributing the weight of the calling function to the called function corresponding to the calling function.
In this embodiment, the apparatus 40 may further include:
a second determining module 404, configured to determine a weight of a function, in the target program code, that has no call relation with the external interface function to be 0.
In this embodiment, the first determining module 402 may specifically be configured to:
and determining an objective function changed in the target program code based on the version information of the target program code.
In this embodiment, the evaluation module 403 may specifically be configured to:
and calculating the sum of the weights of the target function, and outputting the sum of the weights to a user as a risk score of the target program code so as to carry out risk assessment on the target program code by the user based on the risk score.
The implementation process of the functions and actions of each module in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
The system, apparatus or module illustrated in the above embodiments may be implemented by a computer chip or an entity, or by an article of manufacture with a certain function. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
Other embodiments of the present disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This specification is intended to cover any variations, uses, or adaptations of the specification following, in general, the principles of the specification and including such departures from the present disclosure as come within known or customary practice within the art to which the specification pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the specification being indicated by the following claims.
It will be understood that the present description is not limited to the precise arrangements described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present description is limited only by the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the one or more embodiments of the present disclosure, and is not intended to limit the scope of the one or more embodiments of the present disclosure, and any modifications, equivalent substitutions, improvements, etc. made within the spirit and principle of the one or more embodiments of the present disclosure should be included in the scope of the one or more embodiments of the present disclosure.
Claims (10)
1. A method of risk assessment of program code, the method comprising:
counting the called times of the external interface function in a preset time period, and carrying out normalization processing on the called times so as to distribute weight to the external interface function based on the called times after the normalization processing;
further based on a weight transfer sub-rule and the weight of the external interface function, calculating the weight of a function which has a calling relationship with the external interface function in the target program code;
determining an objective function in which a change occurs in the object program code;
and calculating the sum of the weights of the target function, and taking the sum of the weights as the risk score of the target program code so as to carry out risk assessment on the target program code based on the risk score.
2. The method of claim 1, the weight passing sub-rule, comprising:
and averagely distributing the weight of the calling function to the called function corresponding to the calling function.
3. The method of claim 1, further comprising:
and determining the weight of a function which does not have a calling relationship with the external interface function in the target program code as 0.
4. The method of claim 1, the determining an objective function for which a change in the object program code occurred, comprising:
and determining an objective function changed in the target program code based on the version information of the target program code.
5. The method of claim 1, the calculating a sum of weights for the objective function and using the sum of weights as a risk score for the target program code to risk assess the target program code based on the risk score, comprising:
and calculating the sum of the weights of the target function, and outputting the sum of the weights to a user as a risk score of the target program code so as to carry out risk assessment on the target program code by the user based on the risk score.
6. A risk assessment apparatus of program code, the apparatus comprising:
the calculation module is used for counting the called times of the external interface function in a preset time period, carrying out normalization processing on the called times, distributing weights to the external interface function based on the called times after the normalization processing, and further calculating the weight of a function with a calling relation between the target program code and the external interface function based on a weight transfer sub-rule and the weight of the external interface function;
a first determining module, configured to determine an objective function that changes in the object program code;
and the evaluation module is used for calculating the sum of the weights of the target function, taking the sum of the weights as the risk score of the target program code, and carrying out risk evaluation on the target program code based on the risk score.
7. The apparatus of claim 6, the weight passing sub-rule comprising:
and averagely distributing the weight of the calling function to the called function corresponding to the calling function.
8. The apparatus of claim 6, the apparatus further comprising:
and the second determining module is used for determining the weight of a function which does not have a calling relationship with the external interface function in the target program code as 0.
9. The apparatus of claim 6, the first determining module being specifically configured to:
and determining an objective function changed in the target program code based on the version information of the target program code.
10. The apparatus of claim 6, the evaluation module to be specifically configured to:
and calculating the sum of the weights of the target function, and outputting the sum of the weights to a user as a risk score of the target program code so as to carry out risk assessment on the target program code by the user based on the risk score.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910468789.6A CN110245848B (en) | 2019-05-31 | 2019-05-31 | Method and device for evaluating risk of program code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910468789.6A CN110245848B (en) | 2019-05-31 | 2019-05-31 | Method and device for evaluating risk of program code |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110245848A CN110245848A (en) | 2019-09-17 |
| CN110245848B true CN110245848B (en) | 2021-08-06 |
Family
ID=67885686
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910468789.6A Active CN110245848B (en) | 2019-05-31 | 2019-05-31 | Method and device for evaluating risk of program code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110245848B (en) |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8752013B2 (en) * | 2010-03-17 | 2014-06-10 | Ca, Inc. | System and method for evaluating and selecting software components and services |
| CN101894070A (en) * | 2010-06-04 | 2010-11-24 | 中国科学院软件研究所 | Method and system for quantitatively estimating code size of new requirements based on weight adjustment |
| CN102609355B (en) * | 2012-01-19 | 2014-11-19 | 南京理工大学连云港研究院 | Software running security risk evaluation method based on Malmquist index |
| CN103365765B (en) * | 2012-03-28 | 2016-10-12 | 腾讯科技(深圳)有限公司 | Test case screening technique and system |
| CN103077352B (en) * | 2012-12-24 | 2015-12-23 | 重庆远衡科技发展有限公司 | The active defense method that a kind of program behavior based on cloud platform is analyzed |
| CN103984623B (en) * | 2014-04-28 | 2017-01-25 | 天津大学 | Software security risk assessment method based on defect detection |
| CN104915600B (en) * | 2015-04-28 | 2017-11-10 | 北京邮电大学 | A kind of Android application securitys methods of risk assessment and device |
| CN106682516A (en) * | 2016-12-23 | 2017-05-17 | 宇龙计算机通信科技(深圳)有限公司 | Detection method, detection device and server of application programs |
| CN107239905A (en) * | 2017-06-08 | 2017-10-10 | 中国民航大学 | Onboard networks safety risk estimating method based on advanced AHP GCM |
| CN107392777A (en) * | 2017-07-14 | 2017-11-24 | 上海瀚银信息技术有限公司 | A kind of risk control method |
| CN108509773B (en) * | 2018-02-12 | 2022-08-02 | 北京梆梆安全科技有限公司 | Source code reinforcing method and device |
-
2019
- 2019-05-31 CN CN201910468789.6A patent/CN110245848B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN110245848A (en) | 2019-09-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107885796B (en) | Information recommendation method, device and equipment | |
| CN114141329A (en) | Privacy-preserving personalized fitness recommendation | |
| CN107943583B (en) | Application processing method and device, storage medium and electronic equipment | |
| CN109634819B (en) | Alarm root cause positioning method and device and electronic equipment | |
| CN111143697B (en) | Content recommendation method and related device | |
| EP3133502B1 (en) | Terminal device and method for cooperatively processing data | |
| WO2011132534A1 (en) | Statistical information generation system and statistical information generation method | |
| JP2018077821A (en) | Method, program, server device, and processor for generating predictive model of category of venue visited by user | |
| CN108091333A (en) | Sound control method and Related product | |
| CN106709318A (en) | Recognition method, device and calculation equipment for user equipment uniqueness | |
| KR101482901B1 (en) | Dynamic optimization of the uplink and downlink bandwidths based on calendar data | |
| CN109190791A (en) | Using the appraisal procedure of recommended models, device and electronic equipment | |
| TW201822111A (en) | User credit assessment | |
| JP2019191975A (en) | Talent selection device, talent selection system, talent selection method, and program | |
| CN112540996A (en) | Service data verification method and device, electronic equipment and storage medium | |
| CN107728772B (en) | Application processing method and device, storage medium and electronic equipment | |
| CN110602207A (en) | Method, device, server and storage medium for predicting push information based on off-network | |
| CN110245848B (en) | Method and device for evaluating risk of program code | |
| CN107608979B (en) | Method and device for identifying potential help-seeking knowledge points of user | |
| CN112116212A (en) | Application evaluation method and device, storage medium and electronic equipment | |
| WO2020236904A1 (en) | Machine learning model with conditional execution of multiple processing tasks | |
| CN108961071B (en) | Method for automatically predicting combined service income and terminal equipment | |
| CN114138651A (en) | Test data generation method and device | |
| CN110891097B (en) | Cross-device user identification method and device | |
| CN114186894A (en) | Project risk detection method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |