CN110348226B - Engineering file scanning method and device, electronic equipment and storage medium - Google Patents

Engineering file scanning method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN110348226B
CN110348226B CN201910630645.6A CN201910630645A CN110348226B CN 110348226 B CN110348226 B CN 110348226B CN 201910630645 A CN201910630645 A CN 201910630645A CN 110348226 B CN110348226 B CN 110348226B
Authority
CN
China
Prior art keywords
software
project
engineering
scanning
probe service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910630645.6A
Other languages
Chinese (zh)
Other versions
CN110348226A (en
Inventor
马鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing ByteDance Network Technology Co Ltd
Original Assignee
Beijing ByteDance Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing ByteDance Network Technology Co Ltd filed Critical Beijing ByteDance Network Technology Co Ltd
Priority to CN201910630645.6A priority Critical patent/CN110348226B/en
Publication of CN110348226A publication Critical patent/CN110348226A/en
Application granted granted Critical
Publication of CN110348226B publication Critical patent/CN110348226B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Stored Programmes (AREA)

Abstract

The embodiment of the disclosure discloses a method and a device for scanning engineering files, electronic equipment and a storage medium; the method comprises the following steps: acquiring a software project to be scanned and probe service matched with the software project, and implanting the probe service into the software project; the software project comprises at least one project file belonging to the same project frame; starting the software engineering, and starting the probe service in the execution process through the software engineering; and performing consistency scanning on all project files in the software project by the probe service in the execution process of the software project to obtain a scanning result of the software project. According to the technical scheme of the embodiment of the disclosure, the probe service is implanted into the software engineering, and all engineering files are scanned through the probe service to obtain the scanning result of the software engineering, so that the safety defect detection of the code is realized on the premise of not infringing the original engineering files.

Description

Engineering file scanning method and device, electronic equipment and storage medium
Technical Field
The embodiment of the disclosure relates to the field of network technologies, and in particular, to a method and an apparatus for scanning an engineering document, an electronic device, and a storage medium.
Background
With the rapid development of network technology, more and more software starts to come into the sight of people, and provides various network services for people, and as an important component part of software technology, code auditing of software becomes more and more important.
Code auditing is a common measure for solving the problems of performance, stability, safety and the like when a software service is developed to a certain stage, and is generally divided into manual auditing and automatic auditing; manual inspection, namely, checking and analyzing the codes one by one in a manual checking mode to find out whether security holes exist in the codes or not; and in the automatic examination, the software code is compared with the preset keyword in a keyword matching mode, and then the security vulnerability in the code is searched.
In the process of implementing the present disclosure, the inventors found that the prior art has the following defects: a large amount of labor cost and time cost are consumed for manually checking the codes, and the checking efficiency is low; through the automatic examination mode of keyword matching, a large number of keywords need to be maintained, words which are not in the maintenance range are not in the examination range, the keywords can be easily bypassed, other words with similar expressions cannot be detected as the keywords, and the reliability is low.
Disclosure of Invention
The embodiment of the disclosure provides a method and a device for scanning an engineering file, electronic equipment and a storage medium, wherein the safety defect detection of a code is realized by implanting a probe service in a software engineering and performing consistent scanning on the engineering file through the probe service.
In a first aspect, an embodiment of the present disclosure provides a method for scanning an engineering document, including:
acquiring a software project to be scanned and probe service matched with the software project, and implanting the probe service into the software project; the software project comprises at least one project file belonging to the same project frame;
starting the software engineering, and starting the probe service in the execution process through the software engineering;
and performing consistency scanning on all project files in the software project by the probe service in the execution process of the software project to obtain a scanning result of the software project.
In a second aspect, an embodiment of the present disclosure provides a scanning device for engineering documents, including:
the probe service implantation module is used for acquiring a software project to be scanned and probe service matched with the software project and implanting the probe service into the software project; the software project comprises at least one project file belonging to the same project frame;
the starting module is used for starting the software engineering and starting the probe service in the execution process through the software engineering;
and the scanning execution module is used for performing consistent scanning on all project files in the software project in the execution process of the software project through the probe service to obtain a scanning result of the software project.
In a third aspect, an embodiment of the present disclosure provides an electronic device, which includes a memory, a processing device, and a computer program stored in the memory and executable on the processing device, where the processing device implements a method for scanning a project file according to any embodiment of the present disclosure when executing the program.
In a fourth aspect, embodiments of the present disclosure provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform a method for scanning an engineering document according to any of the embodiments of the present disclosure.
According to the technical scheme of the embodiment of the disclosure, the probe service is implanted into the software engineering, and all engineering files are scanned through the probe service to obtain the scanning result of the software engineering, so that the safety defect detection of the codes is realized on the premise of not infringing the original engineering files, meanwhile, the probe service performs combined abstract syntax tree analysis on all the engineering files, and according to the context environment of code operation and the semantic relation between the codes, the accurate audit of all the codes is realized, and the detection accuracy is improved.
Drawings
Fig. 1 is a flowchart of a method for scanning engineering documents according to a first embodiment of the disclosure;
fig. 2A is a flowchart of a method for scanning engineering documents according to a second embodiment of the disclosure;
fig. 2B is a flowchart of a method for scanning engineering documents in a first specific application scenario of the present disclosure;
fig. 3 is a block diagram of a scanning device for engineering documents in a third embodiment of the disclosure;
fig. 4 is a block diagram of an electronic device in a fourth embodiment of the present disclosure.
Detailed Description
The present disclosure is described in further detail below with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the disclosure and are not limiting of the disclosure. It should be further noted that, for the convenience of description, only some of the structures relevant to the present disclosure are shown in the drawings, not all of them.
Example one
Fig. 1 is a scanning method for engineering documents according to an embodiment of the present disclosure, where the embodiment is applicable to a case of scanning codes of a software engineering, the method may be executed by a scanning apparatus for engineering documents, the apparatus may be implemented by software and/or hardware, and may be generally integrated in a code detection server, and the method specifically includes the following steps:
s110, acquiring a software project to be scanned and probe service matched with the software project, and implanting the probe service into the software project; the software project comprises at least one project file belonging to the same project framework.
The software engineering is that a software developer analyzes the acquired user requirements and then follows a certain development principle, and adopts a corresponding writing method, so that the finally developed software project can be a software system or a software part in the system. The software engineering may be system software, application software or middleware between the system software and the application software, and in the embodiment of the present disclosure, optionally, the type of the software engineering is not particularly limited.
In the embodiment of the present disclosure, optionally, an engineering framework matched with the software engineering is obtained; and acquiring the probe service matched with the engineering frame matched with the software engineering according to the mapping relation between the engineering frame and the probe service. A software project may be written in one or more programming languages, each programming language having one or more corresponding project frameworks, i.e., programming frameworks; for example, the Python language, which includes many different engineering frameworks such as Django, flash, and web. The engineering framework is used for programming, common characteristics can be extracted according to the characteristics of the program, multiple times of development and utilization can be carried out, and the development efficiency of software engineering is improved. The probe service is a detection program and is used for acquiring bugs in the software engineering, checking whether potential safety hazards exist in program codes of the software engineering or searching places with irregular code writing. The different engineering frames are pre-programmed with corresponding probe service programs, the engineering frames and the probe services are in one-to-one correspondence, and each engineering frame is matched with one probe service. At least one project file belonging to the project frame is arranged under each project frame; due to the huge code amount of software engineering, usually, a plurality of engineering files are actually included in one engineering frame, and therefore, a matched probe service is implanted into each engineering frame, and all the engineering files in the engineering frame are subjected to code scanning by using the probe service.
Optionally, in this embodiment of the present disclosure, in each project file included in the software project, an entry file matched with the software project is obtained; implanting the probe service into the portal file. The portal file is a portal of the project framework and is also a starting execution file of all files under the project framework, each project framework comprises at least one portal file, for example, the Django project framework of the Python language comprises portal files of settings. In particular, when a plurality of portal files are included under the engineering framework, it is possible to specify in which one of the plurality of portal files the probe service is to be implanted by a specified manner, for example, by specifying a file name.
And S120, starting the software engineering, and starting the probe service in the execution process through the software engineering.
After the software engineering is started, because the probe service is implanted at the portal file, after the software engineering is started, the probe service is started along with the start of the software engineering.
S130, carrying out consistency scanning on all project files in the software project in the execution process of the software project through the probe service to obtain a scanning result of the software project.
Specifically, traversing all project files in the software project through the probe service to obtain a combined project file; generating a combined abstract syntax tree corresponding to the combined engineering file through the probe service; and scanning according to the combined abstract syntax tree through the probe service to obtain a scanning result of the software engineering. An Abstract Syntax Tree (AST) is an Abstract representation of the Syntax structure of the source code, and represents the Syntax structure of the programming language in the form of a Tree, where each node on the Tree represents a structure in the source code. In the prior art, all engineering files are generally used as processing objects, and all the engineering files are analyzed by using an abstract syntax tree, but the processing mode splits the connection among codes, can not scan the context environment, has a small problem-finding range, can cover code without calling, and has low accuracy. In the embodiment of the disclosure, all the project files in the software project are traversed through the probes implanted in the project frames to obtain the combined project file, that is, the complete software project is used as a processing object, the combined abstract syntax tree is used, code scanning is performed according to the context environment of code operation, the connection between codes is not split, and the semantic environment between the contexts is analyzed, so that the code without calling is not covered, and the detection accuracy is improved.
Optionally, in the execution process of the software project by the probe service, after the scanning result of the software project is obtained by performing consistent scanning on all project files in the software project, developer information matched with the software project may be obtained according to a version control tool, and the scanning result is sent to the matched developer. Version control tools, such as Git, VSS (Visual Source Safe), cvs (current Versions system), svn (subversion), and the like, for managing the Versions of each project file under the software project, including the storage of the project file, the tracking directory (i.e., folder), and the modification history of the file content; and acquiring developer information matched with the software engineering by using a version control tool, and sending the scanning result to the developer so that the developer can know the scanning result in time. In particular, in the embodiments of the present disclosure, the type of the code management tool is not particularly limited.
Optionally, in the execution process of the software engineering, the probe service is used for scanning all engineering files in the software engineering in a consistent manner, and after the scanning result of the software engineering is obtained, if the scanning result includes at least one of a server-side request for counterfeiting a bug, a command for executing the bug and a file containing the bug, open source software matched with the bug is obtained, and the open source software is subjected to bug analysis. Server-Side Request Forgery (SSRF), which is a security vulnerability constructed by an attacker and initiated by a Server Side, provides a function of acquiring data from other Server applications without filtering and limiting a target address; the command execution vulnerability is that a malicious system command is injected into a normal command by controlling parameters in a command execution function to cause command execution attack; the file contains a bug, which is a behavior that execution of malicious codes and sensitive information leakage are caused when the contained file is dynamically called. If at least one of the vulnerabilities is detected, acquiring open source software matched with an engineering file where the vulnerability is located, analyzing the open source software, and searching the vulnerability of the open source software, for example, searching a security vulnerability risk prompt of the open source software and acquiring vulnerability patch information so as to keep the vulnerability patch of the open source software in the latest version.
According to the technical scheme of the embodiment of the disclosure, the probe service is implanted into the software engineering, and all engineering files are scanned through the probe service to obtain the scanning result of the software engineering, so that the safety defect detection of the codes is realized on the premise of not infringing the original engineering files, meanwhile, the probe service performs combined abstract syntax tree analysis on all the engineering files, and according to the context environment of code operation and the semantic relation between the codes, the accurate audit of all the codes is realized, and the detection accuracy is improved.
Example two
Fig. 2A is a flowchart of a method for scanning an engineering document according to a second embodiment of the present disclosure, which is embodied based on the above embodiments, and in this embodiment, a probe service may receive a scanning instruction and feed back a scanning result through a command line interface and/or an application programming interface. Correspondingly, the method of the embodiment specifically includes the following operations:
s210, acquiring a software project to be scanned and probe service matched with the software project, and implanting the probe service into the software project; the software project comprises at least one project file belonging to the same project framework.
And S220, starting the software engineering, and starting the probe service in the execution process through the software engineering.
And S230, receiving a scanning command by the probe service through a pre-configured command line interface and/or an application programming interface.
A Command Line Interface (CLI) and an Application Programming Interface (API) provide a channel for sending scan commands to the probe service. Because the code amount of the software engineering is huge, and long time is needed for completing all scanning, a targeted scanning command can be sent to the probe service through a command line interface and/or an application programming interface, for example, only engineering files with specific names are scanned, so that the aim of scanning in a focused manner is fulfilled.
S240, the software project is subjected to customized scanning through the probe service according to the scanning command to obtain a customized scanning result.
And executing customized scanning according to the sent scanning instruction, namely scanning the set engineering file, and acquiring a customized scanning result.
And S250, feeding back the customized scanning result by adopting the command line interface and/or the application programming interface through the probe service.
Optionally, when the probe service scans the security vulnerability, the vulnerability information can be fed back in real time through the command line interface and/or the application programming interface, the scanning operation does not need to be suspended, and the scanning result does not need to be fed back after the scanning of all the engineering files is completed.
According to the technical scheme of the embodiment of the disclosure, the probe service can acquire the scanning instruction, execute the customized scanning and feed back the customized scanning result through the pre-configured command line interface and/or the application programming interface, so that the external communication of the probe service is realized, and the flexibility of the scanning operation is improved; in addition, the probe service can feed back vulnerability information in real time while performing scanning operation, and the scanning efficiency is improved.
Specific application scenario one
As shown in fig. 2B, a specific application scenario of the present disclosure is to provide a method for scanning a project file based on the above embodiment; specifically, the method comprises the following steps:
s201, generating a scanning task in a manual triggering mode, a timing triggering mode or an interface triggering mode; the scanning task comprises the number of the software project to be scanned.
The scanning task can be generated by timing triggering of a timer, for example, one scanning task is generated at preset time intervals to ensure that each software project is executed in sequence; or may be triggered by means of a software interface.
S202, reading the scanning task, and acquiring the software project from a software project warehouse according to the serial number of the software project to be scanned.
The software engineering warehouse stores a plurality of software engineering so as to facilitate the unified management of the software engineering, and each software engineering is stored according to the number in a classified manner. And when the serial number of the software project to be scanned in the scanning task is read, acquiring the software project with the corresponding serial number from the software project warehouse.
S203, acquiring a probe service matched with the software engineering, and implanting the probe service into the software engineering; the software project comprises at least one project file belonging to the same project framework.
And S204, starting the software engineering, and starting the probe service in the execution process through the software engineering.
S205, receiving a scanning command through the probe service by adopting a pre-configured command line interface and/or an application programming interface.
S206, the software engineering is subjected to customized scanning through the probe service according to the scanning command to obtain a customized scanning result.
And S207, feeding back the customized scanning result by adopting the command line interface and/or the application programming interface through the probe service.
According to the technical scheme of the embodiment of the disclosure, the scanning task is triggered, the matched software project is obtained from the software project warehouse according to the serial number of the software project, and then the customized scanning operation is executed, so that the ordered management of each software project and the customized scanning of each software project are realized, and different scanning strategies can be executed aiming at different software projects.
EXAMPLE III
Fig. 3 is a block diagram of a structure of a scanning device for engineering documents according to a third embodiment of the present disclosure, which specifically includes: a probe service implantation module 310, a start module 320, and a scan execution module 330.
The probe service implantation module 310 is configured to acquire a software project to be scanned and a probe service matched with the software project, and implant the probe service into the software project; the software project comprises at least one project file belonging to the same project frame;
a starting module 320, configured to start the software project, and start the probe service in an execution process through the software project;
and the scanning execution module 330 is configured to perform consistent scanning on all the project files in the software project to obtain a scanning result of the software project in the execution process of the software project through the probe service.
According to the technical scheme of the embodiment of the disclosure, the probe service is implanted into the software engineering, and all engineering files are scanned through the probe service to obtain the scanning result of the software engineering, so that the safety defect detection of the codes is realized on the premise of not infringing the original engineering files, meanwhile, the probe service performs combined abstract syntax tree analysis on all the engineering files, and according to the context environment of code operation and the semantic relation between the codes, the accurate audit of all the codes is realized, and the detection accuracy is improved.
Optionally, on the basis of the foregoing embodiments, the probe service implantation module 310 specifically includes:
the engineering frame acquisition unit is used for acquiring an engineering frame matched with the software engineering;
and the probe service acquisition unit is used for acquiring the probe service matched with the engineering frame matched with the software engineering according to the mapping relation between the engineering frame and the probe service.
Optionally, on the basis of the foregoing embodiments, the probe service implantation module 310 further includes:
an entry file acquiring unit, configured to acquire an entry file matched with the software project from each project file included in the software project;
a probe service implantation unit for implanting the probe service into the portal file.
Optionally, on the basis of the foregoing embodiments, the scan executing module 330 specifically includes:
the combined engineering file acquisition unit is used for traversing all engineering files in the software engineering through the probe service to obtain a combined engineering file;
the combined abstract syntax tree acquisition unit is used for generating a combined abstract syntax tree corresponding to the combined engineering file through the probe service;
and the scanning execution unit is used for scanning according to the combined abstract syntax tree through the probe service to obtain a scanning result of the software engineering.
Optionally, on the basis of the foregoing embodiments, the scanning device for engineering documents further includes:
the scanning command receiving unit is used for receiving a scanning command by adopting a pre-configured command line interface and/or an application programming interface through the probe service;
the customized scanning result acquisition unit is used for carrying out customized scanning on the software engineering through the English according to the scanning command through the probe service to obtain a customized scanning result;
and the customized scanning result feedback unit is used for feeding back the customized scanning result by adopting the command line interface and/or the application programming interface through the probe service.
Optionally, on the basis of the foregoing embodiments, the scanning device for engineering documents further includes:
and the scanning result sending unit is used for acquiring the developer information matched with the software engineering according to the version control tool and sending the scanning result to the matched developer.
Optionally, on the basis of the foregoing embodiments, the scanning device for engineering documents further includes:
and the open source software matching unit is used for acquiring open source software matched with the vulnerability and analyzing the vulnerability of the open source software if the scanning result comprises at least one of server side request forgery, command execution vulnerability and vulnerability contained in a file.
The device can execute the scanning method of the engineering file provided by any embodiment of the disclosure, and has corresponding functional modules and beneficial effects of the execution method. Technical details that are not elaborated in this embodiment may be referred to a method provided by any embodiment of the present disclosure.
Example four
FIG. 4 illustrates a schematic diagram of an electronic device 400 suitable for use in implementing embodiments of the present disclosure. The terminal device in the embodiments of the present disclosure may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a vehicle terminal (e.g., a car navigation terminal), and the like, and a stationary terminal such as a digital TV, a desktop computer, and the like. The electronic device shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 4, electronic device 400 may include a processing device (e.g., central processing unit, graphics processor, etc.) 401 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)402 or a program loaded from a storage device 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data necessary for the operation of the electronic apparatus 400 are also stored. The processing device 401, the ROM402, and the RAM 403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
Generally, the following devices may be connected to the I/O interface 405: input devices 406 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 407 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 408 including, for example, tape, hard disk, etc.; and a communication device 409. The communication means 409 may allow the electronic device 400 to communicate wirelessly or by wire with other devices to exchange data. While fig. 4 illustrates an electronic device 400 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, the processes described in the flowcharts above may be implemented as computer software programs, according to embodiments of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication device 409, or from the storage device 408, or from the ROM 402. The computer program performs the above-described functions defined in the methods of the embodiments of the present disclosure when executed by the processing device 401.
It should be noted that the computer readable medium in the present disclosure can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the disclosed embodiments, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In embodiments of the present disclosure, however, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: acquiring a software project to be scanned and probe service matched with the software project, and implanting the probe service into the software project; the software project comprises at least one project file belonging to the same project frame; starting the software engineering, and starting the probe service in the execution process through the software engineering; and performing consistency scanning on all project files in the software project by the probe service in the execution process of the software project to obtain a scanning result of the software project.
Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of a cell does not in some cases constitute a limitation of the cell itself, for example, a scan command receiving unit may also be described as a "cell for receiving scan commands through the probe service using a pre-configured command line interface and/or application programming interface".
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure in the embodiments of the present disclosure is not limited to the particular combination of the above-described features, but also encompasses other embodiments in which any combination of the above-described features or their equivalents is possible without departing from the scope of the present disclosure. For example, the above features and (but not limited to) technical features with similar functions disclosed in the embodiments of the present disclosure are mutually replaced to form the technical solution.

Claims (9)

1. A method for scanning a project file, comprising:
acquiring a software project to be scanned and probe service matched with the software project, and implanting the probe service into the software project; the software project comprises at least one project file belonging to the same project frame;
starting the software engineering, and starting the probe service in the execution process through the software engineering;
performing consistent scanning on all project files in the software project by the probe service in the execution process of the software project to obtain a scanning result of the software project;
in the execution process of the software project through the probe service, performing consistency scanning on all project files in the software project to obtain a scanning result of the software project, including:
traversing all engineering files in the software engineering through the probe service to obtain a combined engineering file;
generating a combined abstract syntax tree corresponding to the combined engineering file through the probe service;
and scanning according to the combined abstract syntax tree through the probe service to obtain a scanning result of the software engineering.
2. The method of claim 1, wherein obtaining probe services that match the software project comprises:
acquiring an engineering framework matched with the software engineering;
and acquiring the probe service matched with the engineering frame matched with the software engineering according to the mapping relation between the engineering frame and the probe service.
3. The method according to claim 1 or 2, wherein implanting the probe service into the software project comprises:
acquiring entry files matched with the software project from all project files included in the software project;
implanting the probe service into the portal file.
4. The method of claim 1, after initiating the probe service during execution by the software engineering, comprising:
receiving a scanning command by the probe service by adopting a pre-configured command line interface and/or an application programming interface;
the software engineering is subjected to customized scanning through the probe service according to the scanning command to obtain a customized scanning result;
and feeding back the customized scanning result by adopting the command line interface and/or the application programming interface through the probe service.
5. The method of claim 1, wherein during the execution of the software project by the probe service, all project files in the software project are scanned consistently, and after the scanning result of the software project is obtained, the method comprises:
and according to the version control tool, acquiring developer information matched with the software engineering, and sending a scanning result to the matched developer.
6. The method of claim 1, wherein during the execution of the software project by the probe service, all project files in the software project are scanned consistently, and after the scanning result of the software project is obtained, the method comprises:
and if the scanning result comprises at least one of server side request for counterfeiting the vulnerability, command execution vulnerability and file containing vulnerability, acquiring open source software matched with the vulnerability, and carrying out vulnerability analysis on the open source software.
7. An apparatus for scanning a project document, comprising:
the probe service implantation module is used for acquiring a software project to be scanned and probe service matched with the software project and implanting the probe service into the software project; the software project comprises at least one project file belonging to the same project frame;
the starting module is used for starting the software engineering and starting the probe service in the execution process through the software engineering;
the scanning execution module is used for carrying out consistent scanning on all project files in the software project in the execution process of the software project through the probe service to obtain a scanning result of the software project;
the scan execution module specifically includes:
the combined engineering file acquisition unit is used for traversing all engineering files in the software engineering through the probe service to obtain a combined engineering file;
the combined abstract syntax tree acquisition unit is used for generating a combined abstract syntax tree corresponding to the combined engineering file through the probe service;
and the scanning execution unit is used for scanning according to the combined abstract syntax tree through the probe service to obtain a scanning result of the software engineering.
8. An electronic device comprising a memory, a processing means and a computer program stored on the memory and executable on the processing means, characterized in that the processing means, when executing the program, implements the method of scanning a project file according to any of claims 1-6.
9. A storage medium containing computer executable instructions for performing the method of scanning a project file according to any one of claims 1-6 when executed by a computer processor.
CN201910630645.6A 2019-07-12 2019-07-12 Engineering file scanning method and device, electronic equipment and storage medium Active CN110348226B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910630645.6A CN110348226B (en) 2019-07-12 2019-07-12 Engineering file scanning method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910630645.6A CN110348226B (en) 2019-07-12 2019-07-12 Engineering file scanning method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN110348226A CN110348226A (en) 2019-10-18
CN110348226B true CN110348226B (en) 2021-06-18

Family

ID=68176003

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910630645.6A Active CN110348226B (en) 2019-07-12 2019-07-12 Engineering file scanning method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN110348226B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112559330A (en) * 2020-12-07 2021-03-26 深圳开源互联网安全技术有限公司 Method for analyzing correctness of component detection result of open source software
CN112906006B (en) * 2021-02-09 2023-06-09 建信金融科技有限责任公司 Software development management method and platform

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101017458A (en) * 2007-03-02 2007-08-15 北京邮电大学 Software safety code analyzer based on static analysis of source code and testing method therefor
CN101808093A (en) * 2010-03-15 2010-08-18 北京安天电子设备有限公司 System and method for automatically detecting WEB security
CN102419728A (en) * 2011-11-01 2012-04-18 北京邮电大学 Method for determining software test process sufficiency based on coverage rate quantitative indicators
CN104899147A (en) * 2015-06-19 2015-09-09 北京理工大学 Code static analysis method oriented to security check

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101017458A (en) * 2007-03-02 2007-08-15 北京邮电大学 Software safety code analyzer based on static analysis of source code and testing method therefor
CN101808093A (en) * 2010-03-15 2010-08-18 北京安天电子设备有限公司 System and method for automatically detecting WEB security
CN102419728A (en) * 2011-11-01 2012-04-18 北京邮电大学 Method for determining software test process sufficiency based on coverage rate quantitative indicators
CN104899147A (en) * 2015-06-19 2015-09-09 北京理工大学 Code static analysis method oriented to security check

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"一文洞悉DAST、SAST、IAST ——Web应用安全测试技术对比浅谈";默安科技;《https://www.aqniu.com/learn/46910.html》;20190419;1-6 *
"基于Java源代码的动态监测技术研究";汪承佳;《中国优秀硕士学位论文全文数据库 信息科技辑》;20140615(第06期);I138-490 *

Also Published As

Publication number Publication date
CN110348226A (en) 2019-10-18

Similar Documents

Publication Publication Date Title
US10481964B2 (en) Monitoring activity of software development kits using stack trace analysis
US9747449B2 (en) Method and device for preventing application in an operating system from being uninstalled
CN110362488B (en) Page testing method and device, electronic equipment and storage medium
CN110135168B (en) Application program detection method, device and system, terminal equipment and storage medium
CN107644075B (en) Method and device for collecting page information
CN110928770B (en) Software testing method, device, system, storage medium and electronic equipment
CN111352823B (en) Test method, client and storage medium
CN110348226B (en) Engineering file scanning method and device, electronic equipment and storage medium
CN113449310A (en) Application program vulnerability detection method, device and equipment
CN113806212A (en) Application program exception positioning method and device and electronic equipment
CN111459822B (en) Method, device, equipment and readable medium for extracting system component data
CN107368407B (en) Information processing method and device
CN109902726B (en) Resume information processing method and device
US10031745B2 (en) System and method for automatic API candidate generation
CN113535577A (en) Application testing method and device based on knowledge graph, electronic equipment and medium
CN111813685B (en) Automatic test method and device
CN116756016A (en) Multi-browser testing method, device, equipment, medium and program product
CN116804929A (en) Version application analysis method and device, electronic equipment and storage medium
CN112084114B (en) Method and apparatus for testing interfaces
CN109714371B (en) Industrial control network safety detection system
CN108287792B (en) Method and apparatus for outputting information
CN114153462B (en) Client source code processing method and device, storage medium and electronic equipment
CN113806229B (en) Test script multiplexing method, device, equipment, medium and product for interface change
CN115658374B (en) Platform compatibility problem repairing method and device, electronic equipment and storage medium
Park et al. Permission Management Method for Before and After Applications the Update in Android-based IoT Platform Environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant