CN111258614A - Method, system, equipment and storage medium for detecting upgrade exception of project third-party library - Google Patents
Method, system, equipment and storage medium for detecting upgrade exception of project third-party library Download PDFInfo
- Publication number
- CN111258614A CN111258614A CN202010369745.0A CN202010369745A CN111258614A CN 111258614 A CN111258614 A CN 111258614A CN 202010369745 A CN202010369745 A CN 202010369745A CN 111258614 A CN111258614 A CN 111258614A
- Authority
- CN
- China
- Prior art keywords
- information
- party
- party library
- item
- library
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/368—Test management for test version control, e.g. updating test cases to a new software version
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Stored Programmes (AREA)
Abstract
The invention provides a method and a system for detecting the upgrade of a project third-party library, which comprise the following steps: acquiring a third-party library list and acquiring information; generating item dependency snapshot information and item details of the latest version and the previous version of an item in a third-party library through information uploaded by a user, and comparing the information of the two versions to generate difference comparison data; analyzing the data by utilizing a lexical analysis technology to obtain specific class change information; according to the upgrading influence data of each third-party library and the number of the associated third-party libraries, influence scoring is carried out on the projects which refer to the upgraded third-party libraries, and the third-party libraries within a preset scoring threshold value are selected; and carrying out influence scoring on the specific class change information of the third party library within the preset scoring threshold value, and detecting the upgraded third party library. The method and the system for obtaining the third-party library can directly butt joint with the authoritative warehouse, ensure that the code upgrading version of the universal third-party library can be accurately and effectively obtained, and have timeliness and accuracy.
Description
Technical Field
The invention belongs to the technical field of computer application, and particularly relates to a method, a system, equipment and a storage medium for detecting upgrade abnormity of a project third-party library.
Background
With the explosion of the network, the number of applications is correspondingly in the development stage of the well-jet type. A large number of third-party library files are introduced into the current application program, and the third-party library files comprise a large number of open source codes and more third-party library files. And the great use of open source codes brings great convenience to software development and has complex uncertainty. In the development life cycle of the application program, when a developer wants to upgrade a third-party library version, a field or a method of the third-party library depending on a project is often deleted during upgrading, so that the problem of failure of overall project deployment is caused. At the present stage, developers mainly perform upgrade check on the third-party library through two ways:
1. the manual examination has high technical requirements on developers, the time consumption is long, the developers need to know where the upgraded third-party library related codes are used in the project, and the situation that the examination coverage is insufficient is easy to occur.
2. The software examination mode needs to definitely know all interfaces of the project to perform corresponding upgrade examination, but if the application program does not have a complete automatic test script, the test examination also has the condition of missing examination.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: aiming at the problems in the prior art, the invention provides a method, a system, equipment and a storage medium for detecting the upgrade of a project third-party library, which have timeliness, accuracy and expandability.
In a first aspect, an embodiment of the present application provides a method for detecting item third-party library upgrading, where the method includes:
acquiring a third-party library list and acquiring information of each third-party library;
generating item dependency snapshot information and item details of the latest version and the previous version of an item in a third-party library through item information uploaded by a user, and comparing the information of the two versions to generate difference comparison data;
analyzing the difference comparison data by utilizing a lexical analysis technology to obtain specific class change information, and determining upgrading influence data of each third-party library according to the specific class change information;
according to the upgrading influence data of each third-party library and the number of the associated third-party libraries, influence scoring is carried out on the projects which refer to the upgraded third-party libraries, and the third-party libraries within a preset scoring threshold value are selected; and
and carrying out influence scoring on the specific class change information of the third party library within the preset scoring threshold value, and detecting the upgraded third party library.
In a second aspect, an embodiment of the present application further provides a system for detecting an upgrade of a project third-party library, where the system includes:
an acquisition module: acquiring a third-party library list and acquiring information of each third-party library;
a comparison module: generating item dependency snapshot information and item details of the latest version and the previous version of an item in a third-party library through item information uploaded by a user, and comparing the information of the two versions to generate difference comparison data;
an analysis module: analyzing the difference comparison data by utilizing a lexical analysis technology to obtain specific class change information, and determining upgrading influence data of each third-party library according to the specific class change information;
a first impact scoring module: according to the upgrading influence data of each third-party library and the number of the associated third-party libraries, influence scoring is carried out on the projects which refer to the upgraded third-party libraries, and the third-party libraries within a preset scoring threshold value are selected; and
a second impact scoring module: and carrying out influence scoring on the specific class change information of the third party library within the preset scoring threshold value, and detecting the upgraded third party library.
In a third aspect, an embodiment of the present application further provides a device for detecting an upgrade of a third-party library of a project, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where when the processor executes the computer program, the processor implements each step in the method for detecting an upgrade of a third-party library of a project according to the first aspect.
In a fourth aspect, embodiments of the present application further provide a storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the item third-party library hierarchical detection method according to the first aspect.
The method for detecting the upgrade of the project third-party library provided by the embodiment of the application comprises the following steps: acquiring a third-party library list and acquiring information of each third-party library; generating item dependency snapshot information and item details of the latest version and the previous version of an item in a third-party library through item information uploaded by a user, and comparing the information of the two versions to generate difference comparison data; analyzing the difference comparison data by utilizing a lexical analysis technology to obtain specific class change information, and determining upgrading influence data of each third-party library according to the specific class change information; according to the upgrading influence data of each third-party library and the number of the associated third-party libraries, influence scoring is carried out on the projects which refer to the upgraded third-party libraries, and the third-party libraries within a preset scoring threshold value are selected; and carrying out influence scoring on the specific class change information of the third party library within the preset scoring threshold value, and detecting the upgraded third party library. Therefore, the authoritative warehouse can be directly connected with the third-party library detected in the steps, the universal third-party library code upgrading version can be accurately and effectively obtained, timeliness and accuracy are achieved, and the user can freely add information of the third-party library, so that the information of the third-party library is more comprehensive, and expandability is achieved.
Drawings
The detailed structure of the invention is described in detail below with reference to the accompanying drawings
FIG. 1 is a schematic flow chart of a method for detecting upgrade exception of a project third-party library according to the present invention;
FIG. 2 is a sub-flow diagram of the method for detecting an upgrade exception of a project third-party library according to the present invention;
FIG. 3 is another sub-flow diagram of the method for detecting an upgrade exception of a project third-party library according to the present invention;
FIG. 4 is another sub-flow diagram of the method for detecting an upgrade exception for a third-party library according to the present invention;
FIG. 5 is another sub-flow diagram of the method for detecting an upgrade exception of a project third-party library according to the present invention;
fig. 6 is a schematic diagram of program modules of the method for detecting upgrade exception of the project third-party library according to the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, and not all the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flow chart of a method for detecting upgrade of a project third-party library in an embodiment of the present application, where the method for detecting upgrade of a project third-party library in the embodiment includes:
The information of the third-party library is acquired through the authoritative third-party library code warehouse and the self-defined code warehouse, the warehouses of authoritative third-party library codes such as a maven central warehouse and the like can be butted, one service of third-party library resources (components) is managed in a centralized mode, the fact that the general third-party library code upgrading can be accurately and effectively acquired is guaranteed, and the information of the third-party library can be freely added by a user, so that the information of the third-party library is more comprehensive. The authoritative third-party library code warehouse refers to a file system storage-based method such as a maven warehouse, the custom code warehouse refers to a very large company or a large nationally owned enterprise, storage and pulling are carried out on certain non-open-source third-party libraries, the third-party libraries refer to class libraries except a local library and a system class library and can be used only by requiring displayed declaration, and the third-party library information includes file names, version names, release time and manufacturers besides code information.
102, generating item dependency snapshot information and item details of the latest version and the previous version of the item in a third-party library through item information uploaded by a user, and comparing the information of the two versions to generate difference comparison data.
The item dependent snapshot is used for acquiring all files under an item or a third-party library, generating fingerprint information (which can be completed through a hash function) according to the name and size of the file and the last time, acquiring each class in the item through a lexical analysis technology, including field information, method information and the like in the class and code information of other third-party libraries which the class needs to depend on, and the difference comparison data is modified field information, method information and the like in an item code when a certain third-party library is upgraded and includes deletion, modification, addition and the like.
103, analyzing the difference comparison data by utilizing a lexical analysis technology to obtain specific class change information, and determining the upgrade influence data of each third-party library according to the specific class change information.
In the step, the problem existing in the item upgrading at this time is judged by calculating which information of the data (such as method information or field information in the class) in the difference comparison information is used in the originally depended third-party library information in the item. In addition, the upgrade influence data is the sum of the influence factors of all the specific class change information of each third-party library. For example, the influence factor of deleting a field is 0.2, the influence factor of modifying a private method is 0.1, the influence factor of deleting a private method is 0.2, the influence factor of modifying a public method is 0.3, the influence factor of deleting a public method is 0.5, the influence factor of deleting a class is 1, and the number of classes in the third-party library before modification is used as a base number. Specifically, when there are 100 classes in a third-party library, and after the modified version, there are 3 classes deleted, 5 public methods in 10 classes are modified, and 3 public methods are deleted, it can be found that the third-party library promotion effect is (3 × 1 + 5 × 0.3 + 3 × 0.5)%, that is, 6%. Therefore, when the version of the third-party library is upgraded, a reasonable third-party library can be selected by comparing the upgrading influence data between the previous version and the next version.
And step 104, according to the upgrading influence data of each third-party library and the number of the associated third-party libraries, carrying out influence grading on the projects which refer to the upgrading third-party libraries, and selecting the third-party libraries within a preset grading threshold value.
Specifically, in consideration of the correlation relationship among the third-party libraries, the number of the third-party libraries may be defined in combination with the upgrade influence data of the third-party libraries and the number of the associated third-party libraries. For example, there are 10 third-party libraries a, b, c, d, e, f, g, h, i, j in a project. The third-party library a is not only depended on by the project, but also depended on by the third-party libraries b, c and d; in addition the third party library g is only relied upon by the item itself. The user selection may be aided in the following computational manner in the face of choosing whether to upgrade the third party library a or the third party library f. If the third-party library a in the case 1 obtains the upgrade influence of 0.3 in the first stage and the third-party library f obtains the influence of 0.2 in the first stage, the conclusion is easily obtained that the influence of upgrading the third-party library a in the project is 1.2 and the influence of upgrading the third-party library f is 0.2, and the influence of upgrading the third-party library f is selected to be the minimum; or in case 2, if the third-party library a obtains an upgrade influence of 0.05 in the first stage and the third-party library f obtains an influence of 0.3 in the first stage, it is easy to conclude that the influence of upgrading the third-party library a in the project is 0.2 and the influence of upgrading the third-party library f is 0.3, and at this time, the influence of upgrading the third-party library a is selected to be the minimum. Further, a preset scoring threshold value can be set, and a third party library within the range of the set threshold value is selected as the third party library to be selected. Therefore, the influence of the specific third-party library upgrading version can be obtained according to the steps, and the third-party library to be selected is determined.
And 105, carrying out influence scoring on the specific class change information of the third party library within the preset scoring threshold value, and detecting the upgraded third party library.
Specifically, all kinds of change information of each third-party library to be selected are analyzed in detail, and influence scoring data are determined. For example, if the deleted class exists, the influence score is serious, if the deleted method exists, the influence score is high-risk, if the modified method exists, the influence score is medium-risk, and the like, so that the actual influence condition of the specific third-party library in the project can be obtained, and the accurate upgraded third-party library can be detected, and therefore, the accurate judgment of the third-party library on the upgraded project can be guaranteed to the maximum extent.
In a specific application, a certain project is found to have a CVE vulnerability in actual use, the vulnerability is triggered when two third-party libraries are combined for use, and the problem can be solved by upgrading any one third-party library, but because the project is iterated for many times, the positions of codes using the two third-party libraries in the project are not clear in the existing development, at this time, the upgrading influence of the two third-party libraries can be preliminarily analyzed through the step 103, meanwhile, the upgrading influence surface of the two third-party libraries can be obtained through the step 104, at this time, the third-party library with a small upgrading influence surface can be obtained correspondingly, time is short, and the results are more. Further, the influence scoring is performed by using the specific class change information of the third party library in step 105, so that the third party library with the smallest upgrade influence surface can be detected, and the third party library is the most accurate conclusion.
The method for detecting the upgrade of the project third-party library provided by the embodiment of the application comprises the following steps: acquiring a third-party library list and acquiring information of each third-party library; generating item dependency snapshot information and item details of the latest version and the previous version of an item in a third-party library through item information uploaded by a user, and comparing the information of the two versions to generate difference comparison data; analyzing the difference comparison data by utilizing a lexical analysis technology to obtain specific class change information, and determining upgrading influence data of each third-party library according to the specific class change information; according to the upgrading influence data of each third-party library and the number of the associated third-party libraries, influence scoring is carried out on the projects which refer to the upgraded third-party libraries, and the third-party libraries within a preset scoring threshold value are selected; and carrying out influence scoring on the specific class change information of the third party library within the preset scoring threshold value, and detecting the upgraded third party library. Therefore, the authoritative warehouse can be directly connected with the third-party library detected in the steps, the universal third-party library code upgrading version can be accurately and effectively obtained, timeliness and accuracy are achieved, and the user can freely add information of the third-party library, so that the information of the third-party library is more comprehensive, and expandability is achieved.
Further, based on the foregoing embodiment, referring to fig. 2, fig. 2 is a sub-flowchart of a third party library upgrading detection method in the implementation of the present application, in this embodiment, the foregoing step 101 obtains a third party library list, and obtains information of each third party library, including obtaining the list of the third party library from two aspects, one is obtained from a wawei third party library platform, and the other is added by a user in a customized manner, and after obtaining the list of the third party library, obtains information of the third party library, and obtains class information, method information, and field information under each third party library through lexical analysis.
Further, based on the foregoing embodiment, referring to fig. 3, fig. 3 is a sub-flow diagram of a method for detecting an upgrade of a third-party library in an embodiment of the present application, where in this embodiment, the step 101 of acquiring information of each third-party library includes:
Specifically, the name of the class under the third-party library is obtained through traversal, the complete name (including the version number) of the third-party library is taken as the key and the key is stored in association with the complete name, and then the fingerprint information, the method information and the field information in the class are obtained based on the class information. The fingerprint information refers to acquiring all files under an item or a third-party library, generating fingerprint information (which can be completed through a hash function) according to the name, the size and the last time of the file, acquiring the third-party library information refers to acquiring all third-party library dependencies under a current application program in modes of file system scanning, POM file scanning and the like, the file system scanning refers to scanning all third-party library files under a certain directory, and further acquiring corresponding third-party library information, the POM file scanning refers to an item built based on a maven frame, and basic information of the item is defined through the POM file, and is used for describing how the item is built, declaring the third-party library dependencies of the item and the like. Scanning the POM file we can obtain the corresponding third party library information.
Further, in this embodiment, the latest version of the item and the item dependency snapshot information and the item details of the previous version of the item are generated in the third-party library through the item information uploaded by the user, if the fingerprint information of the item information is uploaded by the user, the latest version of the item dependency snapshot information and the item details are generated, and if the information of the third-party libraries of the two versions is changed, the fingerprint information of the third-party library is traversed, and the difference comparison data is generated.
Based on the embodiment, fig. 4 is a sub-flowchart of the item third-party library upgrade detection method in the embodiment of the present application, and includes specific steps of generating item dependency snapshot information and item details of the latest version and the previous version of an item in a third-party library through item information uploaded by a user, and comparing the information of the two versions to generate difference comparison data:
and uploading project information by a user, firstly, acquiring the complete name of the project, and judging whether the project exists or not according to the complete name of the project.
If the item does not exist, acquiring the fingerprint information of the item, saving the fingerprint information into the database by taking the complete name of the item as the key, simultaneously extracting the item dependent snapshot and the item details, storing the item dependent snapshot and the item details into the database by taking the complete name of the item as the key, returning a normal detection mark, and ending the subsequent flow.
If the item exists, the fingerprint information of the item is acquired, and whether the uploaded item is modified or not is judged by judging whether the fingerprint information of the item is consistent with the fingerprint information of the previously stored item or not. If the fingerprint information is consistent, the previous record information is returned, and if the fingerprint information is inconsistent, the item dependency snapshot information and the item details of the newly uploaded item information at this time are generated.
Comparing the obtained item dependent snapshot and item details of the newly uploaded item information with the item dependent snapshot information of the previous item version, judging whether the information of the third party libraries of the two versions is changed or not, if not, judging that the code information of the item is changed and returning to detect normal information, and if the information of the third party libraries of the two versions is changed, traversing the fingerprint information of the third party libraries, judging whether difference exists or not, and generating difference comparison data.
Further, analyzing the difference comparison data by using a lexical analysis technique to obtain specific class change information further comprises obtaining modification information of the third-party library by using the lexical analysis technique.
And comparing the difference comparison data of the third-party libraries of the two versions with the details of the corresponding third-party libraries, and then acquiring the modification information of the third-party libraries by utilizing a lexical analysis technology.
Specifically, the step of acquiring the modification information of the third-party library by using the lexical analysis technology comprises the steps of circularly traversing class names of difference comparison data in the user project by using the lexical analysis technology, and searching for modification operation and deletion operation in the user project.
Specifically, the step of obtaining the modification information of the third-party library by using the lexical analysis technology further comprises the step of displaying the modification information and the code position obtained by the lexical analysis technology to a user if the modification information is incompatible.
Based on the embodiment, fig. 5 is a sub-flowchart of the third-party library hierarchical detection method according to the embodiment of the present application, and includes the specific steps of analyzing the difference comparison data by using a lexical analysis technique to obtain specific class change information:
firstly, difference comparison data of third-party libraries of two versions are obtained, corresponding third-party library details are obtained by using basic data of the third-party libraries, then modification details of the third-party libraries are obtained by using a lexical analysis technology, namely specific class modification information is obtained, and whether operations of adding, editing and deleting the third-party libraries exist or not is judged. The deletion refers to deleting original partial field information or method information and the like when the version of the third-party library is upgraded, the damage to the version upgrade is the largest, and the addition refers to adding new type information or adding field information or method information and the like in the original type when the third-party library is upgraded, and the influence on the project upgrade is the smallest.
After the specific class change information of the third-party library is obtained, a lexical analysis technology is utilized to cycle and traverse whether the user item contains the class name of the difference data or not, if the user item does not contain the class name of the difference data, normal overhaul information is returned, and if the user item contains the class name of the difference data, whether the user item code contains modification operation or deletion operation or not is further searched.
And if the modification operation and the deletion operation exist, recognizing that the currently uploaded project information has problems, further judging whether the information of the modification operation is compatible with the current project, and if the information of the modification operation is not compatible with the current project, displaying the modification information and the code position acquired by the lexical analysis technology to a user for viewing. When the version is updated by the third-party library, the original partial field information or method information and the like are modified, which is also serious in damage to version updating, and whether the modified information has compatible information needs to be further judged. The compatible information means that a variable-length parameter is added when the third-party library is upgraded, so that the original method can be kept unchanged and can also work.
And if the modification operation and the deletion operation do not exist, returning the information of normal detection.
After the user uploads the project code, the third-party library information in the project does not need to be modified and then uploaded again, and only the third-party library information needing to be modified and the original third-party library information need to be sent to a position where the third-party library modification information is obtained through the direct technology-based remote lexical analysis technology. Whether the item is changed depending or not can be quickly judged through the fingerprint information of the item and the third-party library, and the influence of the version upgrade of the third-party library on the item can be more accurately obtained.
Further, an embodiment of the present application further provides a device 200 for detecting upgrade of a project third-party library, referring to fig. 6, where fig. 6 is a schematic diagram of a module of the device for detecting abnormality in upgrade of the project third-party library in the embodiment of the present application, and in this embodiment, the device 200 for detecting upgrade of a project third-party library includes:
the acquisition module 201: acquiring a third-party library list and acquiring information of each third-party library;
the comparison module 202: generating item dependency snapshot information and item details of the latest version and the previous version of an item in a third-party library through item information uploaded by a user, and comparing the information of the two versions to generate difference comparison data;
the analysis module 203: analyzing the difference comparison data by utilizing a lexical analysis technology to obtain specific class change information, and determining upgrading influence data of each third-party library according to the specific class change information;
the first impact scoring module 204: according to the upgrading influence data of each third-party library and the number of the associated third-party libraries, influence scoring is carried out on the projects which refer to the upgraded third-party libraries, and the third-party libraries within a preset scoring threshold value are selected; and
the second influence scoring module 205 performs influence scoring on the specific class change information of the third party library within the preset scoring threshold, and detects an upgraded third party library.
The item third party library upgrading detection device 200 provided by the embodiment of the application can realize that: acquiring a third-party library list and acquiring information of each third-party library; generating item dependency snapshot information and item details of the latest version and the previous version of an item in a third-party library through item information uploaded by a user, and comparing the information of the two versions to generate difference comparison data; analyzing the difference comparison data by utilizing a lexical analysis technology to obtain specific class change information, and determining upgrading influence data of each third-party library according to the specific class change information; according to the upgrading influence data of each third-party library and the number of the associated third-party libraries, influence scoring is carried out on the projects which refer to the upgraded third-party libraries, and the third-party libraries within a preset scoring threshold value are selected; and carrying out influence scoring on the specific class change information of the third party library within the preset scoring threshold value, and detecting the upgraded third party library. The method and the system have the advantages that the third party library is obtained, the authoritative warehouse can be directly connected, the fact that the universal third party library code upgrading version can be accurately and effectively obtained is guaranteed, timeliness and accuracy are achieved, and the user can freely add information of the third party library, so that the information of the third party library is more comprehensive, and expandability is achieved.
Further, the present application also provides a project third-party library upgrading detection apparatus, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and is characterized in that when the processor executes the computer program, each step in the project third-party library upgrading detection method is implemented.
Further, the present application provides a storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the steps of the third party library hierarchical detection method as described above.
Each functional module in the embodiments of the present invention may be integrated into one processing module, or each module may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a separate product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It should be noted that, for the sake of simplicity, the above-mentioned method embodiments are described as a series of acts or combinations, but those skilled in the art should understand that the present invention is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no acts or modules are necessarily required of the invention.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the above description, for a person skilled in the art, according to the ideas of the embodiments of the present application, there are variations in specific implementation manners and application ranges thereof in the descriptions of the method, the system, the device, and the storage medium for detecting the upgrade of the project third-party library provided by the present invention.
Claims (10)
1. A method for detecting abnormal upgrading of a project third-party library is characterized by comprising the following steps:
acquiring a third-party library list and acquiring information of each third-party library;
generating item dependency snapshot information and item details of the latest version and the previous version of an item in a third-party library through item information uploaded by a user, and comparing the information of the two versions to generate difference comparison data;
analyzing the difference comparison data by utilizing a lexical analysis technology to obtain specific class change information, and determining upgrading influence data of each third-party library according to the specific class change information;
according to the upgrading influence data of each third-party library and the number of the associated third-party libraries, influence scoring is carried out on the projects which refer to the upgraded third-party libraries, and the third-party libraries within a preset scoring threshold value are selected; and
and carrying out influence scoring on the specific class change information of the third party library within the preset scoring threshold value, and detecting the upgraded third party library.
2. The method of claim 1, wherein obtaining information for each third party repository comprises:
traversing to obtain class information of the third-party library;
and acquiring fingerprint information, method information and field information of the third party library based on the class information.
3. The method of claim 1, wherein the generating of the item dependency snapshot information, the item details of the latest version and the previous version of the item in the third party repository from the item information uploaded by the user comprises:
and if the fingerprint information of the item information uploaded by the user is inconsistent with the previously stored item fingerprint information, generating the item dependency snapshot information and the item details of the latest version.
4. The method of claim 1, wherein comparing information of two versions of a third party library to generate difference data comprises:
and traversing the fingerprint information of the third-party library to generate the difference comparison data if the information of the third-party libraries of the two versions is changed.
5. The method of claim 1, wherein analyzing the difference comparison data using lexical analysis techniques to obtain specific class change information further comprises:
and acquiring the modification information of the third-party library by utilizing a lexical analysis technology.
6. The method of claim 5, wherein obtaining modification information for the third party repository using lexical analysis techniques comprises:
and circularly traversing the class names of the difference contrast data in the user items by utilizing a lexical analysis technology, and searching for modification operation and deletion operation in the user items.
7. The method of claim 5, wherein obtaining modification information for the third party repository using lexical analysis techniques further comprises:
and if the modification information is not compatible, displaying the modification information and the code position acquired by the lexical analysis technology to a user.
8. A system for detecting an item third party library upgrade anomaly, the system comprising:
an acquisition module: acquiring a third-party library list and acquiring information of each third-party library;
a comparison module: generating item dependency snapshot information and item details of the latest version and the previous version of an item in a third-party library through item information uploaded by a user, and comparing the information of the two versions to generate difference comparison data;
an analysis module: analyzing the difference comparison data by utilizing a lexical analysis technology to obtain specific class change information, and determining upgrading influence data of each third-party library according to the specific class change information;
a first impact scoring module: according to the upgrading influence data of each third-party library and the number of the associated third-party libraries, influence scoring is carried out on the projects which refer to the upgraded third-party libraries, and the third-party libraries within a preset scoring threshold value are selected; and
a second impact scoring module: and carrying out influence scoring on the specific class change information of the third party library within the preset scoring threshold value, and detecting the upgraded third party library.
9. An item third party library upgrade anomaly detection device comprising a memory, a processor, and a computer program stored in said memory and executable on said processor, wherein said processor, when executing said computer program, performs the steps of the item third party library upgrade anomaly detection method according to any one of claims 1 to 7.
10. A storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the method of detecting an upgrade anomaly of a third party library for an item according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010369745.0A CN111258614B (en) | 2020-05-06 | 2020-05-06 | Method, system, equipment and storage medium for detecting upgrade exception of project third-party library |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010369745.0A CN111258614B (en) | 2020-05-06 | 2020-05-06 | Method, system, equipment and storage medium for detecting upgrade exception of project third-party library |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111258614A true CN111258614A (en) | 2020-06-09 |
| CN111258614B CN111258614B (en) | 2020-08-07 |
Family
ID=70950011
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010369745.0A Active CN111258614B (en) | 2020-05-06 | 2020-05-06 | Method, system, equipment and storage medium for detecting upgrade exception of project third-party library |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111258614B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113094280A (en) * | 2021-04-27 | 2021-07-09 | 杭州天谷信息科技有限公司 | Upgrading method, system and readable storage medium |
| CN114328270A (en) * | 2022-01-20 | 2022-04-12 | 重庆长安汽车股份有限公司 | OTA upgrade detection method based on SOA (service oriented architecture) service and readable storage medium |
| CN116560699A (en) * | 2023-07-10 | 2023-08-08 | 易方信息科技股份有限公司 | Method and device for quick repair through SDK version mixing |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573127A (en) * | 2015-02-10 | 2015-04-29 | 北京嘀嘀无限科技发展有限公司 | Method and system for evaluating data difference |
| US20160088165A1 (en) * | 2014-09-19 | 2016-03-24 | Canon Europa N.V. | Submitting captured data to an analytics service |
| US20160180647A1 (en) * | 2014-12-17 | 2016-06-23 | William Garrett Webb | Method and system for gaming revenue |
| CN106528219A (en) * | 2016-10-26 | 2017-03-22 | 北京奇虎科技有限公司 | Upgrading method and apparatus for parasitic tool package in application |
| US9743137B2 (en) * | 2015-04-02 | 2017-08-22 | Yume, Inc. | Run-time SDK integration for connected video players |
| CN110162477A (en) * | 2019-05-28 | 2019-08-23 | 山东财经大学 | A kind of abnormal automatic debugging system and method for third party library edition upgrading |
-
2020
- 2020-05-06 CN CN202010369745.0A patent/CN111258614B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160088165A1 (en) * | 2014-09-19 | 2016-03-24 | Canon Europa N.V. | Submitting captured data to an analytics service |
| US20160180647A1 (en) * | 2014-12-17 | 2016-06-23 | William Garrett Webb | Method and system for gaming revenue |
| CN104573127A (en) * | 2015-02-10 | 2015-04-29 | 北京嘀嘀无限科技发展有限公司 | Method and system for evaluating data difference |
| US9743137B2 (en) * | 2015-04-02 | 2017-08-22 | Yume, Inc. | Run-time SDK integration for connected video players |
| CN106528219A (en) * | 2016-10-26 | 2017-03-22 | 北京奇虎科技有限公司 | Upgrading method and apparatus for parasitic tool package in application |
| CN110162477A (en) * | 2019-05-28 | 2019-08-23 | 山东财经大学 | A kind of abnormal automatic debugging system and method for third party library edition upgrading |
Non-Patent Citations (1)
| Title |
|---|
| 张杨华: "面向Android的第三方库检测技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113094280A (en) * | 2021-04-27 | 2021-07-09 | 杭州天谷信息科技有限公司 | Upgrading method, system and readable storage medium |
| CN113094280B (en) * | 2021-04-27 | 2023-07-25 | 杭州天谷信息科技有限公司 | Upgrade method, system, and readable storage medium |
| CN114328270A (en) * | 2022-01-20 | 2022-04-12 | 重庆长安汽车股份有限公司 | OTA upgrade detection method based on SOA (service oriented architecture) service and readable storage medium |
| CN114328270B (en) * | 2022-01-20 | 2024-05-03 | 重庆长安汽车股份有限公司 | OTA upgrade detection method based on SOA service and readable storage medium |
| CN116560699A (en) * | 2023-07-10 | 2023-08-08 | 易方信息科技股份有限公司 | Method and device for quick repair through SDK version mixing |
| CN116560699B (en) * | 2023-07-10 | 2024-02-13 | 易方信息科技股份有限公司 | Method and device for quick repair through SDK version mixing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111258614B (en) | 2020-08-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111258614B (en) | Method, system, equipment and storage medium for detecting upgrade exception of project third-party library | |
| US9575752B2 (en) | Inferring a defect's cause in updated source code | |
| CN109375945B (en) | Firmware version detection method and vulnerability repair rate evaluation method for Internet of things equipment | |
| US11327742B2 (en) | Affinity recommendation in software lifecycle management | |
| US20080120601A1 (en) | Information processing apparatus, method and program for deciding priority of test case to be carried out in regression test background of the invention | |
| US20110161938A1 (en) | Including defect content in source code and producing quality reports from the same | |
| US9262132B1 (en) | Incremental local source code analysis | |
| CN107346284B (en) | Application program detection method and detection device | |
| US10191737B2 (en) | Program code comparison and reporting | |
| US20160124795A1 (en) | Evaluation method and apparatus | |
| CN111026433A (en) | Method, system and medium for automatically repairing software code quality problem based on code change history | |
| CN111654495B (en) | Method, apparatus, device and storage medium for determining traffic generation source | |
| US11099837B2 (en) | Providing build avoidance without requiring local source code | |
| CN105095074A (en) | Upgrade test method and device for configuration file | |
| US20140359077A1 (en) | Method and apparatus for transmitting symbol files | |
| CN108959454B (en) | Prompting clause specifying method, device, equipment and storage medium | |
| CN112068981B (en) | Knowledge base-based fault scanning recovery method and system in Linux operating system | |
| US9009666B1 (en) | Systems and methods for testing software and for storing and tracking test assets with the software | |
| US9665367B2 (en) | Uniform references | |
| CN114816470A (en) | Metadata database management method and device, electronic equipment and medium | |
| CN113835731A (en) | Method and device for prompting error according to updated component, electronic equipment and storage medium | |
| CN109558153B (en) | Method, device and system for determining version consistency | |
| US11829230B2 (en) | Globally unique error codes for knowledge document indexing in software systems | |
| CN116974619B (en) | Method, device and equipment for constructing software bill of materials library and readable medium | |
| US11256602B2 (en) | Source code file retrieval |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |