CN111666203A - Risk software positioning processing method and device, electronic equipment and storage medium - Google Patents
Risk software positioning processing method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111666203A CN111666203A CN202010305185.2A CN202010305185A CN111666203A CN 111666203 A CN111666203 A CN 111666203A CN 202010305185 A CN202010305185 A CN 202010305185A CN 111666203 A CN111666203 A CN 111666203A
- Authority
- CN
- China
- Prior art keywords
- software
- risk
- information
- identification information
- information database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 18
- 238000000034 method Methods 0.000 claims abstract description 49
- 230000008569 process Effects 0.000 claims abstract description 15
- 238000012545 processing Methods 0.000 claims description 39
- 230000015654 memory Effects 0.000 claims description 19
- 238000001514 detection method Methods 0.000 claims description 3
- 239000000126 substance Substances 0.000 claims description 2
- 230000001419 dependent effect Effects 0.000 description 17
- 238000010586 diagram Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000003203 everyday effect Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000004807 localization Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000011895 specific detection Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Stored Programmes (AREA)
Abstract
The application discloses a positioning processing method and device of risk software, electronic equipment and a storage medium, and relates to the field of software security. The specific implementation scheme is as follows: collecting identification information of risk software; detecting whether identification information of risk software exists in a pre-established software information database; if the risk software exists, the position information of the risk software in the code base corresponding to the identification information of the risk software is acquired from the software information database, and compared with the position of the artificial manual positioning risk software in the prior art, by adopting the technical scheme of the application, the position information of the risk software can be quickly and accurately positioned, the positioning time of the risk software can be effectively shortened, the positioning efficiency of the risk software is effectively improved, and therefore responsible personnel of the code base can conveniently and accurately process the risk software in time and stop damage in time, the risk of the software in the code base of an enterprise can be effectively reduced, and the safety of the software in the code base of the enterprise is improved.
Description
Technical Field
The application relates to the computer technology, in particular to the field of software security, and in particular relates to a positioning processing method and device for risk software, electronic equipment and a storage medium.
Background
The development of random computer technology and the software development of various industries realized based on the computer technology are more and more.
Software development of many enterprises now refers to software of open source communities. Software of the open source community also has a risk of being vulnerable or vulnerable to self-loopholes. Therefore, the method inevitably brings great harm to enterprises adopting the software of the open source community.
Moreover, enterprises often have millions of codes, even billions or billions of lines, and when risks occur in adopted open source software, responsible personnel are required to manually search the positions of the risk software from a code library one by one so as to position the risk software, so that the risk software can be processed in time. However, this method in the prior art is time-consuming in locating the risk software in the code library, and the locating efficiency of the risk software is very low.
Disclosure of Invention
In order to solve the technical problem, the application provides a positioning processing method and device for risk software, an electronic device and a storage medium.
According to a first aspect, there is provided a method for positioning risk software, including:
collecting identification information of risk software;
detecting whether risk software corresponding to the identification information of the risk software exists in a pre-established software information database;
and if so, acquiring the position information of the risk software in the code base corresponding to the identification information of the risk software from the software information database.
According to a second aspect, there is provided a location processing apparatus for risk software, comprising:
the acquisition module is used for acquiring identification information of the risk software;
the detection module is used for detecting whether risk software corresponding to the identification information of the risk software exists in a pre-established software information database;
and the positioning module is used for acquiring the position information of the risk software in the code base corresponding to the identification information of the risk software from the software information database if the risk software exists.
According to a third aspect, there is provided an electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method as described above.
According to a fourth aspect, there is provided a non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method as described above.
According to the technology of the application, the position information of the risk software can be quickly and accurately positioned, the positioning time of the risk software can be effectively shortened, the positioning efficiency of the risk software is effectively improved, and therefore responsible personnel of the code base can conveniently and accurately process the risk software in time, damage is stopped in time, the risk of the software in the code base of an enterprise can be effectively reduced, and the safety of the software in the code base of the enterprise is improved.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not intended to limit the present application. Wherein:
FIG. 1 is a schematic diagram according to a first embodiment of the present application;
FIG. 2 is a schematic diagram according to a second embodiment of the present application;
FIG. 3 is a schematic illustration according to a third embodiment of the present application;
FIG. 4 is a schematic illustration according to a fourth embodiment of the present application;
fig. 5 is a block diagram of an electronic device for implementing a risk software location processing method according to an embodiment of the present application.
Detailed Description
The following description of the exemplary embodiments of the present application, taken in conjunction with the accompanying drawings, includes various details of the embodiments of the application for the understanding of the same, which are to be considered exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present application. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
FIG. 1 is a schematic diagram according to a first embodiment of the present application; as shown in fig. 1, the present embodiment provides a method for positioning risk software, which specifically includes the following steps:
s101, collecting identification information of risk software;
s102, detecting whether identification information of risk software exists in a pre-established software information database; if yes, go to step S103; otherwise, no processing is executed for the moment, and the process is ended.
S103, acquiring the position information of the risk software in the code base corresponding to the identification information of the risk software from the software information database.
The execution main body of the positioning processing method for the risk software in this embodiment may be a positioning processing device for the risk software, and the positioning processing device for the risk software may be an independent electronic entity, or may also be an application adopting software integration, and may be capable of positioning the risk software in the code library of the enterprise based on a pre-established software information database, so as to perform processing such as upgrading, bug fixing, or deleting on the risk software in the code library of the enterprise in time, so as to ensure the security of the software in the code library of the enterprise.
The positioning processing device of the risk software in this embodiment may be set on the management system side of an enterprise, and correspondingly, the positioning processing device of the risk software may be set in each company to access the software information database of the enterprise, and when the risk software exists in the code library of the enterprise, the risk software is timely and accurately positioned.
In practical application, an open source code company can monitor the software of the company in real time, and when the software of the company has a bug or is frequently attacked, the software name and the version number with risks can be published on a software publishing platform of the company, and a corresponding upgrade version is published to overcome the risks. Or some non-profit software organizations can monitor all open source software in the industry in real time, and when detecting that a certain software has a bug or is frequently attacked, the name and the version number of the risky software and the information of the company can be released, and further some solutions can be provided, such as obtaining the latest version of the software from what address of the company to upgrade so as to overcome the risk. That is, in the present embodiment, the name and version number of software together uniquely identify a piece of software.
The risk software positioning processing device of the embodiment can monitor risk software information published by a software publishing platform of each open source code company or a non-profit software organization, and collect names and version numbers of risk software. In this embodiment, for example, the identification information of the risk software includes a name and a version number of the risk software, and in practical application, other identification information, for example, a unique ID generated based on the name and the version number of the risk software, may also be used to identify the risk software, which is not described in detail herein. And then detecting whether the pre-established software information database comprises the name and the version number of the risk software, if so, determining that the risk software corresponding to the name and the version number of the risk software exists in the corresponding enterprise code base, and at the moment, acquiring the position information of the risk software in the code base from the software information database. That is to say, in the present embodiment, the information of all the software of the enterprise may be recorded in the software information database established in advance, and each piece of information of the software at least includes the name and the version number of the software, and the location information of the software in the code library. For example, the location information of the software in the code library in the embodiment may be the location of the software in the beginning row of the code library, or the range from row number to row number in the code library.
In the positioning processing method of the risk software of the embodiment, the identification information of the risk software is collected; detecting whether identification information of risk software exists in a pre-established software information database; if the risk software exists, the position information of the risk software in the code base corresponding to the identification information of the risk software is acquired from the software information database, compared with the position of the risk software manually positioned in the prior art, by adopting the technical scheme of the embodiment, the position information of the risk software can be quickly and accurately positioned, the positioning time of the risk software can be effectively shortened, the positioning efficiency of the risk software is effectively improved, and therefore responsible personnel of the code base can conveniently and accurately process the risk software in time and stop damage in time, the risk of the software in the code base of an enterprise can be effectively reduced, and the safety of the software in the code base of the enterprise is improved.
FIG. 2 is a schematic diagram according to a second embodiment of the present application; the method for positioning and processing risk software in this embodiment further describes the technical solution of the present application in more detail based on the technical solution of the embodiment shown in fig. 1. As shown in fig. 2, the method for positioning and processing risk software in this embodiment may specifically include the following steps:
s201, acquiring identification information and position information of all software in a code base based on a software dependence management tool;
s202, establishing a software information database comprising identification information and position information of all software in a code base;
s203, configuring the contact way of the person responsible for each software in the software information database;
similarly, the identification information of the software of this embodiment may include the name and version number of the software. The steps S201 and S202 in this embodiment are implementations of establishing a software information database in this embodiment. The process of establishing the software information base can be carried out off line and can be completed before the risk software is positioned. The step S203 is an optional way to establish the software information database, and in practical applications, the software information database may not include the contact information of the responsible person. The contact information of the embodiment may include at least one of a telephone number, an instant messaging account, a mailbox, and the like.
In practical application, each programming language has a fixed software-dependent management tool, for example, Java has software-dependent management tools such as Ant, Maven, and Gradle, C + + has software-dependent management tools such as GCC, Makefile, and Cmake, and other programming languages also have their corresponding software-dependent management tools, which is not described in detail herein for example. The use of software in the code base of the enterprise is recorded in the description file depending on the management tool. The description file is a fixed file that records which software is used in the code library, such as the description file pom. xml of Maven, and the software used will be written in a fixed format in the file. For example, the software fastjson used, will take the following format, explicitly written in pom.
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.51</version>
</dependency>
In step S201, based on the software dependency management tool, the identification information and the location information of all software in the code library are obtained, which may include the following two ways:
the first mode is as follows: the identification information and the location information of all software in the code library are acquired from the description file of the dependent management tool. Similarly, in this embodiment, the identification information of the software is taken as the name and the version number of the software as an example. In specific implementation, a tool can be written to scan a description file of a software-dependent management tool, such as a mem of Maven, xml, including a name, a version number, specific location information, and the like of the software to be used. The implementation of this scanning tool differs because the software of each programming language depends on the different profiles of the management tool. Taking Java's Maven as an example, this tool can be implemented by looking for all code libraries containing pom.xml in all code libraries of a company and scanning all pom.xml files to obtain the name and version number of software recorded therein.
In practical applications, however, some software version numbers may not be explicitly recorded in pom. At this time, other files of the software dependent management tool need to be scanned to obtain the version number of the software.
The second mode is as follows: the identification information and location information of all software in the codebase are acquired from the software dependency management tool by using commands provided by the dependency management tool. In practical applications, each software dependent management tool may provide a service for querying a command, for example, Java software management tool Maven provides a "mvn dependencies" command, and according to the command, the noun, version number, location information, and the like of software of a user, which are enabled by the current code library, may be found. Optionally, if the enterprise includes multiple code libraries, the identity of the code library in which each software is located may also be obtained.
Compared with the first implementation mode, the mode of obtaining the identification information and the position information of all software in the code base by using the command provided by the dependence management tool is more comprehensive and accurate, and meanwhile, the scanning obtaining from the file is avoided, so that the implementation is simpler.
The software information database of this embodiment may be implemented by using a database such as MySQL or Elasticsearch.
It should be noted that, in this embodiment, after the software information database is established based on the above steps S201 to S203, the method may further include updating the software information database based on a software dependency management tool. Since the code base of the enterprise has the possibility of writing new software codes every day, the software information database can be updated every time new software codes are written. Specifically, whether the code library writes new software code may be determined by the software dependency management tool, and once written, the software information database may be updated in time based on the name, version number, and location information of the newly written software, or may further include the identification of the code library and the contact address of the responsible person.
In addition, optionally, the present embodiment may also be configured to periodically update the software information database. That is, for the software code newly written in the code base, the software information database is not updated in real time. But the method detects whether the code base has the newly written software code based on the software dependence management tool every day, the specific detection mode is the same as that when the software information database is established in the embodiment, and the name, the version number and the position information of the newly written software are used, or the name, the version number and the position information of the code base can also be used for updating the software information database in time, wherein the name, the version number and the position information of the newly written software or the identification of the code base and the contact way of a person in charge can.
S204, collecting identification information of risk software;
from this step, the online location of the risk software is started.
S205, detecting whether identification information of risk software exists in a software information database; if yes, go to step S206; otherwise, no processing is executed for the moment, and the process is ended.
S206, acquiring the position information of the risk software in the code base corresponding to the identification information of the risk software from the software information database;
s207, performing risk alarm based on the identification information and the position information of the risk software;
for example, this step may be implemented specifically by at least one of the following:
(1) based on the identification information and the position information of the risk software, sending out a voice alarm;
in the method, a voice alarm is adopted, for example, the voice alarm can be directly sent out through a microphone, and identification information of risk software, such as software name and version number and software position information, also needs to be carried in the voice alarm information.
(2) Based on the identification information and the position information of the risk software, popping up an alarm prompt on the current interface; and
the method adopts a display mode to alarm, for example, an alarm message carrying identification information of risk software and position information of the software can be popped up on a current interface of a positioning processing device of the risk software.
(3) Acquiring a contact way of a responsible person corresponding to the identification information of the risk software from a software information database; and sending out an alarm prompt based on the identification information and the position information of the risk software and the contact way of the responsible person so as to inform the responsible person to process the risk software.
The method is to alarm in a manner of notifying the responsible person, for example, an alarm prompt carrying identification information and location information of the risk software can be sent to the responsible person through mails, security worksheets or real-time communication, so as to notify the responsible person to immediately handle the risk software. Specifically, to avoid further harm to the risky software, the risky software may be deleted or upgraded to fix the vulnerability.
S208, acquiring processing information of the risk software;
and S209, updating the software information database according to the processing information of the risk software.
In this embodiment, the processing information of the risk software may include deleting the risk software in the code library, or obtaining an upgrade version from a release platform of the risk software, and upgrading the risk software to make it secure.
Specifically, the positioning processing device of the risk software according to this embodiment may detect the processing information of the risk software based on software dependency management. For example, referring to the above process of establishing the software information database, it may be known from the description file of the software dependency management tool whether the name of the risk software still exists, if so, further describe whether the version number of the risk software in the file is consistent with the version number in the software information database, if so, the risk software is considered, and at this time, the alarm may be issued again. If the software version number and the position information are inconsistent, determining that the risk software is upgraded, further acquiring the position information of the upgraded software, and updating the software version number and the position information corresponding to the name in the software information database according to the version number and the position information of the upgraded software, thereby updating the software information database. And if the name of the risky software does not exist in the description file of the software dependence management tool, the risky software is considered to be deleted, and all information of the software corresponding to the name is deleted in the software information database correspondingly, so that the software information database is updated.
Or alternatively, the processing information of the risk software in the code base may also be detected by using commands provided by the software-dependent management tool. And after detecting the risk software upgrading or deleting, updating the software information database in time, wherein the implementation process is similar to the process described above and is not repeated herein.
The risk software positioning processing method of the embodiment can be applied to each enterprise or a code hosting platform, such as Github.
According to the method for positioning risk software, the software information database including the identification information and the position information of all software in the code base is established in the manner, and the accuracy of the acquired identification information and the position information of the software can be effectively ensured and the accuracy of the software information database can be effectively ensured no matter the identification information and the position information of all software in the code base are acquired from the description file of the dependent management tool or the identification information and the position information of all software in the code base are acquired from the software dependent management tool by using the command provided by the dependent management tool, so that the accuracy of positioning risk software based on the software information database can be effectively improved.
Furthermore, in this embodiment, the software information database may be updated based on a software dependency management tool, so as to ensure that when software in the code base is updated, information in the software information database may be updated in time, thereby effectively ensuring accuracy of the software information database, and further effectively improving accuracy of subsequent positioning of risk software based on the software information database.
Further, in this embodiment, a risk alarm may be performed based on the identification information and the location information of the risk software, for example, at least one of a voice alarm, a pop-up interface alarm, and a notification to a responsible person may be specifically used for the alarm, so that the risk software in the code library can be handled in time, the hazard of the risk software is effectively reduced, and the security of the software in the code library is improved.
Further, in this embodiment, the software information database may be updated according to the processing information of the risk software, so that the accuracy of the software information database can be effectively ensured, and the accuracy of the subsequent positioning of the risk software based on the software information database can be effectively improved.
FIG. 3 is a schematic illustration according to a third embodiment of the present application; as shown in fig. 3, the present embodiment provides a positioning processing apparatus 300 for risk software, including:
the acquisition module 301 is used for acquiring identification information of risk software;
a detection module 302, configured to detect whether risk software corresponding to identification information of the risk software exists in a pre-established software information database;
and the positioning module 303 is configured to, if the risk software exists, obtain, from the software information database, location information of the risk software in the code base, where the location information corresponds to the identification information of the risk software.
The implementation principle and technical effect of the risk software positioning processing device 300 of this embodiment are the same as the implementation of the related method embodiments described above by using the modules to implement the positioning processing of the risk software, and reference may be made to the description of the related embodiments in detail, which is not described herein again.
FIG. 4 is a schematic illustration according to a fourth embodiment of the present application; as shown in fig. 4, the positioning processing device 300 of the risk software of the present embodiment further describes the technical solution of the present application in more detail based on the technical solution of the embodiment shown in fig. 3.
As shown in fig. 4, the risk software positioning processing device 300 of the present embodiment further includes:
and the establishing module 304 is used for establishing a software information database.
Further optionally, the establishing module 304 is configured to:
acquiring identification information and position information of all software in a code base based on a software dependence management tool;
a software information database is established that includes identification information and location information for all software in the code base.
Further optionally, the establishing module 304 is configured to:
acquiring identification information and position information of all software in a code library from a description file of a software dependence management tool; or
The identification information and location information of all software in the codebase are obtained from the software-dependent management tool by using commands provided by the software-dependent management tool.
Further optionally, the establishing module 304 is further configured to:
configuring the contact way of the person responsible for each software in a software information database;
further optionally, as shown in fig. 4, the positioning processing apparatus 300 of the risk software of this embodiment further includes:
an update module 305 for updating the software information database based on the software dependency management tool.
Further optionally, as shown in fig. 4, the positioning processing apparatus 300 of the risk software of this embodiment further includes:
the alarm module 306 is used for carrying out risk alarm based on the identification information and the position information of the risk software;
further optionally, the acquisition module 301 is further configured to acquire processing information of the risk software;
the updating module 305 is further configured to update the software information database according to the processing information of the risk software.
Further optionally, an alarm module 306, configured to:
based on the identification information and the position information of the risk software, sending out a voice alarm;
based on the identification information and the position information of the risk software, popping up an alarm prompt on the current interface; and/or
Acquiring a contact way of a responsible person corresponding to the identification information of the risk software from a software information database; and sending out an alarm prompt based on the identification information and the position information of the risk software and the contact way of the responsible person so as to inform the responsible person to process the risk software.
The implementation principle and technical effect of the risk software positioning processing device 300 of this embodiment are the same as the implementation of the related method embodiments described above by using the modules to implement the positioning processing of the risk software, and reference may be made to the description of the related embodiments in detail, which is not described herein again.
According to an embodiment of the present application, an electronic device and a readable storage medium are also provided.
Fig. 5 is a block diagram of an electronic device implementing a risk software positioning processing method according to an embodiment of the present application. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the present application that are described and/or claimed herein.
As shown in fig. 5, the electronic apparatus includes: one or more processors 501, memory 502, and interfaces for connecting the various components, including high-speed interfaces and low-speed interfaces. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions for execution within the electronic device, including instructions stored in or on the memory to display graphical information of a GUI on an external input/output apparatus (such as a display device coupled to the interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired. Also, multiple electronic devices may be connected, with each device providing portions of the necessary operations (e.g., as a server array, a group of blade servers, or a multi-processor system). In fig. 5, one processor 501 is taken as an example.
The memory 502, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules (e.g., related modules shown in fig. 3 and 4) corresponding to the positioning processing method of risk software in the embodiments of the present application. The processor 501 executes various functional applications of the server and data processing, namely, a positioning processing method of the risk software in the above method embodiment, by executing the non-transitory software program, instructions and modules stored in the memory 502.
The memory 502 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by use of an electronic device that implements the positioning processing method of the risk software, and the like. Further, the memory 502 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 502 optionally includes memory located remotely from processor 501, which may be connected via a network to an electronic device implementing the location processing method of the risk software. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The electronic device implementing the risk software positioning processing method may further include: an input device 503 and an output device 504. The processor 501, the memory 502, the input device 503 and the output device 504 may be connected by a bus or other means, and fig. 5 illustrates the connection by a bus as an example.
The input device 503 may receive input numeric or character information and generate key signal inputs related to user settings and function control of an electronic apparatus implementing the location processing method of the risk software, such as a touch screen, a keypad, a mouse, a track pad, a touch pad, a pointing stick, one or more mouse buttons, a track ball, a joystick, or other input devices. The output devices 504 may include a display device, auxiliary lighting devices (e.g., LEDs), and haptic feedback devices (e.g., vibrating motors), among others. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device can be a touch screen.
Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, application specific ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
These computer programs (also known as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented using high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
According to the technical scheme of the embodiment of the application, identification information of risk software is collected; detecting whether identification information of risk software exists in a pre-established software information database; if the risk software exists, the position information of the risk software in the code base corresponding to the identification information of the risk software is acquired from the software information database, and compared with the position of the artificial manual positioning risk software in the prior art, by adopting the technical scheme of the application, the position information of the risk software can be quickly and accurately positioned, the positioning time of the risk software can be effectively shortened, the positioning efficiency of the risk software is effectively improved, and therefore responsible personnel of the code base can conveniently and accurately process the risk software in time and stop damage in time, the risk of the software in the code base of an enterprise can be effectively reduced, and the safety of the software in the code base of the enterprise is improved.
According to the technical scheme of the embodiment of the application, the software information database comprising the identification information and the position information of all the software in the code base is established through the mode, and the accuracy of the acquired identification information and the position information of the software can be effectively ensured no matter the identification information and the position information of all the software in the code base are acquired from the description file of the dependent management tool or the identification information and the position information of all the software in the code base are acquired from the software dependent management tool through the command provided by the dependent management tool, so that the accuracy of the software information database can be effectively ensured, and the accuracy of the risk software positioning based on the software information database can be effectively improved.
According to the technical scheme of the embodiment of the application, the software information database can be updated based on the software dependence management tool, so that when the software in the code base is updated, the information in the software information database can be updated in time, the accuracy of the software information database can be effectively ensured, and the accuracy of the subsequent risk software positioning based on the software information database can be effectively improved.
According to the technical scheme of the embodiment of the application, risk alarming can be performed based on the identification information and the position information of the risk software, for example, alarming in at least one mode of voice alarming, interface popping alarming and responsibility person informing can be specifically adopted, so that the risk software in the code base can be processed in time, the harm of the risk software is effectively reduced, and the safety of the software in the code base is improved.
According to the technical scheme of the embodiment of the application, the software information database can be updated according to the processing information of the risk software, so that the accuracy of the software information database can be effectively ensured, and the accuracy of subsequent risk software positioning based on the software information database can be effectively improved.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present application may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present application can be achieved, and the present invention is not limited herein.
The above-described embodiments should not be construed as limiting the scope of the present application. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (16)
1. A positioning processing method of risk software is characterized by comprising the following steps:
collecting identification information of risk software;
detecting whether risk software corresponding to the identification information of the risk software exists in a pre-established software information database;
and if so, acquiring the position information of the risk software in the code base corresponding to the identification information of the risk software from the software information database.
2. The method according to claim 1, wherein before detecting whether risk software corresponding to the identification information of the risk software exists in a pre-established software information database, the method further comprises:
and establishing the software information database.
3. The method of claim 2, wherein building the software information database comprises:
acquiring identification information and position information of all software in the code base based on a software dependence management tool;
establishing the software information database including the identification information and the location information of all the software in the code base.
4. The method of claim 3, wherein obtaining identification information and location information of all software in the codebase based on a software dependency management tool comprises:
acquiring identification information and position information of all software in the code base from a description file of the software dependence management tool; or
And acquiring the identification information and the position information of all software in the code base from the software dependence management tool by using a command provided by the software dependence management tool.
5. The method of claim 3, wherein building the software information database further comprises:
configuring the contact information of the person responsible for each piece of software in the software information database;
further, after the software information database is established, the method further comprises:
updating the software information database based on a software dependency management tool.
6. The method according to any one of claims 1 to 5, wherein after obtaining the position information of the risk software corresponding to the identification information of the risk software in the code base from the software information database, the method further comprises:
performing risk alarm based on the identification information and the position information of the risk software;
further, after risk alarming is performed based on the identification information and the location information of the risk software, the method further comprises:
acquiring processing information of the risk software;
and updating the software information database according to the processing information of the risk software.
7. The method of claim 6, wherein performing a risk alert based on the identification information and the location information of the risk software comprises:
based on the identification information and the position information of the risk software, sending out a voice alarm;
based on the identification information and the position information of the risk software, popping up an alarm prompt on a current interface; and/or
Acquiring a contact way of a responsible person corresponding to the identification information of the risk software from the software information database; and sending out an alarm prompt based on the identification information of the risk software, the position information and the contact way of the person in charge so as to inform the person in charge to process the risk software.
8. A location processing apparatus for risk software, comprising:
the acquisition module is used for acquiring identification information of the risk software;
the detection module is used for detecting whether risk software corresponding to the identification information of the risk software exists in a pre-established software information database;
and the positioning module is used for acquiring the position information of the risk software in the code base corresponding to the identification information of the risk software from the software information database if the risk software exists.
9. The apparatus of claim 8, further comprising:
and the establishing module is used for establishing the software information database.
10. The apparatus of claim 9, wherein the establishing module is configured to:
acquiring identification information and position information of all software in the code base based on a software dependence management tool;
establishing the software information database including the identification information and the location information of all the software in the code base.
11. The apparatus of claim 10, wherein the establishing module is configured to:
acquiring identification information and position information of all software in the code base from a description file of the software dependence management tool; or
And acquiring the identification information and the position information of all software in the code base from the software dependence management tool by using a command provided by the software dependence management tool.
12. The apparatus according to any of claims 9-11, wherein the establishing module is further configured to:
configuring the contact information of the person responsible for each piece of software in the software information database;
further, the apparatus further comprises:
and the updating module is used for updating the software information database based on the software dependence management tool.
13. The apparatus of claim 12, further comprising:
the alarm module is used for carrying out risk alarm based on the identification information and the position information of the risk software;
further, the acquisition module is further configured to acquire processing information of the risk software;
and the updating module is also used for updating the software information database according to the processing information of the risk software.
14. The apparatus of claim 13, wherein the alert module is configured to:
based on the identification information and the position information of the risk software, sending out a voice alarm;
based on the identification information and the position information of the risk software, popping up an alarm prompt on a current interface; and/or
Acquiring a contact way of a responsible person corresponding to the identification information of the risk software from the software information database; and sending out an alarm prompt based on the identification information of the risk software, the position information and the contact way of the person in charge so as to inform the person in charge to process the risk software.
15. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
16. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010305185.2A CN111666203B (en) | 2020-04-17 | 2020-04-17 | Positioning processing method and device of risk software, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010305185.2A CN111666203B (en) | 2020-04-17 | 2020-04-17 | Positioning processing method and device of risk software, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111666203A true CN111666203A (en) | 2020-09-15 |
| CN111666203B CN111666203B (en) | 2023-10-27 |
Family
ID=72382637
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010305185.2A Active CN111666203B (en) | 2020-04-17 | 2020-04-17 | Positioning processing method and device of risk software, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111666203B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113094711A (en) * | 2021-04-30 | 2021-07-09 | 云南电网有限责任公司 | Open source code detection method and system based on staged project development |
| CN113836541A (en) * | 2021-09-29 | 2021-12-24 | 天翼物联科技有限公司 | Software security check method and device based on dependency relationship, computer equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103473505A (en) * | 2012-06-06 | 2013-12-25 | 腾讯科技(深圳)有限公司 | Scanning prompt method and device for software vulnerabilities |
| CN105164690A (en) * | 2013-07-12 | 2015-12-16 | 惠普发展公司,有限责任合伙企业 | Analyzing target software for security vulnerabilities |
| CN106372463A (en) * | 2016-08-22 | 2017-02-01 | 北京深思数盾科技股份有限公司 | Middleware protection method, apparatus and system |
| US20190114435A1 (en) * | 2017-10-13 | 2019-04-18 | 2509757 Ontario Inc. | Security risk identification in a secure software lifecycle |
| CN109753807A (en) * | 2019-01-09 | 2019-05-14 | 国家保密科技测评中心 | Safety detection method and device |
| US20190235942A1 (en) * | 2018-02-01 | 2019-08-01 | Faro Technologies, Inc. | Individual bug fixed messages for software users |
| CN110232279A (en) * | 2019-06-06 | 2019-09-13 | 深圳前海微众银行股份有限公司 | A kind of leak detection method and device |
| CN110909363A (en) * | 2019-11-25 | 2020-03-24 | 中国人寿保险股份有限公司 | Software third-party component vulnerability emergency response system and method based on big data |
-
2020
- 2020-04-17 CN CN202010305185.2A patent/CN111666203B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103473505A (en) * | 2012-06-06 | 2013-12-25 | 腾讯科技(深圳)有限公司 | Scanning prompt method and device for software vulnerabilities |
| CN105164690A (en) * | 2013-07-12 | 2015-12-16 | 惠普发展公司,有限责任合伙企业 | Analyzing target software for security vulnerabilities |
| CN106372463A (en) * | 2016-08-22 | 2017-02-01 | 北京深思数盾科技股份有限公司 | Middleware protection method, apparatus and system |
| US20190114435A1 (en) * | 2017-10-13 | 2019-04-18 | 2509757 Ontario Inc. | Security risk identification in a secure software lifecycle |
| US20190235942A1 (en) * | 2018-02-01 | 2019-08-01 | Faro Technologies, Inc. | Individual bug fixed messages for software users |
| CN109753807A (en) * | 2019-01-09 | 2019-05-14 | 国家保密科技测评中心 | Safety detection method and device |
| CN110232279A (en) * | 2019-06-06 | 2019-09-13 | 深圳前海微众银行股份有限公司 | A kind of leak detection method and device |
| CN110909363A (en) * | 2019-11-25 | 2020-03-24 | 中国人寿保险股份有限公司 | Software third-party component vulnerability emergency response system and method based on big data |
Non-Patent Citations (5)
| Title |
|---|
| VIRGINIA N. L. FRANQUEIRA等: "Towards agile security risk management in RE and beyond", 《WORKSHOP ON EMPIRICAL REQUIREMENTS ENGINEERING (EMPIRE 2011)》, pages 33 - 36 * |
| 冯博: "软件安全开发关键技术的研究和实现", 《中国博士学位论文全文数据库(信息科技辑)》, no. 01, pages 138 - 19 * |
| 刘子聪: "Java开发者测试可视化辅助实证分析", 《中国优秀硕士学位论文全文数据库(信息科技辑)》, no. 02, pages 138 - 915 * |
| 千万之路刚开始: "【MAVEN】maven系列--pom.xml标签详解", 《HTTPS://WWW.JIANSHU.COM/P/242F2349EEF1》, pages 1 - 8 * |
| 李震阳: "联合研发流程分析在软件项目风险数据库的应用", 《软件》, no. 10, pages 139 - 141 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113094711A (en) * | 2021-04-30 | 2021-07-09 | 云南电网有限责任公司 | Open source code detection method and system based on staged project development |
| CN113836541A (en) * | 2021-09-29 | 2021-12-24 | 天翼物联科技有限公司 | Software security check method and device based on dependency relationship, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111666203B (en) | 2023-10-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8302088B2 (en) | Analysis of effects of a software maintenance patch on configuration items of a CMDB | |
| US9672493B2 (en) | Systems and methods for detecting and managing recurring electronic communications | |
| US20150169386A1 (en) | Automating software availability management based on api versioning | |
| US9996342B2 (en) | Automatic detection of potential merge errors | |
| US20190087176A1 (en) | Systems and methods for updating multi-tier cloud-based application stacks | |
| US20140344006A1 (en) | Analytics based service catalog management | |
| US10025650B2 (en) | Determining a trace of a system dump | |
| CN111897694A (en) | Method, device and equipment for processing messages in applet and storage medium | |
| CN111666203B (en) | Positioning processing method and device of risk software, electronic equipment and storage medium | |
| CN111026572A (en) | Fault processing method and device of distributed system and electronic equipment | |
| US10897512B2 (en) | Generating push notifications | |
| CN112269706B (en) | Interface parameter verification method, device, electronic equipment and computer readable medium | |
| US20140351656A1 (en) | Tracking of program objects during request processing | |
| CN111654495A (en) | Method, apparatus, device and storage medium for determining traffic generation source | |
| US10637722B2 (en) | Automated remote message management | |
| US9921901B2 (en) | Alerting service desk users of business services outages | |
| CN114661274A (en) | Method and device for generating intelligent contract | |
| CN111831317A (en) | Method and device for acquiring dependency relationship between services, electronic equipment and storage medium | |
| CN111752835A (en) | Test assisting method, device, equipment and storage medium | |
| CN111176982A (en) | Test interface generation method and device | |
| CN111966421A (en) | Page component operation monitoring method, device, equipment and storage medium | |
| CN110554942A (en) | method and device for monitoring code execution | |
| CN115080364A (en) | Application state determination method and device, electronic equipment and storage medium | |
| US11513817B2 (en) | Preventing disruption within information technology environments | |
| US20120137279A1 (en) | In-Context Notification Of An Available Update Of A Computer Program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |