CN111797402A - Method, device and storage medium for detecting software vulnerability - Google Patents
Method, device and storage medium for detecting software vulnerability Download PDFInfo
- Publication number
- CN111797402A CN111797402A CN202010556358.8A CN202010556358A CN111797402A CN 111797402 A CN111797402 A CN 111797402A CN 202010556358 A CN202010556358 A CN 202010556358A CN 111797402 A CN111797402 A CN 111797402A
- Authority
- CN
- China
- Prior art keywords
- target
- version information
- version
- software
- target software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 238000003860 storage Methods 0.000 title claims abstract description 14
- 238000001514 detection method Methods 0.000 claims abstract description 110
- 238000005520 cutting process Methods 0.000 claims description 5
- 238000012790 confirmation Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 20
- 238000012545 processing Methods 0.000 description 13
- 238000004590 computer program Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 6
- 238000012216 screening Methods 0.000 description 5
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 208000003464 asthenopia Diseases 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The application provides a method, a device and a storage medium for detecting software bugs, which are used for improving the accuracy and the efficiency of software bug detection. In the method, if the vulnerability database contains target software in a vulnerability detection instruction, version information corresponding to the target software is obtained from the vulnerability database; matching target version information carried in the vulnerability detection instruction with the acquired version information corresponding to the target software; and determining whether the target software has a bug or not according to the matching result. In the vulnerability detection process, the target software name and the version information corresponding to the target software name are obtained in the vulnerability database according to the target software name, the target version information is matched with the obtained version information, whether the target software has a vulnerability or not is determined according to the matching result, the detection result is directly output, manual confirmation aiming at a plurality of fuzzy detection results is not needed, and the software vulnerability detection accuracy and the detection efficiency are improved.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for detecting software vulnerabilities, and a storage medium.
Background
When detecting whether a certain software or a certain software version has a bug, searching is mainly performed according to the keyword in the software name, so that many searched results are fuzzy search results.
At present, whether vulnerability information of the fuzzy query result influences queried software and software versions or not needs to be analyzed one by one in the fuzzy query result in a manual checking mode, efficiency is low, and manual screening errors are easy to occur.
Disclosure of Invention
The application provides a method and equipment for detecting software bugs, which are used for improving the accuracy and the detection efficiency of software bug detection.
In a first aspect, an embodiment of the present application provides a method for detecting a software vulnerability, where the method includes:
if the vulnerability database contains target software corresponding to the target software name in the vulnerability detection instruction, acquiring version information corresponding to the target software from the vulnerability database;
matching target version information carried in the vulnerability detection instruction with the acquired version information corresponding to the target software;
and determining whether the target software has a bug or not according to the matching result.
According to the method, when vulnerability detection is carried out on software and versions of the software, the name of the target software and corresponding target version information are input as a vulnerability detection instruction, so that in the vulnerability detection process, the name of the target software and the version information corresponding to the name of the target software can be obtained in the vulnerability database according to the name of the target software, then the target version information is matched with the obtained version information, whether the target software has a vulnerability or not is determined according to a matching result, the detection result is directly output in the process, manual confirmation aiming at a plurality of fuzzy detection results is not needed, the software vulnerability detection accuracy and detection efficiency are improved, and meanwhile, labor is saved.
In a possible implementation manner, if the target software corresponding to the target software name in the vulnerability detection instruction is not included in the vulnerability database, it is determined that the target software does not have a vulnerability.
According to the method, whether software corresponding to the software name exists in a vulnerability database or not is determined according to the software name, and if the target software is determined not to be stored in the vulnerability database, the target software is determined not to have a vulnerability, so that the efficiency is improved.
In a possible implementation manner, after the version information corresponding to the target software is acquired from the vulnerability database, if it is determined that the version information corresponding to the target software is not acquired, it is determined that the target software has a vulnerability.
In a possible implementation manner, if the version information corresponding to the acquired target software has a version range;
matching the target version information carried in the vulnerability detection instruction with the acquired version information corresponding to the target software, and the method comprises the following steps:
matching the target version information with the maximum value and/or the minimum value of the version range, and judging whether the target version information is in the version range;
determining whether the target software has a bug according to the matching result, wherein the determining step comprises the following steps:
and if the target version information is in the version range, determining that the target software has a bug and issuing prompt information, otherwise, determining that the target software has no bug.
In a possible implementation manner, if the obtained version information of the target software is at least one specific version;
matching the target version information carried in the vulnerability detection instruction with the acquired version information corresponding to the target software, and the method comprises the following steps:
matching the target version information with the specific version, and judging whether the specific version contains the target version information carried in the vulnerability detection instruction;
determining whether the target software has a bug according to the matching result, wherein the determining step comprises the following steps:
and if the specific version contains target version information, determining that the target software has a bug and issuing prompt information, otherwise, determining that the target software does not have the bug.
In the method, when it is determined that target software in a vulnerability detection instruction is stored in a vulnerability database, version information corresponding to the target software is further acquired in the vulnerability database, namely which versions of the target software have vulnerabilities, and when the version information of the target software is acquired in the vulnerability database, two situations of acquiring the version information of the target software and not acquiring the version information of the target software exist. When the version information of the target software is acquired, determining whether the acquired version range or the specific version is the version range or the specific version, matching the target version information with the acquired version range or the specific version, determining that a bug exists after matching is successful, and issuing prompt information; when the version information of the target software is not acquired, the target version information of the target software is determined to have a bug, prompt information is issued, the target software and the corresponding target version information to have the bug is directly prompted, whether the target software and the corresponding target version information have the bug or not does not need to be manually determined in a plurality of query results, and the software bug detection accuracy and the detection efficiency are improved.
In a possible implementation manner, before matching the target version information carried in the vulnerability detection instruction with the acquired version information corresponding to the target software, the method further includes:
converting the version number corresponding to the target version information and the obtained non-numbers of each version number in the version information corresponding to the target software into dot characters, and replacing a plurality of continuous dot characters with one dot character;
cutting the version information according to points to obtain each target number in each version number in the version information;
and (3) the target digits are expanded in a mode of replacing digits with preset digits according to the unchanged numerical value, and the expanded target digits are spliced and converted into numerical digits.
In the method, when the target version information is matched with the version information corresponding to the target software acquired from the vulnerability library, the version number of the target version information is compared with the version number of the acquired version information, but because one software can correspond to a plurality of versions, and the versions can be divided into a main version and an accurate version, the number of digits during comparison is different, so that errors exist in comparison results.
In a possible implementation manner, the matching of the target version information carried in the vulnerability detection instruction and the acquired version information corresponding to the target software includes:
and if the target version information carried in the vulnerability detection instruction is determined to be the main version, matching with the main version information in the acquired version information, and otherwise, matching with the accurate version information in the version information.
According to the method, in the process of matching version information, namely comparing version numbers, whether the version is the main version or the accurate version can be determined firstly, because the number of bits of the main version is smaller than that of the accurate version, the matching speed in the matching process is higher than that of the accurate version, which version form is determined firstly, and the matching mode is determined, so that the matching efficiency can be improved, and the detection efficiency is finally improved.
In a second aspect, an embodiment of the present application provides an apparatus for detecting a software vulnerability, where the apparatus includes: the acquisition module, the matching module and the determination module, wherein:
the obtaining module is used for obtaining version information corresponding to the target software from the vulnerability database if the vulnerability database contains the target software corresponding to the target software name in the vulnerability detection instruction;
the matching module is used for matching the target version information carried in the vulnerability detection instruction with the acquired version information corresponding to the target software;
and the determining module is used for determining whether the target software has a bug according to the matching result.
In a third aspect, an embodiment of the present application provides a device for detecting a software vulnerability, where the device includes: the software vulnerability detection system comprises at least one processor and at least one memory, wherein the memory stores program codes, and when the program codes are executed by the processor, the processor is specifically used for executing the software vulnerability detection method.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where computer instructions are stored, and when the computer instructions are executed by a processor, the method for detecting a software bug provided in the embodiment of the present application is implemented.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a diagram illustrating fuzzy query results of software vulnerability detection in the related art;
fig. 2 is a schematic diagram of vulnerability information corresponding to a vulnerability header in a vulnerability header list in the related art;
fig. 3 is a scene schematic diagram of software vulnerability detection provided in the embodiment of the present application;
fig. 4 is a flowchart of a method for detecting a software vulnerability according to an embodiment of the present disclosure;
fig. 5 is a schematic interface diagram for detecting a software vulnerability according to an embodiment of the present disclosure;
fig. 6 is another schematic interface diagram for detecting software vulnerabilities according to the embodiment of the present application;
fig. 7 is a flowchart of an overall method for detecting a software vulnerability according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a device for detecting a software vulnerability according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a device for detecting a software vulnerability according to an embodiment of the present application.
Detailed Description
The architecture and the service scenario described in the embodiment of the present application are for more clearly illustrating the technical solution of the embodiment of the present application, and do not form a limitation on the technical solution provided in the embodiment of the present application, and it can be known by a person skilled in the art that with the occurrence of a new service scenario, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.
The technical solutions in the embodiments of the present application will be described in detail and clearly with reference to the accompanying drawings. In the description of the embodiments herein, "/" means "or" unless otherwise specified, for example, a/B may mean a or B; "and/or" in the text is only an association relationship describing an associated object, and means that three relationships may exist, for example, a and/or B may mean: three cases of a alone, a and B both, and B alone exist, and in addition, "a plurality" means two or more than two in the description of the embodiments of the present application.
In the following, the terms "first", "second" are used for descriptive purposes only and are not to be understood as implying or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature, and in the description of embodiments of the application, unless stated otherwise, "plurality" means two or more.
The design concept of the embodiments of the present application will be briefly described below.
At present, when vulnerability detection is carried out on software or a certain version of the software, only a keyword in the name of the software can be used as a vulnerability detection instruction, namely vulnerability detection can be carried out only according to the keyword in the vulnerability detection instruction, and the obtained detection result is a fuzzy detection result, namely the vulnerability detection result of the software containing the keyword.
The fuzzy detection result is displayed to the user in a list form, only the bug titles with relevant key words exist at this time, and the version number, bug information and the like corresponding to each bug title cannot be directly displayed, as shown in fig. 1, the fuzzy detection result is a schematic diagram of the fuzzy query result of software bug detection in the related art. The user needs to check vulnerability information corresponding to each vulnerability header in the fuzzy query result, and screens and determines whether vulnerabilities exist in software to be searched and corresponding version information, as shown in fig. 2, the vulnerability information corresponding to a certain vulnerability header in a vulnerability header list in the related art.
The technical skill can perform fuzzy query when performing vulnerability query on certain software and a corresponding version of the certain software at present, and further manually screening can be performed to determine whether vulnerability exists in the software and the corresponding version information which need to be determined. However, in the manual screening process, due to the fact that information is more, data browsing is not careful enough due to eye fatigue, and therefore the detection result is not accurate enough and long in time.
In view of this, embodiments of the present application provide a method, an apparatus, and a storage medium for detecting a software bug.
According to the method, a target software name and corresponding target version information are used as input parameters in a vulnerability detection instruction, therefore, in the vulnerability detection process, whether target software corresponding to the target software name exists in a vulnerability library or not is determined, after the target software is determined to exist in the vulnerability library, version information corresponding to the target software is determined in the vulnerability library, after the version information corresponding to the target software is obtained from the vulnerability library, the target version information in the vulnerability detection instruction is matched with the obtained version information, according to a matching result, whether the target software has a vulnerability or not is determined, if the matching is successful, the target software is indicated to have the vulnerability, and prompt information is issued. Whether the target software and the corresponding version exist in the vulnerability database is determined according to the name of the target software and the corresponding target version information, after the target software and the corresponding version are determined to exist, the existence of the vulnerability is determined, and prompt information is issued without manual screening, so that the detection efficiency and accuracy are improved, and meanwhile, the human resources are saved.
After introduction of the design concept of the embodiment of the present application, an application scenario of the present application is briefly described below.
As shown in fig. 3, a scene schematic diagram of software vulnerability detection provided in the embodiment of the present application includes a plurality of terminal devices 31 and a server 32.
The terminal device 31 is a device which is provided with various application software and a detection platform for detecting software vulnerabilities, or a device which is not provided with a detection platform for detecting software vulnerabilities but can access the detection platform for detecting software vulnerabilities through a website; the server 32 may be any device capable of providing internet services, and may store a vulnerability database in which a large amount of version information of software having a vulnerability is stored.
In practical applications, the server 32 is communicatively connected to the terminal device 31 through a network, which may be, but is not limited to, a local area network, a metropolitan area network, or a wide area network.
In one possible application scenario, to reduce communication latency, servers 32 may be deployed in various regions; or different servers 32 respectively serve the terminal devices 31 to perform the software vulnerability detection process for load balancing. The plurality of servers 32 may implement data sharing through the blockchain, for example, the plurality of servers 32 implement sharing of the vulnerable software and the corresponding version information through the blockchain.
In the present application, a user starts a detection platform for software vulnerability detection in the terminal device 31, inputs a target software name and corresponding target version information in the detection platform, and determines that a vulnerability detection instruction including the target version information corresponding to the target software name is triggered after triggering a search instruction. The server 32 obtains the name of the target software in the vulnerability detection instruction after receiving the vulnerability detection instruction, determines whether the target software corresponding to the name of the target software exists in the stored vulnerability database, further obtains the version information of the target software in the vulnerability database after determining that the target software corresponding to the name of the target software exists in the vulnerability database, matches the obtained version information with the target version information carried in the vulnerability detection instruction, determines whether a vulnerability exists, determines that the target software and the corresponding version have the vulnerability after determining that the matching is successful, and issues prompt information to prompt a user that the current software version has the vulnerability, actively prompts the user, does not need manual screening, and improves the detection efficiency and accuracy.
In a possible implementation manner, for matching accuracy, processing each version number in the version information corresponding to the target software obtained from the vulnerability database and the version number of the target version information in the vulnerability detection instruction, where the specific processing procedure is as follows:
converting the version number corresponding to the target version information and the obtained non-numbers of each version number in the version information corresponding to the target software into dot characters, and replacing a plurality of continuous dot characters with one dot character;
cutting the version information according to points to obtain each target number in each version number in the version information;
and (3) the target digits are expanded in a mode of replacing digits with preset digits according to the unchanged numerical value, and the expanded target digits are spliced and converted into numerical digits.
In a possible implementation manner, the software vulnerability detection method provided by the application can be applied to a subscription scene, namely, a user triggers a subscription function in a display interface of a detection platform for software vulnerability detection, then the server performs periodic or irregular vulnerability detection aiming at a target software name or target version information in a vulnerability detection instruction, and when a vulnerability is detected, prompt information is issued without being input for the same software for many times by the user, so that the operation is simplified.
It should be noted that the vulnerability database in the present application may be periodically updated, or updated in time when a vulnerability problem is detected through crawler software or the like.
It should be noted that the method for detecting a software vulnerability provided by the present application may be executed in the terminal device 31 or the server 32, and the same steps are not repeated.
The method for detecting software vulnerabilities provided by the present application is described below with reference to the accompanying drawings in combination with the application scenarios described above, which are only shown for the convenience of understanding the spirit and principles of the present application, and the embodiments of the present application are not limited in this respect.
As shown in fig. 4, a flowchart of a method for detecting a software vulnerability provided in the embodiment of the present application includes the following steps:
and 400, if the vulnerability database contains the target software corresponding to the target software name in the vulnerability detection instruction, acquiring the version information corresponding to the target software.
In the application, after a user inputs a name of target software and corresponding target version information and triggers a vulnerability detection instruction, vulnerability detection is performed on the target software corresponding to the name of the target software and the corresponding target version information, and whether vulnerabilities exist in the target software and the corresponding target version information is detected.
As shown in fig. 5, an interface schematic diagram for detecting software vulnerabilities provided in the embodiment of the present application includes an input box of a name of target software, an input box of corresponding target version information, and a key for triggering search.
And after determining that the user triggers the vulnerability detection instruction, acquiring the target software name and/or target version information carried in the vulnerability detection instruction.
It should be noted that, a user may only detect a certain software, and will not detect whether a certain version of the software has a bug, so that only the name of the software may be input; whether a certain version of software has a bug or not can also be detected, and the target version information can be a main version or an accurate version.
And after the target software name in the vulnerability detection instruction is obtained, determining whether target software corresponding to the target software name exists in the vulnerability database according to the target software name.
In a possible implementation manner, if the target software corresponding to the target software name in the vulnerability detection instruction is not contained in the vulnerability database, it is determined that the target software has no vulnerability.
In a possible implementation manner, the vulnerability database includes target software corresponding to a target software name in the vulnerability detection instruction, and further obtains version information corresponding to the target software from the vulnerability database.
When the version information corresponding to the target software is acquired from the vulnerability, two situations exist, namely acquiring the version information corresponding to the target software from the vulnerability database and not acquiring the version information corresponding to the target software.
When the case one: and when the version information corresponding to the target software is not acquired from the vulnerability database, the target version information cannot be matched, and the target software is proved to have a vulnerability.
When the case two: when the version information corresponding to the target software is acquired from the bug, matching is performed on the target version information and the acquired version information, which is described in detail in the implementation of step 402.
It should be noted that the software name with the bug and the version information of the bug corresponding to the software name are stored in the bug base, for example, if the software name a is stored in the bug base and the corresponding version information is 1.1.01, it indicates that the software a in version 1.1.01 has the bug.
In a possible implementation manner, the software vulnerability detection method can also be used in a subscription scenario, that is, vulnerability detection is performed on the target software name and the corresponding target version information in the vulnerability detection instruction at regular time.
Specifically, the user may select a subscription function when inputting the name of the target software and the corresponding target version information. Fig. 6 is a schematic view of another interface for detecting software vulnerabilities provided in the embodiment of the present application. As can be seen from fig. 6, the interface includes not only the input box of the target software name and the input box of the target version information, but also the optional "subscribe". When the user selects the 'subscription' item, the bug detection instruction also comprises a timing detection instruction. The timing detection may be selected by a user, may be a preset detection period, and may also be a detection performed when it is detected that the target software corresponding to the target software name has a version update.
And after the version information corresponding to the target software is acquired from the vulnerability database, matching the acquired version information corresponding to the target software with the target version information carried in the vulnerability detection instruction.
Before matching, it is determined whether version information corresponding to the acquired target software has a version range, such as greater than a first version, or less than a second version, or greater than a third version and less than a fourth version.
Case a: and when the version information corresponding to the acquired target software is determined to have the version range, matching the target version information with the version range, determining whether the target version information is in the version range, if so, determining that the matching is successful, otherwise, determining that the matching is failed.
Specifically, when the target version information is matched with the version range corresponding to the acquired target software, the version number corresponding to the target version information is mainly matched with the upper limit version number and/or the lower limit version number of the version range corresponding to the acquired target software.
For example, the version range corresponding to the obtained target software is as follows: the version number corresponding to the target version information is compared with m and n, and whether the version number corresponding to the target version information is in an interval which is greater than or equal to m and less than or equal to n is determined; or
The version ranges are: if the version number is less than or equal to n, comparing the version number corresponding to the target version information with n, and determining whether the version number of the target version information is less than or equal to n; or
The version ranges are: and if the version number is larger than or equal to m, comparing the version number corresponding to the target version information with m, and determining whether the version number of the target version information is larger than or equal to m.
In the application, in the process of matching the version number of the target version information with the version number of the version information corresponding to the acquired target software, in order to ensure the accuracy of matching, the version number of the target version information and each version number in the acquired version information corresponding to the target software are processed, and the specific processing process is as follows:
converting non-numbers in the version number into dot characters, and replacing a plurality of continuous dot characters with one dot character;
cutting the replaced version number according to points to obtain each target number in the version number;
and (4) expanding the target digits in a mode of replacing digits with preset digits according to the unchanged numerical value, and splicing the expanded target digits.
And processing and explaining the version number of the version range by taking the version information of the acquired target software as the version range, and only processing the upper limit and/or the lower limit of the version range when processing the version number of the version range. For example, the version range corresponding to the version information of the target software is as follows: 9.0. M1 or more and 9.0.0.M11 or less; only version numbers 9.0.0.M1 and 9.0.0.M11 were processed at this time.
Replacing "M" in 9.0.0.M1 and 9.0.0.M11 with ". multidot.", converting to 9.0.0..1 and 9.0.0.. 11;
replacing a plurality of consecutive points with one point, converting to 9.0.0.1 and 9.0.0.11;
dividing 9.0.0.1 into points to obtain target numbers in the version number, namely number 9, number 0 and number 1; and then, the target digit is expanded in a mode of replacing the digit with a preset digit according to the unchanged numerical value. In the application, the preset number of bits is set to 8 bits, since less than 8 bits can affect the matching accuracy, and the amount of calculation is large in the matching process of more than 8 bits. Therefore, after the expansion, the following are respectively: 00000009, 00000000, 00000001, and finally splicing the expanded data to convert the expanded data into 9000000000000000000000001; 9.0.0.11 is processed in the same way and is converted into a numerical number 9000000000000000000000011; the version information of the target software at this time corresponds to a version range [9000000000000000000000001,9000000000000000000000011 ].
In the present application, if the version range corresponding to the version information of the target software only has the upper limit value, for example, less than or equal to 9.0.0.M11, only 9.0.0.M11 is processed, and the lower limit value of the version range corresponding to the version information of the target software is 0, so the version range corresponding to the version information of the target software is [0,9000000000000000000000011 ]; or
If the version range corresponding to the version information of the target software only has a lower limit value, for example, greater than or equal to 9.0.0.M1, only 9.0.0.M1 is processed, and each bit in the upper limit value of the version range corresponding to the version information of the target software is filled with "9", so that the version range corresponding to the version information of the target software is [900000000000000000000001,99999999999999999999999999999999 ].
In a possible implementation manner, when the version range corresponding to the version information of the target software is greater than 9.0.0.M1 and less than 9.0.0.M11, 9.0.0.M1 and 9.0.0.M11 are processed first to form processed 9000000000000000000000001 and 9000000000000000000000011, respectively, because the version range corresponding to the version information of the target software does not include 9.0.0.M1 and 9.0.0.M11, that is, does not include 9000000000000000000000001 and 9000000000000000000000011. Thus, 1 was added to 9000000000000000000000001 to give 9000000000000000000000002; performing minus 1 treatment on 9000000000000000000000011 to obtain 9000000000000000000000010; the version information of the final target software corresponds to a version range [9000000000000000000000002,9000000000000000000000010 ].
Similarly, the version number in the target version information is processed, and the processed version number is matched with the version number in the version range corresponding to the version information of the target software obtained through the processing.
For example, the version range corresponding to the processed version information of the target software is [9000000000000000000000001,9000000000000000000000011], the version number of the target version information is 9.0.0.M3, 9000000000000000000000003 is formed after the processing, and at this time, in the range of [9000000000000000000000001,9000000000000000000000011], it is indicated that a bug exists.
Case B: when the version information of the acquired target software does not have a version range, determining that the version information corresponding to the acquired target software is at least one specific version, matching the target version information with the at least one specific version corresponding to the acquired target software one by one, namely matching the version number of the target version information with the version number of the specific version corresponding to the acquired target software, and judging whether the version number of the specific version corresponding to the acquired target software contains the version number of the target version information.
It should be noted that, in the process of performing matching, the version needs to be processed, and the processing process is similar to that in case a, and is not described herein again.
In a possible implementation manner, when the target version information is matched with the acquired version information corresponding to the target software, whether the target version information is a main version or an accurate version is determined, if the target version information is the main version, the main version is matched, and if the target version information is the accurate version, the accurate version is matched.
Taking the target version information as a main version, and taking the version range corresponding to the target software in the vulnerability database as an example: for example, 9.2 for the major version; the version ranges corresponding to the target software are greater than or equal to 9.0.0.M1 and less than or equal to 9.10.0.M11, the corresponding version search range is [900000000,900000010], that is, whether 900000002 is greater than or equal to 90000000 and less than or equal to 900000010 is determined, if yes, it is determined that a leak exists, at this time, it is not necessary to process all target numbers obtained by point division from the version information corresponding to the target software, only the target numbers corresponding to the main version need to be processed, and the calculation pressure is reduced.
And step 402, determining whether the target software has a bug according to the matching result.
In the application, if the matching is successful, the existence of the bug is determined, and the prompt message is issued; and if the matching fails, determining that no loophole exists.
The hint information includes, but is not limited to: short message prompt, mail prompt and voice prompt.
It should be noted that the prompt information also includes the existing bug problem and the corresponding solution.
As shown in fig. 7, an overall method flowchart for detecting a software vulnerability provided in the embodiment of the present application includes the following steps:
Based on the same inventive concept, the embodiment of the present application further provides a device for detecting a software bug, the device is used for implementing the method for detecting a software bug in the present application, and the principle of the device for solving the problem is similar to that of the method, so that the implementation of the device can refer to the implementation of the method in the present application, and repeated details are not repeated.
As shown in fig. 8, which is a schematic structural diagram of an apparatus 800 for detecting a software vulnerability provided in the embodiment of the present application, the apparatus 800 includes: an obtaining module 801, a matching module 802 and a determining module 803, wherein:
an obtaining module 801, configured to obtain version information corresponding to target software if the target software corresponding to the target software name in the vulnerability detection instruction is included in the vulnerability database;
a matching module 802, configured to match target version information carried in the vulnerability detection instruction with the acquired version information corresponding to the target software;
and the determining module 803 is configured to determine whether the target software has a bug according to the matching result.
In a possible implementation manner, the obtaining module 801 is further configured to:
and if the target software corresponding to the target software name in the vulnerability detection instruction is not contained in the vulnerability library, determining that the target software has no vulnerability.
In a possible implementation manner, the obtaining module 801 is further configured to:
after the version information corresponding to the target software is acquired in the vulnerability database, if the version information corresponding to the target software is determined not to be acquired in the vulnerability database, the target software is determined to have a vulnerability, and prompt information is issued.
In a possible implementation manner, if the version information corresponding to the acquired target software has a version range;
the matching module 802 is specifically configured to: matching the target version information with the maximum value and/or the minimum value of the version range, and judging whether the target version information is in the version range;
the determining module 803 is specifically configured to: and if the target version information is in the version range, determining that the target software has a bug and issuing prompt information, otherwise, determining that the target software has no bug.
In a possible implementation manner, if the obtained version information of the target software is at least one specific version;
the matching module 802 is specifically configured to: matching the target version information with the specific version, and judging whether the specific version contains the target version information carried in the vulnerability detection instruction;
the determining module 803 is specifically configured to: and if the specific version contains target version information, determining that the target software has a bug and issuing prompt information, otherwise, determining that the target software does not have the bug.
In one possible implementation, the matching module 802 is further configured to:
before matching target version information carried in a vulnerability detection instruction with the acquired version information corresponding to the target software, converting non-numbers of version numbers in the version number corresponding to the target version information and the acquired version information corresponding to the target software into dot characters, and replacing a plurality of continuous dot characters with one dot character;
cutting the version information according to points to obtain each target number in each version number in the version information;
and (3) the target digits are expanded in a mode of replacing digits with preset digits according to the unchanged numerical value, and the expanded target digits are spliced and converted into numerical digits.
In one possible implementation, the matching module 802 is specifically configured to:
and if the target version information carried in the vulnerability detection instruction is determined to be the main version, matching with the main version information in the acquired version information, and otherwise, matching with the accurate version information in the version information.
For convenience of description, the above parts are separately described as units (or modules) according to functional division. Of course, the functionality of the various elements (or modules) may be implemented in the same one or more pieces of software or hardware in practicing the present application.
After the method and the device for detecting software vulnerabilities according to the exemplary embodiment of the present application are introduced, a device for detecting software vulnerabilities according to another exemplary embodiment of the present application is introduced next.
As will be appreciated by one skilled in the art, aspects of the present application may be embodied as a system, method or program product. Accordingly, various aspects of the present application may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
In a possible implementation manner, an embodiment of the present application further provides a device for detecting a software bug. Fig. 9 is a diagram illustrating an apparatus structure for detecting a software vulnerability according to an embodiment of the present application. The device may include at least a memory 901, a processor 902, and a bus 903.
The memory 901 and the processor 902 are connected through a bus 903, and the bus 903 is used for transmitting data between the memory 901 and the processor 902;
the memory 901 stores program code that, when executed by the processor 902, causes the processor 902 to perform any of the steps of the methods of software vulnerability detection of the various exemplary embodiments herein.
For details, the method steps for executing the software bug detection may refer to the above method embodiments, and are not described herein again.
An embodiment of the present application provides a readable storage medium, which is a non-volatile storage medium, and the readable storage medium is a non-volatile readable storage medium, and includes a program code, and when the program code runs on a computing device, the program code is configured to cause the computing device to perform any step in the above method for detecting a software vulnerability.
Embodiments of the present application provide a computer program product comprising instructions that, when run on a computer, cause the computing device to perform any of the steps of the above-described method of software vulnerability detection.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (10)
1. A method for detecting software bugs is characterized in that the method comprises the following steps:
if the vulnerability database contains target software corresponding to the target software name in the vulnerability detection instruction, acquiring version information corresponding to the target software in the vulnerability database;
matching the target version information carried in the vulnerability detection instruction with the acquired version information corresponding to the target software;
and determining whether the target software has a bug or not according to the matching result.
2. The method of claim 1, further comprising:
and if the target software corresponding to the target software name in the vulnerability detection instruction is not contained in the vulnerability library, determining that the target software has no vulnerability.
3. The method of claim 1, wherein after obtaining the version information corresponding to the target software in the vulnerability library, further comprising:
and if the version information corresponding to the target software is not obtained in the vulnerability database, determining that the target software has a vulnerability and issuing prompt information.
4. The method according to claim 1, wherein if the version information corresponding to the acquired target software has a version range;
matching the target version information carried in the vulnerability detection instruction with the acquired version information corresponding to the target software, comprising:
matching the target version information with the maximum value and/or the minimum value of the version range, and judging whether the target version information is in the version range;
determining whether the target software has a bug according to the matching result, wherein the determining comprises the following steps:
and if the target version information is in the version range, determining that the target software has a bug and issuing prompt information, otherwise, determining that the target software has no bug.
5. The method according to claim 1, wherein if the acquired version information of the target software is at least one specific version;
matching the target version information carried in the vulnerability detection instruction with the acquired version information corresponding to the target software, comprising:
matching the target version information with the specific version, and judging whether the specific version contains the target version information carried in the vulnerability detection instruction;
determining whether the target software has a bug according to the matching result, wherein the determining comprises the following steps:
and if the specific version contains the target version information, determining that the target software has a bug and issuing prompt information, otherwise, determining that the target software has no bug.
6. The method according to any one of claims 1 to 5, wherein before matching the target version information carried in the vulnerability detection instruction with the acquired version information corresponding to the target software, the method further comprises:
converting the version number corresponding to the target version information and the obtained non-numbers of each version number in the version information corresponding to the target software into dot characters, and replacing a plurality of continuous dot characters with one dot character;
cutting the version information according to points to obtain each target number in each version number in the version information;
and replacing the digit with a preset digit for expansion according to the unchanged numerical value of the target digit, and splicing and converting each expanded target digit into a numerical digit.
7. The method according to any one of claims 1 to 5, wherein the matching of the target version information carried in the vulnerability detection instruction with the acquired version information corresponding to the target software comprises:
and if the target version information carried in the vulnerability detection instruction is determined to be the main version, matching with the main version information in the acquired version information, and otherwise, matching with the accurate version information in the version information.
8. An apparatus for detecting software vulnerabilities, the apparatus comprising: the acquisition module, the matching module and the determination module, wherein:
the obtaining module is used for obtaining version information corresponding to the target software from the vulnerability database if the vulnerability database contains the target software corresponding to the target software name in the vulnerability detection instruction;
the matching module is used for matching the target version information carried in the vulnerability detection instruction with the acquired version information corresponding to the target software;
and the determining module is used for determining whether the target software has a bug or not according to the matching result.
9. An apparatus for detecting software vulnerabilities, the apparatus comprising: at least one processor and at least one memory, wherein the memory stores program code, and the processor is specifically configured to perform the method according to any one of claims 1 to 7 when the program code is executed by the processor.
10. A computer-readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010556358.8A CN111797402A (en) | 2020-06-17 | 2020-06-17 | Method, device and storage medium for detecting software vulnerability |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010556358.8A CN111797402A (en) | 2020-06-17 | 2020-06-17 | Method, device and storage medium for detecting software vulnerability |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111797402A true CN111797402A (en) | 2020-10-20 |
Family
ID=72803530
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010556358.8A Pending CN111797402A (en) | 2020-06-17 | 2020-06-17 | Method, device and storage medium for detecting software vulnerability |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111797402A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113312631A (en) * | 2021-06-11 | 2021-08-27 | 杭州安恒信息安全技术有限公司 | Vulnerability detection method and related device |
| CN113778509A (en) * | 2021-08-13 | 2021-12-10 | 国网河北省电力有限公司电力科学研究院 | Method for determining version of open source component, storage medium and electronic device |
| CN116795452A (en) * | 2023-07-20 | 2023-09-22 | 龙芯中科(北京)信息技术有限公司 | Method, device and equipment for determining compatibility of driving program |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060236083A1 (en) * | 2005-04-18 | 2006-10-19 | Research In Motion Limited | Method and system for controlling software version updates |
| CN103473505A (en) * | 2012-06-06 | 2013-12-25 | 腾讯科技(深圳)有限公司 | Scanning prompt method and device for software vulnerabilities |
| CN106446691A (en) * | 2016-11-24 | 2017-02-22 | 工业和信息化部电信研究院 | Method and device for detecting integrated or customized open source project bugs in software |
| CN107301058A (en) * | 2017-08-28 | 2017-10-27 | 四川长虹电器股份有限公司 | Implement the method for television system OTA upgradings based on version number's Discrete control |
| CN108449261A (en) * | 2018-03-19 | 2018-08-24 | 腾讯科技(深圳)有限公司 | Message prompt method, message version processing method, device and storage medium |
| CN108989299A (en) * | 2018-07-03 | 2018-12-11 | 杭州安恒信息技术股份有限公司 | A kind of monitoring method and system of internet of things equipment loophole |
| CN109241748A (en) * | 2018-11-28 | 2019-01-18 | 郑州云海信息技术有限公司 | A method of based on software version number identification software loophole |
| CN110569648A (en) * | 2019-09-16 | 2019-12-13 | 杭州安恒信息技术股份有限公司 | method and device for organizing version cave library |
-
2020
- 2020-06-17 CN CN202010556358.8A patent/CN111797402A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060236083A1 (en) * | 2005-04-18 | 2006-10-19 | Research In Motion Limited | Method and system for controlling software version updates |
| CN103473505A (en) * | 2012-06-06 | 2013-12-25 | 腾讯科技(深圳)有限公司 | Scanning prompt method and device for software vulnerabilities |
| CN106446691A (en) * | 2016-11-24 | 2017-02-22 | 工业和信息化部电信研究院 | Method and device for detecting integrated or customized open source project bugs in software |
| CN107301058A (en) * | 2017-08-28 | 2017-10-27 | 四川长虹电器股份有限公司 | Implement the method for television system OTA upgradings based on version number's Discrete control |
| CN108449261A (en) * | 2018-03-19 | 2018-08-24 | 腾讯科技(深圳)有限公司 | Message prompt method, message version processing method, device and storage medium |
| CN108989299A (en) * | 2018-07-03 | 2018-12-11 | 杭州安恒信息技术股份有限公司 | A kind of monitoring method and system of internet of things equipment loophole |
| CN109241748A (en) * | 2018-11-28 | 2019-01-18 | 郑州云海信息技术有限公司 | A method of based on software version number identification software loophole |
| CN110569648A (en) * | 2019-09-16 | 2019-12-13 | 杭州安恒信息技术股份有限公司 | method and device for organizing version cave library |
Non-Patent Citations (1)
| Title |
|---|
| 特雷比西亚国王: "分割版本号,比较版本号大小", pages 1 - 2, Retrieved from the Internet <URL:https://blog.csdn.net/tlbxygw/article/details/8007883> * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113312631A (en) * | 2021-06-11 | 2021-08-27 | 杭州安恒信息安全技术有限公司 | Vulnerability detection method and related device |
| CN113778509A (en) * | 2021-08-13 | 2021-12-10 | 国网河北省电力有限公司电力科学研究院 | Method for determining version of open source component, storage medium and electronic device |
| CN116795452A (en) * | 2023-07-20 | 2023-09-22 | 龙芯中科(北京)信息技术有限公司 | Method, device and equipment for determining compatibility of driving program |
| CN116795452B (en) * | 2023-07-20 | 2024-04-02 | 龙芯中科(北京)信息技术有限公司 | Method, device and equipment for determining compatibility of driving program |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110209496B (en) | Task fragmentation method and device based on data processing and fragmentation server | |
| CN111797402A (en) | Method, device and storage medium for detecting software vulnerability | |
| US8904352B2 (en) | Systems and methods for processing source code during debugging operations | |
| US20180096146A1 (en) | Method and apparatus for identifying malicious software | |
| CN105389177A (en) | Software version confirmation method, device and system | |
| CN110851539A (en) | Metadata verification method and device, readable storage medium and electronic equipment | |
| CN112364014B (en) | Data query method, device, server and storage medium | |
| CN111708771A (en) | Data duplicate checking method, device, equipment and computer storage medium | |
| CN108415998B (en) | Application dependency relationship updating method, terminal, device and storage medium | |
| CN111181805B (en) | Micro-service test baffle generation method and system based on test case | |
| CN112800197A (en) | Method and device for determining target fault information | |
| CN112181430A (en) | Code change statistical method and device, electronic equipment and storage medium | |
| CN106708897B (en) | Data warehouse quality guarantee method, device and system | |
| CN108763053B (en) | Method for generating buried point name and terminal equipment | |
| CN115190010B (en) | Distributed recommendation method and device based on software service dependency relationship | |
| CN112988776B (en) | Method, device and equipment for updating text parsing rule and readable storage medium | |
| CN112256517B (en) | Log analysis method and device of virtualization platform based on LSTM-DSSM | |
| CN114443721A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN109348304B (en) | Bullet screen data verification method and device and terminal | |
| CN112698883A (en) | Configuration data processing method, device, terminal and storage medium | |
| CN110704729A (en) | Application search method and cloud server | |
| CN109542906B (en) | Equipment determination method and device | |
| CN116450250B (en) | Dynamic scenario execution method, system and storage medium | |
| CN116483735B (en) | Method, device, storage medium and equipment for analyzing influence of code change | |
| CN112181539B (en) | File processing method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |