CN111859403B - Dependency vulnerability determination method and device, electronic equipment and storage medium - Google Patents
Dependency vulnerability determination method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111859403B CN111859403B CN202010754824.3A CN202010754824A CN111859403B CN 111859403 B CN111859403 B CN 111859403B CN 202010754824 A CN202010754824 A CN 202010754824A CN 111859403 B CN111859403 B CN 111859403B
- Authority
- CN
- China
- Prior art keywords
- batch
- dependency relationship
- job
- jobs
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The embodiment of the disclosure provides a method, a device, electronic equipment and a storage medium for determining dependency vulnerability, which can be used in the field of information security or finance. The method comprises the following steps: acquiring actual dependency relationships among a plurality of batch jobs in the process of executing the plurality of batch jobs, wherein the plurality of batch jobs are jobs which call the same batch file; acquiring a preset dependency relationship among a plurality of batch jobs predefined in a job control system; and determining a result for representing the possibility of vulnerability of the preset dependency relationship in the job control system according to the actual dependency relationship and the preset dependency relationship among the plurality of batch jobs.
Description
Technical Field
The embodiment of the disclosure relates to the technical field of computers, in particular to a method, a device, electronic equipment and a storage medium for determining dependency loopholes in batch operation.
Background
The host batch application system calls a batch operation program through batch operation of the host, the batch operation program accesses batch files to obtain processing results, and the processing results are stored in the batch files.
Because the host batch application system itself has a logic relationship, that is, it requires sequential execution between some batch jobs, and another part of batch jobs do not require sequential execution, for the batch jobs that do not require sequential execution, in order to improve the efficiency of the batch jobs, it is necessary to make parallel execution of the batch jobs that require sequential execution, and for the batch jobs that require sequential execution, it is necessary to ensure that the sequential execution relationship between the batch jobs is correct, and the sequential execution between the batch jobs is generally controlled by the job control system (TIVOLI WORKLOAD SCHEDULER FOR Z/OS, TWS) of the host, so, in order to ensure the efficiency of the batch jobs and improve the correctness of the batch jobs, it is necessary to ensure that the sequential execution relationship between the batch jobs set in the job control system is correct. The sequential execution refers to providing a batch file obtained after one batch job is executed for another batch job to use. Two batch files with sequential execution relationships are referred to as batch files with dependency relationships (i.e., a front-to-back relationship).
In the process of implementing the disclosed concept, the inventor finds that at least the following problems exist in the related art: the related technology is difficult to realize to determine whether the set dependency relationship in the operation control system has loopholes.
Disclosure of Invention
In view of this, an embodiment of the present disclosure provides a method, an apparatus, an electronic device, and a storage medium for determining a dependency vulnerability in batch operations.
An aspect of an embodiment of the present disclosure provides a method for determining a dependency vulnerability in batch job, where the method includes: acquiring actual dependency relationships among a plurality of batch jobs in the process of executing the batch jobs, wherein the batch jobs are jobs which call the same batch file; acquiring a preset dependency relationship among the plurality of batch jobs predefined in the job control system; and determining a result for representing the possibility of vulnerability of the preset dependency relationship in the job control system according to the actual dependency relationship among the plurality of batch jobs and the preset dependency relationship.
According to an embodiment of the present disclosure, the determining, according to the actual dependency relationship between the plurality of batch jobs and the preset dependency relationship, a result for characterizing a possibility that a bug exists in the preset dependency relationship in the job control system includes: under the condition that the actual dependency relationship among the plurality of batch jobs is inconsistent with the preset dependency relationship, determining that the preset dependency relationship with loopholes exists in the job control system; and determining that the preset dependency relationship in the job control system is normal when the actual dependency relationship among the plurality of batch jobs and the preset dependency relationship are consistent.
According to an embodiment of the present disclosure, in a case where there is an inconsistency between the actual dependency relationship between the plurality of batch jobs and the preset dependency relationship, the method further includes: and storing the target batch operation corresponding to the preset dependency relationship with the loopholes into an in-doubt data table.
According to an embodiment of the present disclosure, after storing the target batch job corresponding to the preset dependency relationship with the vulnerability in the in-doubt data table, the method further includes: acquiring access time set for each batch job in the target batch job in the job control system; and determining that a preset dependency relationship corresponding to the target batch job in the job control system is normal when the access time set for each batch job in the target batch job is different.
According to an embodiment of the present disclosure, after storing the target batch job corresponding to the preset dependency relationship with the vulnerability in the in-doubt data table, the method further includes: and when the target batch job is an invalid batch job, determining that a preset dependency relationship corresponding to the target batch job in the job control system is normal.
According to an embodiment of the present disclosure, after storing the target batch job corresponding to the preset dependency relationship with the vulnerability in the in-doubt data table, the method further includes: determining a batch file corresponding to the target batch job; and determining that a preset dependency relationship corresponding to the target batch job in the job control system is normal when the batch file corresponding to the target batch job is an invalid batch file.
According to an embodiment of the present disclosure, the obtaining the actual dependency relationship between the plurality of batch jobs during execution of the plurality of batch jobs includes: acquiring an access mode corresponding to each batch operation; and determining the actual dependency relationship among the plurality of batch jobs according to the access mode corresponding to each batch job.
According to an embodiment of the present disclosure, determining the actual dependency relationship between the plurality of batch jobs according to the access manner corresponding to each batch job includes: when at least one of the access modes of the two batch jobs is a write mode or a modification mode, the two batch jobs are determined to have an actual dependency relationship.
According to an embodiment of the present disclosure, the obtaining a preset dependency relationship between the plurality of batch jobs predefined in the job control system includes: determining a direct dependency relationship between two batch jobs set in the job control system; determining an indirect dependency relationship between the two batch jobs set in the job control system, wherein the indirect dependency relationship characterizes that other batch jobs are included between the two batch jobs; and obtaining a preset dependency relationship between the two batch jobs according to the direct dependency relationship and the indirect dependency relationship.
Another aspect of the embodiments of the present disclosure provides a device for determining a dependency vulnerability in batch job, where the device includes: the first acquisition module is used for acquiring actual dependency relationships among a plurality of batch jobs in the process of executing the batch jobs, wherein the batch jobs are jobs which call the same batch file; the second acquisition module is used for acquiring a preset dependency relationship among the plurality of batch jobs predefined in the job control system; and the first determining module is used for determining a result for representing the possibility of vulnerability of the preset dependency relationship in the job control system according to the actual dependency relationship among the plurality of batch jobs and the preset dependency relationship.
Another aspect of an embodiment of the present disclosure provides an electronic device, including: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method as described above.
Another aspect of the disclosed embodiments provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to implement a method as described above.
Another aspect of the disclosed embodiments provides a computer program comprising computer executable instructions which, when executed, are adapted to carry out the method as described above.
According to the embodiment of the disclosure, by acquiring the actual dependency relationship among a plurality of batch jobs in the process of executing the plurality of batch jobs, the plurality of batch jobs are jobs which call the same batch file, and acquiring the preset dependency relationship among the plurality of batch jobs which are predefined in the job control system, on the basis, a result for representing the possibility of loopholes of the preset dependency relationship in the job control system is determined according to the actual dependency relationship and the preset dependency relationship among the plurality of batch jobs. Because the preset dependency relationship among the plurality of batch jobs is verified according to the actual dependency relationship among the plurality of batch jobs, the method and the device realize more accurate determination of whether the set dependency relationship in the job control system has the loopholes, thereby at least partially overcoming the technical problem that the determination of whether the set dependency relationship in the job control system has the loopholes is difficult to realize in the related technology. In addition, since the preset dependency relationship among the plurality of batch jobs is verified according to the actual dependency relationship among the plurality of batch jobs, the problem that the correctness of the preset dependency relationship set by the job control system is difficult to verify in a test mode and the problem that the dependency relationship set in the job control system is difficult to adjust in a manual mode are also solved.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments thereof with reference to the accompanying drawings in which:
FIG. 1 schematically illustrates an exemplary system architecture to which a method of determining dependency vulnerabilities in batch jobs may be applied, in accordance with an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow diagram of a method of determining dependency vulnerabilities in a batch job, in accordance with an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow diagram of another method of determining dependency vulnerabilities in batch jobs, in accordance with an embodiment of the present disclosure;
FIG. 4 schematically illustrates a block diagram of a determination apparatus of dependency vulnerabilities in batch jobs, according to an embodiment of the present disclosure; and
fig. 5 schematically illustrates a block diagram of an electronic device adapted to implement a method of determining dependency vulnerabilities in batch jobs, according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a formulation similar to at least one of "A, B or C, etc." is used, in general such a formulation should be interpreted in accordance with the ordinary understanding of one skilled in the art (e.g. "a system with at least one of A, B or C" would include but not be limited to systems with a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
At present, the host batch application system has a large number of batch jobs controlled by the job control system, so that the parallel relation among the batch jobs is difficult to count. For example, in actual production, the number of batch jobs is sometimes more than 12 ten thousand, the number of batch files used in the batch jobs in operation is more than 100 ten thousand, the direct dependency relationship set by the job control system is more than 30 ten thousand, and the number of nesting layers of the indirect dependency relationship is most than 200 layers.
Dependencies between batch jobs may include direct dependencies and indirect dependencies. Illustratively, if there is a direct dependency between batch job A and batch job B, and a direct dependency between batch job B and batch job C, then there is an indirect dependency between batch job A and batch job C. An indirect dependency may be understood as including other batch jobs between two batch jobs.
In addition, the dependency relationship may also be referred to as a context relationship. Accordingly, a direct dependency may be referred to as a direct context, and an indirect dependency may be referred to as an indirect context. In addition, direct dependencies may also be referred to as immediate relationships, and indirect dependencies may also be referred to as non-immediate relationships. I.e., direct dependencies, direct predecessor and successor relationships, and immediately preceding relationships may represent the same meaning. Indirect dependencies, indirect predecessor and successor relationships, and non-immediate relationships may represent the same meaning.
If the host batch application system requires an add-on function or a modify function, the dependency of the settings by the job control system typically also requires a corresponding adjustment. If the dependency relationship set in the job control system is missing, that is, the dependency relationship has a bug, an operation sequence between batch jobs may be wrong, and the wrong operation sequence may cause production problems, such as financial data errors, thereby causing loss of manpower and financial resources. In the process of implementing the disclosed concept, the inventor finds that, in order to solve the above problems, the related art provides the following ways: the developer adjusts the dependency relationship by virtue of the memory, and verifies the correctness of the dependency relationship set by the operation control system in a test mode.
In the process of implementing the present disclosure, the inventor finds that at least the following technical problems exist in the related art: it is difficult for developers to effectively control in complex host batch application systems, i.e., to find effective means in the development environment to ensure the correctness of the dependency relationship (i.e., batch job scheduling) set by the job control system. Because the running time of the batch job program can be changed due to the changes of the program processing data amount, the host resource condition and the like, namely, the running sequence of the batch job program is different for the same data and the same batch job program if the host resource condition is different, the complete test of the dependency relationship set by the job control system through the test is difficult to complete in a limited time, namely, the complete test of the dependency relationship is difficult to realize by adopting an effective test means during the test.
In order to solve the technical problems in the related art and realize more accurate determination of whether the dependency relationship set in the job control system has a bug, the inventor finds that the actual dependency relationship among a plurality of batch jobs in the process of executing the plurality of batch jobs can be obtained from a job library, wherein the plurality of batch jobs are jobs which call the same batch file. The preset dependency relationship between a plurality of batch jobs predefined in the job control system may be acquired. On the basis, the preset dependency relationship among the plurality of batch jobs can be compared with the actual dependency relationship among the plurality of batch jobs, so that a result for representing the possibility of loopholes of the preset dependency relationship in the job control system is obtained. The actual dependency relationship is a dependency relationship corresponding to execution of batch jobs, and the preset dependency relationship is a dependency relationship set by the job control system. The possibility that the preset dependency relationship has the loopholes refers to whether the preset dependency relationship has the loopholes or not. The following description will be made with reference to specific embodiments.
The embodiment of the disclosure provides a method and a device for determining dependency loopholes in batch operation and electronic equipment capable of applying the method. The method, the device and the electronic equipment for determining the dependency relationship can be used for treating loopholes of dependency relationship in batch operation in the field of information security or the field of finance, and can be used for any field except the field of information security or the field of finance. The method comprises the steps of obtaining actual dependency relationships among a plurality of batch jobs in the process of executing the plurality of batch jobs, wherein the plurality of batch jobs are jobs which call the same batch file, obtaining preset dependency relationships among the plurality of batch jobs which are predefined in a job control system, and determining a result for representing the possibility of loopholes of the preset dependency relationships according to the actual dependency relationships and the preset dependency relationships among the plurality of batch jobs.
FIG. 1 schematically illustrates an exemplary system architecture 100 in which a method of determining dependency vulnerabilities in batch jobs may be applied, in accordance with an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which embodiments of the present disclosure may be applied to assist those skilled in the art in understanding the technical content of the present disclosure, but does not mean that embodiments of the present disclosure may not be used in other devices, systems, environments, or scenarios.
As shown in fig. 1, a system architecture 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired and/or wireless communication links, and the like.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications may be installed on the terminal devices 101, 102, 103, such as banking class applications, shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients and/or social platform software, to name a few.
The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that, the method for determining dependency loopholes in batch jobs provided by the embodiments of the present disclosure may be generally performed by the server 105. Accordingly, the device for determining dependency vulnerabilities in batch jobs provided by the embodiments of the present disclosure may be generally disposed in the server 105. The method for determining dependency vulnerabilities in batch jobs provided by embodiments of the present disclosure may also be performed by a server or a cluster of servers other than server 105 and capable of communicating with terminal devices 101, 102, 103 and/or server 105. Accordingly, the device for determining dependency vulnerabilities in batch jobs provided by the embodiments of the present disclosure may also be disposed in a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
FIG. 2 schematically illustrates a flow diagram of a method of determining dependency vulnerabilities in a batch job, in accordance with an embodiment of the present disclosure.
As shown in fig. 2, the method includes operations S210 to S230.
In operation S210, an actual dependency relationship between a plurality of batch jobs in the process of executing the plurality of batch jobs, which are jobs that have called the same batch file, is acquired.
In the embodiments of the present disclosure, the actual dependency may refer to a dependency between two batch jobs during execution of the batch job, that is, the two batch jobs have a dependency during execution of the batch job, which may be referred to as an actual dependency. Since the dependency relationship may be referred to as a context relationship, the actual dependency relationship may be referred to as an actual context relationship.
The actual dependency relationship between the plurality of batch jobs during execution of the plurality of batch jobs may be obtained from the job library. Wherein the plurality of batch jobs are jobs that invoke the same batch file. The batch jobs corresponding to each batch file and the access mode of each batch job can be obtained from the job library, wherein the access mode is a mode that the batch job accesses the batch file. The actual dependency relationship between the individual batch jobs may be determined according to the access manner of the individual batch jobs corresponding to each batch file.
Illustratively, there are batch job F, batch job G, batch job H, and batch job I. The job base includes batch file 1 and batch file 2. Batch job F, batch job G, and batch job H are jobs that have called batch file 1. Batch job H and batch job I are jobs that have called batch file 2.
The batch job F and the batch job G have an actual dependency relationship, namely the batch job F and the batch job G are two batch jobs with the actual dependency relationship. The batch job H and the batch job I have an actual dependency relationship, namely the batch job H and the batch job I are two batch jobs with the actual dependency relationship.
In operation S220, a preset dependency relationship between a plurality of batch jobs predefined in the job control system is acquired.
In the embodiment of the present disclosure, a dependency relationship between two batch jobs is predefined in the job control system, and the dependency relationship between two batch jobs set by the job control system may be referred to as a preset dependency relationship, that is, two batch jobs have a dependency relationship in the job control system, and this dependency relationship may be referred to as a preset dependency relationship. Since the dependency relationship may be referred to as a context relationship, the preset dependency relationship may be referred to as a preset context relationship.
In an embodiment of the present disclosure, a direct dependency relationship between two batch jobs set by a job control system may be determined, an indirect dependency relationship between two batch jobs having the direct dependency relationship may be determined, and a preset dependency relationship between two batch jobs may be obtained from having the direct dependency relationship and having the indirect dependency relationship.
For example, a preset dependency relationship between the batch job F and the batch job G is set in the job control system, that is, the batch job F and the batch job G are two batch jobs having the preset dependency relationship.
In operation S230, a result for characterizing a possibility that a vulnerability exists in a preset dependency in the job control system is determined according to the actual dependency and the preset dependency among the plurality of batch jobs.
In an embodiment of the present disclosure, the possibility that the preset dependency relationship has a vulnerability includes that the preset dependency relationship has a vulnerability or that the preset dependency relationship does not have a vulnerability, that is, the preset dependency relationship is normal.
For each actual dependency, determining whether a preset dependency consistent with the actual dependency exists. Based on the above, the determination results of the actual dependency relationships can be obtained, and the result of the possibility of the loopholes of the preset dependency relationships in the operation control system is determined according to the determination results.
Exemplary, e.g., obtain an actual dependency relationship between a plurality of batch jobs of a plurality of batch job execution processes, where batch job F and batch job G have an actual dependency relationship therebetween. There is an actual dependency relationship between batch job H and batch job I. The job control system sets a preset dependency relationship between the batch job F and the batch job G, namely the batch job F and the batch job G have the preset dependency relationship.
In the embodiment of the present disclosure, the actual dependency relationship between the batch job F and the batch job G is referred to as a first actual dependency relationship, and the actual dependency relationship between the batch job H and the batch job I is referred to as a second actual dependency relationship.
For the first actual dependency, a preset dependency consistent with the first actual dependency exists. For the second actual dependency, there is no preset dependency consistent with the second actual dependency. Since the preset dependency relationship consistent with the second actual dependency relationship does not exist, it is determined that a vulnerability with the preset dependency relationship exists in the operation control system, and the vulnerability is lack of the preset dependency relationship consistent with the second actual dependency relationship.
The batch job may include a stock batch job or an incremental batch job.
According to the technical scheme of the embodiment of the disclosure, by acquiring the actual dependency relationship among the plurality of batch jobs in the process of executing the plurality of batch jobs, the plurality of batch jobs are jobs which call the same batch file, and acquiring the preset dependency relationship among the plurality of batch jobs which are predefined in the job control system, on the basis, the result for representing the possibility of loopholes of the preset dependency relationship in the job control system is determined according to the actual dependency relationship and the preset dependency relationship among the plurality of batch jobs. Because the preset dependency relationship among the plurality of batch jobs is verified according to the actual dependency relationship among the plurality of batch jobs, the method and the device realize more accurate determination of whether the set dependency relationship in the job control system has the loopholes, thereby at least partially overcoming the technical problem that the determination of whether the set dependency relationship in the job control system has the loopholes is difficult to realize in the related technology. In addition, since the preset dependency relationship among the plurality of batch jobs is verified according to the actual dependency relationship among the plurality of batch jobs, the problem that the correctness of the preset dependency relationship set by the job control system is difficult to verify in a test mode and the problem that the dependency relationship set in the job control system is difficult to adjust in a manual mode are also solved.
Optionally, on the basis of the above technical solution, determining, according to an actual dependency relationship and a preset dependency relationship between a plurality of batch jobs, a result for characterizing a possibility that a vulnerability exists in the preset dependency relationship in the job control system may include: under the condition that the actual dependency relationship and the preset dependency relationship among a plurality of batch jobs are inconsistent, the preset dependency relationship with loopholes in the job control system is determined. And under the condition that the actual dependency relationship and the preset dependency relationship among the plurality of batch jobs are consistent, determining that the preset dependency relationship in the job control system is normal.
In an embodiment of the present disclosure, for each actual dependency, it is determined whether there is a preset dependency consistent with the actual dependency. If the preset dependency relationship consistent with the actual dependency relationship does not exist, the vulnerability with the preset dependency relationship in the operation control system can be determined. If each actual dependency relationship is determined to have a preset dependency relationship consistent with the actual dependency relationship, the preset dependency relationship of the job control system can be determined to be normal.
Optionally, on the basis of the above technical solution, in the case that an actual dependency relationship and a preset dependency relationship between a plurality of batch jobs are inconsistent, the method may further include: and storing the target batch operation corresponding to the preset dependency relationship with the loophole into the in-doubt data table. In the embodiment of the disclosure, when it is determined that the preset dependency relationship with the vulnerability exists in the job control system, the batch job corresponding to the preset dependency relationship with the vulnerability may be stored as the target batch job in the in-doubt data table, so as to facilitate a subsequent determination of whether the target batch job does not have the preset dependency relationship.
The target batch operation refers to two batch operations corresponding to preset dependency relationships with loopholes, wherein the preset dependency relationships with loopholes refer to preset dependency relationships which are consistent with actual dependency relationships. The number of target batch jobs may be multiple.
Illustratively, there is an actual dependency relationship between, for example, batch job F and batch job G. There is an actual dependency relationship between batch job G and batch job H. There is an actual dependency relationship between batch job H and batch job I. The job control system sets a preset dependency relationship between the batch job F and the batch job G, namely the batch job F and the batch job G have the preset dependency relationship.
The actual dependency relationship between the batch job F and the batch job G is referred to as a first actual dependency relationship, the actual dependency relationship between the batch job H and the batch job I is referred to as a second actual dependency relationship, and the actual dependency relationship between the batch job G and the batch job H is referred to as a third actual dependency relationship.
For the first actual dependency, a preset dependency consistent with the first actual dependency exists. For the second actual dependency, there is no preset dependency consistent with the second actual dependency. For the third actual dependency, there is no preset dependency consistent with the third actual dependency. Since the preset dependency relationship consistent with the second actual dependency relationship does not exist and the preset dependency relationship consistent with the third actual dependency relationship does not exist, a vulnerability with the preset dependency relationship is determined to exist in the operation control system, and the vulnerability is lack of the preset dependency relationship consistent with the second actual dependency relationship and lack of the preset dependency relationship consistent with the third actual dependency relationship.
And taking the two batch jobs which do not have the preset dependency relationship consistent with the second actual dependency relationship as target batch jobs, namely the target batch jobs are batch job H and batch job I, and taking the two batch jobs which do not have the preset dependency relationship consistent with the third actual dependency relationship as target batch jobs, namely the target batch jobs are batch job G and batch job H.
The batch job H and the batch job I are stored to the in-doubt data table, and the batch job G and the batch job H are stored to the in-doubt data table.
Optionally, on the basis of the above technical solution, after storing the target batch job corresponding to the preset dependency relationship with the vulnerability in the in-doubt data table, the method may further include: an access time set in the job control system for each of the target batch jobs is obtained. And under the condition that the set access time of each batch job in the target batch job is different, determining that the preset dependency relationship corresponding to the target batch job in the job control system is normal.
In embodiments of the present disclosure, in the development of a host batch application system, batch jobs of different access times are allowed to use the same batch file.
Under the above condition, if there is no preset dependency relationship consistent with the actual dependency relationship, and the access time of two batch jobs in the actual dependency relationship is different, it may be determined that the preset dependency relationship with the vulnerability meeting the above condition in the job control system is a normal preset dependency relationship.
For a target batch job, an access time set in the job control system for each batch job in the target batch job may be obtained. If the access time of the two batch jobs in the target batch job is different, the preset dependency relationship corresponding to the target batch job in the job control system can be determined to be normal.
Illustratively, batch job H and batch job I are stored to the in-doubt data table, and batch job G and batch job H are stored to the in-doubt data table. The access time of the batch job G is the daytime time, the access time of the batch job H is the daytime time, and the access time of the batch job I is the end-of-day time.
Since the access time of the batch job G and the batch job H in the target batch job is the same, a preset dependency relationship needs to be set between the batch job G and the batch job H. Since the preset dependency relationship needs to be set between the batch job G and the batch job H, the preset dependency relationship corresponding to the batch job G and the batch job H is a preset dependency relationship with a vulnerability.
Because the access time of the batch job H and the batch job I in the target batch job are different, the preset dependency relationship between the batch job H and the batch job I is normal.
Optionally, on the basis of the above technical solution, after storing the target batch job corresponding to the preset dependency relationship with the vulnerability in the in-doubt data table, the method may further include: and under the condition that the target batch job is an invalid batch job, determining that the preset dependency corresponding to the target batch job in the job control system is normal.
In the embodiment of the present disclosure, for a certain actual dependency, if the actual dependency is an invalid dependency, that is, if two batch jobs with actual dependencies are invalid jobs, if there is no preset dependency consistent with the actual dependency, it may be indicated that the preset dependency is not a preset dependency with a vulnerability in an operating system, and it is normal that the preset dependency is not present in the operating system.
Illustratively, batch job H and batch job I are stored to the in-doubt data table, and batch job G and batch job H are stored to the in-doubt data table. Wherein, batch job G, batch job H, and batch job I are invalid batch jobs.
Since the batch job G and the batch job H in the target batch job are invalid batch jobs, the preset dependency relationship between the batch job G and the batch job H is normal. Likewise, the preset dependency relationship between batch job H and batch job I is normal.
Optionally, on the basis of the above technical solution, after storing the target batch job corresponding to the preset dependency relationship with the vulnerability in the in-doubt data table, the method may further include: and determining a batch file corresponding to the target batch job. And under the condition that the batch file corresponding to the target batch job is an invalid batch file, determining that the preset dependency relationship corresponding to the target batch job in the job control system is normal.
In the embodiment of the present disclosure, for a certain actual dependency, if a batch file accessed by two batch jobs corresponding to the actual dependency is an invalid batch file, it may be indicated that the preset dependency is not a preset dependency in which a vulnerability exists in the job control system, and it is normal that the preset dependency does not exist in the job system. I.e., a batch file corresponding to the target batch job is determined. And under the condition that the batch file corresponding to the target batch job is an invalid batch file, determining that the preset dependency relationship corresponding to the target batch job in the job control system is normal.
Illustratively, batch job H and batch job I are stored to the in-doubt data table, and batch job G and batch job H are stored to the in-doubt data table. The batch files corresponding to the batch job H and the batch job I are batch file 2, and the batch files corresponding to the batch job G and the batch job H are batch file 1. Batch file 1 is an invalid batch file and batch file 2 is a valid batch file.
Since the batch file 1 corresponding to the batch job G and the batch job H is an invalid batch file, the preset dependency relationship between the batch job G and the batch job H is normal.
Since the batch file 2 corresponding to the batch job H and the batch job I is an effective batch file, a preset dependency relationship needs to be set between the batch job H and the batch job I. Since the preset dependency relationship needs to be set between the batch job H and the batch job I, the preset dependency relationship corresponding to the batch job H and the batch job I is a preset dependency relationship with a vulnerability.
Optionally, on the basis of the above technical solution, acquiring an actual dependency relationship between a plurality of batch jobs in a process of executing the plurality of batch jobs may include: and obtaining an access mode corresponding to each batch job. And determining the actual dependency relationship among a plurality of batch jobs according to the access mode corresponding to each batch job.
In embodiments of the present disclosure, to obtain the actual dependencies between batch jobs, a batch file-based approach may be employed.
The batch jobs corresponding to each batch file and the access mode of each batch job can be obtained, wherein the access mode is a mode that the batch job accesses the batch file. The access means may include a read means, a write means, or a modified means.
And determining the actual dependency relationship among the plurality of batch jobs according to the access mode of each batch job corresponding to each batch file, namely determining the actual dependency relationship among the plurality of batch jobs according to the access mode of each batch job corresponding to each batch file.
Optionally, on the basis of the above technical solution, determining the actual dependency relationship between the plurality of batch jobs according to the access manner corresponding to each batch job may include: in the case that at least one of the access modes of the two batch jobs is a write mode or a modification mode, the two batch jobs are determined to have an actual dependency relationship.
In the embodiment of the present disclosure, if at least one of the access manners of two batch jobs corresponding to the same batch file is a write manner or a modification manner, the two batch jobs should have an actual dependency relationship therebetween, because the batch file will be changed due to the write manner or the modification manner, and therefore, if at least one of the access manners of two batch jobs corresponding to the same batch file is the write manner or the modification manner, an error will occur in the batch file. In the above case, there should be a real dependency between the two batch jobs.
Whether the two batch jobs have an actual dependency relationship can be determined according to whether at least one of the access modes of the two batch jobs corresponding to the same batch file is a write mode or a modification mode, that is, if at least one of the access modes of the two batch jobs corresponding to the same batch file is a write mode or a modification mode, the two batch jobs can be determined to have an actual dependency relationship. If the access modes of the two batch jobs corresponding to the same batch file are both read modes, it can be determined that the two batch jobs have no actual dependency relationship. At least one of the access modes for two batch jobs corresponding to the same batch file is a writing mode or a modifying mode, and may include: the access modes of the two batch operations are writing modes; or the access modes of the two batch jobs are modification modes; or, the mode of one batch operation is a writing mode, and the access mode of the other batch operation is a modification mode; or the access mode of one batch job is a read mode, and the access mode of the other batch job is a write mode; or, the access mode of one batch job is a read mode, and the access mode of the other batch job is a modification mode.
Illustratively, there are batch job F, batch job G, batch job H, and batch job I. The access mode of the batch job F is a writing mode, the access mode of the batch job G is a reading mode, the access mode of the batch job H is a reading mode, and the access mode of the batch job I is a modification mode. The batch job library includes a batch file 1 and a batch file 2. Batch job F, batch job G, and batch job H are jobs that have called batch file 1. Batch job H and batch job I are jobs that have called batch file 2.
For the batch file 1, since the access method of the batch job F is the write method and the access method of the batch job G is the read method, the batch job F and the batch job G have an actual dependency relationship. Since the access method of the batch job F is the write method and the access method of the batch job H is the read method, the batch job F and the batch job H have an actual dependency relationship. Since the access method of the batch job G is the read method and the access method of the batch job H is the read method, the batch job G and the batch job H do not have an actual dependency relationship.
For the batch file 2, since the access mode of the batch job H is the read mode and the access mode of the batch job I is the modify mode, the batch job H and the batch job I have an actual dependency relationship.
Optionally, on the basis of the above technical solution, acquiring a preset dependency relationship between a plurality of batch jobs predefined in the job control system may include: a direct dependency relationship between two batch jobs set in the job control system is determined. An indirect dependency relationship between two batch jobs set in the job control system is determined, wherein the indirect dependency relationship characterizes the inclusion of other batch jobs between the two batch jobs. And obtaining a preset dependency relationship between the two batch jobs according to the direct dependency relationship and the indirect dependency relationship.
In the embodiment of the present disclosure, in order to acquire a preset dependency relationship between a plurality of batch jobs preset in the job control system, a direct dependency relationship between two batch jobs set by the job control system may be determined, and an indirect dependency relationship between two batch jobs set by the job control system may be determined. On the basis, the preset dependency relationship between two batch jobs can be obtained according to the direct dependency relationship and the indirect dependency relationship.
It should be noted that the preset dependency relationship between two batch jobs is a recursive relationship. Accordingly, determining a preset dependency problem between two batch jobs is a recursive problem. When acquiring preset dependency relationships among a plurality of batch jobs preset in the job control system, it is also necessary to consider the problems of large system overhead and low efficiency caused by solving the recursion problem.
In view of this problem, embodiments of the present disclosure propose a solution to the recursive problem using a linear algorithm. Namely, a two-dimensional array JOBPRE (serial number, batch job name) is defined, a jobprost 1 is sequentially read, the front item of the batch job is assigned to the two-dimensional array JOBPRE, the serial number of the batch job in the two-dimensional array JOBPRE is assigned to an array TMPPRE1 (batch job name), the two-dimensional array JOBPRE is sequentially read, and a preset dependency relationship among a plurality of batch jobs set by a job control system is acquired, wherein the preset dependency relationship comprises a direct dependency relationship and an indirect dependency relationship.
It should be noted that, the embodiments of the present disclosure further provide a query function for querying whether a preset dependency exists in the job control system between two batch jobs. The regression test is performed by using the query function in the test, so that the operation of query and manual search by the operation control system is simplified. In addition, the query result can be displayed and stored in the corresponding file.
It should also be noted that the technical solution provided by the embodiments of the present disclosure is applicable to all host systems, and the host systems may include public systems, personal systems, overseas systems, and the like.
FIG. 3 schematically illustrates a flow diagram of another method of determining dependency vulnerabilities in batch jobs, in accordance with an embodiment of the present disclosure.
As shown in fig. 3, the method includes operations S301 to S315.
In operation S301, an access manner corresponding to each batch job is acquired.
In operation S302, whether at least one of the access modes of the two batch jobs is a write mode or a modification mode; if yes, executing operation S303; if not, operation S304 is performed.
In operation S303, two batch jobs are to have an actual dependency relationship.
In operation S304, two batch jobs are not having an actual dependency relationship.
In operation S305, a direct dependency relationship between two batch jobs set in the job control system is determined.
In operation S306, an indirect dependency relationship between two batch jobs set in the job control system is determined, wherein the indirect dependency relationship characterizes the inclusion of other batch jobs between the two batch jobs.
In operation S307, a preset dependency relationship between two batch jobs is obtained from the direct dependency relationship and the indirect dependency relationship.
In operation S308, whether the actual dependency relationship between the plurality of batch jobs is consistent with the preset dependency relationship; if yes, executing operation S309; if not, operation S310 is performed.
In operation S309, a preset dependency relationship with a vulnerability exists in the job control system, and operation S311 is performed.
In operation S310, a preset dependency relationship in the job control system is normal.
In operation S311, the target batch job corresponding to the preset dependency relationship with the vulnerability is stored in the in-doubt data table.
In operation S312, an access time set in the job control system for each of the target batch jobs is acquired.
In operation S313, whether the access time set for each of the target batch jobs is different; if yes, executing operation S314; if not, operation S315 is performed.
In operation S314, the preset dependency relationship corresponding to the target batch job in the job control system is normal.
In operation S315, the job control system has a preset dependency relationship of the vulnerability.
In the embodiment of the disclosure, by adopting the technical scheme provided by the embodiment of the disclosure, for the batch operation of the first version, the loopholes of 35 preset dependency relationships in the operation control system are found. Aiming at batch operation of the second version, discovering that 46 loopholes with preset dependency relationships exist in an operation control system, wherein the hit rate of the loopholes exceeds 70%;
According to the technical scheme of the embodiment of the disclosure, by acquiring the actual dependency relationship among the plurality of batch jobs in the process of executing the plurality of batch jobs, the plurality of batch jobs are jobs which call the same batch file, and acquiring the preset dependency relationship among the plurality of batch jobs which are predefined in the job control system, on the basis, the result for representing the possibility of loopholes of the preset dependency relationship in the job control system is determined according to the actual dependency relationship and the preset dependency relationship among the plurality of batch jobs. Because the preset dependency relationship among the plurality of batch jobs is verified according to the actual dependency relationship among the plurality of batch jobs, the method and the device realize more accurate determination of whether the set dependency relationship in the job control system has the loopholes, thereby at least partially overcoming the technical problem that the determination of whether the set dependency relationship in the job control system has the loopholes is difficult to realize in the related technology. In addition, since the preset dependency relationship among the plurality of batch jobs is verified according to the actual dependency relationship among the plurality of batch jobs, the problem that the correctness of the preset dependency relationship set by the job control system is difficult to verify in a test mode and the problem that the dependency relationship set in the job control system is difficult to adjust in a manual mode are also solved.
FIG. 4 schematically illustrates a block diagram of an apparatus for determining dependency vulnerabilities in a batch job, in accordance with an embodiment of the present disclosure.
As shown in fig. 4, the determining apparatus 400 may include a first acquisition module 410, a second acquisition module 420, and a first determining module 430.
The first acquisition module 410, the second acquisition module 420, and the first determination module 430 are communicatively coupled.
The first obtaining module 410 is configured to obtain an actual dependency relationship between a plurality of batch jobs in a process of executing the plurality of batch jobs, where the plurality of batch jobs are jobs that call the same batch file.
The second obtaining module 420 is configured to obtain a preset dependency relationship between a plurality of batch jobs predefined in the job control system.
The first determining module 430 is configured to determine, according to the actual dependency relationships and the preset dependency relationships among the plurality of batch jobs, a result for characterizing a possibility that the preset dependency relationships in the job control system have a vulnerability.
According to the technical scheme of the embodiment of the disclosure, by acquiring the actual dependency relationship among the plurality of batch jobs in the process of executing the plurality of batch jobs, the plurality of batch jobs are jobs which call the same batch file, and acquiring the preset dependency relationship among the plurality of batch jobs which are predefined in the job control system, on the basis, the result for representing the possibility of loopholes of the preset dependency relationship in the job control system is determined according to the actual dependency relationship and the preset dependency relationship among the plurality of batch jobs. Because the preset dependency relationship among the plurality of batch jobs is verified according to the actual dependency relationship among the plurality of batch jobs, the method and the device realize more accurate determination of whether the set dependency relationship in the job control system has the loopholes, thereby at least partially overcoming the technical problem that the determination of whether the set dependency relationship in the job control system has the loopholes is difficult to realize in the related technology. In addition, since the preset dependency relationship among the plurality of batch jobs is verified according to the actual dependency relationship among the plurality of batch jobs, the problem that the correctness of the preset dependency relationship set by the job control system is difficult to verify in a test mode and the problem that the dependency relationship set in the job control system is difficult to adjust in a manual mode are also solved.
Alternatively, on the basis of the above technical solution, the first determining module 430 may include a first determining sub-module and a second determining sub-module.
The first determining submodule is used for determining that the preset dependency relationship with the loopholes exists in the operation control system under the condition that the actual dependency relationship among a plurality of batch operations is inconsistent with the preset dependency relationship.
And the second determination submodule is used for determining that the preset dependency relationship in the job control system is normal under the condition that the actual dependency relationship and the preset dependency relationship among a plurality of batch jobs are consistent.
Optionally, on the basis of the above technical solution, in a case that an actual dependency relationship and a preset dependency relationship between a plurality of batch jobs are inconsistent, the method may further include:
and storing the target batch operation corresponding to the preset dependency relationship with the loophole into the in-doubt data table.
Optionally, on the basis of the above technical solution, the determining apparatus 400 may further include a third obtaining module and a second determining module.
And the third acquisition module is used for acquiring the access time set for each batch job in the target batch job in the job control system.
The second determining module is used for determining that the preset dependency relationship corresponding to the target batch job in the job control system is normal under the condition that the access time set by each batch job in the target batch job is different.
Optionally, on the basis of the above technical solution, the determining apparatus 400 may further include a third determining module.
And the third determining module is used for determining that the preset dependency relationship corresponding to the target batch job in the job control system is normal under the condition that the target batch job is an invalid batch job.
Optionally, on the basis of the above technical solution, the determining apparatus 400 may further include a fourth determining module and a fifth determining module.
And the fourth determining module is used for determining the batch file corresponding to the target batch job.
And the fifth determining module is used for determining that the preset dependency relationship corresponding to the target batch job in the job control system is normal when the batch file corresponding to the target batch job is an invalid batch file.
Alternatively, on the basis of the above technical solution, the first obtaining module 410 may include an obtaining sub-module and a third determining sub-module.
And the acquisition sub-module is used for acquiring the access mode corresponding to each batch job.
And the third determination submodule is used for determining the actual dependency relationship among a plurality of batch jobs according to the access mode corresponding to each batch job.
Alternatively, on the basis of the above technical solution, the third determining submodule may include a determining unit.
And the determining unit is used for determining that the two batch jobs have actual dependency relationship when at least one of the access modes of the two batch jobs is a writing mode or a modification mode.
Alternatively, on the basis of the above technical solution, the second obtaining module 420 may include a fourth determining sub-module, a fifth determining sub-module, and a generating sub-module.
And a fourth determination sub-module for determining a direct dependency relationship between two batch jobs set in the job control system.
And a fifth determination submodule, configured to determine an indirect dependency relationship between two batch jobs set in the job control system, where the indirect dependency relationship characterizes that other batch jobs are included between the two batch jobs.
And the generation sub-module is used for obtaining a preset dependency relationship between the two batch jobs according to the direct dependency relationship and the indirect dependency relationship.
Any number of the modules, sub-modules, units, or at least some of the functionality of any number of the modules, sub-modules, units, may be implemented in one module in accordance with embodiments of the present disclosure. Any one or more of the modules, sub-modules, units according to embodiments of the present disclosure may be implemented as a split into multiple modules. Any one or more of the modules, sub-modules, units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a field programmable gate array (Field Programmable Gate Array, FPGA), a programmable logic array (Programmable Logic Arrays, PLA), a system on a chip, a system on a substrate, a system on a package, an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or in hardware or firmware in any other reasonable manner of integrating or packaging the circuits, or in any one of or a suitable combination of any of the three. Alternatively, one or more of the modules, sub-modules, units according to embodiments of the present disclosure may be at least partially implemented as computer program modules, which when executed, may perform the corresponding functions.
For example, any of the first acquisition module 410, the second acquisition module 420, and the first determination module 430 may be combined in one module/unit to be implemented, or any of the modules/units may be split into a plurality of modules/units/sub-units. Alternatively, at least some of the functionality of one or more of the modules/units may be combined with at least some of the functionality of other modules/units and implemented in one module/unit. According to embodiments of the present disclosure, at least one of the first acquisition module 410, the second acquisition module 420, and the first determination module 430 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable way of integrating or packaging circuitry, or in any one of or a suitable combination of three of software, hardware, and firmware. Alternatively, at least one of the first acquisition module 410, the second acquisition module 420, and the first determination module 430 may be at least partially implemented as a computer program module, which when executed, may perform the corresponding functions.
It should be noted that, in the embodiment of the present disclosure, the device portion for determining a dependency vulnerability in a batch operation corresponds to the method portion for determining a dependency vulnerability in a batch operation, and description of the device portion for determining a dependency vulnerability in a batch operation specifically refers to the method portion for determining a dependency vulnerability in a batch operation, which is not described herein.
Fig. 5 schematically shows a block diagram of an electronic device adapted to implement the method described above, according to an embodiment of the disclosure. The electronic device shown in fig. 5 is merely an example and should not be construed to limit the functionality and scope of use of the disclosed embodiments.
As shown in fig. 5, an electronic device 500 according to an embodiment of the present disclosure includes a processor 501 that can perform various appropriate actions and processes according to a program stored in a Read-Only Memory (ROM) 502 or a program loaded from a storage section 508 into a random access Memory (Random Access Memory, RAM) 503. The processor 501 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 501 may also include on-board memory for caching purposes. The processor 501 may comprise a single processing unit or a plurality of processing units for performing different actions of the method flows according to embodiments of the disclosure.
In the RAM 503, various programs and data required for the operation of the electronic apparatus 500 are stored. The processor 501, ROM502, and RAM 503 are connected to each other by a bus 504. The processor 501 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM502 and/or the RAM 503. Note that the program may be stored in one or more memories other than the ROM502 and the RAM 503. The processor 501 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, the system 500 may further include an input/output (I/O) interface 505, the input/output (I/O) interface 505 also being connected to the bus 504. The system 500 may also include one or more of the following components connected to the I/O interface 505: an input section 506 including a keyboard, a mouse, and the like; an output portion 507 including a Cathode Ray Tube (CRT), a liquid crystal display (Liquid Crystal Display, LCD), and the like, and a speaker, and the like; a storage portion 508 including a hard disk and the like; and a communication section 509 including a network interface card such as a LAN card, a modem, or the like. The communication section 509 performs communication processing via a network such as the internet. The drive 510 is also connected to the I/O interface 505 as needed. A removable medium 511 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 510 as needed so that a computer program read therefrom is mounted into the storage section 508 as needed.
According to embodiments of the present disclosure, the method flow according to embodiments of the present disclosure may be implemented as a computer software program. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 509, and/or installed from the removable media 511. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 501. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: portable computer diskette, hard disk, random Access Memory (RAM), read-Only Memory (ROM), erasable programmable read-Only Memory (EPROM (Erasable Programmable Read Only Memory) or flash Memory), portable compact disc read-Only Memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 502 and/or RAM 503 and/or one or more memories other than ROM 502 and RAM 503 described above.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be combined in various combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.
Claims (11)
1. A method for determining dependency loopholes in batch operation comprises the following steps:
acquiring actual dependency relationships among a plurality of batch jobs in the process of executing the batch jobs, wherein the batch jobs are jobs which call the same batch file;
acquiring a preset dependency relationship among the plurality of batch jobs predefined in the job control system; and
determining a result for representing the possibility of vulnerability of the preset dependency relationship in the job control system according to the actual dependency relationship and the preset dependency relationship among the plurality of batch jobs;
the determining, according to the actual dependency relationships among the plurality of batch jobs and the preset dependency relationships, a result for representing a possibility that a bug exists in the preset dependency relationships in the job control system includes:
Under the condition that the actual dependency relationship among the plurality of batch jobs is inconsistent with the preset dependency relationship, determining that the preset dependency relationship with loopholes exists in the job control system;
wherein, in case of inconsistency between the actual dependency relationship and the preset dependency relationship among the plurality of batch jobs, the method further comprises:
and storing the target batch operation corresponding to the preset dependency relationship with the loophole into an in-doubt data table.
2. The method of claim 1, wherein the determining a result for characterizing a likelihood of a vulnerability of a preset dependency in the job control system from the actual dependency and the preset dependency among the plurality of batch jobs further comprises:
and under the condition that the actual dependency relationship among the plurality of batch jobs is consistent with the preset dependency relationship, determining that the preset dependency relationship in the job control system is normal.
3. The method of claim 1, wherein after storing the target batch job corresponding to the preset dependency with vulnerability to an in-doubt data table, further comprising:
Acquiring access time set for each batch job in the target batch job in the job control system; and
and under the condition that the access time set by each batch job in the target batch job is different, determining that the preset dependency relationship corresponding to the target batch job in the job control system is normal.
4. The method of claim 1, wherein after storing the target batch job corresponding to the preset dependency with vulnerability to an in-doubt data table, further comprising:
and under the condition that the target batch job is an invalid batch job, determining that a preset dependency relationship corresponding to the target batch job in the job control system is normal.
5. The method of claim 1, wherein after storing the target batch job corresponding to the preset dependency with vulnerability to an in-doubt data table, further comprising:
determining a batch file corresponding to the target batch job; and
and determining that a preset dependency relationship corresponding to the target batch job in the job control system is normal under the condition that the batch file corresponding to the target batch job is an invalid batch file.
6. The method according to any one of claims 1-5, wherein the obtaining an actual dependency relationship between a plurality of batch jobs in executing the plurality of batch jobs comprises:
acquiring an access mode corresponding to each batch operation; and
and determining the actual dependency relationship among the plurality of batch jobs according to the access mode corresponding to each batch job.
7. The method according to any one of claims 1-5, wherein the determining the actual dependency relationship between the plurality of batch jobs according to the access manner corresponding to each batch job includes:
and determining that the two batch jobs have actual dependency relationships under the condition that at least one of the access modes of the two batch jobs is a writing mode or a modification mode.
8. The method according to any one of claims 1-5, wherein the obtaining a preset dependency relationship between the plurality of batch jobs predefined in the job control system includes:
determining a direct dependency relationship between two batch jobs set in the job control system;
determining an indirect dependency relationship between the two batch jobs set in the job control system, wherein the indirect dependency relationship characterizes that other batch jobs are included between the two batch jobs; and
And obtaining a preset dependency relationship between the two batch jobs according to the direct dependency relationship and the indirect dependency relationship.
9. A device for determining dependency loopholes in batch operation comprises:
the first acquisition module is used for acquiring actual dependency relationships among a plurality of batch jobs in the process of executing the batch jobs, wherein the batch jobs are jobs which call the same batch file;
the second acquisition module is used for acquiring a preset dependency relationship among the plurality of batch jobs predefined in the job control system; and
the first determining module is used for determining a result for representing the possibility of vulnerability of the preset dependency relationship in the job control system according to the actual dependency relationship and the preset dependency relationship among the plurality of batch jobs;
wherein the first determining module includes:
the first determining submodule is used for determining that a preset dependency relationship with loopholes exists in the job control system under the condition that the actual dependency relationship among the plurality of batch jobs is inconsistent with the preset dependency relationship;
wherein, under the condition that the actual dependency relationship among the plurality of batch jobs is inconsistent with the preset dependency relationship, the method further comprises:
And storing the target batch operation corresponding to the preset dependency relationship with the loophole into an in-doubt data table.
10. An electronic device, comprising:
one or more processors;
a memory for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-8.
11. A computer readable storage medium having stored thereon executable instructions which when executed by a processor cause the processor to implement the method of any of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010754824.3A CN111859403B (en) | 2020-07-30 | 2020-07-30 | Dependency vulnerability determination method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010754824.3A CN111859403B (en) | 2020-07-30 | 2020-07-30 | Dependency vulnerability determination method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111859403A CN111859403A (en) | 2020-10-30 |
| CN111859403B true CN111859403B (en) | 2023-09-05 |
Family
ID=72946528
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010754824.3A Active CN111859403B (en) | 2020-07-30 | 2020-07-30 | Dependency vulnerability determination method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111859403B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112596878A (en) * | 2020-12-24 | 2021-04-02 | 上海艾融软件股份有限公司 | Batch processing method and device and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109359949A (en) * | 2018-10-30 | 2019-02-19 | 中国建设银行股份有限公司 | Process methods of exhibiting and device |
| CN110287052A (en) * | 2019-06-25 | 2019-09-27 | 深圳前海微众银行股份有限公司 | A kind of root of abnormal task determines method and device because of task |
| CN110333932A (en) * | 2019-06-13 | 2019-10-15 | 上海金融期货信息技术有限公司 | Service orchestration and relationship managing method and system based on container cloud |
| CN110543356A (en) * | 2019-09-11 | 2019-12-06 | 深圳前海微众银行股份有限公司 | abnormal task detection method, device and equipment and computer storage medium |
| CN111310998A (en) * | 2020-02-13 | 2020-06-19 | 中国工商银行股份有限公司 | Method and device for generating critical path, electronic equipment and medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10810046B2 (en) * | 2017-08-14 | 2020-10-20 | Tata Consultancy Services Limited | Automated system for optimizing batch processing time |
-
2020
- 2020-07-30 CN CN202010754824.3A patent/CN111859403B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109359949A (en) * | 2018-10-30 | 2019-02-19 | 中国建设银行股份有限公司 | Process methods of exhibiting and device |
| CN110333932A (en) * | 2019-06-13 | 2019-10-15 | 上海金融期货信息技术有限公司 | Service orchestration and relationship managing method and system based on container cloud |
| CN110287052A (en) * | 2019-06-25 | 2019-09-27 | 深圳前海微众银行股份有限公司 | A kind of root of abnormal task determines method and device because of task |
| CN110543356A (en) * | 2019-09-11 | 2019-12-06 | 深圳前海微众银行股份有限公司 | abnormal task detection method, device and equipment and computer storage medium |
| CN111310998A (en) * | 2020-02-13 | 2020-06-19 | 中国工商银行股份有限公司 | Method and device for generating critical path, electronic equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111859403A (en) | 2020-10-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5985631B2 (en) | Activate trust level | |
| US9325717B1 (en) | Web-store restriction of external libraries | |
| WO2017034789A1 (en) | Application service architecture | |
| US11561889B2 (en) | Orchestration for automated performance testing | |
| US9218177B2 (en) | Techniques to optimize upgrade tasks | |
| US10120665B1 (en) | Latency-aware host-agnostic runtime | |
| US11526431B2 (en) | Systems and methods for automated provisioning of a virtual mainframe test environment | |
| US10656939B2 (en) | Modeling lifetime of hybrid software application using application manifest | |
| CN110244963B (en) | Data updating method and device and terminal equipment | |
| CN111782988B (en) | Method, apparatus, computer system and storage medium for determining source of application program | |
| CN111859403B (en) | Dependency vulnerability determination method and device, electronic equipment and storage medium | |
| CN111859077A (en) | Data processing method, device, system and computer readable storage medium | |
| CN113362173A (en) | Anti-duplication mechanism verification method, anti-duplication mechanism verification system, electronic equipment and storage medium | |
| CN111930629A (en) | Page testing method and device, electronic equipment and storage medium | |
| CN112506781B (en) | Test monitoring method, device, electronic equipment, storage medium and program product | |
| CN114253599A (en) | Version deployment method, version deployment device, electronic device and storage medium | |
| CN113535590A (en) | Program testing method and device | |
| CN114035864A (en) | Interface processing method, interface processing device, electronic device, and storage medium | |
| CN113132400A (en) | Business processing method, device, computer system and storage medium | |
| CN112988604A (en) | Object testing method, testing system, electronic device and readable storage medium | |
| CN113176907A (en) | Interface data calling method and device, computer system and readable storage medium | |
| CN112579282A (en) | Data processing method, device, system and computer readable storage medium | |
| US20140282401A1 (en) | Composite program history | |
| CN110704320A (en) | Control operation method and device | |
| EP4231140A1 (en) | Collective application portfolio migration control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |