CN111967017B - Method, device, terminal equipment and storage medium for generating dependency relationship - Google Patents
Method, device, terminal equipment and storage medium for generating dependency relationship Download PDFInfo
- Publication number
- CN111967017B CN111967017B CN202010740003.4A CN202010740003A CN111967017B CN 111967017 B CN111967017 B CN 111967017B CN 202010740003 A CN202010740003 A CN 202010740003A CN 111967017 B CN111967017 B CN 111967017B
- Authority
- CN
- China
- Prior art keywords
- component
- components
- dependency
- information
- dependency relationship
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/43—Checking; Contextual analysis
- G06F8/433—Dependency analysis; Data or control flow analysis
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The application provides a method, a device, terminal equipment and a storage medium for generating a dependency relationship, which relate to the technical field of computers and can effectively identify an unknown component so as to generate the dependency relationship. The method comprises the following steps: identifying a plurality of components of the application program according to a preset identification strategy; if the component is identified successfully, acquiring the dependency relationship information of the component; if the component is failed to be identified, analyzing the component by using a preset analysis strategy to acquire dependency relationship information of the component; and generating a component dependency relation library of the application program based on the dependency relation information of the components.
Description
Technical Field
The application belongs to the technical field of computers, and particularly relates to a method, a device, terminal equipment and a storage medium for generating a dependency relationship.
Background
With the development of computer technology, more powerful functions are often provided through various application programs to meet the demands of users. For this reason, there will be an intricate dependency between the various components comprised by the application. In general, to locate dependencies of components that find vulnerabilities, some build tools are typically used to analyze dependencies between multiple components present in an application, such as build tools maven, through which specific commands are executed to generate text files that identify the dependencies between components.
However, the existing construction tool can only identify the components existing in the public component library so as to generate corresponding dependency information, but when unknown components exist in a plurality of components to be identified, the construction tool cannot identify the unknown components, so that the dependency cannot be generated. Therefore, the existing dependency relationship identification method cannot effectively identify unknown components, so that the dependency relationship cannot be generated, and the application range is small.
Disclosure of Invention
The embodiment of the application provides a method, a device, a terminal device and a storage medium for generating a dependency relationship, which are used for solving the problems that the existing dependency relationship identification mode cannot effectively identify an unknown component, so that the dependency relationship cannot be generated and the application range is small.
In a first aspect, an embodiment of the present application provides a method for generating a dependency relationship, including:
identifying a plurality of components of the application program according to a preset identification strategy;
if the component is identified successfully, acquiring the dependency relationship information of the component;
if the component is failed to be identified, analyzing the component by using a preset analysis strategy to acquire dependency relationship information of the component;
and generating a component dependency relation library of the application program based on the dependency relation information of the components.
When the method for generating the dependency relationship is adopted, and a plurality of components of an application program are identified according to a preset identification strategy, if the components are successfully identified, dependency relationship information of the components is obtained; if the identification of the components fails, analyzing the components by using a preset analysis strategy, and effectively identifying the unknown components, so that the dependency relationship information of the unknown components can be obtained, and a component dependency relationship library of the application program is generated based on the dependency relationship information of a plurality of components. Therefore, the unknown components can be effectively identified by the method for generating the dependency relationship, so that a dependency relationship library is finally generated, and the application range is wider.
Optionally, before the identifying the multiple components of the application program according to the preset identification policy, the method further includes:
confirming whether a target file exists in the application program; the object file is used for recording the dependency relationship among a plurality of components in the application program.
Optionally, the identifying the multiple components of the application program according to the preset identification policy includes:
if the target file exists, identifying the dependency relationship among a plurality of components recorded in the target file according to the preset identification strategy;
and if the target file does not exist, traversing a plurality of components in the application program, and identifying the components according to the preset identification strategy.
Optionally, if the identifying the component fails, analyzing the component by using a preset analysis policy, to obtain dependency relationship information of the component, including:
if the components are failed to be identified, analyzing the rest components by using a preset analysis strategy to obtain rest dependency relationship information of the components; the remaining components include the component that failed to be identified and the component to be identified.
Optionally, before analyzing the component by using a preset analysis policy to obtain the dependency relationship information of the component, the method further includes:
if the identification of the component fails, inquiring whether the component exists in a component dependency library or not through the component information of the component;
and if the component exists, acquiring the dependency relationship information of the component.
Optionally, the generating a component dependency library of the application program based on the dependency information of the components includes:
determining dependency relationship information of a plurality of components with component conflict according to the component information of each component;
processing the component conflict by using a preset conflict processing strategy to obtain dependency relationship information of a plurality of components without component conflict;
and generating a component dependency relation library of the application program based on the dependency relation information of the components without component conflict.
Optionally, the processing the component conflict by using a preset conflict processing policy includes:
acquiring the dependency path length of each component in the dependency relationship information of each component with component conflict;
determining the component with the minimum dependent path length in each group of conflict components as a target component;
reconstructing the component dependency relationship with component conflict based on the target component to obtain the dependency relationship information of a plurality of components without component conflict.
In a second aspect, an embodiment of the present application provides an apparatus for generating a dependency relationship, including:
the identification module is used for identifying a plurality of components of the application program according to a preset identification strategy;
the first acquisition module is used for acquiring the dependency relationship information of the component if the component is successfully identified;
the second acquisition module is used for analyzing the component by utilizing a preset analysis strategy if the component is failed to be identified, and acquiring the dependency relationship information of the component;
and the generating module is used for generating a component dependency relation library of the application program based on the dependency relation information of a plurality of components.
In a third aspect, an embodiment of the present application provides a terminal device, including: a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the method of generating a dependency when executing the computer program.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium, comprising: the computer readable storage medium stores a computer program which, when executed by a processor, implements the method of generating a dependency relationship.
In a fifth aspect, embodiments of the present application provide a computer program product, which when run on a terminal device, causes the terminal device to perform the method of generating a dependency relationship according to any one of the first aspects above.
It will be appreciated that the advantages of the second to fifth aspects may be found in the relevant description of the first aspect, and are not described here again.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required for the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a method for generating a dependency relationship according to an embodiment of the present application.
FIG. 2 is a schematic diagram of an example dependency tree provided by an embodiment of the present application.
Fig. 3 is a schematic structural diagram of an apparatus for generating a dependency relationship according to an embodiment of the present application.
Fig. 4 is a schematic structural diagram of a terminal device according to an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system configurations, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
As used in this specification and the appended claims, the term "if" may be interpreted as "when..once" or "in response to a determination" or "in response to detection" depending on the context. Similarly, the phrase "if a determination" or "if a [ described condition or event ] is detected" may be interpreted in the context of meaning "upon determination" or "in response to determination" or "upon detection of a [ described condition or event ]" or "in response to detection of a [ described condition or event ]".
In addition, in the description of the present application and the appended claims, the terms "first," "second," "third," and the like are used merely to distinguish between descriptions and are not to be construed as indicating or implying relative importance.
Reference in the specification to "one embodiment" or "some embodiments" or the like means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," and the like in the specification are not necessarily all referring to the same embodiment, but mean "one or more but not all embodiments" unless expressly specified otherwise. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless expressly specified otherwise.
In order to illustrate the technical solutions described in the present application, the following description is made by specific examples.
Referring to fig. 1, fig. 1 is a flowchart of an implementation of a method for generating a dependency according to an embodiment of the present application. In this embodiment, the execution subject of the method for generating the dependency relationship is a terminal device.
As shown in fig. 1, the method provided in the embodiment of the present application includes the following steps:
s101: the method comprises the steps of identifying a plurality of components of the application program according to a preset identification strategy.
In step S101, a preset recognition policy is used to describe the order or manner in which a plurality of components are recognized. For example, when a build tool is present, the build tool executes build commands, such as the command mvn dependency, in a certain order, identifying multiple components of the application by executing the commands, so as to obtain all of the dependencies of the components. Or, for example, when a build tool is present, traversing multiple components of the application, querying whether each component is present in the component dependency library.
An application is a computer program developed to run in an operating system for the purpose of accomplishing a particular task.
The components are reusable functional modules in the application architecture and may be implemented by files compiled in a computer language. For example, it is realized by JAR files (Archive Java files).
Each component file contains a plurality of byte code files (Class files), each byte code file is stored according to a compiled file name, and each byte code file comprises a corresponding package name and all package names on which the byte code file depends. Therefore, the package name corresponding to each byte code file in the component is the package name corresponding to the component, and all package names depending on the byte code file are package names corresponding to the component depending on the component.
Because the byte code information corresponding to each component includes the packet name corresponding to the component and the packet name corresponding to the dependent component. And obtaining the dependency relationship between the two components according to the byte code information corresponding to the components.
It can be understood that, after receiving an instruction for identifying a plurality of components of the application program, the terminal device identifies the plurality of components of the application program according to a preset identification policy, and identifies the bytecode information in each component.
For example, the terminal device identifies the byte code information corresponding to each of the plurality of components according to a preset identification policy.
It should be noted that, since the plurality of components of the application program are identified according to the preset identification policy, an environment for identifying the components of the application program needs to be configured in advance, for example, a build tool maven is configured on the terminal device, so that the dependency information between the components is obtained by executing a specific command through the maven.
In this embodiment, multiple components of an application program are identified according to a preset identification policy, and because a dependency relationship existing between two components can be obtained according to byte code information corresponding to a component, the byte code information of the identified component can acquire the dependency relationship information of the component, and a constructed dependency relationship basis can be better provided for generating a dependency relationship tree. It should be appreciated that in all embodiments of the present application, the identification of the plurality of components of the application program is actually based on the bytecode information of each component in the disclosed component library.
As to when to identify the plurality of components of the application according to the preset identification policy, the following two scenarios may be included, but are not limited to.
Scene 1: and when receiving an instruction for detecting the loopholes of the application program, identifying a plurality of components of the application program according to a preset identification strategy.
For example, a certain application program which is developed and popularized and applied is attacked by an illegal user by using a specific computer program, so that the application program is in a stop running state, so that in order to avoid the next continuous attacked, the application program is in the stop running state again, the loopholes existing in the application program need to be monitored, the dependency relationship among a plurality of components needs to be analyzed, the terminal equipment identifies the plurality of components of the application program according to a preset identification strategy, and the dependency loopholes among the components are confirmed.
Scene 2: when compiling of the application program is finished, in order to eliminate component conflict among the dependency relationship information of each component, a plurality of components of the application program are identified according to a preset identification strategy.
For example, at the end of compiling an application program, two versions of an a component, such as version 1.0 and version 2.0 of the a component, are included in the application program, and since the same component a is not allowed to appear in one application program, it is necessary to analyze the dependency relationship of multiple components in the application program, that is, identify the multiple components of the application program according to a preset identification policy, so as to obtain the dependency relationship of the components, and analyze the existing component conflict.
It should be appreciated that in actual practice, multiple components would be included in each application, such as multiple known components and multiple unknown components. The known components are open source components which are publicly stored in the Internet and can be freely downloaded by users, such as components recorded on public community websites, and the construction tool usually can successfully identify the partial components when identifying the partial components according to a preset identification strategy; the component is not known, is a component which is self-developed by a user for upgrading the functions of the application program, is not disclosed and stored in the Internet, and is generally failed to be identified when being identified by a construction tool according to a preset identification strategy.
S102: if the identification component is successful, acquiring the dependency information of the component; if the component identification fails, analyzing the component by using a preset analysis strategy to acquire the dependency relationship information of the component.
In step S102, the dependency information is used to describe the dependencies between components. For example, the dependency relationship between the component a and the component B described by the dependency relationship information, for example, the dependency relationship may be in the form of "component a→component B", which is used to represent the dependency relationship between the component a and the component B, where the component a is a relying party and the component B is a relied party.
The preset analysis strategy is used for describing a logic process of analyzing and identifying the failure component to obtain the corresponding dependency information. For example, when the component C is identified as failed, the component C is parsed by using a preset component information program, so as to obtain the relevant dependency information of the component C.
By way of example, an application includes 10 components, 1 of which are unknown components and the remaining 9 of which are public components. If the construction tool executes a specific command to identify the 9 disclosed components according to a preset identification strategy, the 9 disclosed components are identified successfully, so that the dependency relationship information corresponding to each disclosed component is obtained. However, when an unknown component is identified, the component is not disclosed, if not uploaded in the community website of the construction tool, and thus cannot be identified for the construction tool, so that the analysis of the component dependency relationship of the application program can be continued, and the component is analyzed by using a preset analysis strategy.
S103: based on the dependency information of the plurality of components, a component dependency library of the application is generated.
In step S103, the component dependency library is a collection describing dependencies between a plurality of components.
For example, as shown in fig. 2, dependency information of a component a, a component B and a component C is obtained, where the component a is known to depend on the component B based on the dependency information of the component a; knowing based on the dependency information of component C, component C depends on component B; component B is known to be dependent by component a, component C based on the dependency information of component B. Therefore, based on the dependency information of the component a, the component B, and the component C, a dependency tree as shown in fig. 2 is generated.
When the method for generating the dependency relationship is adopted and a plurality of components of the application program are identified according to a preset identification strategy, if the components are successfully identified, dependency relationship information of the components is obtained; if the component identification fails, the component is analyzed by utilizing a preset analysis strategy, and the unknown component is effectively identified, so that the dependency information of the unknown component can be obtained, and further, a component dependency library of the application program is generated based on the dependency information of a plurality of components. Therefore, the unknown components can be effectively identified by the method for generating the dependency relationship, so that a dependency relationship library is finally generated, and the application range is wider.
In an embodiment of the present application, before identifying the plurality of components of the application according to the preset identification policy, the method further includes:
confirming whether a target file exists in the application program; the object file is used to record dependencies between the plurality of components in the application.
In this embodiment, the target file is a configuration file of the application program. The dependency relationship between the plurality of components of the target file record is a direct dependency relationship between components.
It can be understood that the description information of each configuration file of the application program is checked through the terminal device to confirm whether the description information of the target file exists, and if the description information of the target file exists, the existence of the target file in the application program is confirmed. The description information is the significative information of the configuration file, for example, the name of the configuration file, the content summary recorded by the configuration file, and the like.
For example, if the name of the target file is poc.xml, it is confirmed whether the file named poc.xml exists in the application program, and if so, the existence of the target file is indicated.
It should be noted that, if the application program is developed by the building tool, there may be a target file, such as a pon.xml configuration file, which is generated by the building tool, where a dependency relationship between multiple components in the application program is recorded, and then the specific command may be executed by the building tool to identify multiple components in the file, so as to obtain dependency relationship information between multiple components. However, if the application is not developed by the build tool, there is no object file that the build tool generates.
In some embodiments, whether the target file exists in the application program is confirmed according to a preset target file confirmation strategy.
In this embodiment, the preset target file validation policy is a logic process or manner for describing validating a target file. For example, a plurality of configuration files of the application program are traversed, and whether files with the same file name as the target file exist in the plurality of configuration files is confirmed.
In some embodiments, according to the name of the target file, whether the file with the same name exists in the application program is confirmed, and if the file with the same name exists, the target file exists in the application program is confirmed.
In an embodiment of the present application, identifying a plurality of components of an application according to a preset identification policy includes:
if the target file exists, the dependency relationship among the components recorded in the target file is identified according to a preset identification strategy.
If the target file does not exist, traversing a plurality of components in the application program, and identifying the plurality of components according to a preset identification strategy.
In this embodiment, because the dependency relationship between the multiple components in the application program is already recorded in the target file, if the terminal device confirms that the target file exists in the application program, the terminal device may directly identify the dependency relationship between the multiple components recorded in the target file according to a preset identification policy.
Otherwise, if the terminal device confirms that the target file does not exist in the application program, the file indicating that the application program does not explicitly record the files of the plurality of components of the application program, and the plurality of components in the application program need to be traversed, and the plurality of components existing in the application program are confirmed, so that the plurality of components can be identified based on a preset identification policy. For example, if a component in the application program is a compilation package, the component may be directly traversed and found, so that the component may be identified by using a preset identification policy; if the component is in the form of a source code packet, the source code of the source code packet is required to be analyzed to identify the component, so that the component can be identified by utilizing a preset identification strategy.
In an embodiment of the present application, there is a possible scenario that in a process of identifying a plurality of components of an application program according to a preset identification policy, for a component that is successfully identified and a component that is identified, a policy that needs to be frequently switched to obtain dependency information is different, which may reduce overall component identification efficiency.
Therefore, if the component identification fails, the component is analyzed by using a preset analysis strategy to obtain the dependency information of the component, which includes:
if the component identification fails, analyzing the rest components by using a preset analysis strategy to obtain dependency relationship information of the rest components; the remaining components include components that failed to be identified and components to be identified.
In this embodiment, when identifying a component fails, the remaining components are parsed using a preset parsing policy. For example, when identifying the components fails, when identifying each remaining component, inquiring whether the corresponding component exists in the component dependency library one by one, if so, acquiring the dependency information of the component, and if not, calling a preset component information program to analyze the component to obtain the corresponding dependency information.
In some embodiments, if the component identification fails, the remaining components are parsed one by using a preset parsing policy, so as to obtain dependency relationship information of the remaining components.
In an embodiment of the present application, there is a possible scenario that dependency information of a component that fails to be identified when identifying a plurality of components of an application program according to a preset identification policy is already stored in a component dependency library, and if the failed component is analyzed by using a preset analysis policy at this time to obtain the dependency information of the component, overall component identification efficiency is reduced.
Therefore, the method includes analyzing the component by using a preset analysis strategy, and before obtaining the dependency information of the component, further includes:
if the identification of the component fails, inquiring whether the component exists in the component dependency library through the component information of the component;
and if the component exists, acquiring the dependency relationship information of the component.
In the present embodiment, dependency relationship information of a plurality of components is recorded in a component dependency library. The component information is the significative information of the components, and the significative information of each component is different. Such as the name, version of the component.
For example, whether the components with the same name exist in the component dependency library is queried through the names of the components, and if the components exist, the dependency relationship information of the components is acquired.
In some embodiments, if the component is identified to fail, querying whether dependency information of the component exists in the component dependency library, and if the dependency information of the component exists, obtaining the dependency information of the component.
In an embodiment of the present application, there is a possible scenario in which, during the development of an application program, multiple components that are the same, or multiple components of different versions, may be configured in the application program, so that component conflicts exist between dependency information of the multiple components. If the application program including component conflict is allowed to run, the application program is often abnormal to run, and the user experience is poor.
Therefore, the embodiment of the application provides a method for generating a dependency relationship, which mainly relates to a process for solving component conflict. The method comprises the following steps:
generating a component dependency library of the application based on the dependency information of the plurality of components, comprising:
determining dependency relationship information of a plurality of components with component conflicts according to the component information of each component;
processing component conflict by utilizing a preset conflict processing strategy to obtain dependency relationship information of a plurality of components without component conflict;
based on the dependency information of the plurality of components without component conflict, a component dependency library of the application program is generated.
In the present embodiment, the component information is unique flag information of the component, for example, the name, version of the component. The preset conflict processing strategy is used for describing a logic process for processing component conflicts.
For example, there are component A, component B, component C, component D, component E in the application. Based on the dependency information of the component a, the component a depends on the 1.0 version of the component C. Based on the dependency information of component B, component B depends on version 2.0 of component C. Based on the dependency information of component D, component D depends on component E, which depends on version 2.0 of component C. It can be seen that there are 2 components C in the same application program, and the components C are respectively the 1.0 version of component C and the 2.0 version of component C, that is, component conflict exists between the dependency relationship information of the dependency relationship information component B of the component a is determined.
Further, a preset conflict processing strategy is utilized to determine and reserve the component C of the version 2.0, so that new dependency relationships are obtained, wherein the 1 st dependency relationship is the component C of which the component A depends on the version 2.0; the 2 nd dependency relationship is that the component B depends on the component C of the 2.0 version; the 3 rd dependency is component D dependent on component E, which depends on version 2.0 of component C. And generating a component dependency relation library of the application program according to the 3 dependency relations.
In some embodiments, a component dependency tree for an application is generated.
As one possible implementation manner of this embodiment, the processing component conflict with the preset conflict processing policy includes:
acquiring the dependency path length of each component in the dependency relationship information of each component with component conflict;
determining the component with the minimum dependent path length in each group of conflict components as a target component;
reconstructing the component dependency relationship with component conflict based on the target component to obtain the dependency relationship information of a plurality of components without component conflict.
In this embodiment, the dependency path length is used to describe the length between each component and the dependent source component. For example, if the component a depends on the component B and the component B depends on the component C, the dependency path length of the component B is 1 and the dependency path length of the component C is 2.
For example, there are component A, component B, component C, component D, component E in the application. Wherein component a relies on version 2.0 of component C. Component B relies on version 2.0 of component C. Component D relies on component E, which relies on version 1.0 of component C. It can be seen that the dependency path length of the component C of version 2.0 is 1,1.0 and the dependency path length of the component C of version 2.0 is 2, so the component C of version 2.0 is determined as the target component. Reconstructing the component dependency relationship with component conflict based on the component C of the 2.0 version to obtain 3 component dependency relationships without component conflict, wherein the 1 st dependency relationship is the component C of the 2.0 version of the component A dependency; the 2 nd dependency relationship is that the component B depends on the component C of the 2.0 version; the 3 rd dependency is component D dependent on component E, which depends on version 2.0 of component C.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic of each process, and should not limit the implementation process of the embodiment of the present application in any way.
Corresponding to the method for generating a dependency according to the above embodiment, fig. 3 shows a block diagram of a device for generating a dependency according to an embodiment of the present application, and for convenience of explanation, only a portion related to the embodiment of the present application is shown.
Referring to fig. 3, the apparatus includes:
an identifying module 101, configured to identify a plurality of components of an application program according to a preset identifying policy;
the first obtaining module 102 is configured to obtain dependency information of the component if the component is identified successfully;
the second obtaining module 103 is configured to parse the component by using a preset parsing policy if the component is identified to be failed, so as to obtain dependency relationship information of the component;
the generating module 104 is configured to generate a component dependency library of the application program based on the dependency information of the plurality of components.
Optionally, the apparatus further comprises: and a confirmation module.
The confirming module is used for confirming whether the target file exists in the application program or not; the object file is used to record dependencies between the plurality of components in the application.
Optionally, the identification module 101 further includes a first identification unit and a second identification unit.
The first identification unit is further used for identifying the dependency relationship among the plurality of components recorded in the target file according to a preset identification strategy if the target file exists;
the second identifying unit is further used for traversing the plurality of components in the application program if the target file does not exist, and identifying the plurality of components according to a preset identifying strategy.
Optionally, the second obtaining module 103 is further configured to parse the remaining components by using a preset parsing policy if the component identification fails, so as to obtain dependency relationship information of the remaining components; the remaining components include components that failed to be identified and components to be identified.
Optionally, the second obtaining module 103 is further configured to query whether a component exists in the component dependency library through component information of the component if the component is identified to be failed; and if the component exists, acquiring the dependency relationship information of the component.
Optionally, the generating module 104 further includes a conflict determining unit, a conflict processing unit, and a generating unit.
A conflict determination unit configured to determine dependency information of a plurality of components in which component conflicts exist, based on the component information of each component;
the conflict processing unit is used for processing component conflict by utilizing a preset conflict processing strategy to obtain dependency relationship information of a plurality of components without component conflict;
and the generating unit is used for generating a component dependency relation library of the application program based on the dependency relation information of the components without component conflict.
Optionally, the conflict processing unit is further configured to obtain a dependency path length of each component in each component dependency information in which component conflicts exist; determining the component with the minimum dependent path length in each group of conflict components as a target component; reconstructing the component dependency relationship with component conflict based on the target component to obtain the dependency relationship information of a plurality of components without component conflict.
Fig. 4 is a schematic structural diagram of a terminal device according to an embodiment of the present application. As shown in fig. 4, the terminal device 4 of this embodiment includes: at least one processor 40 (only one processor is shown in fig. 4), a memory 41, and a computer program 42 stored in the memory 41 and executable on the at least one processor 40, the processor 40 implementing the steps in any of the various method embodiments described above for generating a dependency tree when executing the computer program 42.
The terminal device 4 may be a computing device such as a desktop computer, a notebook computer, a palm computer, and a cloud server. The terminal device may include, but is not limited to, a processor 40, a memory 41. It will be appreciated by those skilled in the art that fig. 4 is merely an example of the terminal device 4 and is not meant to be limiting as to the terminal device 4, and may include more or fewer components than shown, or may combine certain components, or different components, such as may also include input-output devices, network access devices, etc.
The processor 40 may be a central processing unit (Central Processing Unit, CPU), and the processor 40 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 41 may in some embodiments be an internal storage unit of the terminal device 4, such as a hard disk or a memory of the terminal device 4. The memory 41 may in other embodiments also be an external storage device of the terminal device 4, such as a plug-in hard disk provided on the terminal device 4, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like. Further, the memory 41 may also include both an internal storage unit of the terminal device 4 and an external storage device. The memory 41 is used to store an operating system, application programs, boot loader (BootLoader), data, and other programs and the like, such as program codes of computer programs and the like. The memory 41 may also be used to temporarily store data that has been output or is to be output.
It should be noted that, because the content of information interaction and execution process between the above devices/units is based on the same concept as the method embodiment of the present application, specific functions and technical effects thereof may be referred to in the method embodiment section, and will not be described herein again.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
The embodiment of the application also provides a terminal device, which comprises: at least one processor, a memory, and a computer program stored in the memory and executable on the at least one processor, the processor implementing the steps in any of the various method embodiments described above when the computer program is executed.
The embodiments of the present application also provide a computer readable storage medium storing a computer program, where the computer program when executed by a processor implements steps of the foregoing method embodiments.
The present embodiments provide a computer program product which, when run on a terminal device, causes the terminal device to perform steps that enable the respective method embodiments described above to be implemented.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present application implements all or part of the flow of the method of the above embodiments, and may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, where the computer program, when executed by a processor, may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, executable files or in some intermediate form, etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code to a photographing device/terminal apparatus, recording medium, computer Memory, read-Only Memory (ROM), random access Memory (RAM, random Access Memory), electrical carrier signals, telecommunications signals, and software distribution media. Such as a U-disk, removable hard disk, magnetic or optical disk, etc. In some jurisdictions, computer readable media may not be electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/network device and method may be implemented in other manners. For example, the apparatus/network device embodiments described above are merely illustrative, e.g., the division of modules or elements is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
The above embodiments are only for illustrating the technical solution of the present application, and are not limiting thereof; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.
Claims (8)
1. A method of generating a dependency relationship, the method comprising:
identifying a plurality of components of the application program according to a preset identification strategy;
if the component is identified successfully, acquiring the dependency relationship information of the component;
if the identification of the component fails, inquiring whether the component exists in a component dependency library or not through the component information of the component; if the components exist, acquiring dependency information of the components, and analyzing the rest components by using a preset analysis strategy to obtain the rest dependency information of the components; the remaining components include the component that failed to be identified and the component to be identified;
and generating a component dependency relation library of the application program based on the dependency relation information of the components.
2. The method of claim 1, wherein prior to identifying the plurality of components of the application according to the preset identification policy, further comprising:
confirming whether a target file exists in the application program; the object file is used for recording the dependency relationship among a plurality of components in the application program.
3. The method of claim 2, wherein the identifying the plurality of components of the application according to the preset identification policy comprises:
if the target file exists, identifying the dependency relationship among a plurality of components recorded in the target file according to the preset identification strategy;
and if the target file does not exist, traversing a plurality of components in the application program, and identifying the components according to the preset identification strategy.
4. The method of claim 1, wherein the generating the component dependency library of the application based on the dependency information for the plurality of components comprises:
determining dependency relationship information of a plurality of components with component conflict according to the component information of each component;
processing the component conflict by using a preset conflict processing strategy to obtain dependency relationship information of a plurality of components without component conflict;
and generating a component dependency relation library of the application program based on the dependency relation information of the components without component conflict.
5. The method of claim 4, wherein said processing said component conflict using a preset conflict handling policy comprises:
acquiring the dependency path length of each component in the dependency relationship information of each component with component conflict;
determining the component with the minimum dependent path length in each group of conflict components as a target component;
reconstructing the component dependency relationship with component conflict based on the target component to obtain the dependency relationship information of a plurality of components without component conflict.
6. An apparatus for generating a dependency relationship, comprising:
the identification module is used for identifying a plurality of components of the application program according to a preset identification strategy;
the first acquisition module is used for acquiring the dependency relationship information of the component if the component is successfully identified;
the second acquisition module is used for inquiring whether the component exists in the component dependency library or not through the component information of the component if the component is failed to be identified; if the components exist, acquiring dependency information of the components, and analyzing the rest components by using a preset analysis strategy to obtain the rest dependency information of the components; the remaining components include the component that failed to be identified and the component to be identified;
and the generating module is used for generating a component dependency relation library of the application program based on the acquired dependency relation information of the components.
7. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the method according to any one of claims 1 to 5 when executing the computer program.
8. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010740003.4A CN111967017B (en) | 2020-07-28 | 2020-07-28 | Method, device, terminal equipment and storage medium for generating dependency relationship |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010740003.4A CN111967017B (en) | 2020-07-28 | 2020-07-28 | Method, device, terminal equipment and storage medium for generating dependency relationship |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111967017A CN111967017A (en) | 2020-11-20 |
| CN111967017B true CN111967017B (en) | 2023-06-02 |
Family
ID=73362920
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010740003.4A Active CN111967017B (en) | 2020-07-28 | 2020-07-28 | Method, device, terminal equipment and storage medium for generating dependency relationship |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111967017B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112506129B (en) * | 2020-12-15 | 2022-02-22 | 北京东土科技股份有限公司 | Method, device and equipment for converting ladder diagram and storage medium |
| CN112711438B (en) * | 2021-01-13 | 2024-04-16 | 苏州棱镜七彩信息科技有限公司 | Method, apparatus and computer readable storage medium for extracting dependency component information |
| CN112800430A (en) * | 2021-02-01 | 2021-05-14 | 苏州棱镜七彩信息科技有限公司 | Safety and compliance management method suitable for open source assembly |
| CN115202714A (en) * | 2021-03-25 | 2022-10-18 | 京东科技控股股份有限公司 | Method, device and storage medium for resolving component version conflict |
| CN113536316B (en) * | 2021-06-17 | 2023-08-11 | 深圳开源互联网安全技术有限公司 | Method and device for detecting component dependency information |
| CN114546534B (en) * | 2022-02-28 | 2023-11-24 | 百果园技术(新加坡)有限公司 | Application page starting method, device, equipment and medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103810172A (en) * | 2012-11-06 | 2014-05-21 | 金蝶软件(中国)有限公司 | Method and device for generating module dependence relationship graph |
| CN104077140A (en) * | 2014-07-04 | 2014-10-01 | 用友软件股份有限公司 | Automatic compiling method and compiling device for continuous integration |
| CN105760184A (en) * | 2014-12-18 | 2016-07-13 | 深圳云之家网络有限公司 | Method and device for loading component |
| CN110750245A (en) * | 2019-10-17 | 2020-02-04 | 杭州涂鸦信息技术有限公司 | Application program development method, system and equipment |
| CN110874730A (en) * | 2018-09-04 | 2020-03-10 | Oppo广东移动通信有限公司 | Information processing method, information processing device and mobile terminal |
| CN111162953A (en) * | 2019-12-31 | 2020-05-15 | 四川省公安科研中心 | Data processing method, system upgrading method and server |
| CN111324333A (en) * | 2018-12-17 | 2020-06-23 | 中移(杭州)信息技术有限公司 | Software development method and device based on componentization |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10380214B1 (en) * | 2018-02-07 | 2019-08-13 | Sas Institute Inc. | Identification and visualization of data set relationships in online library systems |
-
2020
- 2020-07-28 CN CN202010740003.4A patent/CN111967017B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103810172A (en) * | 2012-11-06 | 2014-05-21 | 金蝶软件(中国)有限公司 | Method and device for generating module dependence relationship graph |
| CN104077140A (en) * | 2014-07-04 | 2014-10-01 | 用友软件股份有限公司 | Automatic compiling method and compiling device for continuous integration |
| CN105760184A (en) * | 2014-12-18 | 2016-07-13 | 深圳云之家网络有限公司 | Method and device for loading component |
| CN110874730A (en) * | 2018-09-04 | 2020-03-10 | Oppo广东移动通信有限公司 | Information processing method, information processing device and mobile terminal |
| CN111324333A (en) * | 2018-12-17 | 2020-06-23 | 中移(杭州)信息技术有限公司 | Software development method and device based on componentization |
| CN110750245A (en) * | 2019-10-17 | 2020-02-04 | 杭州涂鸦信息技术有限公司 | Application program development method, system and equipment |
| CN111162953A (en) * | 2019-12-31 | 2020-05-15 | 四川省公安科研中心 | Data processing method, system upgrading method and server |
Non-Patent Citations (2)
| Title |
|---|
| 基于组件依赖的测试序列优化模型;王莉等;《北京邮电大学学报》;第30卷(第2期);第38-41页 * |
| 微软企业库组件Unity使用浅析;李凤桐等;《软件研发与应用》(第6期);第13-14页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111967017A (en) | 2020-11-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111967017B (en) | Method, device, terminal equipment and storage medium for generating dependency relationship | |
| KR101921052B1 (en) | Method and apparatus for identifying security vulnerability and cause point thereof of executable binaries | |
| US11507669B1 (en) | Characterizing, detecting and healing vulnerabilities in computer code | |
| CN110941528B (en) | Log buried point setting method, device and system based on fault | |
| CN111143087B (en) | Interface calling method, device, storage medium and server | |
| CN111144839B (en) | Project construction method, continuous integration system and terminal equipment | |
| CN109271789B (en) | Malicious process detection method and device, electronic equipment and storage medium | |
| CN110968437A (en) | Method, device, equipment and medium for parallel execution of single contract based on Java intelligent contract | |
| CN113961919B (en) | Malicious software detection method and device | |
| CN112463303A (en) | JAVA virtual machine class loading method and system | |
| CN111884876A (en) | Method, device, equipment and medium for detecting protocol type of network protocol | |
| CN111338716A (en) | Data processing method and device based on rule engine and terminal equipment | |
| CN113835713B (en) | Source code packet downloading method, device, computer equipment and storage medium | |
| CN116324773A (en) | Method and apparatus for protecting smart contracts from attack | |
| US9064042B2 (en) | Instrumenting computer program code by merging template and target code methods | |
| US9396239B2 (en) | Compiling method, storage medium and compiling apparatus | |
| CN108959915B (en) | Rootkit detection method, rootkit detection device and server | |
| CN111352631A (en) | Interface compatibility detection method and device | |
| CN113821486B (en) | Method and device for determining dependency relationship between pod libraries and electronic equipment | |
| KR20190055776A (en) | Method and apparatus for identifying security vulnerability and cause point thereof of executable binaries | |
| CN110737438A (en) | data processing method and device | |
| CN115310087A (en) | Website backdoor detection method and system based on abstract syntax tree | |
| CN114417347A (en) | Vulnerability detection method, device, equipment, storage medium and program of application program | |
| CN113886812A (en) | Detection protection method, system, computer equipment and readable storage medium | |
| CN110244954B (en) | Compiling method and equipment for application program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |