CN112149128A - Vulnerability processing method and device of user-defined flow, electronic device and medium - Google Patents
Vulnerability processing method and device of user-defined flow, electronic device and medium Download PDFInfo
- Publication number
- CN112149128A CN112149128A CN202010848139.7A CN202010848139A CN112149128A CN 112149128 A CN112149128 A CN 112149128A CN 202010848139 A CN202010848139 A CN 202010848139A CN 112149128 A CN112149128 A CN 112149128A
- Authority
- CN
- China
- Prior art keywords
- flow
- vulnerability
- node
- user
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 20
- 238000012545 processing Methods 0.000 claims abstract description 91
- 238000000034 method Methods 0.000 claims description 155
- 230000008569 process Effects 0.000 claims description 132
- 238000004590 computer program Methods 0.000 claims description 16
- 230000008859 change Effects 0.000 claims description 15
- 238000001514 detection method Methods 0.000 claims description 7
- 238000011156 evaluation Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 7
- 230000009286 beneficial effect Effects 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 6
- 230000009969 flowable effect Effects 0.000 description 6
- 238000013102 re-test Methods 0.000 description 6
- 230000007547 defect Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000012937 correction Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000008439 repair process Effects 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The application relates to a custom flow vulnerability processing method and device, an electronic device and a storage medium. The vulnerability processing method of the user-defined flow comprises the following steps: acquiring vulnerability data to be processed; determining security association parameters of the vulnerability data; selecting a self-defined flow example according to the security association parameters; extracting flow structure information of the user-defined flow example, and judging whether the flow structure information is matched with preset flow structure information or not; under the condition that the flow structure information is judged to be matched with the preset flow structure information, the vulnerability data is input into the user-defined flow example, the vulnerability data is processed according to the user-defined flow example until task handlers corresponding to all flow nodes of the user-defined flow example finish processing the vulnerability data, the problems that vulnerability management and processing cannot be achieved in the related technology, timeliness is poor, and vulnerability processing delay rate is high are solved, and the beneficial effects that the vulnerability management flow is customized, and vulnerability rectification efficiency is improved are achieved.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for bug processing in a custom flow, an electronic apparatus, and a storage medium.
Background
A security hole is a defect in the hardware, software, specific implementation of a protocol, or system security policy, which may enable an attacker to access or destroy the system without authorization.
In the internet field, information security companies need to modify massive vulnerability data generated in the process of developing systems and software to repair vulnerabilities and maintain the security of hardware, software and systems.
The existing method for modifying and managing the vulnerability is realized based on flow management, namely, a plurality of flows of flow nodes are created, and the flows are processed one by one according to the flow nodes corresponding to the flows until the modification and the repair of the vulnerability are completed.
However, the existing vulnerability management is executed according to a fixed flow, and when a task handler corresponding to a certain flow node does not process the processing operation corresponding to the current flow node in time, the whole processing process of the vulnerability management cannot be completed in time, so that the potential safety hazard problem of corresponding hardware, software and systems occurs. Meanwhile, the existing vulnerability management cannot flexibly configure the vulnerability processing flow according to rules, so that the vulnerability management and processing timeliness is poor, and the vulnerability processing delay rate is high.
At present, no effective solution is provided for the problems of poor timeliness and high vulnerability processing delay rate of vulnerability management and processing in the related technology.
Disclosure of Invention
The embodiment of the application provides a vulnerability processing method, a vulnerability processing device, an electronic device and a storage medium for a user-defined flow, and aims to at least solve the problems that vulnerability management and processing in the related technology are poor in timeliness and high in vulnerability processing delay rate.
In a first aspect, an embodiment of the present application provides a vulnerability handling method for a user-defined flow, including: acquiring vulnerability data to be processed; determining security association parameters of the vulnerability data; selecting a self-defined process instance according to the security association parameters, wherein the self-defined process instance is generated in a preset process engine according to preset security association parameters; extracting the flow structure information of the user-defined flow example, and judging whether the flow structure information is matched with preset flow structure information or not; under the condition that the flow structure information is matched with preset flow structure information, the vulnerability data is input into the user-defined flow example and is processed according to the user-defined flow example until task handlers corresponding to all flow nodes of the user-defined flow example finish processing the vulnerability data, wherein the processing of the vulnerability data by the task handlers comprises one of the following steps: circulation, rectification and auditing.
In some embodiments, determining the security association parameters of the vulnerability data comprises: and evaluating the vulnerability data by adopting a general vulnerability evaluation method to obtain the security association parameters, wherein the security association parameters at least comprise one of the following parameters: the vulnerability classification, the vulnerability name, the vulnerability type and the vulnerability service are arranged from high to low according to the vulnerability severity.
In some embodiments, extracting the flow structure information of the custom flow instance, and determining whether the flow structure information matches with preset flow structure information includes: extracting all process nodes of the user-defined process example; detecting a target process node in all process nodes of the custom process instance, wherein the target process node comprises one or more of the following: a start node, a change node and an end node; and under the condition that the target process node is detected to comprise the starting node, at least one change node and the ending node, determining that the process structure information is matched with preset process structure information.
In some embodiments, the process node includes target information and node-pointing information, and detecting a target process node among all process nodes of the custom process instance includes: extracting node information of the process nodes, and detecting node pointing information and task target information in the node information, wherein the node pointing information comprises node information of a next process node corresponding to the process nodes, and the task target information comprises the task handler corresponding to the process nodes; and under the condition that the node information is detected to comprise the node pointing information and a plurality of task target information, determining the flow node as the change node.
In some embodiments, in a case that it is detected that the node information includes the node pointing information and the single task target information, determining that the flow node is the start node; and under the condition that the node information is detected to comprise single task target information, determining the flow node as the end node.
In some of these embodiments, the method further comprises: detecting the processing state of the vulnerability data corresponding to the process node in a preset processing time limit; and in a time limit corresponding to the exceeding of the preset processing time limit, detecting that the vulnerability data is not processed, stopping processing the vulnerability data according to the user-defined flow example, re-executing the steps of selecting the user-defined flow example according to the safety association parameters, extracting the flow structure information of the user-defined flow example, judging whether the flow structure information is matched with the preset flow structure information, and processing the vulnerability data according to the user-defined flow example.
In some of these embodiments, the method further comprises: and under the condition that the vulnerability data is not processed in the preset processing time, informing the task processor corresponding to the flow node to process the vulnerability data in a preset informing mode.
In a second aspect, an embodiment of the present application provides a vulnerability processing apparatus for a custom flow, including:
the acquisition module is used for acquiring vulnerability data to be processed;
the determining module is used for determining the security association parameters of the vulnerability data;
the selecting module is used for selecting a self-defined process example according to the security association parameters, wherein the self-defined process example is generated in a preset process engine according to preset security association parameters;
the detection module is used for extracting the flow structure information of the user-defined flow example and judging whether the flow structure information is matched with preset flow structure information or not;
the processing module is used for inputting the vulnerability data into the user-defined flow example and processing the vulnerability data according to the user-defined flow example under the condition that the flow structure information is matched with the preset flow structure information, until task handlers corresponding to all the flow nodes of the user-defined flow example complete processing of the vulnerability data, wherein the processing of the vulnerability data by the task handlers comprises one of the following steps: circulation, rectification and auditing.
In a third aspect, an embodiment of the present application provides an electronic device, including a memory and a processor, where the memory stores a computer program, and the processor is configured to run the computer program to execute the vulnerability processing method of the first aspect.
In a fourth aspect, an embodiment of the present application provides a storage medium, where a computer program is stored in the storage medium, where the computer program is configured to execute the vulnerability handling method of the custom flow in the first aspect when running.
Compared with the related art, the vulnerability processing method, the vulnerability processing device, the electronic device and the storage medium of the user-defined flow provided by the embodiment of the application acquire vulnerability data to be processed; determining security association parameters of the vulnerability data; selecting a self-defined flow example according to the security association parameters; extracting flow structure information of the user-defined flow example, and judging whether the flow structure information is matched with preset flow structure information or not; under the condition that the flow structure information is judged to be matched with the preset flow structure information, the vulnerability data is input into the user-defined flow example, the vulnerability data is processed according to the user-defined flow example until task handlers corresponding to all flow nodes of the user-defined flow example finish processing the vulnerability data, the problems that vulnerability management and processing cannot be achieved in the related technology, timeliness is poor, and vulnerability processing delay rate is high are solved, and the beneficial effects that the vulnerability management flow is customized, and vulnerability rectification efficiency is improved are achieved.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a block diagram of a hardware structure of a terminal of a vulnerability processing method of a custom flow according to an embodiment of the present invention;
FIG. 2 is a flowchart of a vulnerability handling method of a custom flow according to an embodiment of the present application;
fig. 3 is a block diagram illustrating a structure of a vulnerability handling apparatus according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application.
It is obvious that the drawings in the following description are only examples or embodiments of the present application, and that it is also possible for a person skilled in the art to apply the present application to other similar contexts on the basis of these drawings without inventive effort. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of ordinary skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The present application is directed to the use of the terms "including," "comprising," "having," and any variations thereof, which are intended to cover non-exclusive inclusions; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as referred to herein means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
The various techniques described in this application may be used for task processing for different scenarios in the field of computer technology, including but not limited to vulnerability correction processing in this embodiment.
The method provided by the embodiment can be executed in a terminal, a computer or a similar operation device. Taking the operation on the terminal as an example, fig. 1 is a block diagram of a hardware structure of the terminal of the vulnerability processing method of the user-defined flow in the embodiment of the present invention. As shown in fig. 1, the terminal may include one or more (only one shown in fig. 1) processors 102 (the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA) and a memory 104 for storing data, and optionally, a transmission device 106 for communication functions and an input-output device 108. It will be understood by those skilled in the art that the structure shown in fig. 1 is only an illustration and is not intended to limit the structure of the terminal. For example, the terminal may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 may be used to store a computer program, for example, a software program and a module of an application software, such as a computer program corresponding to the vulnerability processing method of the customized flow in the embodiment of the present invention, and the processor 102 executes various functional applications and data processing by running the computer program stored in the memory 104, so as to implement the method described above. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the terminal. In one example, the transmission device 106 includes a Network adapter (NIC) that can be connected to other Network devices through a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is used to communicate with the internet in a wireless manner.
The present embodiment provides a customized flow vulnerability processing method, and fig. 2 is a flowchart of a customized flow vulnerability processing method according to an embodiment of the present application, and as shown in fig. 2, the flow includes the following steps:
step S201, obtain vulnerability data to be processed.
In this embodiment, the vulnerability data to be processed is a defect generated in the process of developing hardware, software, protocol, and system, and the defect is repaired by modifying the vulnerability data.
Step S202, determining security association parameters of the vulnerability data.
In this embodiment, the security association parameters of the vulnerability data include the following parameters: vulnerability hazard level, for example: low-risk, medium-risk, high-risk and urgent; vulnerability names, for example: SSH security protocol; vulnerability types, for example: host vulnerabilities, SQL injection vulnerabilities, cross site scripting vulnerabilities, XSS type vulnerabilities; services that the vulnerability contains, such as: TCP.
In this embodiment, a suitable custom flow is further matched by obtaining security association parameters of the vulnerability data.
Step S203, selecting a self-defined process instance according to the security association parameters, wherein the self-defined process instance is generated in a preset process engine according to the preset security association parameters.
In this embodiment, the corresponding matching rule is determined according to the security association parameter, so as to determine the self-defined process instance. For example: and when the vulnerability name of the security association parameter contains a preset keyword, the corresponding vulnerability processing flow example needs the flow node with the task processing person A, and when the vulnerability level of the security association parameter is higher than the high risk, the corresponding vulnerability processing flow example needs the flow node with the task processing person B.
In this embodiment, before vulnerability processing, a user-defined flow needs to be deployed, and the deployment of the vulnerability management flow is completed in a preset flow engine, which is a flowable flow engine in this embodiment, and of course, one of the workflow engines may be selected.
The process in this embodiment is completed by the administrator operating the orchestration on the process engine. Meanwhile, the process nodes of the process example in this embodiment at least include a start node, an end node, and a change node, where the start node may not be an approval node (a node for checking a processed vulnerability, a task handler corresponding to the start node checks and approves an operation process of a task handler at a previous stage for processing the vulnerability), and the end node may not be a dispatch node (no next node), and the change node is a process node for modifying the vulnerability.
Step S204, extracting the flow structure information of the user-defined flow example, and judging whether the flow structure information is matched with the preset flow structure information.
In this embodiment, by verifying whether the pre-deployed user-defined process instance is reasonably deployed, the vulnerability is input into the process instance for loop traversal under the condition that the user-defined process instance is verified to be reasonable, so as to complete the vulnerability processing.
Step S205, inputting the vulnerability data into a user-defined flow example under the condition that the flow structure information is judged to be matched with the preset flow structure information, and processing the vulnerability data according to the user-defined flow example until task handlers corresponding to all the flow nodes of the user-defined flow example finish processing the vulnerability data, wherein the processing of the vulnerability data by the task handlers comprises one of the following steps: circulation, rectification and auditing.
In this embodiment, when the selected custom flow instance is a flow instance meeting requirements, that is, a flow node meeting the requirements is deployed in the flow, and after the vulnerability data to be modified is input into the flow instance, the vulnerability data is circularly traversed, so that the modification of the vulnerability data can be completed.
It should be noted that the flow nodes of the custom flow example in this embodiment include an modifying node, a distributing node, and an approving node. In the specific vulnerability processing process, if the process nodes are the rectification nodes, the task handlers of the corresponding rectification nodes only have rectification authority, the task handlers only can select to place the vulnerabilities and rectify the vulnerabilities, after the task handlers complete selection, if the selected rectification nodes are the vulnerability data, after the vulnerability data is rectified, the vulnerability data is automatically transmitted to the next process node, and if the chosen rectification nodes are placed the vulnerabilities, the vulnerability data enters a placement list. And the next node corresponding to the current flow node is a distribution node, and the vulnerability data can enter a distribution flow.
If the process node is a distribution node, the distribution node can distribute the vulnerability data to the task handlers in batches according to the process rule, and then match the corresponding task handlers according to the vulnerability data security association parameters, for example: and when the vulnerability name of the vulnerability data comprises preset keywords, assigning the vulnerability data to a task processor A for processing, and when the vulnerability level of the vulnerability data is higher than the high risk, assigning the vulnerability data to a task processor B for processing.
And if the process node is an approval node, the approval node approves the processed vulnerability data, if the approval is not passed, the vulnerability data can be returned to the previous node, and if the approval is passed, the vulnerability data enters the next node.
In the specific vulnerability processing, vulnerability data passes through the three types of process nodes, and is repeatedly examined and approved and repeatedly modified until the process is finished.
Through the steps S201 to S205, acquiring vulnerability data to be processed; determining security association parameters of the vulnerability data; selecting a self-defined flow example according to the security association parameters; extracting flow structure information of the user-defined flow example, and judging whether the flow structure information is matched with preset flow structure information or not; under the condition that the flow structure information is judged to be matched with the preset flow structure information, the vulnerability data is input into the user-defined flow example, the vulnerability data is processed according to the user-defined flow example until task handlers corresponding to all flow nodes of the user-defined flow example finish processing the vulnerability data, the problems that vulnerability management and processing cannot be achieved in the related technology, timeliness is poor, and vulnerability processing delay rate is high are solved, and the beneficial effects that the vulnerability management flow is customized, and vulnerability rectification efficiency is improved are achieved.
It should be further noted that, in the vulnerability processing process, the vulnerability data is walked through all the process nodes of the self-defined process according to the self-defined process example, that is, after task handlers corresponding to all the process nodes complete processing of the vulnerability data, the vulnerability re-testing process will enter the vulnerability re-testing process, the vulnerability re-testing process includes scanning re-testing by using a scanner and manual re-testing, when unrepaired vulnerability data is re-tested in the re-testing process, the re-tested unrepaired vulnerability data is input into the distribution process, and the process example is re-selected to perform processing operation on the vulnerability data.
In some embodiments, determining the security association parameters of the vulnerability data includes the following steps: adopting a general vulnerability assessment method (CVSS assessment method) to assess vulnerability data to obtain security association parameters, wherein the security association parameters at least comprise one of the following parameters: the vulnerability grade, the vulnerability name, the vulnerability type and the vulnerability service are arranged according to the vulnerability severity degree from high to low.
In this embodiment, the vulnerability grade, the vulnerability name, the vulnerability type and the vulnerability severity of the vulnerability data corresponding to the vulnerability service are from high to low.
In some embodiments, extracting the flow structure information of the custom flow instance, and determining whether the flow structure information matches with the preset flow structure information includes the following steps:
and extracting all the flow nodes of the custom flow instance.
In this embodiment, the connection relationships corresponding to all the process nodes correspond to the structure information of the user-defined process.
Detecting a target process node in all process nodes of the custom process instance, wherein the target process node comprises one or more of the following: a start node, a change node, and an end node.
And under the condition that the target process node is detected to comprise a starting node, at least one change node and an end node, determining that the process structure information is matched with the preset process structure information.
It should be noted that when there is no change node in a process instance, the process instance is not properly deployed.
In some embodiments, the process node includes target information and node pointing information, and detecting the target process node among all process nodes of the custom process instance includes the following steps:
and extracting node information of the process nodes, and detecting node pointing information and task target information in the node information, wherein the node pointing information comprises node information of a next process node corresponding to the process nodes, and the task target information comprises task handlers corresponding to the process nodes.
And under the condition that the node information is detected to comprise node pointing information and a plurality of task target information, determining the flow node as a change node.
In this embodiment, when it is detected that the node information includes node direction information and single task target information, the flow node is determined to be a start node.
In this embodiment, in the case that it is detected that the node information includes the single task target information, it is determined that the flow node is an end node.
In some embodiments, the vulnerability processing method of the custom flow further includes the following steps:
and detecting the processing state of the vulnerability data corresponding to the process node in the preset processing time limit.
And in the time limit corresponding to the exceeding of the preset processing time limit, detecting that the vulnerability data is not processed, stopping processing the vulnerability data according to the user-defined flow example, re-executing the steps of selecting the user-defined flow example according to the security association parameters, extracting the flow structure information of the user-defined flow example, judging whether the flow structure information is matched with the preset flow structure information, and processing the vulnerability data according to the user-defined flow example.
In some embodiments, the vulnerability processing method of the custom flow further includes the following steps: and under the condition that the vulnerability data is not processed in the preset processing time, informing a task processor corresponding to the process node to process the vulnerability data in a preset informing mode.
In some specific embodiments, the vulnerability processing method of the user-defined flow includes the following steps:
step 1, receiving the user-defined process parameters and acquiring json data of the user-defined process.
And 2, verifying the self-defined flow example, verifying the starting node, the ending node and the completion condition of each branch flow of the self-defined flow example, checking whether an unfinished node exists in a branch flow, whether the flow nodes are not connected in front and back, and whether a modified node does not exist in the flow, and converting json data of the self-defined flow into an xml string in a corresponding xml format according to parameter analysis after the verification is passed.
And 3, reading the xml string through the flow engine flowable, converting the xml string into the bpmnModel corresponding to the flow engine flowable, and deploying the current flow after the flow engine flowable obtains the bpmnModel to further form the user-defined flow example.
And 4, after the deployment of the user-defined flow instances is completed, transmitting the vulnerability data into the user-defined flow instances inquired from the flowable, and circularly traversing the vulnerability data.
In this embodiment, all the custom instances are managed through a flow engine flowable; when the vulnerability data reaches the corresponding process node, the task handler corresponding to the process node acquires all tasks (distribution, correction and approval) belonging to the task handler according to the corresponding account, then the task handler performs corresponding operation processing on the vulnerability data, and the operation processing of the vulnerability data by the task handler comprises the following steps: submitting, auditing, rejecting and circulating.
It should be noted that the steps illustrated in the above-described flow diagrams or in the flow diagrams of the figures may be performed in a computer system, such as a set of computer-executable instructions, and that, although a logical order is illustrated in the flow diagrams, in some cases, the steps illustrated or described may be performed in an order different than here.
The present embodiment further provides a bug processing apparatus for a user-defined flow, where the apparatus is used to implement the foregoing embodiments and preferred embodiments, and the details of which have been already described are not repeated. As used hereinafter, the terms "module," "unit," "subunit," and the like may implement a combination of software and/or hardware for a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 3 is a block diagram illustrating a structure of a vulnerability processing apparatus according to an embodiment of the present application, where as shown in fig. 3, the apparatus includes:
the obtaining module 31 is configured to obtain vulnerability data to be processed.
And the determining module 32 is coupled to the obtaining module 31 and configured to determine a security association parameter of the vulnerability data.
And a selecting module 33, coupled to the determining module 32, configured to select a custom process instance according to the security association parameter, where the custom process instance is generated in the preset process engine according to the preset security association parameter.
And the detection module 34 is coupled to the selection module 33 and configured to extract the flow structure information of the custom flow instance and determine whether the flow structure information matches with the preset flow structure information.
The processing module 35 is coupled to the detection module 34, and configured to input the vulnerability data into the custom flow instance and process the vulnerability data according to the custom flow instance when it is determined that the flow structure information matches the preset flow structure information, until the task handlers corresponding to all the flow nodes of the custom flow instance complete processing of the vulnerability data, where the processing of the vulnerability data by the task handlers includes one of: circulation, rectification and auditing.
In some embodiments, the determining module 32 evaluates the vulnerability data by using a general vulnerability evaluation method to obtain security association parameters, where the security association parameters at least include one of the following: the vulnerability grade, the vulnerability name, the vulnerability type and the vulnerability service are arranged according to the vulnerability severity degree from high to low.
In some embodiments, detection module 34 is configured to extract all process nodes of the custom process instance; detecting a target process node in all process nodes of the custom process instance, wherein the target process node comprises one or more of the following: a start node, a change node and an end node; and under the condition that the target process node is detected to comprise a starting node, at least one change node and an end node, determining that the process structure information is matched with the preset process structure information.
In some embodiments, the process node includes target information and node pointing information, and the detection module 34 is configured to extract node information of the process node, and detect node pointing information and task target information in the node information, where the node pointing information includes node information of a next process node corresponding to the process node, and the task target information includes a task handler corresponding to the process node; and under the condition that the node information is detected to comprise node pointing information and a plurality of task target information, determining the flow node as a change node.
In some embodiments, the detection module 34 is further configured to determine the flow node as a start node in the case that it is detected that the node information includes node pointing information and single task target information; and under the condition that the node information is detected to comprise single task target information, determining the flow node as an end node.
In some embodiments, the vulnerability processing device of the user-defined flow is further configured to detect a processing state of vulnerability data corresponding to the flow node within a preset processing time limit; and in the time limit corresponding to the exceeding of the preset processing time limit, detecting that the vulnerability data is not processed, stopping processing the vulnerability data according to the user-defined flow example, re-executing the steps of selecting the user-defined flow example according to the security association parameters, extracting the flow structure information of the user-defined flow example, judging whether the flow structure information is matched with the preset flow structure information, and processing the vulnerability data according to the user-defined flow example.
In some embodiments, the vulnerability processing apparatus of the user-defined flow is further configured to notify a task handler corresponding to the flow node to process the vulnerability data in a preset notification manner when it is detected that the vulnerability data is not processed within a preset processing time limit.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
The present embodiment also provides an electronic device comprising a memory having a computer program stored therein and a processor configured to execute the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
and S1, acquiring the vulnerability data to be processed.
And S2, determining security association parameters of the vulnerability data.
S3, selecting a self-defined process instance according to the security association parameters, wherein the self-defined process instance is generated in a preset process engine according to the preset security association parameters.
And S4, extracting the flow structure information of the user-defined flow example, and judging whether the flow structure information is matched with the preset flow structure information.
S5, inputting the vulnerability data into a user-defined flow example under the condition that the flow structure information is matched with the preset flow structure information, and processing the vulnerability data according to the user-defined flow example until task handlers corresponding to all the flow nodes of the user-defined flow example finish processing the vulnerability data, wherein the processing of the vulnerability data by the task handlers comprises one of the following steps: circulation, rectification and auditing.
It should be noted that, for specific examples in this embodiment, reference may be made to examples described in the foregoing embodiments and optional implementations, and details of this embodiment are not described herein again.
In addition, in combination with the vulnerability handling method of the custom flow in the foregoing embodiment, the embodiment of the present application may provide a storage medium to implement. The storage medium having stored thereon a computer program; when executed by a processor, the computer program implements the vulnerability handling method of any one of the user-defined flows in the above embodiments.
It should be understood by those skilled in the art that various features of the above-described embodiments can be combined in any combination, and for the sake of brevity, all possible combinations of features in the above-described embodiments are not described in detail, but rather, all combinations of features which are not inconsistent with each other should be construed as being within the scope of the present disclosure.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A vulnerability processing method of a user-defined flow is characterized by comprising the following steps:
acquiring vulnerability data to be processed;
determining security association parameters of the vulnerability data;
selecting a self-defined process instance according to the security association parameters, wherein the self-defined process instance is generated in a preset process engine according to preset security association parameters;
extracting the flow structure information of the user-defined flow example, and judging whether the flow structure information is matched with preset flow structure information or not;
under the condition that the flow structure information is matched with preset flow structure information, the vulnerability data is input into the user-defined flow example and is processed according to the user-defined flow example until task handlers corresponding to all flow nodes of the user-defined flow example finish processing the vulnerability data, wherein the processing of the vulnerability data by the task handlers comprises one of the following steps: circulation, rectification and auditing.
2. The custom flow vulnerability processing method of claim 1, wherein determining security association parameters of the vulnerability data comprises: and evaluating the vulnerability data by adopting a general vulnerability evaluation method to obtain the security association parameters, wherein the security association parameters at least comprise one of the following parameters: the vulnerability classification, the vulnerability name, the vulnerability type and the vulnerability service are arranged from high to low according to the vulnerability severity.
3. The custom flow vulnerability processing method according to claim 1, wherein extracting flow structure information of the custom flow instance, and judging whether the flow structure information matches with preset flow structure information comprises:
extracting all process nodes of the user-defined process example;
detecting a target process node in all process nodes of the custom process instance, wherein the target process node comprises one or more of the following: a start node, a change node and an end node;
and under the condition that the target process node is detected to comprise the starting node, at least one change node and the ending node, determining that the process structure information is matched with preset process structure information.
4. The custom flow vulnerability processing method according to claim 3, wherein the flow nodes include target information and node pointing information, and detecting a target flow node among all flow nodes of the custom flow instance comprises:
extracting node information of the process nodes, and detecting node pointing information and task target information in the node information, wherein the node pointing information comprises node information of a next process node corresponding to the process nodes, and the task target information comprises the task handler corresponding to the process nodes;
and under the condition that the node information is detected to comprise the node pointing information and a plurality of task target information, determining the flow node as the change node.
5. The custom flow vulnerability processing method according to claim 4, wherein in case of detecting that the node information includes the node pointing information and the single task target information, determining the flow node as the starting node;
and under the condition that the node information is detected to comprise single task target information, determining the flow node as the end node.
6. The method for vulnerability handling of custom flow according to claim 1, wherein the method further comprises:
detecting the processing state of the vulnerability data corresponding to the process node in a preset processing time limit;
and in a time limit corresponding to the exceeding of the preset processing time limit, detecting that the vulnerability data is not processed, stopping processing the vulnerability data according to the user-defined flow example, re-executing the steps of selecting the user-defined flow example according to the safety association parameters, extracting the flow structure information of the user-defined flow example, judging whether the flow structure information is matched with the preset flow structure information, and processing the vulnerability data according to the user-defined flow example.
7. The method of vulnerability handling of custom flow according to claim 6, wherein the method further comprises: and under the condition that the vulnerability data is not processed in the preset processing time, informing the task processor corresponding to the flow node to process the vulnerability data in a preset informing mode.
8. The utility model provides a vulnerability handling device of custom flow which characterized in that includes:
the acquisition module is used for acquiring vulnerability data to be processed;
the determining module is used for determining the security association parameters of the vulnerability data;
the selecting module is used for selecting a self-defined process example according to the security association parameters, wherein the self-defined process example is generated in a preset process engine according to preset security association parameters;
the detection module is used for extracting the flow structure information of the user-defined flow example and judging whether the flow structure information is matched with preset flow structure information or not;
the processing module is used for inputting the vulnerability data into the user-defined flow example and processing the vulnerability data according to the user-defined flow example under the condition that the flow structure information is matched with the preset flow structure information, until task handlers corresponding to all the flow nodes of the user-defined flow example complete processing of the vulnerability data, wherein the processing of the vulnerability data by the task handlers comprises one of the following steps: circulation, rectification and auditing.
9. An electronic device comprising a memory and a processor, wherein the memory stores a computer program, and the processor is configured to execute the computer program to perform the custom flow vulnerability handling method of any of claims 1 to 7.
10. A storage medium having a computer program stored therein, wherein the computer program is configured to execute the customized flow vulnerability handling method of any of claims 1-7 when running.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010848139.7A CN112149128B (en) | 2020-08-21 | 2020-08-21 | Vulnerability processing method, device, electronic device and medium of custom process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010848139.7A CN112149128B (en) | 2020-08-21 | 2020-08-21 | Vulnerability processing method, device, electronic device and medium of custom process |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112149128A true CN112149128A (en) | 2020-12-29 |
| CN112149128B CN112149128B (en) | 2024-04-09 |
Family
ID=73888018
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010848139.7A Active CN112149128B (en) | 2020-08-21 | 2020-08-21 | Vulnerability processing method, device, electronic device and medium of custom process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112149128B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130227695A1 (en) * | 2012-02-23 | 2013-08-29 | Infosys Limited | Systems and methods for fixing application vulnerabilities through a correlated remediation approach |
| CN110110527A (en) * | 2019-05-10 | 2019-08-09 | 重庆八戒电子商务有限公司 | A kind of discovery method of loophole component, discovery device, computer installation and storage medium |
| CN110460571A (en) * | 2019-07-05 | 2019-11-15 | 深圳壹账通智能科技有限公司 | Operation system loophole processing method, device, computer equipment and storage medium |
| CN111240994A (en) * | 2020-01-20 | 2020-06-05 | 北京国舜科技股份有限公司 | Vulnerability processing method and device, electronic equipment and readable storage medium |
-
2020
- 2020-08-21 CN CN202010848139.7A patent/CN112149128B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130227695A1 (en) * | 2012-02-23 | 2013-08-29 | Infosys Limited | Systems and methods for fixing application vulnerabilities through a correlated remediation approach |
| CN110110527A (en) * | 2019-05-10 | 2019-08-09 | 重庆八戒电子商务有限公司 | A kind of discovery method of loophole component, discovery device, computer installation and storage medium |
| CN110460571A (en) * | 2019-07-05 | 2019-11-15 | 深圳壹账通智能科技有限公司 | Operation system loophole processing method, device, computer equipment and storage medium |
| CN111240994A (en) * | 2020-01-20 | 2020-06-05 | 北京国舜科技股份有限公司 | Vulnerability processing method and device, electronic equipment and readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 腾金辉;光焱;舒辉;张冰;: "基于流量分析的软件升级漏洞自动检测方法", 网络与信息安全学报, no. 01, 15 February 2020 (2020-02-15) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112149128B (en) | 2024-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108762803B (en) | Configuration management method, device, terminal equipment and storage medium | |
| CN112364054B (en) | Wind control decision method, device, electronic device and storage medium | |
| CN106055602A (en) | File verification method and apparatus | |
| CN105302707B (en) | The leak detection method and device of application program | |
| US20160285909A1 (en) | Cloud checking and killing method, device and system for combating anti-antivirus test | |
| CN109272381A (en) | Business recommended method, apparatus, electronic equipment and readable storage medium storing program for executing | |
| CN112818352B (en) | Database detection method and device, storage medium and electronic device | |
| CN113422759A (en) | Vulnerability scanning method, electronic device and storage medium | |
| CN111970236A (en) | Cross-network data transmission method and device | |
| CN111355708A (en) | Equipment password resetting method and device | |
| CN112184166A (en) | Data reporting method, device, equipment and readable storage medium of business system | |
| CN113468276A (en) | Trusted data acquisition method and device of on-chain prediction machine and electronic equipment | |
| CN112149128B (en) | Vulnerability processing method, device, electronic device and medium of custom process | |
| CN107145342A (en) | The treating method and apparatus of the channel information of application | |
| CN116599747A (en) | Network and information security service system | |
| CN111131324A (en) | Login method and device of business system, storage medium and electronic device | |
| CN115525897A (en) | System detection method and device for terminal equipment, electronic device and storage medium | |
| CN114091030A (en) | Method and device for automatically verifying system vulnerability, electronic device and storage medium | |
| CN113642622A (en) | Data model effect evaluation method, system, electronic device and storage medium | |
| CN114567678A (en) | Resource calling method and device of cloud security service and electronic equipment | |
| CN112488532A (en) | Power equipment data monitoring method and device and server | |
| CN110321287A (en) | A kind of detection method of server capability, device and electronic equipment | |
| CN112329021B (en) | Method and device for checking application loopholes, electronic device and storage medium | |
| CN106856473B (en) | Vulnerability detection method and device | |
| CN109933531A (en) | Automatic testing method, device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |