CN112149128B - Vulnerability processing method, device, electronic device and medium of custom process - Google Patents
Vulnerability processing method, device, electronic device and medium of custom process Download PDFInfo
- Publication number
- CN112149128B CN112149128B CN202010848139.7A CN202010848139A CN112149128B CN 112149128 B CN112149128 B CN 112149128B CN 202010848139 A CN202010848139 A CN 202010848139A CN 112149128 B CN112149128 B CN 112149128B
- Authority
- CN
- China
- Prior art keywords
- flow
- vulnerability
- node
- custom
- processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 139
- 230000008569 process Effects 0.000 title claims abstract description 116
- 238000003672 processing method Methods 0.000 title claims abstract description 22
- 238000012545 processing Methods 0.000 claims abstract description 96
- 238000003860 storage Methods 0.000 claims abstract description 10
- 238000004590 computer program Methods 0.000 claims description 16
- 230000008859 change Effects 0.000 claims description 9
- 238000001514 detection method Methods 0.000 claims description 6
- 238000005516 engineering process Methods 0.000 abstract description 7
- 238000012937 correction Methods 0.000 abstract description 4
- 238000012986 modification Methods 0.000 description 11
- 230000004048 modification Effects 0.000 description 11
- 230000005540 biological transmission Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000009826 distribution Methods 0.000 description 6
- 238000013102 re-test Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000008439 repair process Effects 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 108010001267 Protein Subunits Proteins 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The application relates to a vulnerability processing method, device, electronic device and storage medium of a custom process. The vulnerability processing method of the custom flow comprises the following steps: obtaining vulnerability data to be processed; determining security association parameters of vulnerability data; selecting a custom flow instance according to the security association parameters; extracting flow structure information of a custom flow instance, and judging whether the flow structure information is matched with preset flow structure information or not; under the condition that the flow structure information is judged to be matched with the preset flow structure information, the vulnerability data is input into the custom flow instance, and the vulnerability data is processed according to the custom flow instance until task processors corresponding to all flow nodes of the custom flow instance complete the processing of the vulnerability data, so that the problems of poor timeliness and high vulnerability processing delay rate of vulnerability management and processing in the related technology are solved, the custom vulnerability management flow is realized, and the vulnerability correction efficiency is improved.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for vulnerability processing in a custom process, an electronic device, and a storage medium.
Background
Security vulnerabilities are flaws in the specific implementation of hardware, software, protocols, or system security policies that may enable an attacker to access or destroy the system without authorization.
In the internet field, various information security companies need to modify massive vulnerability data generated in the process of developing systems and software, so as to repair vulnerabilities and maintain the security of hardware, software and systems.
The existing modification and management of the loopholes are realized based on flow management, namely, flows of a plurality of flow nodes are created, and the flow nodes corresponding to the flows are processed one by one until the modification and repair of the loopholes are completed.
However, the existing vulnerability management is executed according to a fixed flow, and when a task processor corresponding to a certain flow node does not process the processing operation corresponding to the current flow node in time, the whole processing process of the vulnerability management cannot be completed in time, so that the corresponding problems of potential safety hazards of hardware, software and systems are caused. Meanwhile, the existing vulnerability management cannot flexibly configure a vulnerability processing flow according to rules, so that the vulnerability management and processing timeliness is poor, and the vulnerability processing delay rate is high.
At present, no effective solution is proposed for the problems of poor timeliness of vulnerability management and processing and high vulnerability processing delay rate in the related technology.
Disclosure of Invention
The embodiment of the application provides a vulnerability processing method, device, electronic device and storage medium of a custom process, which are used for at least solving the problems of poor timeliness and high vulnerability processing delay rate of vulnerability management and processing in the related technology.
In a first aspect, an embodiment of the present application provides a vulnerability processing method of a custom flow, including: obtaining vulnerability data to be processed; determining security association parameters of the vulnerability data; selecting a custom process instance according to the security association parameter, wherein the custom process instance is generated in a preset process engine according to the preset security association parameter; extracting the flow structure information of the custom flow instance, and judging whether the flow structure information is matched with preset flow structure information or not; under the condition that the flow structure information is matched with the preset flow structure information, inputting the vulnerability data into the custom flow instance, and processing the vulnerability data according to the custom flow instance until task processors corresponding to all flow nodes of the custom flow instance complete processing the vulnerability data, wherein the processing of the vulnerability data by the task processors comprises one of the following steps: circulation, rectification and auditing.
In some of these embodiments, determining the security association parameters of the vulnerability data includes: and evaluating the vulnerability data by adopting a general vulnerability evaluating method to obtain the security association parameters, wherein the security association parameters at least comprise one of the following: the vulnerability level, the vulnerability name, the vulnerability type and the vulnerability service are arranged according to the vulnerability severity from high to low.
In some embodiments, extracting the flow structure information of the custom flow instance and determining whether the flow structure information matches with preset flow structure information includes: extracting all flow nodes of the custom flow instance; detecting a target process node in all process nodes of the custom process instance, wherein the target process node comprises one or more of the following: a start node, a change node and an end node; and under the condition that the target flow node comprises the starting node, at least one changing node and the ending node, determining that the flow structure information is matched with preset flow structure information.
In some embodiments, the process nodes include target information and node pointing information, and detecting the target process node in all the process nodes of the custom process instance includes: extracting node information of the flow node, and detecting node pointing information and task target information in the node information, wherein the node pointing information comprises node information of the next flow node corresponding to the flow node, and the task target information comprises the task processor corresponding to the flow node; and determining the flow node as the change node under the condition that the node information comprises the node pointing information and a plurality of task target information.
In some embodiments, in a case that the node information is detected to include the node pointing information and the task target information, determining that the flow node is the start node; and determining the flow node as the ending node under the condition that the node information comprises single task target information.
In some of these embodiments, the method further comprises: detecting the processing state of the vulnerability data corresponding to the flow node in preset processing timeliness; and detecting that the vulnerability data is not processed in a period corresponding to the exceeding of the preset processing timeliness, stopping processing the vulnerability data according to the self-defined flow instance, re-executing the steps of selecting the self-defined flow instance according to the security association parameter, extracting the flow structure information of the self-defined flow instance, judging whether the flow structure information is matched with the preset flow structure information, and processing the vulnerability data according to the self-defined flow instance.
In some of these embodiments, the method further comprises: and under the condition that the vulnerability data is detected to be not processed in the preset processing time, notifying the task processor corresponding to the flow node to process the vulnerability data in a preset notification mode.
In a second aspect, an embodiment of the present application provides a vulnerability processing device of a custom flow, including:
the acquisition module is used for acquiring vulnerability data to be processed;
the determining module is used for determining security association parameters of the vulnerability data;
the selection module is used for selecting a self-defined process instance according to the security association parameter, wherein the self-defined process instance is generated in a preset process engine according to the preset security association parameter;
the detection module is used for extracting the flow structure information of the custom flow instance and judging whether the flow structure information is matched with preset flow structure information or not;
the processing module is used for inputting the vulnerability data into the custom flow instance and processing the vulnerability data according to the custom flow instance under the condition that the flow structure information is judged to be matched with the preset flow structure information until task processors corresponding to all flow nodes of the custom flow instance complete the processing of the vulnerability data, wherein the processing of the vulnerability data by the task processors comprises one of the following steps: circulation, rectification and auditing.
In a third aspect, an embodiment of the present application provides an electronic device, including a memory and a processor, where the memory stores a computer program, and the processor is configured to run the computer program to execute the vulnerability processing method of the custom procedure according to the first aspect.
In a fourth aspect, an embodiment of the present application provides a storage medium, where a computer program is stored in the storage medium, where the computer program is configured to execute, when executed, the vulnerability processing method of the custom flow according to the first aspect.
Compared with the related art, the vulnerability processing method, device, electronic device and storage medium for the custom process provided by the embodiment of the application are used for acquiring vulnerability data to be processed; determining security association parameters of vulnerability data; selecting a custom flow instance according to the security association parameters; extracting flow structure information of a custom flow instance, and judging whether the flow structure information is matched with preset flow structure information or not; under the condition that the flow structure information is judged to be matched with the preset flow structure information, the vulnerability data is input into the custom flow instance, and the vulnerability data is processed according to the custom flow instance until task processors corresponding to all flow nodes of the custom flow instance complete the processing of the vulnerability data, so that the problems of poor timeliness and high vulnerability processing delay rate of vulnerability management and processing in the related technology are solved, the custom vulnerability management flow is realized, and the vulnerability correction efficiency is improved.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the other features, objects, and advantages of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
FIG. 1 is a hardware block diagram of a terminal of a vulnerability processing method in a custom flow according to an embodiment of the present invention;
FIG. 2 is a flow chart of a vulnerability handling method of a custom flow according to an embodiment of the present application;
fig. 3 is a block diagram of a configuration of a vulnerability processing device according to a custom flow according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described and illustrated below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden on the person of ordinary skill in the art based on the embodiments provided herein, are intended to be within the scope of the present application.
It is apparent that the drawings in the following description are only some examples or embodiments of the present application, and it is possible for those of ordinary skill in the art to apply the present application to other similar situations according to these drawings without inventive effort. Moreover, it should be appreciated that while such a development effort might be complex and lengthy, it would nevertheless be a routine undertaking of design, fabrication, or manufacture for those of ordinary skill having the benefit of this disclosure, and thus should not be construed as having the benefit of this disclosure.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly and implicitly understood by those of ordinary skill in the art that the embodiments described herein can be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar terms herein do not denote a limitation of quantity, but rather denote the singular or plural. The terms "comprising," "including," "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to only those steps or elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. The terms "connected," "coupled," and the like in this application are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as used herein refers to two or more. "and/or" describes an association relationship of an association object, meaning that there may be three relationships, e.g., "a and/or B" may mean: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship. The terms "first," "second," "third," and the like, as used herein, are merely distinguishing between similar objects and not representing a particular ordering of objects.
The various techniques described in this application may be used for task processing in different scenarios in the field of computer technology, including but not limited to vulnerability modification processing in this embodiment.
The method embodiment provided in this embodiment may be executed in a terminal, a computer or a similar computing device. Taking the operation on a terminal as an example, fig. 1 is a block diagram of a hardware structure of a terminal of a vulnerability processing method of a custom flow according to an embodiment of the present invention. As shown in fig. 1, the terminal may include one or more processors 102 (only one is shown in fig. 1) (the processor 102 may include, but is not limited to, a microprocessor MCU or a processing device such as a programmable logic device FPGA) and a memory 104 for storing data, and optionally, a transmission device 106 for communication functions and an input-output device 108. It will be appreciated by those skilled in the art that the structure shown in fig. 1 is merely illustrative and not limiting on the structure of the terminal described above. For example, the terminal may also include more or fewer components than shown in fig. 1, or have a different configuration than shown in fig. 1.
The memory 104 may be used to store a computer program, for example, a software program of an application software and a module, such as a computer program corresponding to a vulnerability processing method of a custom flow in an embodiment of the present invention, and the processor 102 executes the computer program stored in the memory 104 to perform various functional applications and data processing, that is, implement the above-mentioned method. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory remotely located relative to the processor 102, which may be connected to the terminal via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used to receive or transmit data via a network. The specific example of the network described above may include a wireless network provided by a communication provider of the terminal. In one example, the transmission device 106 includes a network adapter (Network Interface Controller, simply referred to as NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is configured to communicate with the internet wirelessly.
The embodiment provides a vulnerability processing method of a custom process, and fig. 2 is a flowchart of the vulnerability processing method of the custom process according to an embodiment of the application, as shown in fig. 2, where the process includes the following steps:
step S201, obtaining vulnerability data to be processed.
In this embodiment, the vulnerability data to be processed is a defect generated in the development process of hardware, software, protocol and system, and the defect is repaired by modifying the vulnerability data.
Step S202, determining security association parameters of the vulnerability data.
In this embodiment, the security association parameters of the vulnerability data include the following parameters: vulnerability hazard classes, such as: low-risk, medium-risk, high-risk and emergency; vulnerability names, such as: SSH security protocol; vulnerability types, such as: host loopholes, SQL injection loopholes, cross-site script loopholes, XSS type loopholes; vulnerability-contained services such as: TCP.
In this embodiment, the security association parameters of the vulnerability data are obtained, so as to match with a proper custom process.
Step S203, selecting a custom process instance according to the security association parameter, wherein the custom process instance is generated in a preset process engine according to the preset security association parameter.
In this embodiment, the corresponding matching rule is determined according to the security association parameter, so as to determine the custom flow instance. For example: when the vulnerability name of the security association parameter contains a preset keyword, the corresponding vulnerability processing flow instance needs to process the flow node of the human A task, and when the vulnerability level of the security association parameter is greater than the high risk, the corresponding vulnerability processing flow instance needs to process the flow node of the human B task.
In this embodiment, before the vulnerability is processed, a user-defined process is further required to be deployed, and the process deployment of vulnerability management is completed in a preset process engine, in this embodiment, the process engine is a flow process engine, and of course, one of the workflow engines may also be selected.
The flow in this embodiment is accomplished by an administrator operating the orchestration on the flow engine. Meanwhile, the flow nodes of the flow instance in this embodiment at least include a start node, an end node and a change node, where the start node may not be an approval node (a node for inspecting a vulnerability after processing is completed, and the task processor corresponding to the start node inspects and approves the operation process of processing the vulnerability by the task processor at the previous stage of the node), and the end node may not be a dispatch node (no next node), and the change node is a flow node for rectifying the vulnerability.
Step S204, extracting the flow structure information of the custom flow instance, and judging whether the flow structure information is matched with the preset flow structure information.
In this embodiment, by verifying whether the pre-deployed custom flow instance is deployed reasonably, and under the condition that the custom flow instance is verified reasonably, inputting the vulnerability into the flow instance for cyclic traversal, so as to complete vulnerability processing.
Step S205, under the condition that the flow structure information is judged to be matched with the preset flow structure information, inputting the vulnerability data into a custom flow instance, and processing the vulnerability data according to the custom flow instance until task processors corresponding to all flow nodes of the custom flow instance complete the processing of the vulnerability data, wherein the processing of the vulnerability data by the task processors comprises one of the following steps: circulation, rectification and auditing.
In this embodiment, when the selected customized process instance is a satisfactory process instance, that is, the process deploys satisfactory process nodes, and after the vulnerability data to be modified is input into the process instance, the vulnerability data is circularly traversed, so that modification of the vulnerability data can be completed.
It should be noted that, the process nodes of the custom process instance in this embodiment include an rectifying node, a distributing node, and an approval node. In the specific vulnerability processing process, if the process node is a modification node, the task processor of the corresponding modification node only has modification authority, the task processor can only select the shelving vulnerability and the modification vulnerability, after the task processor selects and completes, if the modification vulnerability data are selected, the vulnerability data are automatically transmitted to the next process node after the modification of the vulnerability data is completed, and if the shelving vulnerability is selected, the vulnerability data enter a shelving list. The next node corresponding to the current flow node is a distribution node, and vulnerability data can enter the distribution flow.
If the flow node is a distribution node, the distribution node may distribute the vulnerability data to task handlers in batches according to the flow rule, and then match the corresponding task handlers according to the vulnerability data security association parameters, for example: when the vulnerability name of the vulnerability data comprises a preset keyword, assigning the vulnerability data to a task processor A for processing, and when the vulnerability level of the vulnerability data is greater than high risk, assigning the vulnerability data to a task processor B for processing.
If the flow node is an approval node, the approval node approves the processed vulnerability data, if the approval is not passed, the process returns to the previous node, and if the approval is passed, the process enters the next node.
In specific vulnerability processing, vulnerability data is subjected to the three types of process nodes, and repeated approval is carried out for multiple times until the process is finished.
Through the steps S201 to S205, vulnerability data to be processed is acquired; determining security association parameters of vulnerability data; selecting a custom flow instance according to the security association parameters; extracting flow structure information of a custom flow instance, and judging whether the flow structure information is matched with preset flow structure information or not; under the condition that the flow structure information is judged to be matched with the preset flow structure information, the vulnerability data is input into the custom flow instance, and the vulnerability data is processed according to the custom flow instance until task processors corresponding to all flow nodes of the custom flow instance complete the processing of the vulnerability data, so that the problems of poor timeliness and high vulnerability processing delay rate of vulnerability management and processing in the related technology are solved, the custom vulnerability management flow is realized, and the vulnerability correction efficiency is improved.
It should be further described that, in the process of vulnerability processing, the vulnerability data is walked through all the process nodes of the custom process according to the custom process instance, that is, after the task processor corresponding to all the process nodes completes the processing of the vulnerability data, the vulnerability process retest includes scanning retest by using a scanner and manual retest, when the retest process retests unrepaired vulnerability data, the retested unrepaired vulnerability data is input into the distribution process again, and the process instance is reselected to process the vulnerability data.
In some of these embodiments, determining security association parameters for vulnerability data includes the steps of: and evaluating the vulnerability data by adopting a general vulnerability assessment method (CVSS assessment method) to obtain security association parameters, wherein the security association parameters at least comprise one of the following: the vulnerability grade, the vulnerability name, the vulnerability type and the vulnerability service are arranged from high to low according to the vulnerability severity.
In this embodiment, the vulnerability level, vulnerability name, vulnerability type, and vulnerability severity of vulnerability data corresponding to the vulnerability service are from high to low.
In some embodiments, extracting the flow structure information of the custom flow instance and determining whether the flow structure information matches the preset flow structure information includes the following steps:
all flow nodes of the custom flow instance are extracted.
In this embodiment, the connection relationships corresponding to all the flow nodes correspond to the structure information of the custom flow.
Detecting a target process node in all process nodes of the custom process instance, wherein the target process node comprises one or more of the following: a start node, a change node, and an end node.
And under the condition that the target flow node comprises a starting node, at least one changing node and an ending node, determining that the flow structure information is matched with the preset flow structure information.
It should be noted that when there is no change node in a flow instance, the flow instance is unreasonable to deploy.
In some embodiments, the process nodes include target information and node pointing information, and detecting the target process node among all the process nodes of the custom process instance includes the steps of:
extracting node information of the flow node, and detecting node pointing information and task target information in the node information, wherein the node pointing information comprises node information of the next flow node corresponding to the flow node, and the task target information comprises task processor corresponding to the flow node.
And determining the flow node as a modified node under the condition that the node information is detected to comprise node pointing information and a plurality of task target information.
In this embodiment, in the case that it is detected that the node information includes the node pointing information and the single task target information, the flow node is determined to be the start node.
In this embodiment, in the case where it is detected that the node information includes single task target information, the flow node is determined to be an end node.
In some embodiments, the vulnerability processing method of the custom flow further includes the following steps:
and detecting the processing state of the vulnerability data corresponding to the flow node in the preset processing time.
And in the period beyond the preset processing timeliness, detecting that the vulnerability data is not processed, stopping processing the vulnerability data according to the custom flow instance, re-executing the steps of selecting the custom flow instance according to the security association parameters, extracting the flow structure information of the custom flow instance, judging whether the flow structure information is matched with the preset flow structure information, and processing the vulnerability data according to the custom flow instance.
In some embodiments, the vulnerability processing method of the custom flow further includes the following steps: and under the condition that the vulnerability data is detected to be unprocessed in the preset processing time, notifying a task processor corresponding to the flow node to process the vulnerability data in a preset notification mode.
In some embodiments, the vulnerability processing method of the custom flow of the present application includes the following steps:
step 1, receiving self-defined process parameters and obtaining json data of the self-defined process.
And 2, checking the self-defined flow instance, checking whether a starting node, an ending node and the completion condition of each branch flow of the self-defined flow instance exist an unfinished node or not, checking whether the flow nodes are not connected front and back or not and checking whether the flow does not exist a modified node or not, analyzing according to parameters after the checking is passed, and converting json data of the self-defined flow into corresponding xml character strings in an xml format.
And 3, reading the xml character string through the flow engine flow, converting the xml character string into bpmnMODEL corresponding to the flow engine flow, and after the flow engine flow obtains the bpmnMODEL, deploying the current flow to further form a custom flow instance.
And step 4, after the deployment of the custom flow instance is completed, the vulnerability data is transmitted into the custom flow instance queried from the flow, and the vulnerability data is circularly traversed.
In this embodiment, all the custom instances are managed through a flow engine flow; when the vulnerability data arrives at the corresponding process node, the task processor corresponding to the process node acquires all tasks (distribution, correction and approval) belonging to the task processor according to the corresponding account, and then the task processor performs corresponding operation processing on the vulnerability data, wherein the task processor performs operation processing on the vulnerability data, including: submitting, auditing, refusing and circulating.
It should be noted that the steps illustrated in the above-described flow or flow diagrams of the figures may be performed in a computer system, such as a set of computer-executable instructions, and that, although a logical order is illustrated in the flow diagrams, in some cases, the steps illustrated or described may be performed in an order other than that illustrated herein.
The embodiment also provides a vulnerability processing device of a custom flow, which is used for implementing the foregoing embodiments and preferred embodiments, and is not described in detail. As used below, the terms "module," "unit," "sub-unit," and the like may be a combination of software and/or hardware that implements a predetermined function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
Fig. 3 is a block diagram of a configuration of a vulnerability processing device according to a custom flow according to an embodiment of the present application, as shown in fig. 3, the device includes:
an obtaining module 31, configured to obtain vulnerability data to be processed.
The determining module 32 is coupled to the obtaining module 31, and is configured to determine a security association parameter of the vulnerability data.
The selecting module 33 is coupled to the determining module 32, and is configured to select a custom process instance according to the security association parameter, where the custom process instance is generated in the preset process engine according to the preset security association parameter.
The detection module 34 is coupled to the selection module 33, and is configured to extract the flow structure information of the user-defined flow instance, and determine whether the flow structure information matches with the preset flow structure information.
The processing module 35 is coupled to the detection module 34, and is configured to input the vulnerability data into the custom flow instance when it is determined that the flow structure information matches the preset flow structure information, and process the vulnerability data according to the custom flow instance until task processors corresponding to all flow nodes of the custom flow instance complete processing of the vulnerability data, where the processing of the vulnerability data by the task processors includes one of the following: circulation, rectification and auditing.
In some embodiments, the determining module 32 evaluates the vulnerability data using a general vulnerability evaluating method to obtain a security association parameter, where the security association parameter includes at least one of: the vulnerability grade, the vulnerability name, the vulnerability type and the vulnerability service are arranged from high to low according to the vulnerability severity.
In some of these embodiments, the detection module 34 is configured to extract all flow nodes of the custom flow instance; detecting a target process node in all process nodes of the custom process instance, wherein the target process node comprises one or more of the following: a start node, a change node and an end node; and under the condition that the target flow node comprises a starting node, at least one changing node and an ending node, determining that the flow structure information is matched with the preset flow structure information.
In some embodiments, the flow node includes target information and node pointing information, the detection module 34 is configured to extract node information of the flow node, and detect the node pointing information and task target information in the node information, where the node pointing information includes node information of a next flow node corresponding to the flow node, and the task target information includes a task handler corresponding to the flow node; and determining the flow node as a modified node under the condition that the node information is detected to comprise node pointing information and a plurality of task target information.
In some embodiments, the detecting module 34 is further configured to determine the flow node as the start node if it is detected that the node information includes node pointing information and single task target information; and determining the flow node as an end node in the case that the node information comprises single task target information is detected.
In some embodiments, the vulnerability processing device of the custom process is further configured to detect a processing state of vulnerability data corresponding to the process node within a preset processing time; and in the period beyond the preset processing timeliness, detecting that the vulnerability data is not processed, stopping processing the vulnerability data according to the custom flow instance, re-executing the steps of selecting the custom flow instance according to the security association parameters, extracting the flow structure information of the custom flow instance, judging whether the flow structure information is matched with the preset flow structure information, and processing the vulnerability data according to the custom flow instance.
In some embodiments, the vulnerability processing device of the custom process is further configured to notify, when detecting that the vulnerability data is not processed within a preset processing time period, a task processor corresponding to the process node to process the vulnerability data in a preset notification manner.
The above-described respective modules may be functional modules or program modules, and may be implemented by software or hardware. For modules implemented in hardware, the various modules described above may be located in the same processor; or the above modules may be located in different processors in any combination.
The present embodiment also provides an electronic device comprising a memory having stored therein a computer program and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, where the transmission device is connected to the processor, and the input/output device is connected to the processor.
Alternatively, in the present embodiment, the above-described processor may be configured to execute the following steps by a computer program:
s1, obtaining vulnerability data to be processed.
S2, determining security association parameters of the vulnerability data.
S3, selecting a custom flow instance according to the security association parameter, wherein the custom flow instance is generated in a preset flow engine according to the preset security association parameter.
S4, extracting the flow structure information of the custom flow instance, and judging whether the flow structure information is matched with the preset flow structure information.
S5, under the condition that the flow structure information is judged to be matched with the preset flow structure information, inputting the vulnerability data into the custom flow instance, and processing the vulnerability data according to the custom flow instance until task processors corresponding to all flow nodes of the custom flow instance complete the processing of the vulnerability data, wherein the processing of the vulnerability data by the task processors comprises one of the following steps: circulation, rectification and auditing.
It should be noted that, specific examples in this embodiment may refer to examples described in the foregoing embodiments and alternative implementations, and this embodiment is not repeated herein.
In addition, in combination with the vulnerability processing method of the custom flow in the above embodiment, the embodiment of the application may provide a storage medium for implementation. The storage medium has a computer program stored thereon; the computer program, when executed by the processor, implements the vulnerability processing method of any one of the custom flows in the above embodiments.
It should be understood by those skilled in the art that the technical features of the above-described embodiments may be combined in any manner, and for brevity, all of the possible combinations of the technical features of the above-described embodiments are not described, however, they should be considered as being within the scope of the description provided herein, as long as there is no contradiction between the combinations of the technical features.
The above examples merely represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the invention. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application is to be determined by the claims appended hereto.
Claims (10)
1. A vulnerability processing method of a custom process is characterized by comprising the following steps:
obtaining vulnerability data to be processed;
determining security association parameters of the vulnerability data;
selecting a custom process instance according to the security association parameter, wherein the custom process instance is generated in a preset process engine according to the preset security association parameter;
extracting the flow structure information of the custom flow instance, and judging whether the flow structure information is matched with preset flow structure information or not;
under the condition that the flow structure information is matched with the preset flow structure information, inputting the vulnerability data into the custom flow instance, and processing the vulnerability data according to the custom flow instance until task processors corresponding to all flow nodes of the custom flow instance complete processing the vulnerability data, wherein the processing of the vulnerability data by the task processors comprises one of the following steps: circulation, rectification and auditing.
2. The method for vulnerability processing of custom flow of claim 1, wherein determining security association parameters of the vulnerability data comprises: and evaluating the vulnerability data by adopting a general vulnerability evaluating method to obtain the security association parameters, wherein the security association parameters at least comprise one of the following: the vulnerability level, the vulnerability name, the vulnerability type and the vulnerability service are arranged according to the vulnerability severity from high to low.
3. The method for vulnerability processing of self-defined process according to claim 1, wherein extracting the process structure information of the self-defined process instance and judging whether the process structure information matches with preset process structure information comprises:
extracting all flow nodes of the custom flow instance;
detecting a target process node in all process nodes of the custom process instance, wherein the target process node comprises one or more of the following: a start node, a change node and an end node;
and under the condition that the target flow node comprises the starting node, at least one changing node and the ending node, determining that the flow structure information is matched with preset flow structure information.
4. The method of vulnerability processing of customized process of claim 3, wherein the process nodes comprise target information and node pointing information, and detecting target process nodes among all process nodes of the customized process instance comprises:
extracting node information of the flow node, and detecting node pointing information and task target information in the node information, wherein the node pointing information comprises node information of the next flow node corresponding to the flow node, and the task target information comprises the task processor corresponding to the flow node;
and determining the flow node as the change node under the condition that the node information comprises the node pointing information and a plurality of task target information.
5. The method for vulnerability processing of self-defined process according to claim 4, wherein the process node is determined to be the start node if it is detected that the node information includes the node pointing information and the task target information;
and determining the flow node as the ending node under the condition that the node information comprises single task target information.
6. The method for vulnerability processing of custom flow according to claim 1, further comprising:
detecting the processing state of the vulnerability data corresponding to the flow node in preset processing timeliness;
and detecting that the vulnerability data is not processed in a period corresponding to the exceeding of the preset processing timeliness, stopping processing the vulnerability data according to the self-defined flow instance, re-executing the steps of selecting the self-defined flow instance according to the security association parameter, extracting the flow structure information of the self-defined flow instance, judging whether the flow structure information is matched with the preset flow structure information, and processing the vulnerability data according to the self-defined flow instance.
7. The method for vulnerability processing of custom flow according to claim 6, further comprising: and under the condition that the vulnerability data is detected to be not processed in the preset processing time, notifying the task processor corresponding to the flow node to process the vulnerability data in a preset notification mode.
8. The utility model provides a vulnerability processing device of custom flow which characterized in that includes:
the acquisition module is used for acquiring vulnerability data to be processed;
the determining module is used for determining security association parameters of the vulnerability data;
the selection module is used for selecting a self-defined process instance according to the security association parameter, wherein the self-defined process instance is generated in a preset process engine according to the preset security association parameter;
the detection module is used for extracting the flow structure information of the custom flow instance and judging whether the flow structure information is matched with preset flow structure information or not;
the processing module is used for inputting the vulnerability data into the custom flow instance and processing the vulnerability data according to the custom flow instance under the condition that the flow structure information is judged to be matched with the preset flow structure information until task processors corresponding to all flow nodes of the custom flow instance complete the processing of the vulnerability data, wherein the processing of the vulnerability data by the task processors comprises one of the following steps: circulation, rectification and auditing.
9. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, the processor being arranged to run the computer program to perform the vulnerability processing method of the custom procedure of any one of claims 1 to 7.
10. A storage medium having a computer program stored therein, wherein the computer program when executed by a processor performs the vulnerability processing method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010848139.7A CN112149128B (en) | 2020-08-21 | 2020-08-21 | Vulnerability processing method, device, electronic device and medium of custom process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010848139.7A CN112149128B (en) | 2020-08-21 | 2020-08-21 | Vulnerability processing method, device, electronic device and medium of custom process |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112149128A CN112149128A (en) | 2020-12-29 |
| CN112149128B true CN112149128B (en) | 2024-04-09 |
Family
ID=73888018
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010848139.7A Active CN112149128B (en) | 2020-08-21 | 2020-08-21 | Vulnerability processing method, device, electronic device and medium of custom process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112149128B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110110527A (en) * | 2019-05-10 | 2019-08-09 | 重庆八戒电子商务有限公司 | A kind of discovery method of loophole component, discovery device, computer installation and storage medium |
| CN110460571A (en) * | 2019-07-05 | 2019-11-15 | 深圳壹账通智能科技有限公司 | Operation system loophole processing method, device, computer equipment and storage medium |
| CN111240994A (en) * | 2020-01-20 | 2020-06-05 | 北京国舜科技股份有限公司 | Vulnerability processing method and device, electronic equipment and readable storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9443086B2 (en) * | 2012-02-23 | 2016-09-13 | Infosys Limited | Systems and methods for fixing application vulnerabilities through a correlated remediation approach |
-
2020
- 2020-08-21 CN CN202010848139.7A patent/CN112149128B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110110527A (en) * | 2019-05-10 | 2019-08-09 | 重庆八戒电子商务有限公司 | A kind of discovery method of loophole component, discovery device, computer installation and storage medium |
| CN110460571A (en) * | 2019-07-05 | 2019-11-15 | 深圳壹账通智能科技有限公司 | Operation system loophole processing method, device, computer equipment and storage medium |
| CN111240994A (en) * | 2020-01-20 | 2020-06-05 | 北京国舜科技股份有限公司 | Vulnerability processing method and device, electronic equipment and readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 基于流量分析的软件升级漏洞自动检测方法;腾金辉;光焱;舒辉;张冰;;网络与信息安全学报;20200215(01);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112149128A (en) | 2020-12-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105303112B (en) | The detection method and device of component call loophole | |
| CN107797923B (en) | Code coverage rate analysis method and application server | |
| CN112364054B (en) | Wind control decision method, device, electronic device and storage medium | |
| CN112039900B (en) | Network security risk detection method, system, computer device and storage medium | |
| CN109669717A (en) | Data processing method, device, equipment and storage medium based on deployment platform | |
| CN112818352B (en) | Database detection method and device, storage medium and electronic device | |
| WO2019051937A1 (en) | Method, apparatus and device for automatically configuring test machine, and storage medium | |
| CN103581185A (en) | Cloud searching and killing method, device and system for resisting anti-antivirus test | |
| CN111970236A (en) | Cross-network data transmission method and device | |
| CN112149128B (en) | Vulnerability processing method, device, electronic device and medium of custom process | |
| CN112184166A (en) | Data reporting method, device, equipment and readable storage medium of business system | |
| CN116599747A (en) | Network and information security service system | |
| CN110807104A (en) | Method and device for determining abnormal information, storage medium and electronic device | |
| CN111010308A (en) | KVM service test method and device | |
| CN109976828A (en) | A kind of method and device of configuration file | |
| CN112329021B (en) | Method and device for checking application loopholes, electronic device and storage medium | |
| CN106919836B (en) | Application port detection method and device | |
| CN114091030A (en) | Method and device for automatically verifying system vulnerability, electronic device and storage medium | |
| CN112488532A (en) | Power equipment data monitoring method and device and server | |
| CN113642622A (en) | Data model effect evaluation method, system, electronic device and storage medium | |
| CN106357664B (en) | Vulnerability detection method and device | |
| CN106934290A (en) | leak detection method and device | |
| CN111767218A (en) | Automatic testing method, equipment and storage medium for continuous integration | |
| CN106778279B (en) | Vulnerability mining method and device | |
| CN109933531A (en) | Automatic testing method, device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |