CN112464242A - Webpage platform vulnerability collection method, system, terminal and storage medium - Google Patents
Webpage platform vulnerability collection method, system, terminal and storage medium Download PDFInfo
- Publication number
- CN112464242A CN112464242A CN202011261722.4A CN202011261722A CN112464242A CN 112464242 A CN112464242 A CN 112464242A CN 202011261722 A CN202011261722 A CN 202011261722A CN 112464242 A CN112464242 A CN 112464242A
- Authority
- CN
- China
- Prior art keywords
- script
- website
- webpage
- vulnerability
- platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000013515 script Methods 0.000 claims abstract description 107
- 238000001514 detection method Methods 0.000 claims abstract description 12
- 238000004590 computer program Methods 0.000 claims description 3
- 238000007405 data analysis Methods 0.000 claims description 3
- 238000000605 extraction Methods 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 abstract description 6
- 238000004458 analytical method Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 230000008676 import Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- BUGBHKTXTAQXES-UHFFFAOYSA-N Selenium Chemical compound [Se] BUGBHKTXTAQXES-UHFFFAOYSA-N 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 229910052711 selenium Inorganic materials 0.000 description 3
- 239000011669 selenium Substances 0.000 description 3
- 235000014347 soups Nutrition 0.000 description 3
- 238000006467 substitution reaction Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 240000007087 Apium graveolens Species 0.000 description 1
- 235000015849 Apium graveolens Dulce Group Nutrition 0.000 description 1
- 235000010591 Appio Nutrition 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000009193 crawling Effects 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Stored Programmes (AREA)
Abstract
The invention provides a webpage platform vulnerability acquisition method, a system, a terminal and a storage medium, comprising the following steps: uploading the information acquisition script of the latest version to a specified path of a webpage platform; synchronously updating corresponding compiled codes in a cache according to the information acquisition script updated by the script library; and calling a compiling code corresponding to the website of the webpage platform in the memory, and collecting webpage data of the website. And analyzing vulnerability information from the webpage data, and outputting the vulnerability information as a detection result of the webpage. According to the method and the system, the decoupling of the web platform and the vulnerability crawler task is realized through the script, the security vulnerability data acquisition website can be maintained quickly only by upgrading the script code, and the web platform does not need to be released again. The iteration of web platform codes is reduced, and the maintainability of the web platform is improved. The script thread pool mechanism improves the collection efficiency of the security vulnerability website, and the exception handling mechanism enhances the robustness of the web platform.
Description
Technical Field
The invention relates to the technical field of webpage platform safety protection, in particular to a webpage platform vulnerability acquisition method, a webpage platform vulnerability acquisition system, a webpage platform vulnerability acquisition terminal and a storage medium.
Background
A security vulnerability refers to an unprotected entry point left inadvertently by a restricted computer, component, application, or other online resource. Vulnerabilities are flaws in hardware software or usage policies that expose a computer to viruses and hacking. The vulnerability problem is closely related to time, and when some open source components used by a company product line expose a vulnerability, a maintenance team or community of the open source components generally issues a patch for repairing the vulnerability as soon as possible, so as to prevent a hacker from attacking the vulnerability by using the vulnerability. And when the new version component corrects the holes in the old version, some new holes and errors can be introduced. Thus, over time, old vulnerabilities will continue to disappear and new vulnerabilities will continue to appear. Vulnerability problems can also persist for a long time. Therefore, the monitoring of the vulnerability data by the company is very important work, and when high-level vulnerabilities are found, emergency response can be made as soon as possible, and the vulnerability data can be fed back to a company product line.
In order to better monitor the security vulnerability, people generally integrate a vulnerability crawler function on a web platform, execute a vulnerability crawler task at regular time, and store a crawling result into a database after the task is executed and filtered according to a certain rule, so that the security vulnerability can be conveniently inquired and exported.
And the web platform executes the vulnerability crawler task regularly to collect data such as security vulnerability bulletin of the specified vulnerability website. And the acquisition and analysis codes executed by the crawler task are written aiming at the specified website, and when a vulnerability target website needs to be added or modified, the web platform needs to write the corresponding acquisition and analysis codes aiming at the added or modified website. Because the codes are coupled with the web platform, if the website is updated frequently, the codes of the web platform need to be reissued every time, so that the iterative versions of the codes of the web platform are more, and the maintenance is inconvenient.
Disclosure of Invention
In view of the above-mentioned deficiencies of the prior art, the present invention provides a method, a system, a terminal and a storage medium for collecting a vulnerability of a web platform, so as to solve the above-mentioned technical problems.
In a first aspect, the present invention provides a method for collecting vulnerabilities of a web platform, including:
uploading the information acquisition script of the latest version to a specified path of a webpage platform;
synchronously updating corresponding compiled codes in a cache according to the information acquisition script updated by the script library;
calling a compiling code corresponding to the website of the webpage platform in the memory, and collecting webpage data of the website;
and analyzing vulnerability information from the webpage data, and outputting the vulnerability information as a detection result of the webpage.
Further, the method further comprises:
before calling the information acquisition script, detecting whether the corresponding information acquisition script exists under the path corresponding to each website:
if not, calling a memory default script compiling code of the webpage platform.
Further, the synchronous updating of the corresponding compiled code in the cache according to the information acquisition script updated by the script library includes:
after the new version information acquisition script is uploaded on the webpage platform, the compiling code corresponding to the original version information acquisition script in the memory is deleted;
and introducing the new version information acquisition script by using a standard library character string importing method, and storing the compiled code of the new version information acquisition script in a memory.
Further, the analyzing vulnerability information from the webpage data and outputting the vulnerability information as the detection result of the webpage includes:
setting the time validity of the website collected data by using a time setter;
formatting the date of the website;
and calling an analysis program corresponding to the website to extract a vulnerability title, a release date and an address from the acquired website webpage data.
Further, if the web page platform includes a plurality of websites, the method further includes:
creating a plurality of script execution threads, and respectively calling a compiling code corresponding to each website to detect each website;
and counting the returned vulnerability detection results, and displaying the progress of the vulnerability acquisition task according to result statistical information.
In a second aspect, the present invention provides a system for collecting vulnerabilities of a web page platform, including:
the script uploading unit is used for uploading the information acquisition script of the latest version to a specified path of the webpage platform;
the cache updating unit is configured for synchronously updating the corresponding compiled codes in the cache according to the information acquisition script updated by the script library;
the data acquisition unit is configured to call a compiling code corresponding to the website of the webpage platform in the memory and acquire webpage data of the website;
and the data analysis unit is configured to analyze the vulnerability information from the webpage data and output the vulnerability information as a detection result of the webpage.
Further, the system further comprises:
the script confirming unit is configured to detect whether corresponding information acquisition scripts exist under paths corresponding to all websites before the information acquisition scripts are called;
and the default setting unit is configured to call the memory default script compiling code of the webpage platform if the corresponding information acquisition script exists in the path corresponding to each website.
Further, the data parsing unit includes:
the time setting module is configured for setting the time validity of the website acquired data by using the time setter;
the date setting module is configured for formatting dates of the website;
and the vulnerability extraction module is configured for calling an analysis program corresponding to the website to extract a vulnerability title, release date and address from the acquired website webpage data.
In a third aspect, a terminal is provided, including:
a processor, a memory, wherein,
the memory is used for storing a computer program which,
the processor is used for calling and running the computer program from the memory so as to make the terminal execute the method of the terminal.
In a fourth aspect, a computer storage medium is provided having stored therein instructions that, when executed on a computer, cause the computer to perform the method of the above aspects.
The beneficial effect of the invention is that,
according to the webpage platform vulnerability collection method, the system, the terminal and the storage medium, the decoupling of the web platform and the vulnerability crawler task is realized through the script, the security vulnerability data collection website can be maintained quickly only by upgrading the script code, and the web platform does not need to be released again. The iteration of web platform codes is reduced, and the maintainability of the web platform is improved. The script thread pool mechanism improves the collection efficiency of the security vulnerability website, and the exception handling mechanism enhances the robustness of the web platform.
In addition, the invention has reliable design principle, simple structure and very wide application prospect.
Drawings
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present invention, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.
FIG. 1 is a schematic flow diagram of a method of one embodiment of the invention.
FIG. 2 is a schematic block diagram of a system of one embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the technical solution in the embodiment of the present invention will be clearly and completely described below with reference to the drawings in the embodiment of the present invention, and it is obvious that the described embodiment is only a part of the embodiment of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The following explains key terms appearing in the present invention.
Python: the cross-platform computer programming language is a high-level scripting language combining interpretability, compiling performance, interactivity and object facing. Originally designed for writing automated scripts (shells), the more they are used for the development of independent, large projects with the continual updating of versions and the addition of new functionality in language.
Celery: the system is a simple, flexible and reliable distributed system for processing a large number of messages, is dedicated to asynchronous task queues for real-time processing, and simultaneously supports task scheduling.
importlib: python offers importlib as a standard library. It aims to provide an implementation of the Python import syntax and (__ import __ () function). In addition, importlib provides that developers can create their own objects (i.e., importers) to handle the import process.
import _ module: according to the method of Python standard library import ib, modules can be imported through character strings, the character strings under the same folder are module names, and the character strings of different folders are module paths.
requests: written in Python language, adapted based on url 3, using the HTTP library of the Apache2 qualified origin protocol.
selenium: is an automatic testing tool for Web application programs. The Selenium test runs directly in the browser, just as a real user is operating.
Beautiful Soup: the Python library can extract data from an HTML or XML file, and can realize the conventional document navigation, searching and modifying modes through a converter which is liked by a user.
FIG. 1 is a schematic flow diagram of a method of one embodiment of the invention. The execution subject in fig. 1 may be a web platform vulnerability gathering system.
As shown in fig. 1, the method includes:
Specifically, the webpage platform vulnerability collecting method comprises the following steps:
and S1, uploading the information acquisition script of the latest version to a specified path of a webpage platform (WEB platform).
Uploading the latest version of the information acquisition script to a specified path of a webpage platform, wherein the information acquisition script is a Python script, and the webpage platform may need to detect a plurality of websites, so that the Python script of each website needs to be stored in the webpage platform.
The Python script needs to define a complete execution path when being called, so the path of the script needs to be checked before the script is executed each time, and if the script does not exist in the script directory, a default script of the platform is used.
And S2, synchronously updating the corresponding compiled codes in the cache according to the information acquisition script updated by the script library.
Because the Python script will cache a copy of the compiled code in memory after being called. Therefore, after the Python script of a certain website uploads a new version of the script again, if the process is not restarted, the compiled code cached in the memory can be executed, and the newly uploaded code does not take effect. Therefore, when a new version of the Python script is executed each time, whether the old version of the compiled code exists in the script cache needs to be checked, and if the cache exists, the new version of the script is introduced again after the cache is deleted.
The method for introducing the new version comprises the following steps: the import _ module method using importlib of Python introduces a script to be executed, at which point the script path checked in step S1 needs to be passed in.
And S3, calling a compiling code corresponding to the website of the webpage platform in the memory, and collecting webpage data of the website.
After the new version of script is introduced, the compiled code can be called to execute the function therein, the task instance required by the execution function is transmitted, and the webpage data of the website is collected. Because the webpage platform is provided with a plurality of websites, the script corresponding to each website is executed in a multithreading mode.
And S4, analyzing vulnerability information from the webpage data, and outputting the vulnerability information as the detection result of the webpage.
When the webpage data of each website is analyzed, each website corresponds to one analysis program, the analysis programs inherit the basic analysis program, and the basic analysis program comprises an acquisition time setter, date formatting, script result formatting and the like. Namely, the time validity of the website collected data is set in the basic analysis program, and a date and script result formatting processing method is provided. In each analysis program, firstly, the web page data of the website needs to be collected, and the web page data can pass through a requests library of Python and can also pass through a selenium library. The collected website webpage data are converted into Beautiful Soup objects, then the Beautiful Soup objects are analyzed, effective data such as vulnerability titles, release dates and URL addresses are extracted respectively, script results are assembled, and the script results are returned to the script thread execution module. When a security vulnerability acquisition website needs to be added, the acquisition website can be added only by adding an analysis program of a specified website to a website acquisition and analysis module, and after the analysis program is coded, a script is uploaded again without re-publishing a web platform.
And transmitting the webpage data acquisition result of each website into a thread execution module, wherein the main thread can alternately submit asynchronous thread work through a thread pool, and each working thread can respectively execute the acquisition analysis code of the corresponding website after the thread work is submitted. After all the threads are submitted, the main thread can be blocked, the completion of the thread work is waited, and when one work is completed, the main thread receives one message, and then a website can be taken to collect the analysis result, and the script execution progress can be updated. And after all the threads finish working, the main thread outputs all the received script results and abnormal information.
The specific method for updating the script execution progress comprises the step of updating the progress of the script task, so that the front end can see the task execution dynamics at any time. And (4) transmitting the task instance into a script execution function, and updating the task progress (the number of completed tasks/the total number of completed tasks) once collection and analysis of one website are completed in the script execution thread.
And displaying all returned script results through a list on the front-end page. The execution result of the script execution is written into the database for persistence after being returned, and the front end sends a request to the back end to obtain the script execution result.
As shown in fig. 2, the system 200 includes:
the script uploading unit 210 is configured to upload the information acquisition script of the latest version to a specified path of the web platform;
the cache updating unit 220 is configured to synchronously update the corresponding compiled codes in the cache according to the information acquisition script updated by the script library;
the data acquisition unit 230 is configured to call a compiled code in the memory, which corresponds to the website of the web platform, and acquire web data of the website;
and a data analysis unit 240 configured to analyze the vulnerability information from the webpage data and output the vulnerability information as a detection result of the webpage.
Optionally, as an embodiment of the present invention, the system further includes:
the script confirming unit is configured to detect whether corresponding information acquisition scripts exist under paths corresponding to all websites before the information acquisition scripts are called;
and the default setting unit is configured to call the memory default script compiling code of the webpage platform if the corresponding information acquisition script exists in the path corresponding to each website.
Optionally, as an embodiment of the present invention, the data parsing unit includes:
the time setting module is configured for setting the time validity of the website acquired data by using the time setter;
the date setting module is configured for formatting dates of the website;
and the vulnerability extraction module is configured for calling an analysis program corresponding to the website to extract a vulnerability title, release date and address from the acquired website webpage data.
Fig. 3 is a schematic structural diagram of a terminal 300 according to an embodiment of the present invention, where the terminal 300 may be used to execute the method for collecting vulnerabilities of a web platform according to the embodiment of the present invention.
Among them, the terminal 300 may include: a processor 310, a memory 320, and a communication unit 330. The components communicate via one or more buses, and those skilled in the art will appreciate that the architecture of the servers shown in the figures is not intended to be limiting, and may be a bus architecture, a star architecture, a combination of more or less components than those shown, or a different arrangement of components.
The memory 320 may be used for storing instructions executed by the processor 310, and the memory 320 may be implemented by any type of volatile or non-volatile storage terminal or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic disk or optical disk. The executable instructions in memory 320, when executed by processor 310, enable terminal 300 to perform some or all of the steps in the method embodiments described below.
The processor 310 is a control center of the storage terminal, connects various parts of the entire electronic terminal using various interfaces and lines, and performs various functions of the electronic terminal and/or processes data by operating or executing software programs and/or modules stored in the memory 320 and calling data stored in the memory. The processor may be composed of an Integrated Circuit (IC), for example, a single packaged IC, or a plurality of packaged ICs connected with the same or different functions. For example, the processor 310 may include only a Central Processing Unit (CPU). In the embodiment of the present invention, the CPU may be a single operation core, or may include multiple operation cores.
A communication unit 330, configured to establish a communication channel so that the storage terminal can communicate with other terminals. And receiving user data sent by other terminals or sending the user data to other terminals.
The present invention also provides a computer storage medium, wherein the computer storage medium may store a program, and the program may include some or all of the steps in the embodiments provided by the present invention when executed. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM) or a Random Access Memory (RAM).
Therefore, the invention realizes the decoupling of the web platform and the vulnerability crawler task through the script, and the security vulnerability data acquisition website can be quickly maintained only by upgrading the script code without re-releasing the web platform. The iteration of web platform codes is reduced, and the maintainability of the web platform is improved. The thread pool mechanism of the script improves the collection efficiency of the security vulnerability website, the robustness of the web platform is enhanced by the exception handling mechanism, and the technical effect achieved by the embodiment can be referred to the description above, which is not described herein again.
Those skilled in the art will readily appreciate that the techniques of the embodiments of the present invention may be implemented as software plus a required general purpose hardware platform. Based on such understanding, the technical solutions in the embodiments of the present invention may be embodied in the form of a software product, where the computer software product is stored in a storage medium, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and the like, and the storage medium can store program codes, and includes instructions for enabling a computer terminal (which may be a personal computer, a server, or a second terminal, a network terminal, and the like) to perform all or part of the steps of the method in the embodiments of the present invention.
The same and similar parts in the various embodiments in this specification may be referred to each other. Especially, for the terminal embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant points can be referred to the description in the method embodiment.
In the embodiments provided in the present invention, it should be understood that the disclosed system and method can be implemented in other ways. For example, the above-described system embodiments are merely illustrative, and for example, the division of the units is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, systems or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
Although the present invention has been described in detail by referring to the drawings in connection with the preferred embodiments, the present invention is not limited thereto. Various equivalent modifications or substitutions can be made on the embodiments of the present invention by those skilled in the art without departing from the spirit and scope of the present invention, and these modifications or substitutions are within the scope of the present invention/any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A webpage platform vulnerability collection method is characterized by comprising the following steps:
uploading the information acquisition script of the latest version to a specified path of a webpage platform;
synchronously updating corresponding compiled codes in a cache according to the information acquisition script updated by the script library;
calling a compiling code corresponding to the website of the webpage platform in the memory, and collecting webpage data of the website;
and analyzing vulnerability information from the webpage data, and outputting the vulnerability information as a detection result of the webpage.
2. The method of claim 1, further comprising:
before calling the information acquisition script, detecting whether the corresponding information acquisition script exists under the path corresponding to each website:
if not, calling a memory default script compiling code of the webpage platform.
3. The method according to claim 1, wherein the synchronization of the update of the corresponding compiled code in the cache according to the information collection script updated by the script library comprises:
after the new version information acquisition script is uploaded on the webpage platform, the compiling code corresponding to the original version information acquisition script in the memory is deleted;
and introducing the new version information acquisition script by using a standard library character string importing method, and storing the compiled code of the new version information acquisition script in a memory.
4. The method of claim 1, wherein parsing vulnerability information from the web page data and outputting the vulnerability information as a detection result of the web page comprises:
setting the time validity of the website collected data by using a time setter;
formatting the date of the website;
and calling an analysis program corresponding to the website to extract a vulnerability title, a release date and an address from the acquired website webpage data.
5. The method of claim 1, wherein if the web platform comprises a plurality of web sites, the method further comprises:
creating a plurality of script execution threads, and respectively calling a compiling code corresponding to each website to detect each website;
and counting the returned vulnerability detection results, and displaying the progress of the vulnerability acquisition task according to result statistical information.
6. The utility model provides a webpage platform vulnerability collection system which characterized in that includes:
the script uploading unit is used for uploading the information acquisition script of the latest version to a specified path of the webpage platform;
the cache updating unit is configured for synchronously updating the corresponding compiled codes in the cache according to the information acquisition script updated by the script library;
the data acquisition unit is configured to call a compiling code corresponding to the website of the webpage platform in the memory and acquire webpage data of the website;
and the data analysis unit is configured to analyze the vulnerability information from the webpage data and output the vulnerability information as a detection result of the webpage.
7. The system of claim 6, further comprising:
the script confirming unit is configured to detect whether corresponding information acquisition scripts exist under paths corresponding to all websites before the information acquisition scripts are called;
and the default setting unit is configured to call the memory default script compiling code of the webpage platform if the corresponding information acquisition script exists in the path corresponding to each website.
8. The system of claim 6, wherein the data parsing unit comprises:
the time setting module is configured for setting the time validity of the website acquired data by using the time setter;
the date setting module is configured for formatting dates of the website;
and the vulnerability extraction module is configured for calling an analysis program corresponding to the website to extract a vulnerability title, release date and address from the acquired website webpage data.
9. A terminal, comprising:
a processor;
a memory for storing instructions for execution by the processor;
wherein the processor is configured to perform the method of any one of claims 1-5.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011261722.4A CN112464242A (en) | 2020-11-12 | 2020-11-12 | Webpage platform vulnerability collection method, system, terminal and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011261722.4A CN112464242A (en) | 2020-11-12 | 2020-11-12 | Webpage platform vulnerability collection method, system, terminal and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112464242A true CN112464242A (en) | 2021-03-09 |
Family
ID=74825643
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011261722.4A Withdrawn CN112464242A (en) | 2020-11-12 | 2020-11-12 | Webpage platform vulnerability collection method, system, terminal and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112464242A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117610009A (en) * | 2023-11-23 | 2024-02-27 | 北京安普诺信息技术有限公司 | Cross-thread vulnerability repairing method and device based on code vaccine RASP probe |
-
2020
- 2020-11-12 CN CN202011261722.4A patent/CN112464242A/en not_active Withdrawn
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117610009A (en) * | 2023-11-23 | 2024-02-27 | 北京安普诺信息技术有限公司 | Cross-thread vulnerability repairing method and device based on code vaccine RASP probe |
CN117610009B (en) * | 2023-11-23 | 2024-06-11 | 北京安普诺信息技术有限公司 | Cross-thread vulnerability repairing method and device based on code vaccine RASP probe |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10769228B2 (en) | Systems and methods for web analytics testing and web development | |
CN108304498B (en) | Webpage data acquisition method and device, computer equipment and storage medium | |
Kagdi et al. | Blending conceptual and evolutionary couplings to support change impact analysis in source code | |
JP5425699B2 (en) | Information processing apparatus, test case generation method, program, and recording medium | |
CN110851681B (en) | Crawler processing method, crawler processing device, server and computer readable storage medium | |
US20160328314A1 (en) | System and method for providing code coverage | |
CN112559354A (en) | Front-end code specification detection method and device, computer equipment and storage medium | |
US20130275951A1 (en) | Race detection for web applications | |
CN109271315B (en) | Script code detection method, script code detection device, computer equipment and storage medium | |
US10534700B2 (en) | Separating test verifications from test executions | |
CN107391528B (en) | Front-end component dependent information searching method and equipment | |
Dong et al. | Orplocator: Identifying read points of configuration options via static analysis | |
CN112540924A (en) | Interface automation test method, device, equipment and storage medium | |
Mitropoulos et al. | Time present and time past: analyzing the evolution of JavaScript code in the wild | |
CN114416481A (en) | Log analysis method, device, equipment and storage medium | |
CN115033894A (en) | Software component supply chain safety detection method and device based on knowledge graph | |
CN112395485A (en) | Policy big data mining method and device, computer equipment and storage medium | |
Wi et al. | HiddenCPG: large-scale vulnerable clone detection using subgraph isomorphism of code property graphs | |
Goel et al. | Jawa: Web Archival in the Era of {JavaScript} | |
CN112464242A (en) | Webpage platform vulnerability collection method, system, terminal and storage medium | |
US20180137036A1 (en) | Determining potential test actions | |
US10599424B2 (en) | Committed program-code management | |
Wang et al. | Fast reproducing web application errors | |
Haas | Protocol to discover machine-readable entities of the ecosystem management actions taxonomy | |
US11544179B2 (en) | Source traceability-based impact analysis |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20210309 |
|
WW01 | Invention patent application withdrawn after publication |