CN112765016A - Open source software availability judgment method and device - Google Patents
Open source software availability judgment method and device Download PDFInfo
- Publication number
- CN112765016A CN112765016A CN202110025092.9A CN202110025092A CN112765016A CN 112765016 A CN112765016 A CN 112765016A CN 202110025092 A CN202110025092 A CN 202110025092A CN 112765016 A CN112765016 A CN 112765016A
- Authority
- CN
- China
- Prior art keywords
- availability
- source software
- application
- open source
- characteristic information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000011156 evaluation Methods 0.000 claims abstract description 123
- 230000003068 static effect Effects 0.000 claims description 25
- 238000004891 communication Methods 0.000 claims description 11
- 238000003860 storage Methods 0.000 claims description 11
- 238000000605 extraction Methods 0.000 claims description 7
- 238000005516 engineering process Methods 0.000 claims description 5
- 238000012216 screening Methods 0.000 claims description 5
- 230000000694 effects Effects 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 13
- 238000004458 analytical method Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 10
- 230000008569 process Effects 0.000 description 9
- 238000004590 computer program Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 4
- 101001018259 Homo sapiens Microtubule-associated serine/threonine-protein kinase 1 Proteins 0.000 description 3
- 101000693728 Homo sapiens S-acyl fatty acid synthase thioesterase, medium chain Proteins 0.000 description 3
- 102100025541 S-acyl fatty acid synthase thioesterase, medium chain Human genes 0.000 description 3
- 230000009471 action Effects 0.000 description 3
- CSJLBAMHHLJAAS-UHFFFAOYSA-N diethylaminosulfur trifluoride Substances CCN(CC)S(F)(F)F CSJLBAMHHLJAAS-UHFFFAOYSA-N 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 1
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000003339 best practice Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000012854 evaluation process Methods 0.000 description 1
- 238000010438 heat treatment Methods 0.000 description 1
- 239000012535 impurity Substances 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3616—Software analysis for verifying properties of programs using software metrics
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3608—Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation
Abstract
The invention discloses a method and a device for judging availability of open source software, wherein the method comprises the following steps: carrying out application scanning on preset open source software to acquire multi-dimensional characteristic information; grouping the characteristic information to generate grouping marks; acquiring availability evaluation indexes corresponding to the grouping marks; and generating an availability comprehensive evaluation result by adopting the availability evaluation index, wherein the availability comprehensive evaluation result is used for judging the availability of the open source software. The method comprises the steps of obtaining characteristic information of multiple dimensions by carrying out application scanning on preset open source software; grouping the characteristic information to generate grouping marks; and then, acquiring availability evaluation indexes corresponding to the grouping marks, generating an availability comprehensive evaluation result by adopting the availability evaluation indexes, and judging the availability of the open source software according to the availability evaluation result. Therefore, the technical effect of carrying out multi-dimensional availability evaluation on the open-source software is achieved.
Description
Technical Field
The invention relates to the technical field of open source software, in particular to a method and a device for judging the availability of the open source software.
Background
Open source software is widely applied to governments, organizations and enterprises due to the advantages of low cost, high quality, flexibility and the like, and particularly, the popularity of internet companies to open source software is increasing. With the continuous increase of the number of references of users to open source software, the usability of the open source software becomes a key point of attention, including multidimensional indexes such as software performance, functions, security vulnerability risks, copyright permission compliance, community support, learning difficulty and market share. At present, identification products aiming at single indexes of license compliance or security vulnerability of open source software appear, but a comprehensive judgment tool for the usability of the open source software is lacked. And the model selection of open source software works, and more means such as evaluation of network introduction data, other user experience, local environment test verification and the like by developers are relied on. The process is time-consuming and labor-consuming, the type selection experience is heavily dependent on personal experience, large-scale copying and accumulation are difficult, and wide community influence is difficult to form.
Disclosure of Invention
The invention provides an open source software availability judgment method and device, which are used for solving the technical problem that the existing open source software availability judgment method can only evaluate aiming at a single aspect and can only obtain a one-sided analysis result.
The invention provides an open source software availability judgment method, which comprises the following steps:
carrying out application scanning on preset open source software to acquire multi-dimensional characteristic information;
grouping the characteristic information to generate grouping marks;
acquiring availability evaluation indexes corresponding to the grouping marks;
and generating an availability comprehensive evaluation result by adopting the availability evaluation index, wherein the availability comprehensive evaluation result is used for judging the availability of the open source software.
Optionally, the method further comprises:
generating an evaluation report by adopting the comprehensive availability evaluation result, and outputting the evaluation report; the evaluation report carries a selection suggestion.
Optionally, the application scan comprises a static application scan and a dynamic application scan; the step of scanning the application of the preset open source software to acquire the multi-dimensional characteristic information comprises the following steps:
receiving application source code path data and running state application communication connection data of the open source software;
performing unified service gateway authentication on the application source code path data and the operation state application communication connection data to obtain authentication application source code data and authentication operation state application data;
performing the static application scanning on the authentication application source code data to obtain static application scanning data;
performing the dynamic application scanning on the authentication operation state application data to obtain dynamic application scanning data;
obtaining multi-dimensional initial characteristic information based on the static application scanning data and the dynamic application scanning data;
screening repeated characteristic information from the initial characteristic information;
and deleting the repeated characteristic information to obtain multi-dimensional characteristic information.
Optionally, the feature information includes one or more of a name, a version number, a license copyright agreement, a technology stack category, and a custom feature.
Optionally, the step of obtaining the availability evaluation index corresponding to the grouping flag includes:
and acquiring the availability evaluation index corresponding to the grouping mark in a preset open source software information base based on the grouping mark.
Optionally, when the availability evaluation index is multiple, the step of generating an availability comprehensive evaluation result by using the availability evaluation index includes:
and carrying out weighted summation on each availability evaluation index to obtain an availability comprehensive evaluation result.
The invention also provides an open source software availability judgment device, which comprises:
the characteristic information extraction module is used for carrying out application scanning on preset open source software to obtain multi-dimensional characteristic information;
the grouping mark generation module is used for grouping the characteristic information to generate a grouping mark;
the availability evaluation index acquisition module is used for acquiring the availability evaluation index corresponding to the grouping mark;
and the availability comprehensive evaluation result generation module is used for generating an availability comprehensive evaluation result by adopting the availability evaluation index, and the availability comprehensive evaluation result is used for judging the availability of the open-source software.
Optionally, the apparatus further comprises:
the evaluation report generating module is used for generating an evaluation report by adopting the comprehensive availability evaluation result and outputting the evaluation report; the evaluation report carries a selection suggestion.
The invention also provides an electronic device comprising a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the open source software availability determination method according to any one of the above instructions in the program code.
The present invention also provides a computer-readable storage medium for storing a program code for executing the open source software availability determination method as described in any one of the above.
According to the technical scheme, the invention has the following advantages: the method comprises the steps of obtaining characteristic information of multiple dimensions by carrying out application scanning on preset open source software; grouping the characteristic information to generate grouping marks; and then, acquiring availability evaluation indexes corresponding to the grouping marks, generating an availability comprehensive evaluation result by adopting the availability evaluation indexes, and judging the availability of the open source software according to the availability evaluation result. Therefore, the technical effect of carrying out multi-dimensional availability evaluation on the open-source software is achieved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is a flowchart illustrating steps of a method for determining availability of open source software according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating steps of a method for determining availability of open source software according to another embodiment of the present invention;
fig. 3 is a schematic diagram of an application scanning-based open-source software multidimensional feature information extraction system according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a multi-dimensional feature information grouping and marking system of open source software according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of an open source software availability evaluation system according to an embodiment of the present invention;
fig. 6 is a block diagram of an open source software availability determination apparatus according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides an availability judgment method and device for open source software, which are used for solving the technical problem that the existing availability judgment method for the open source software only can evaluate aiming at a single aspect and can only obtain a one-sided analysis result.
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the embodiments described below are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart illustrating steps of a method for determining availability of open source software according to an embodiment of the present invention.
The method for judging the availability of the open source software provided by the invention specifically comprises the following steps:
open source software: refers to computer software from which source code is made available at will, and from which any person can view, modify, and distribute code deemed appropriate. Open source software is developed in a scattered and collaborative mode depending on peer review and community production. Open-source software is developed by the community, rather than a single author or company, and is therefore typically less costly, more flexible, and longer lived than proprietary software.
Application scanning: the graphical tool or the command line utility tool is communicated with the application program, the configuration and the vulnerability of the local or remote application program can be automatically checked, and the response of the local or remote application program can be detected and analyzed, so that potential security problems and architecture defects can be found.
In specific applications, the open source software is widely applied to governments, organizations and enterprises due to the advantages of low cost, high quality, flexibility and the like, and particularly, the popularity of internet companies to the open source software is increasing. As the number of references to open source software by users continues to grow, the availability of open source software becomes a major concern. Specifically, the analysis of the availability of the open source software may include the availability analysis of multidimensional indexes such as software performance, functions, security vulnerability risks, copyright permission compliance, community support, learning difficulty and market share.
In the embodiment of the invention, in order to realize the availability analysis of different dimensional indexes, application scanning can be performed on preset open source software to obtain multi-dimensional characteristic information, so that the availability analysis can be performed based on the multi-dimensional characteristic information.
102, grouping the characteristic information to generate a grouping mark;
in the embodiment of the invention, after the multi-dimensional characteristic information is obtained, the multi-dimensional characteristic information can be grouped and marked to obtain the grouping marks with different dimensions. The grouping mark is beneficial to distinguishing dimension attribution of different characteristic information and can be used for evaluating the usability index of which aspect.
103, acquiring availability evaluation indexes corresponding to the grouping marks;
in the embodiment of the present invention, after different grouping labels are obtained, availability evaluation indexes corresponding to the grouping labels may be queried.
And 104, generating an availability comprehensive evaluation result by adopting the availability evaluation index, wherein the availability comprehensive evaluation result is used for judging the availability of the open source software.
In the embodiment of the invention, after the availability evaluation indexes of each dimension are obtained, all the availability evaluation indexes can be subjected to weighted summation to obtain the availability comprehensive evaluation result of all the availability evaluation dimensions of the open-source software, so that the availability of the open-source software is judged according to the availability comprehensive evaluation result.
The method comprises the steps of obtaining characteristic information of multiple dimensions by carrying out application scanning on preset open source software; grouping the characteristic information to generate grouping marks; and then, acquiring availability evaluation indexes corresponding to the grouping marks, generating an availability comprehensive evaluation result by adopting the availability evaluation indexes, and judging the availability of the open source software according to the availability evaluation result. Therefore, the technical effect of carrying out multi-dimensional availability evaluation on the open-source software is achieved.
Referring to fig. 2, fig. 2 is a flowchart illustrating a method for determining availability of open source software according to another embodiment of the present invention. The method specifically comprises the following steps:
in the embodiment of the invention, in order to realize the availability analysis of different dimensional indexes, application scanning can be performed on preset open source software to obtain multi-dimensional characteristic information, so that the availability analysis can be performed based on the multi-dimensional characteristic information.
In one example, the application scans include static application scans and dynamic application scans; the step of scanning the application of the preset open source software to obtain the multi-dimensional feature information may specifically include the following substeps:
s11, receiving application source code path data and running state application communication connection data of open source software;
s12, performing unified service gateway authentication on the application source code path data and the operation state application communication connection data to obtain authentication application source code data and authentication operation state application data;
s13, static application scanning is carried out on the authentication application source code data to obtain static application scanning data;
s14, carrying out dynamic application scanning on the application data in the authentication running state to obtain dynamic application scanning data;
s15, obtaining multi-dimensional initial characteristic information based on the static application scanning data and the dynamic application scanning data;
s16, screening repeated characteristic information from the initial characteristic information;
and S17, deleting the repeated feature information to obtain multi-dimensional feature information.
In practical applications, application scanning is used in the security field, and may include static application scanning and dynamic application scanning. The static application scan refers to checking the correctness of the program by analyzing or detecting the syntax, structure, process, interface and the like of the source program without running the program to be tested. It focuses on code or file scanning. However, it has a vulnerability that makes it difficult to understand the code structure or design deeply. One of the common situations is that the software product has introduced a compiled open source software binary package or class library instead of the source code, but it is extremely laborious to get the corresponding source code and then perform static application scanning. To address this problem, dynamic application scanning may be employed to obtain as complete an application structure as possible through a crawler technique, and to send a vulnerability attack package to determine a security vulnerability.
In an example, the embodiment of the present invention combines static application scanning and dynamic application scanning to obtain more abundant open-source software multidimensional feature information, and specifically provides an open-source software multidimensional feature information extraction system based on application scanning, and a structure of the open-source software multidimensional feature information extraction system is shown in fig. 3. The system comprises a SAST static application scan analysis module, a DAST dynamic application scan analysis module, an APISERVER service gateway and an information convergence storage component.
In a specific implementation, the system shown in fig. 3 may receive two data types, namely, an application source code path and a run-state application communication connection, and after the obtained application source code path data and the run-state application communication connection data are authenticated by the APISERVER unified service gateway, the application source code path data and the run-state application communication connection data are respectively routed to the SAST static application scanning module and the DAST dynamic application scanning module to perform static application scanning and dynamic application scanning, and then multi-dimensional initial feature information of open source software may be extracted.
It should be noted that the feature information obtained by scanning through the SAST static application scanning module and the DAST dynamic application scanning module inevitably has a certain degree of duplication, and therefore, when the feature information is grouped, duplicate feature information needs to be screened out and deleted, so as to obtain feature information without duplicate feature information.
In a specific implementation, the feature information may be processed by the information aggregation and storage component of fig. 3, so as to obtain complete and ordered target feature information of the open-source software that does not contain repeated feature information. Which can provide a rich source of data for subsequent grouping and availability evaluations.
In one example, the feature information may include one or more of a name, version number, license copyright agreement, technology stack category, and custom feature.
in the embodiment of the invention, after the multi-dimensional characteristic information is obtained, the multi-dimensional characteristic information can be grouped and marked to obtain the grouping marks with different dimensions. The grouping mark is beneficial to distinguishing dimension attribution of different characteristic information and can be used for evaluating the usability index of which aspect.
In one example, the group tagging may be performed by an open source software multidimensional feature information group tagging system as shown in FIG. 4.
Specifically, the open-source software multi-dimensional feature information grouping and marking system shown in fig. 4 is responsible for identifying multi-dimensional feature information, such as name identification, version number identification, license copyright protocol identification, technology stack category identification, and the like. The system adopts the filter frame, and decoupling of the pipeline and the filtering function is realized. Similarly to the water inflow filter, treated water is obtained after passing through different functional modules, such as impurity filtering and heating modules. When the user has extra requirements, the function expansion can be realized directly through the interface of the custom identification module without changing the bottom layer design of the open source software multi-dimensional characteristic information grouping and marking system.
in the embodiment of the present invention, after different grouping labels are obtained, availability evaluation indexes corresponding to the grouping labels may be queried.
In particular implementations, the availability assessment may be performed by an open source software availability assessment system as shown in FIG. 5. The main business of the open-source software availability evaluation system is to receive a packet tag transmitted by the open-source software multi-dimensional feature information packet tag system, and retrieve multi-dimensional availability indexes of the open-source software in a preset open-source software information base in a classification manner, such as problems of general attention of enterprises, such as license compliance, security loopholes, learning cost and the like. The application architecture can be divided into the following four levels:
and (3) a data layer: the system is used for providing structured data MySQL storage, a Redis cache system and Ceph distributed storage service required by the system;
and (4) a service layer: the method is used for abstracting the concerned problems in the evaluation process of the open source software, and can be divided into nine types including permission compliance, security loopholes, learning cost, performance query, function introduction, community activity, best practice, broad degree and other retrieval. Each type of evaluation is managed by a type of micro service process and supports horizontal extension;
a gateway layer: the system is used for providing an entrance for accessing the open source software availability evaluation system and providing an authentication function;
an application layer: and providing interactive interface service, and allowing a user to perform operations such as index query and report export through service interfaces of applications of systems such as Web, iOS, android and the like.
in the embodiment of the invention, after the availability evaluation indexes of each dimension are obtained, all the availability evaluation indexes can be subjected to weighted summation to obtain the availability comprehensive evaluation result of all the availability evaluation dimensions of the open-source software, so that the availability of the open-source software is judged according to the availability comprehensive evaluation result.
In the embodiment of the invention, the comprehensive availability evaluation result of the open source software is collected, and after the availability of the open source software is judged according to the comprehensive availability evaluation result, relevant selection suggestions can be derived from the information base based on the judgment result to generate the evaluation report. The method and the system have the advantages that the risk of safety, law and the like is avoided, meanwhile, the selection suggestion of the introduced open source software is provided for enterprises, so that the research and development efficiency and the code quality of software products are improved, the cost is saved, and the method and the system are not limited to the risk prevention of safety holes or permission compliance on one aspect.
The method comprises the steps of obtaining characteristic information of multiple dimensions by carrying out application scanning on preset open source software; grouping the characteristic information to generate grouping marks; and then, acquiring availability evaluation indexes corresponding to the grouping marks, generating an availability comprehensive evaluation result by adopting the availability evaluation indexes, and judging the availability of the open source software according to the availability evaluation result. Therefore, the technical effect of carrying out multi-dimensional availability evaluation on the open-source software is achieved.
Referring to fig. 6, fig. 6 is a block diagram of an open source software availability determining apparatus according to an embodiment of the present invention.
The embodiment of the invention provides an open source software availability judgment device, which comprises:
the characteristic information extraction module 601 is configured to perform application scanning on preset open source software to obtain multi-dimensional characteristic information;
a grouping tag generating module 602, configured to group the feature information to generate a grouping tag;
an availability evaluation index obtaining module 603, configured to obtain an availability evaluation index corresponding to the grouping flag;
and the availability comprehensive evaluation result generating module 604 is configured to generate an availability comprehensive evaluation result by using the availability evaluation index, where the availability comprehensive evaluation result is used to determine the availability of the open source software.
In an embodiment of the present invention, the apparatus further comprises:
the evaluation report generation module is used for generating an evaluation report by adopting the comprehensive availability evaluation result and outputting the evaluation report; the evaluation report carries a selection suggestion.
In an embodiment of the present invention, application scanning includes static application scanning and dynamic application scanning; the feature information extraction module 601 includes:
the receiving submodule is used for receiving application source code path data and running state application communication connection data of the open source software;
the authentication application source code data and authentication operation state application data acquisition submodule is used for carrying out unified service gateway authentication on the application source code path data and the operation state application communication connection data to obtain authentication application source code data and authentication operation state application data;
the static application scanning data acquisition submodule is used for carrying out static application scanning on the authentication application source code data to obtain static application scanning data;
the dynamic application scanning data acquisition submodule is used for carrying out dynamic application scanning on the application data in the authentication running state to obtain dynamic application scanning data;
the initial characteristic information acquisition submodule is used for acquiring multi-dimensional initial characteristic information based on the static application scanning data and the dynamic application scanning data;
the screening submodule is used for screening repeated characteristic information from the initial characteristic information;
and the characteristic information acquisition submodule is used for deleting the repeated characteristic information to obtain multi-dimensional characteristic information.
In an embodiment of the invention, the feature information comprises one or more of a name, a version number, a license copyright agreement, a technology stack category, and a custom feature.
In this embodiment of the present invention, the availability evaluation index obtaining module 603 includes:
and the availability evaluation index acquisition submodule is used for acquiring the availability evaluation index corresponding to the grouping mark in a preset open-source software information base based on the grouping mark.
In this embodiment of the present invention, the availability comprehensive assessment result generating module 604 includes:
and the availability comprehensive evaluation result generation submodule is used for carrying out weighted summation on each availability evaluation index to obtain an availability comprehensive evaluation result.
An embodiment of the present invention further provides an electronic device, where the device includes a processor and a memory:
the memory is used for storing the program codes and transmitting the program codes to the processor;
the processor is used for executing the open source software availability determination method according to the embodiment of the invention according to the instructions in the program codes.
The embodiment of the present invention further provides a computer-readable storage medium, which is characterized in that the computer-readable storage medium is used for storing a program code, and the program code is used for executing the method for determining availability of open source software according to the embodiment of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. An open source software availability determination method, comprising:
carrying out application scanning on preset open source software to acquire multi-dimensional characteristic information;
grouping the characteristic information to generate grouping marks;
acquiring availability evaluation indexes corresponding to the grouping marks;
and generating an availability comprehensive evaluation result by adopting the availability evaluation index, wherein the availability comprehensive evaluation result is used for judging the availability of the open source software.
2. The method of claim 1, further comprising:
generating an evaluation report by adopting the comprehensive availability evaluation result, and outputting the evaluation report; the evaluation report carries a selection suggestion.
3. The method of claim 1, wherein the application scan comprises a static application scan and a dynamic application scan; the step of scanning the application of the preset open source software to acquire the multi-dimensional characteristic information comprises the following steps:
receiving application source code path data and running state application communication connection data of the open source software;
performing unified service gateway authentication on the application source code path data and the operation state application communication connection data to obtain authentication application source code data and authentication operation state application data;
performing the static application scanning on the authentication application source code data to obtain static application scanning data;
performing the dynamic application scanning on the authentication operation state application data to obtain dynamic application scanning data;
obtaining multi-dimensional initial characteristic information based on the static application scanning data and the dynamic application scanning data;
screening repeated characteristic information from the initial characteristic information;
and deleting the repeated characteristic information to obtain multi-dimensional characteristic information.
4. The method of claim 3, wherein the feature information comprises one or more of a name, a version number, a license copyright agreement, a technology stack category, and a custom feature.
5. The method according to claim 4, wherein the step of obtaining the availability evaluation index corresponding to the grouping flag comprises:
and acquiring the availability evaluation index corresponding to the grouping mark in a preset open source software information base based on the grouping mark.
6. The method of claim 5, wherein the step of generating the availability aggregate rating using the availability rating index comprises:
and carrying out weighted summation on each availability evaluation index to obtain an availability comprehensive evaluation result.
7. An open source software availability determination apparatus, comprising:
the characteristic information extraction module is used for carrying out application scanning on preset open source software to obtain multi-dimensional characteristic information;
the grouping mark generation module is used for grouping the characteristic information to generate a grouping mark;
the availability evaluation index acquisition module is used for acquiring the availability evaluation index corresponding to the grouping mark;
and the availability comprehensive evaluation result generation module is used for generating an availability comprehensive evaluation result by adopting the availability evaluation index, and the availability comprehensive evaluation result is used for judging the availability of the open-source software.
8. The apparatus of claim 7, further comprising:
the evaluation report generating module is used for generating an evaluation report by adopting the comprehensive availability evaluation result and outputting the evaluation report; the evaluation report carries a selection suggestion.
9. An electronic device, comprising a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the open source software availability determination method of any one of claims 1-6 according to instructions in the program code.
10. A computer-readable storage medium for storing program code for performing the open source software availability determination method of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110025092.9A CN112765016B (en) | 2021-01-08 | 2021-01-08 | Open source software availability judging method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110025092.9A CN112765016B (en) | 2021-01-08 | 2021-01-08 | Open source software availability judging method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112765016A true CN112765016A (en) | 2021-05-07 |
| CN112765016B CN112765016B (en) | 2024-03-22 |
Family
ID=75701047
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110025092.9A Active CN112765016B (en) | 2021-01-08 | 2021-01-08 | Open source software availability judging method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112765016B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113535546A (en) * | 2021-06-17 | 2021-10-22 | 深圳开源互联网安全技术有限公司 | Open source component evaluation method and device and computer readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2011181034A (en) * | 2010-03-04 | 2011-09-15 | Nec Corp | System and method for evaluation of software effective performance, and program |
| CN107315738A (en) * | 2017-07-05 | 2017-11-03 | 山东大学 | A kind of innovation degree appraisal procedure of text message |
| CN109242279A (en) * | 2018-08-22 | 2019-01-18 | 中国平安人寿保险股份有限公司 | A kind of appraisal procedure and server |
| CN110580217A (en) * | 2018-06-08 | 2019-12-17 | 阿里巴巴集团控股有限公司 | software code health degree detection method, processing method and device and electronic equipment |
| CN111695831A (en) * | 2020-06-18 | 2020-09-22 | 中国信息安全测评中心 | Open source code use risk assessment method and device and electronic equipment |
-
2021
- 2021-01-08 CN CN202110025092.9A patent/CN112765016B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2011181034A (en) * | 2010-03-04 | 2011-09-15 | Nec Corp | System and method for evaluation of software effective performance, and program |
| CN107315738A (en) * | 2017-07-05 | 2017-11-03 | 山东大学 | A kind of innovation degree appraisal procedure of text message |
| CN110580217A (en) * | 2018-06-08 | 2019-12-17 | 阿里巴巴集团控股有限公司 | software code health degree detection method, processing method and device and electronic equipment |
| CN109242279A (en) * | 2018-08-22 | 2019-01-18 | 中国平安人寿保险股份有限公司 | A kind of appraisal procedure and server |
| CN111695831A (en) * | 2020-06-18 | 2020-09-22 | 中国信息安全测评中心 | Open source code use risk assessment method and device and electronic equipment |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113535546A (en) * | 2021-06-17 | 2021-10-22 | 深圳开源互联网安全技术有限公司 | Open source component evaluation method and device and computer readable storage medium |
| CN113535546B (en) * | 2021-06-17 | 2023-09-08 | 深圳开源互联网安全技术有限公司 | Open source component evaluation method and device and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112765016B (en) | 2024-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106572117B (en) | A kind of detection method and device of WebShell file | |
| US20220232040A1 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
| Avdiienko et al. | Mining apps for abnormal usage of sensitive data | |
| WO2019085061A1 (en) | Automatic test management method, apparatus and device for fund system, and storage medium | |
| CN103544430B (en) | Operation environment safety method and electronic operation system | |
| CN103136471B (en) | A kind of malice Android application program detection method and system | |
| CN112866023B (en) | Network detection method, model training method, device, equipment and storage medium | |
| CN103530365B (en) | Obtain the method and system of the download link of resource | |
| US20090158385A1 (en) | Apparatus and method for automatically generating SELinux security policy based on selt | |
| CN101409690A (en) | Method and system for obtaining internet user behaviors | |
| CN103870381A (en) | Test data generating method and device | |
| CN103455758A (en) | Method and device for identifying malicious website | |
| Karim et al. | Mining android apps to recommend permissions | |
| CN104462985A (en) | Detecting method and device of bat loopholes | |
| CN113111951B (en) | Data processing method and device | |
| Li et al. | Large-scale third-party library detection in android markets | |
| CN104239799A (en) | Android application program privacy stealing detection method and system based on behavior chain | |
| CN112291261A (en) | Network security log audit analysis method driven by knowledge graph | |
| CN103326930A (en) | Automatic patrolling method and system for open platform interface | |
| CN105760761A (en) | Software behavior analyzing method and device | |
| CN112765016A (en) | Open source software availability judgment method and device | |
| CN110287700A (en) | A kind of iOS application safety analytical method and device | |
| Tong et al. | GenePiper, a graphical user interface tool for microbiome sequence data mining | |
| CN114579832A (en) | Website digital certificate identification method and system based on decision tree | |
| CN106845228A (en) | A kind of method and apparatus for detecting rogue program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20211208 Address after: Room 1423, No. 1256 and 1258, Wanrong Road, Jing'an District, Shanghai 200040 Applicant after: Tianyi Digital Life Technology Co.,Ltd. Address before: 1 / F and 2 / F, East Garden, Huatian International Plaza, 211 Longkou Middle Road, Tianhe District, Guangzhou, Guangdong 510000 Applicant before: Century Dragon Information Network Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |