CN112765016B - Open source software availability judging method and device - Google Patents
Open source software availability judging method and device Download PDFInfo
- Publication number
- CN112765016B CN112765016B CN202110025092.9A CN202110025092A CN112765016B CN 112765016 B CN112765016 B CN 112765016B CN 202110025092 A CN202110025092 A CN 202110025092A CN 112765016 B CN112765016 B CN 112765016B
- Authority
- CN
- China
- Prior art keywords
- availability
- application
- open source
- characteristic information
- source software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000011156 evaluation Methods 0.000 claims abstract description 123
- 230000003068 static effect Effects 0.000 claims description 29
- 238000004891 communication Methods 0.000 claims description 13
- 238000003860 storage Methods 0.000 claims description 11
- 238000005516 engineering process Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 6
- 238000012216 screening Methods 0.000 claims description 6
- 239000002131 composite material Substances 0.000 claims 1
- 230000000694 effects Effects 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 11
- 238000004458 analytical method Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 10
- 238000004590 computer program Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- CSJLBAMHHLJAAS-UHFFFAOYSA-N diethylaminosulfur trifluoride Substances CCN(CC)S(F)(F)F CSJLBAMHHLJAAS-UHFFFAOYSA-N 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 101001018259 Homo sapiens Microtubule-associated serine/threonine-protein kinase 1 Proteins 0.000 description 2
- 101000693728 Homo sapiens S-acyl fatty acid synthase thioesterase, medium chain Proteins 0.000 description 2
- 102100025541 S-acyl fatty acid synthase thioesterase, medium chain Human genes 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 2
- 238000004220 aggregation Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000003339 best practice Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010438 heat treatment Methods 0.000 description 1
- 239000012535 impurity Substances 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3616—Software analysis for verifying properties of programs using software metrics
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3608—Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation
Abstract
The invention discloses a method and a device for judging availability of open source software, wherein the method comprises the following steps: carrying out application scanning on preset open source software to obtain multi-dimensional characteristic information; grouping the characteristic information to generate a grouping mark; acquiring an availability evaluation index corresponding to the grouping mark; and generating an availability comprehensive evaluation result by adopting the availability evaluation index, wherein the availability comprehensive evaluation result is used for judging the availability of the open source software. The method comprises the steps of obtaining characteristic information of multiple dimensions by applying scanning to preset open source software; grouping the characteristic information to generate a grouping mark; and then acquiring availability evaluation indexes corresponding to the grouping marks, generating an availability comprehensive evaluation result by adopting the availability evaluation indexes, and judging the availability of the open source software through the availability evaluation result. Therefore, the technical effect of performing multidimensional usability evaluation on the open source software is achieved.
Description
Technical Field
The invention relates to the technical field of open source software, in particular to an open source software availability judging method and device.
Background
Open source software is widely applied to governments, organizations and enterprises due to the advantages of low cost, high quality, flexibility and the like, and particularly the popularity of internet companies on open source software is increasing. Along with the continuous increase of the number of references of users to open source software, the availability of the open source software becomes an important point of attention, and the open source software comprises multidimensional indexes such as software performance, functions, security vulnerability risks, copyright license compliance, community support, learning difficulty, market share and the like. Currently, identification products of single indexes of license compliance or security vulnerabilities for open source software have appeared, but comprehensive judging tools for the availability of the open source software are not available. The model selection of open source software depends more on means such as network introduction materials, other user experiences, local environment test verification and the like which are evaluated by developers. The process is time-consuming and labor-consuming, and the model selection experience is seriously dependent on personal experience, so that the model selection experience is difficult to copy and accumulate on a large scale, and the influence of a wide community is difficult to form.
Disclosure of Invention
The invention provides an open source software availability judging method and device, which are used for solving the technical problem that the existing open source software availability judging method can only evaluate in a single aspect and can only acquire one-sided analysis results.
The invention provides a method for judging availability of open source software, which comprises the following steps:
carrying out application scanning on preset open source software to obtain multi-dimensional characteristic information;
grouping the characteristic information to generate a grouping mark;
acquiring an availability evaluation index corresponding to the grouping mark;
and generating an availability comprehensive evaluation result by adopting the availability evaluation index, wherein the availability comprehensive evaluation result is used for judging the availability of the open source software.
Optionally, the method further comprises:
generating an evaluation report by adopting the comprehensive usability evaluation result, and outputting the evaluation report; the evaluation report carries selection suggestions.
Optionally, the application scan includes a static application scan and a dynamic application scan; the step of performing application scanning on preset open source software to acquire multi-dimensional characteristic information comprises the following steps:
receiving application source code path data and running state application communication connection data of the open source software;
performing unified service gateway authentication on the application source code path data and the running state application communication connection data to obtain authentication application source code data and authentication running state application data;
carrying out the static application scanning on the authentication application source code data to obtain static application scanning data;
carrying out the dynamic application scanning on the authentication running state application data to obtain dynamic application scanning data;
based on the static application scanning data and the dynamic application scanning data, obtaining multi-dimensional initial characteristic information;
screening repeated characteristic information from the initial characteristic information;
and deleting the repeated characteristic information to obtain multi-dimensional characteristic information.
Optionally, the feature information includes one or more of a name, version number, license rights protocol, technology stack category, and custom feature.
Optionally, the step of obtaining the availability evaluation index corresponding to the packet mark includes:
and acquiring an availability evaluation index corresponding to the grouping mark in a preset open source software information base based on the grouping mark.
Optionally, when the availability evaluation index is a plurality of, the step of generating an availability integrated evaluation result by using the availability evaluation index includes:
and carrying out weighted summation on each availability evaluation index to obtain an availability comprehensive evaluation result.
The invention also provides an open source software availability judging device, which comprises:
the characteristic information extraction module is used for carrying out application scanning on preset open source software to obtain multi-dimensional characteristic information;
the grouping mark generation module is used for grouping the characteristic information to generate a grouping mark;
the availability evaluation index acquisition module is used for acquiring the availability evaluation index corresponding to the grouping mark;
the availability comprehensive evaluation result generation module is used for generating an availability comprehensive evaluation result by adopting the availability evaluation index, and the availability comprehensive evaluation result is used for judging the availability of the open source software.
Optionally, the apparatus further comprises:
the evaluation report generation module is used for generating an evaluation report by adopting the comprehensive usability evaluation result and outputting the evaluation report; the evaluation report carries selection suggestions.
The invention also provides an electronic device comprising a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the open source software availability determination method according to any one of the above claims according to instructions in the program code.
The present invention also provides a computer-readable storage medium storing program code for executing the open source software availability determination method as set forth in any one of the above.
From the above technical scheme, the invention has the following advantages: the method comprises the steps of obtaining characteristic information of multiple dimensions by applying scanning to preset open source software; grouping the characteristic information to generate a grouping mark; and then acquiring availability evaluation indexes corresponding to the grouping marks, generating an availability comprehensive evaluation result by adopting the availability evaluation indexes, and judging the availability of the open source software through the availability evaluation result. Therefore, the technical effect of performing multidimensional usability evaluation on the open source software is achieved.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only some embodiments of the invention, and that other drawings can be obtained from these drawings without inventive faculty for a person skilled in the art.
FIG. 1 is a flow chart of steps of a method for determining availability of open source software according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a method for determining availability of open source software according to another embodiment of the present invention;
FIG. 3 is a schematic diagram of an open source software multidimensional feature information extraction system based on application scanning according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an open source software multidimensional feature information packet marking system according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of an open source software availability evaluation system according to an embodiment of the present invention;
fig. 6 is a block diagram of an open source software availability determination device according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides an open source software availability judging method and device, which are used for solving the technical problem that the existing open source software availability judging method can only evaluate on a single aspect and can only acquire one-sided analysis results.
In order to make the objects, features and advantages of the present invention more comprehensible, the technical solutions in the embodiments of the present invention are described in detail below with reference to the accompanying drawings, and it is apparent that the embodiments described below are only some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, fig. 1 is a flowchart illustrating steps of a method for determining availability of open source software according to an embodiment of the present invention.
The invention provides a method for judging availability of open source software, which comprises the following steps:
step 101, carrying out application scanning on preset open source software to obtain multi-dimensional characteristic information;
open source software: refers to computer software that can be obtained at will by source code, and which anyone can view, modify and distribute the code it deems appropriate. Open source software relies on peer review and community production, and is developed in a scattered and collaborative mode. Open source software is developed by communities rather than individual authors or companies, and is therefore generally less costly, more flexible, and longer-lived than proprietary software.
Application scanning: by communicating with the application program through the graphical tool or command line utility, the configuration and vulnerability of the local or remote application program can be automatically checked, and its response detected and analyzed, thereby discovering potential security issues and architectural flaws.
In specific applications, open source software is widely applied to governments, organizations and enterprises due to the advantages of low cost, high quality, flexibility and the like, and particularly, the heat of the open source software for internet companies is increasing. As the number of references made by users to open source software continues to increase, the availability of open source software becomes a focus of attention. Specifically, the analysis of the availability of the open source software can comprise the availability analysis of multidimensional indexes such as software performance, functions, security vulnerability risks, copyright license compliance, community support, learning difficulty, market share and the like.
In the embodiment of the invention, in order to realize the usability analysis of different dimension indexes, application scanning can be performed on preset open source software to acquire multi-dimension characteristic information so as to perform the usability analysis based on the multi-dimension characteristic information.
Step 102, grouping the characteristic information to generate a grouping mark;
in the embodiment of the invention, after the characteristic information of the multiple dimensions is obtained, the characteristic information can be grouped and marked to obtain grouping marks of different dimensions. Grouping markers are useful for distinguishing dimension attribution of different feature information, and can be used for evaluating the usability index of which aspect.
Step 103, obtaining availability evaluation indexes corresponding to the grouping marks;
in the embodiment of the invention, after different grouping marks are acquired, the availability evaluation index corresponding to the grouping mark can be queried.
And 104, generating an availability comprehensive evaluation result by adopting the availability evaluation index, wherein the availability comprehensive evaluation result is used for judging the availability of the open source software.
In the embodiment of the invention, after the availability evaluation index of each dimension is obtained, all the availability evaluation indexes can be weighted and summed to obtain the availability comprehensive evaluation result of all the availability evaluation dimensions of the open source software, so as to judge the availability of the open source software according to the availability comprehensive evaluation result.
The method comprises the steps of obtaining characteristic information of multiple dimensions by applying scanning to preset open source software; grouping the characteristic information to generate a grouping mark; and then acquiring availability evaluation indexes corresponding to the grouping marks, generating an availability comprehensive evaluation result by adopting the availability evaluation indexes, and judging the availability of the open source software through the availability evaluation result. Therefore, the technical effect of performing multidimensional usability evaluation on the open source software is achieved.
Referring to fig. 2, fig. 2 is a flowchart illustrating a method for determining availability of open source software according to another embodiment of the present invention. It may specifically comprise the steps of:
step 201, performing application scanning on preset open source software to obtain multi-dimensional characteristic information;
in the embodiment of the invention, in order to realize the usability analysis of different dimension indexes, application scanning can be performed on preset open source software to acquire multi-dimension characteristic information so as to perform the usability analysis based on the multi-dimension characteristic information.
In one example, the application scan includes a static application scan and a dynamic application scan; the step of performing application scanning on preset open source software to obtain multi-dimensional characteristic information may specifically include the following sub-steps:
s11, receiving application source code path data of open source software and running state application communication connection data;
s12, unified service gateway authentication is carried out on application source code path data and running state application communication connection data, and authentication application source code data and authentication running state application data are obtained;
s13, static application scanning is carried out on the authentication application source code data to obtain static application scanning data;
s14, carrying out dynamic application scanning on the authentication running state application data to obtain dynamic application scanning data;
s15, acquiring multi-dimensional initial characteristic information based on static application scanning data and dynamic application scanning data;
s16, screening repeated characteristic information from the initial characteristic information;
and S17, deleting the repeated characteristic information to obtain multi-dimensional characteristic information.
In practical applications, application scanning is used in the security field, and may include static application scanning and dynamic application scanning. The static application scanning refers to that the tested program is not operated, and the correctness of the program is only checked by analyzing or detecting grammar, structure, process, borrowing and the like of the source program. Focusing on code or file scanning. However, it has a vulnerability that makes it difficult to understand the code structure or design in depth. One of the common situations is that software products have been introduced into compiled open source software binary packages or class libraries instead of source code, but it is a very laborious task to get the corresponding source code and then to perform static application scans. To address this problem, dynamic application scanning may be employed to obtain as complete an application structure as possible through crawler technology, and send vulnerability attack packages to determine security vulnerabilities.
In one example, the embodiment of the invention combines static application scanning and dynamic application scanning to acquire richer multi-dimensional characteristic information of open source software, and particularly provides an open source software multi-dimensional characteristic information extraction system based on application scanning, and the structure of the system is shown in fig. 3. The system comprises a SAST static application scanning analysis module, a DAST dynamic application scanning analysis module, a APISERVER service gateway and an information aggregation storage component.
In a specific implementation, the system shown in fig. 3 may receive two data types, namely an application source code path and an running application communication connection, and after the obtained application source code path data and the running application communication connection data are authenticated by a APISERVER unified service gateway, the obtained application source code path data and the running application communication connection data are respectively routed to a sat static application scanning module and a DAST dynamic application scanning module to perform static application scanning and dynamic application scanning, and then the initial characteristic information of multiple dimensions of open source software may be extracted.
It should be noted that, the feature information obtained by scanning by the SAST static application scanning module and the DAST dynamic application scanning module inevitably has a certain degree of repetition, so when the feature information is grouped, the repeated feature information needs to be screened out and deleted, and the feature information without the repeated feature information is obtained.
In a specific implementation, the feature information can be processed through the information aggregation and storage component of fig. 3 to obtain the target feature information of the open source software without repeated feature information. Which can provide a rich data source for subsequent grouping and availability evaluation.
In one example, the feature information may include one or more of a name, version number, license rights protocol, technology stack category, and custom feature.
Step 202, grouping the characteristic information to generate a grouping mark;
in the embodiment of the invention, after the characteristic information of the multiple dimensions is obtained, the characteristic information can be grouped and marked to obtain grouping marks of different dimensions. Grouping markers are useful for distinguishing dimension attribution of different feature information, and can be used for evaluating the usability index of which aspect.
In one example, group marking may be performed by an open source software multidimensional feature information group marking system as shown in FIG. 4.
Specifically, the open source software multidimensional feature information grouping marking system shown in fig. 4 is responsible for identifying multidimensional feature information, such as name identification, version number identification, license right protocol identification, technology stack category identification and the like. The system adopts the filter frame, and realizes the decoupling of the pipeline and the filtering function. Similar to the water inflow filter, the treated water is obtained after passing through different functional modules, such as an impurity filtering and heating module. The user-defined identification reserves an expansion space for the user personalized mark, and when a user has additional demands, the user can realize function expansion directly through the user-defined identification module interface without changing the bottom design of the multi-dimensional characteristic information grouping marking system of the open source software.
Step 203, obtaining an availability evaluation index corresponding to the grouping mark;
in the embodiment of the invention, after different grouping marks are acquired, the availability evaluation index corresponding to the grouping mark can be queried.
In a specific implementation, the usability assessment may be made by an open source software usability assessment system as shown in FIG. 5. The main service of the open source software availability evaluation system is to receive the packet mark transmitted by the open source software multidimensional feature information packet marking system, and classify and search multidimensional availability indexes of the open source software in a preset open source software information base, such as general concerns of enterprises including license compliance, security vulnerabilities, learning cost and the like. Its application architecture can be divided into the following four levels:
data layer: the system is used for providing structured data MySQL storage and Redis cache systems and Ceph distributed storage services required by the system;
service layer: the method is used for abstracting the problems concerned in the open source software evaluation process, and can be divided into nine categories of license compliance, security vulnerabilities, learning cost, performance query, function introduction, community activity, best practices, extensive degree, other retrieval and the like. Each class of evaluation is managed by a class of micro-service processes and supports lateral expansion;
gateway layer: the system is used for providing an entry for accessing the open source software availability evaluation system and providing an authentication function;
application layer: and providing an interactive interface service, wherein a user can perform operations such as inquiring indexes, exporting reports and the like through a service interface of applications of Web, iOS, android and the like.
Step 204, an availability comprehensive evaluation result is generated by adopting an availability evaluation index, and the availability comprehensive evaluation result is used for judging the availability of open source software;
in the embodiment of the invention, after the availability evaluation index of each dimension is obtained, all the availability evaluation indexes can be weighted and summed to obtain the availability comprehensive evaluation result of all the availability evaluation dimensions of the open source software, so as to judge the availability of the open source software according to the availability comprehensive evaluation result.
Step 205, generating an evaluation report by adopting the comprehensive usability evaluation result, and outputting the evaluation report; the evaluation report carries selection advice.
In the embodiment of the invention, the comprehensive evaluation results of the availability of the open source software are summarized, and after the availability of the open source software is judged according to the comprehensive evaluation results of the availability, relevant selection suggestions can be derived from the information base based on the judgment results to generate an evaluation report. The method and the system have the advantages that the risks such as security and law are avoided, meanwhile, selection suggestions of the introduced open source software are provided for enterprises, so that the development efficiency of software products, the code quality and the cost are improved, and the method and the system are not limited to security loopholes or risk prevention of permission compliance in a certain aspect.
The method comprises the steps of obtaining characteristic information of multiple dimensions by applying scanning to preset open source software; grouping the characteristic information to generate a grouping mark; and then acquiring availability evaluation indexes corresponding to the grouping marks, generating an availability comprehensive evaluation result by adopting the availability evaluation indexes, and judging the availability of the open source software through the availability evaluation result. Therefore, the technical effect of performing multidimensional usability evaluation on the open source software is achieved.
Referring to fig. 6, fig. 6 is a block diagram of an open source software availability determination device according to an embodiment of the present invention.
The embodiment of the invention provides an open source software availability judging device, which comprises:
the feature information extraction module 601 is configured to perform application scanning on preset open source software to obtain multi-dimensional feature information;
a grouping mark generation module 602, configured to group the feature information to generate a grouping mark;
an availability evaluation index obtaining module 603, configured to obtain an availability evaluation index corresponding to the packet label;
the availability comprehensive evaluation result generating module 604 is configured to generate an availability comprehensive evaluation result by using an availability evaluation index, where the availability comprehensive evaluation result is used to determine availability of open source software.
In the embodiment of the invention, the device further comprises:
the evaluation report generation module is used for generating an evaluation report by adopting the comprehensive availability evaluation result and outputting the evaluation report; the evaluation report carries selection advice.
In the embodiment of the invention, the application scanning comprises static application scanning and dynamic application scanning; the feature information extraction module 601 includes:
the receiving sub-module is used for receiving application source code path data of the open source software and running application communication connection data;
the authentication application source code data and the authentication running state application data acquisition submodule are used for carrying out unified service gateway authentication on application source code path data and running state application communication connection data to obtain authentication application source code data and authentication running state application data;
the static application scanning data acquisition sub-module is used for carrying out static application scanning on the authentication application source code data to obtain static application scanning data;
the dynamic application scanning data acquisition sub-module is used for carrying out dynamic application scanning on the authentication running state application data to obtain dynamic application scanning data;
the initial characteristic information acquisition sub-module is used for acquiring multi-dimensional initial characteristic information based on static application scanning data and dynamic application scanning data;
the screening sub-module is used for screening repeated characteristic information from the initial characteristic information;
and the characteristic information acquisition sub-module is used for deleting repeated characteristic information to obtain multi-dimensional characteristic information.
In an embodiment of the present invention, the feature information includes one or more of a name, a version number, a license rights protocol, a technology stack category, and a custom feature.
In the embodiment of the present invention, the availability evaluation index obtaining module 603 includes:
the availability evaluation index acquisition sub-module is used for acquiring the availability evaluation index corresponding to the grouping mark in a preset open source software information base based on the grouping mark.
In the embodiment of the present invention, the availability comprehensive evaluation result generating module 604 includes:
and the availability comprehensive evaluation result generation sub-module is used for carrying out weighted summation on each availability evaluation index to obtain an availability comprehensive evaluation result.
The embodiment of the invention also provides electronic equipment, which comprises a processor and a memory:
the memory is used for storing the program codes and transmitting the program codes to the processor;
the processor is used for executing the open source software availability determination method according to the embodiment of the invention according to the instructions in the program code.
The embodiment of the invention also provides a computer readable storage medium, which is characterized in that the computer readable storage medium is used for storing program codes, and the program codes are used for executing the open source software availability judging method of the embodiment of the invention.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the apparatus and units described above may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.
It will be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the invention may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or terminal device comprising the element.
The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (9)
1. The open source software availability judging method is characterized by comprising the following steps of:
carrying out application scanning on preset open source software to obtain multi-dimensional characteristic information; specifically, the application scan includes a static application scan and a dynamic application scan; the step of performing application scanning on preset open source software to acquire multi-dimensional characteristic information comprises the following steps:
receiving application source code path data and running state application communication connection data of the open source software;
performing unified service gateway authentication on the application source code path data and the running state application communication connection data to obtain authentication application source code data and authentication running state application data;
carrying out the static application scanning on the authentication application source code data to obtain static application scanning data;
carrying out the dynamic application scanning on the authentication running state application data to obtain dynamic application scanning data;
based on the static application scanning data and the dynamic application scanning data, obtaining multi-dimensional initial characteristic information;
screening repeated characteristic information from the initial characteristic information;
deleting the repeated characteristic information to obtain multi-dimensional characteristic information;
grouping the characteristic information to generate a grouping mark;
acquiring an availability evaluation index corresponding to the grouping mark;
and generating an availability comprehensive evaluation result by adopting the availability evaluation index, wherein the availability comprehensive evaluation result is used for judging the availability of the open source software.
2. The method according to claim 1, wherein the method further comprises:
generating an evaluation report by adopting the comprehensive usability evaluation result, and outputting the evaluation report; the evaluation report carries selection suggestions.
3. The method of claim 1, wherein the feature information includes one or more of a name, a version number, a license rights agreement, a technology stack category, and a custom feature.
4. The method of claim 3, wherein the step of obtaining the availability evaluation index corresponding to the packet mark comprises:
and acquiring an availability evaluation index corresponding to the grouping mark in a preset open source software information base based on the grouping mark.
5. The method of claim 4, wherein the step of generating an availability composite assessment result using the availability assessment index comprises:
and carrying out weighted summation on each availability evaluation index to obtain an availability comprehensive evaluation result.
6. An open source software availability determination device, comprising:
the characteristic information extraction module is used for carrying out application scanning on preset open source software to obtain multi-dimensional characteristic information; specifically, the application scan includes a static application scan and a dynamic application scan; the step of performing application scanning on preset open source software to acquire multi-dimensional characteristic information comprises the following steps:
receiving application source code path data and running state application communication connection data of the open source software;
performing unified service gateway authentication on the application source code path data and the running state application communication connection data to obtain authentication application source code data and authentication running state application data;
carrying out the static application scanning on the authentication application source code data to obtain static application scanning data;
carrying out the dynamic application scanning on the authentication running state application data to obtain dynamic application scanning data;
based on the static application scanning data and the dynamic application scanning data, obtaining multi-dimensional initial characteristic information;
screening repeated characteristic information from the initial characteristic information;
deleting the repeated characteristic information to obtain multi-dimensional characteristic information;
the grouping mark generation module is used for grouping the characteristic information to generate a grouping mark;
the availability evaluation index acquisition module is used for acquiring the availability evaluation index corresponding to the grouping mark;
the availability comprehensive evaluation result generation module is used for generating an availability comprehensive evaluation result by adopting the availability evaluation index, and the availability comprehensive evaluation result is used for judging the availability of the open source software.
7. The apparatus of claim 6, wherein the apparatus further comprises:
the evaluation report generation module is used for generating an evaluation report by adopting the comprehensive usability evaluation result and outputting the evaluation report; the evaluation report carries selection suggestions.
8. An electronic device, the device comprising a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the open source software availability determination method of any one of claims 1-5 according to instructions in the program code.
9. A computer-readable storage medium storing program code for executing the open source software availability determination method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110025092.9A CN112765016B (en) | 2021-01-08 | 2021-01-08 | Open source software availability judging method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110025092.9A CN112765016B (en) | 2021-01-08 | 2021-01-08 | Open source software availability judging method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112765016A CN112765016A (en) | 2021-05-07 |
| CN112765016B true CN112765016B (en) | 2024-03-22 |
Family
ID=75701047
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110025092.9A Active CN112765016B (en) | 2021-01-08 | 2021-01-08 | Open source software availability judging method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112765016B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113535546B (en) * | 2021-06-17 | 2023-09-08 | 深圳开源互联网安全技术有限公司 | Open source component evaluation method and device and computer readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2011181034A (en) * | 2010-03-04 | 2011-09-15 | Nec Corp | System and method for evaluation of software effective performance, and program |
| CN107315738A (en) * | 2017-07-05 | 2017-11-03 | 山东大学 | A kind of innovation degree appraisal procedure of text message |
| CN109242279A (en) * | 2018-08-22 | 2019-01-18 | 中国平安人寿保险股份有限公司 | A kind of appraisal procedure and server |
| CN110580217A (en) * | 2018-06-08 | 2019-12-17 | 阿里巴巴集团控股有限公司 | software code health degree detection method, processing method and device and electronic equipment |
| CN111695831A (en) * | 2020-06-18 | 2020-09-22 | 中国信息安全测评中心 | Open source code use risk assessment method and device and electronic equipment |
-
2021
- 2021-01-08 CN CN202110025092.9A patent/CN112765016B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2011181034A (en) * | 2010-03-04 | 2011-09-15 | Nec Corp | System and method for evaluation of software effective performance, and program |
| CN107315738A (en) * | 2017-07-05 | 2017-11-03 | 山东大学 | A kind of innovation degree appraisal procedure of text message |
| CN110580217A (en) * | 2018-06-08 | 2019-12-17 | 阿里巴巴集团控股有限公司 | software code health degree detection method, processing method and device and electronic equipment |
| CN109242279A (en) * | 2018-08-22 | 2019-01-18 | 中国平安人寿保险股份有限公司 | A kind of appraisal procedure and server |
| CN111695831A (en) * | 2020-06-18 | 2020-09-22 | 中国信息安全测评中心 | Open source code use risk assessment method and device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112765016A (en) | 2021-05-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Westcott et al. | OptiClust, an improved method for assigning amplicon-based sequence data to operational taxonomic units | |
| CN106572117B (en) | A kind of detection method and device of WebShell file | |
| US20220232040A1 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
| Lo et al. | Learning extended FSA from software: An empirical assessment | |
| CN112866023B (en) | Network detection method, model training method, device, equipment and storage medium | |
| WO2019085061A1 (en) | Automatic test management method, apparatus and device for fund system, and storage medium | |
| CN105229661B (en) | Method, computing device and the storage medium for determining Malware are marked based on signal | |
| Vale et al. | Defining metric thresholds for software product lines: a comparative study | |
| Karim et al. | Mining android apps to recommend permissions | |
| CN111104579A (en) | Identification method and device for public network assets and storage medium | |
| Kang et al. | A secure-coding and vulnerability check system based on smart-fuzzing and exploit | |
| CN103455758A (en) | Method and device for identifying malicious website | |
| CN107944270A (en) | A kind of Android malware detection system and method that can verify that | |
| CN112765016B (en) | Open source software availability judging method and device | |
| CN104239799A (en) | Android application program privacy stealing detection method and system based on behavior chain | |
| Gkortzis et al. | A double-edged sword? Software reuse and potential security vulnerabilities | |
| CN104346565B (en) | A kind of vulnerability scanning method and system | |
| Ullman et al. | Smart vulnerability assessment for scientific cyberinfrastructure: An unsupervised graph embedding approach | |
| CN111241547B (en) | Method, device and system for detecting override vulnerability | |
| CN116915442A (en) | Vulnerability testing method, device, equipment and medium | |
| CN114329495A (en) | Endogenous security based asset vulnerability static analysis method and device | |
| Lazarine et al. | Exploring the Propagation of Vulnerabilities from GitHub Repositories Hosted by Major Technology Organizations | |
| CN111934949A (en) | Safety test system based on database injection test | |
| Huang et al. | Static Analysis of Superfluous Network Transmissions in Android Applications. | |
| Simmonds | Generating a Large Web Traffic Dataset |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20211208 Address after: Room 1423, No. 1256 and 1258, Wanrong Road, Jing'an District, Shanghai 200040 Applicant after: Tianyi Digital Life Technology Co.,Ltd. Address before: 1 / F and 2 / F, East Garden, Huatian International Plaza, 211 Longkou Middle Road, Tianhe District, Guangzhou, Guangdong 510000 Applicant before: Century Dragon Information Network Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |