CN112783749A - Static code scanning optimization method and device, electronic equipment and storage medium - Google Patents
Static code scanning optimization method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN112783749A CN112783749A CN201911082103.6A CN201911082103A CN112783749A CN 112783749 A CN112783749 A CN 112783749A CN 201911082103 A CN201911082103 A CN 201911082103A CN 112783749 A CN112783749 A CN 112783749A
- Authority
- CN
- China
- Prior art keywords
- scanning
- code
- scanned
- rule
- preference
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
- G06F11/366—Software debugging using diagnostics
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The invention discloses a static code scanning optimization method and device, electronic equipment and a storage medium. The method comprises the following steps: if the preset scanning rule exists, scanning the code file to be scanned according to the preset scanning rule; if the preset scanning rule does not exist, acquiring historical scanning preference, and scanning the file to be scanned according to the historical scanning preference; if the historical scanning preference does not exist, the type of the code file to be scanned is counted, a scanning rule is recommended according to the type, and the code file to be scanned is scanned by using the scanning rule. By the scheme, an automatic program for statically scanning the code file is provided, the code scanning flow is optimized, and the scanning time is saved.
Description
Technical Field
The invention relates to the field of static code scanning, in particular to a static code scanning optimization method and device, electronic equipment and a storage medium.
Background
After the software code is written, the code needs to be scanned, which is generally called static code scanning, and whether the code has defects or non-normative places is preliminarily detected through scanning.
The existing code scanning system needs a user to specify a task type, then a single scanning rule (namely a scanning engine) is matched according to the task type, the system is not high in flexibility, serious in customization and low in automation degree, and the existing system cannot realize parallel operation, for example, if a certain scanning task contains multiple code languages, the user needs to initiate multiple times of scanning, the time consumption is long, and a report cannot be displayed integrally.
Disclosure of Invention
In view of the above, the present invention has been made to provide a static code scan optimization method, apparatus, electronic device and storage medium that overcome or at least partially solve the above-mentioned problems.
According to an aspect of the present invention, there is provided a static code scan optimization method, the method comprising:
if the preset scanning rule exists, scanning the code file to be scanned according to the preset scanning rule;
if the preset scanning rule does not exist, acquiring historical scanning preference, and scanning the file to be scanned according to the historical scanning preference;
if the historical scanning preference does not exist, the type of the code file to be scanned is counted, a scanning rule is recommended according to the type, and the code file to be scanned is scanned by using the scanning rule.
Optionally, the scanning rule includes any one or several of the following: code defect multi-language scanning, complexity scanning, repetition rate scanning, code line scanning, code vulnerability scanning, and incremental code scanning.
Optionally, the incremental code scanning includes:
a new or modified code file is determined for which a scan is performed.
Optionally, the determining the newly added or modified code file includes:
recording the scanning path;
and comparing the paths of the two previous and next scans to determine the difference, and determining the newly added and modified code files according to the difference.
Optionally, the obtaining the historical scanning preference includes:
and determining historical scanning preference according to the record of the scanning log.
Optionally, the method further includes:
and if the number of the scanning rules is multiple, running all the scanning rules in parallel, wherein the scanning time is the maximum value of the time required by each scanning engine.
Optionally, the method further includes:
collecting scanning results, and acquiring at least one item of scanning result information as follows: vulnerability information, code line information, repetition rate information, and complexity information.
In accordance with another aspect of the present invention, there is provided a static code scan optimization apparatus, the apparatus including:
the preset scanning unit is suitable for scanning the code file to be scanned according to a preset scanning rule if the preset scanning rule exists;
the preference scanning unit is suitable for acquiring historical scanning preference if a preset scanning rule does not exist, and scanning the file to be scanned according to the historical scanning preference;
and the recommended scanning unit is suitable for counting the type of the code file to be scanned if the historical scanning preference does not exist, recommending a scanning rule according to the type, and scanning the code file to be scanned by using the scanning rule.
Optionally, the scanning rule includes any one or several of the following:
code defect multi-language scanning, complexity scanning, repetition rate scanning, code line scanning, code vulnerability scanning, and incremental code scanning.
Optionally, the preset scanning unit is adapted to:
determining a newly added or modified code file;
scanning for the newly added or modified code file.
Optionally, the determining the newly added or modified code file includes:
recording the scanning path;
comparing the paths scanned before and after, determining the difference between the paths, and determining the newly added and modified code files according to the difference.
Optionally, the preference scanning unit is adapted to:
and determining historical scanning preference according to the record of the scanning log.
Optionally, the apparatus further comprises a scan execution unit adapted to:
and if the number of the scanning rules is multiple, running the scanning rules in parallel, wherein the scanning time is the maximum value of the time required by each scanning rule.
Optionally, the apparatus further comprises a report collecting unit adapted to:
collecting scanning results, and acquiring and counting information of at least one scanning result as follows: vulnerability information, code line information, repetition rate information, and complexity information.
In accordance with still another aspect of the present invention, there is provided an electronic apparatus including: a processor; and a memory arranged to store computer executable instructions that, when executed, cause the processor to perform a method as any one of the above.
According to a further aspect of the invention, there is provided a computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement a method as any one of the above.
In view of the above, the technical solution of the present invention provides a static code scanning optimization method, including: if the preset scanning rule exists, scanning the code file to be scanned according to the preset scanning rule; if the preset scanning rule does not exist, acquiring historical scanning preference, and scanning the file to be scanned according to the historical scanning preference; if the historical scanning preference does not exist, the type of the code file to be scanned is counted, a scanning rule is recommended according to the type, and the code file to be scanned is scanned by using the scanning rule. By the scheme, an automatic program for statically scanning the code file is provided, the code scanning flow is optimized, and the scanning time is saved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 shows a flow diagram of a static code scan optimization method according to one embodiment of the invention;
FIG. 2 is a schematic structural diagram of a static code scan optimization apparatus according to an embodiment of the present invention;
FIG. 3 shows a schematic structural diagram of an electronic device according to one embodiment of the invention;
fig. 4 shows a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
FIG. 1 shows a flow diagram of a static code scan optimization method according to one embodiment of the invention; the method comprises the following steps:
step S110, if a preset scanning rule exists, scanning the code file to be scanned according to the preset scanning rule.
In this embodiment, when a code scanning task is performed, it is first determined whether a writer or a manager of a code file to be scanned has specified a scanning rule, where the scanning rule may include what scanning aspects are performed, such as vulnerability scanning, complexity scanning, and duplication scanning, and may also specify which scanning items are specifically performed, such as which vulnerability items are specifically scanned in vulnerability scanning, and of course, the user may also preset a scanning order, a scanning level, and the like.
Step S120, if no preset scanning rule exists, obtaining historical scanning preference, and scanning the file to be scanned according to the historical scanning preference.
When the code scanning system does not detect the scanning rule preset by the user, the historical scanning preference can be obtained from the scanning history record, for example, according to files such as a scanning log, how the user scans when the user executes the previous scanning tasks of the same type, which items in the scanning aspects are selected, and then the file to be scanned is scanned according to the historical scanning preference.
Step S130, if the historical scanning preference does not exist, counting the type of the code file to be scanned, recommending a scanning rule according to the type, and scanning the code file to be scanned by using the scanning rule.
Furthermore, under the condition that historical scanning preferences cannot be inquired, the file type of the code to be scanned is counted, the method is mainly applied to a multi-language code environment, the code files stored on the current code servers are various in programming languages, at least including C + +, Java, PHP, C #, Python, and under the condition, the system can automatically recommend a certain language scanning engine to be used by counting the suffix number of each code file in a certain scanning task. For example, if multiple languages exist simultaneously, the code files are classified according to the language categories, and then a multi-language scanning engine is recommended to sequentially or simultaneously scan the codes.
Therefore, the optimization method disclosed in this embodiment provides an automated scanning program: scanning a code file to be scanned according to a preset scanning rule according to a judgment result of whether the preset scanning rule exists, if the preset scanning rule does not exist, acquiring historical scanning preference, and scanning the file to be scanned according to the historical scanning preference; if the historical scanning preference cannot be acquired, counting the type of the code file to be scanned, recommending a scanning rule according to the type, and scanning the code file to be scanned by using the scanning rule. By the method, the code scanning flow is optimized, and the scanning time is saved.
In one embodiment, the scanning rules include any one or more of: code defect multi-language scanning, complexity scanning, repetition rate scanning, code line scanning, code vulnerability scanning, and incremental code scanning.
A typical code scanning system includes a variety of code scanning engines or scanning rules to implement different kinds or aspects of scanning. For example, multi-language scanning refers to a scanning engine which adopts corresponding languages according to codes written in different languages; the complexity scanning comprises the scanning of the complexity of a code judgment structure, and the code complexity also comprises indexes such as inheritance depth, class coupling degree, code line number and a total maintainable index; the repetition rate scanning includes establishing at least one scanned set of documents, an unscanned set of documents, performing repetition rate scanning on the documents in the scanned set of documents and the unscanned set of documents, and performing repetition rate scanning on the documents within the unscanned set of documents. The repetition rate sweep refers to the number of code line repetition rates between every two code files. The code line scanning mainly acquires line information in a code file, and comprises at least one of the following items of information: the total line number, the empty line number and the comment line number; the code vulnerability scanning comprises scanning any one or more of input verification errors, SQL query structure errors and buffer overflow errors, and mainly detects the vulnerability or defect of the code.
In order to further improve the efficiency of code scanning and reduce the repetitive work of code scanning, in one embodiment, an incremental code scanning rule is set, which specifically includes the following steps: a new or modified code file is determined for which a scan is performed.
Incremental code scanning first requires determining which codes are new or modified codes for this scan, and then scanning for new or modified code files.
Further, in one embodiment, the step of determining the new or modified code file includes: firstly, recording paths of at least two scanning times; then comparing the paths scanned before and after to determine the difference of the two paths, and determining the newly added and modified code files according to the difference.
For example, for a newly added code file, a path that does not appear in the previous scan may appear, or a file that has not been scanned may appear in the original path. The modified code file can acquire the change information of the code file through a log on the code server, and determine which code files are modified files according to the change information.
In one embodiment, step S120 includes: and determining historical scanning preference according to the record of the scanning log.
The log of the code scanning system records the history information of code scanning, and can determine which scanning rules a certain user adopts for the same or similar scanning tasks and in which sequence the scanning is carried out according to the history information, and then determine the scanning rules of the task according to the history scanning preference.
In one embodiment, the method further comprises: and if the number of the scanning rules is multiple, running all the scanning rules in parallel, wherein the scanning time is the maximum value of the time required by each scanning engine.
In order to improve the scanning efficiency and reduce the time required for scanning, in this embodiment, a rule capable of parallel scanning is set, for example, for a task in which multiple languages exist simultaneously, the scanning may be performed simultaneously by using the scanning engines in each language, where the scanning time is the time required for the longest scanning time in the scanning task, rather than the accumulation of all the scanning times of the scanning engines, so as to greatly reduce the time consumption.
In one embodiment, the method further comprises: collecting scanning results, and acquiring at least one item of scanning result information as follows: vulnerability information, code line information, repetition rate information, and complexity information.
In a scanning system, in order to obtain the result of the collective scanning, the scanning results can be collected periodically or when the scanning results are detected to appear, and the scanning results are collected to form a scanning result report, so that the condition of editing each code can be comprehensively known.
FIG. 2 is a schematic structural diagram of a static code scan optimization apparatus 200 according to an embodiment of the present invention; the device comprises:
the preset scanning unit 210 is adapted to scan the code file to be scanned according to a preset scanning rule if the preset scanning rule exists.
In this embodiment, when a code scanning task is performed, it is first determined whether a writer or a manager of a code file to be scanned has specified a scanning rule, where the scanning rule may include what scanning aspects are performed, such as vulnerability scanning, complexity scanning, and duplication scanning, and may also specify which scanning items are specifically performed, such as which vulnerability items are specifically scanned in vulnerability scanning, and of course, the user may also preset a scanning order, a scanning level, and the like.
The preference scanning unit 220 is adapted to, if there is no preset scanning rule, obtain a history scanning preference, and scan a file to be scanned according to the history scanning preference.
When the code scanning system does not detect the scanning rule preset by the user, the historical scanning preference can be obtained from the scanning history record, for example, according to files such as a scanning log, how the user scans when the user executes the previous scanning tasks of the same type, which items in the scanning aspects are selected, and then the file to be scanned is scanned according to the historical scanning preference.
The recommended scanning unit 230 is adapted to count the type of the code file to be scanned if there is no history scanning preference, recommend a scanning rule according to the type, and scan the code file to be scanned by using the scanning rule.
Furthermore, under the condition that historical scanning preferences cannot be inquired, the file type of the code to be scanned is counted, the method is mainly applied to a multi-language code environment, the code files stored on the current code servers are various in programming languages, at least including C + +, Java, PHP, C #, Python, and under the condition, the system can automatically recommend a certain language scanning engine to be used by counting the suffix number of each code file in a certain scanning task. For example, if multiple languages exist simultaneously, the code files are classified according to the language categories, and then a multi-language scanning engine is recommended to sequentially or simultaneously scan the codes.
Therefore, the optimization device disclosed in this embodiment performs task scanning through the above units, and optimizes the code scanning flow, thereby saving scanning time.
In one embodiment, the scanning rules include any one or more of: code defect multi-language scanning, complexity scanning, repetition rate scanning, code line scanning, code vulnerability scanning, and incremental code scanning.
A typical code scanning system includes a variety of code scanning engines or scanning rules to implement different kinds or aspects of scanning. For example, multi-language scanning refers to a scanning engine which adopts corresponding languages according to codes written in different languages; the complexity scanning comprises the scanning of the complexity of a code judgment structure, and the code complexity further comprises indexes such as inheritance depth, class coupling degree, code line number and a total maintainable index.
The repetition rate scanning includes establishing at least one scanned set of documents, an unscanned set of documents, performing repetition rate scanning on the documents in the scanned set of documents and the unscanned set of documents, and performing repetition rate scanning on the documents within the unscanned set of documents. The repetition rate sweep refers to the number of code line repetition rates between every two code files. The code line scanning mainly acquires line information in a code file, and comprises at least one of the following items of information: the total line number, the empty line number and the comment line number; the code vulnerability scanning comprises scanning any one or more of input verification errors, SQL query structure errors and buffer overflow errors, and mainly detects the vulnerability or defect of the code.
In order to further improve the efficiency of code scanning and reduce the repetitive work of code scanning, in one embodiment, an incremental code scanning rule is preset, and for this reason, the preset scanning unit 210 of the apparatus may further implement the following functions or steps: a new or modified code file is determined for which a scan is performed.
Incremental code scanning first requires determining which codes are new or modified codes for this scan, and then scanning for new or modified code files.
Further, in one embodiment, the code file for determining whether to add or modify is also described as including: recording the paths of at least the last two scans; the difference of the two paths is determined by comparing the paths of the two previous and next scans, and the newly added and modified code files are determined according to the difference.
For example, for a newly added code file, a path that does not appear in the previous scan may appear, or a file that has not been scanned may appear in the original path. The modified code file can acquire the change information of the code file through a log on the code server, and determine which code files are modified files according to the change information.
In one embodiment, the preference scanning unit 220 is adapted to: and determining historical scanning preference according to the record of the scanning log.
The log of the code scanning system records the history information of code scanning, and can determine which scanning rules a certain user adopts for the same or similar scanning tasks and in which sequence the scanning is carried out according to the history information, and then determine the scanning rules of the task according to the history scanning preference.
In one embodiment, the apparatus further comprises a scan execution unit adapted to: and if the number of the scanning rules is multiple, running all the scanning rules in parallel, wherein the scanning time is the maximum value of the time required by each scanning engine.
In order to improve the scanning efficiency and reduce the time required for scanning, in this embodiment, a rule capable of parallel scanning is set, for example, for a task in which multiple languages exist simultaneously, the scanning may be performed simultaneously by using the scanning engines in each language, where the scanning time is the time required for the longest scanning time in the scanning task, rather than the accumulation of all the scanning times of the scanning engines, so as to greatly reduce the time consumption.
In one embodiment, the apparatus further comprises a report collecting unit adapted to: collecting scanning results, and acquiring and counting information of at least one scanning result as follows: vulnerability information, code line information, repetition rate information, and complexity information.
In a scanning system, in order to obtain the result of the collective scanning, the scanning results can be collected periodically or when the scanning results are detected to appear, and the scanning results are collected to form a scanning result report, so that the condition of editing each code can be comprehensively known.
In summary, the technical solution of the present invention provides a static code scanning optimization scheme, which includes: if the preset scanning rule exists, scanning the code file to be scanned according to the preset scanning rule; if the preset scanning rule does not exist, acquiring historical scanning preference, and scanning the file to be scanned according to the historical scanning preference; if the historical scanning preference does not exist, the type of the code file to be scanned is counted, a scanning rule is recommended according to the type, and the code file to be scanned is scanned by using the scanning rule. By the scheme, an automatic program for statically scanning the code file is provided, the code scanning flow is optimized, and the scanning time is saved.
It should be noted that:
the algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose devices may be used with the teachings herein. The required structure for constructing such a device will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the invention and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components in a static code scan optimization apparatus according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
For example, fig. 3 shows a schematic structural diagram of an electronic device according to an embodiment of the invention. The electronic device 300 comprises a processor 310 and a memory 320 arranged to store computer executable instructions (computer readable program code). The memory 320 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. The memory 320 has a storage space 330 storing computer readable program code 331 for performing any of the method steps described above. For example, the storage space 330 for storing the computer readable program code may comprise respective computer readable program codes 331 for respectively implementing various steps in the above method. The computer readable program code 331 may be read from or written to one or more computer program products. These computer program products comprise a program code carrier such as a hard disk, a Compact Disc (CD), a memory card or a floppy disk. Such a computer program product is typically a computer readable storage medium such as described in fig. 4. Fig. 4 shows a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present invention. The computer readable storage medium 400 has stored thereon a computer readable program code 331 for performing the steps of the method according to the invention, readable by a processor 310 of the electronic device 300, which computer readable program code 331, when executed by the electronic device 300, causes the electronic device 300 to perform the steps of the method described above, in particular the computer readable program code 331 stored on the computer readable storage medium may perform the method shown in any of the embodiments described above. The computer readable program code 331 may be compressed in a suitable form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
A1, a static code scanning optimization method, wherein the method comprises:
if the preset scanning rule exists, scanning the code file to be scanned according to the preset scanning rule;
if the preset scanning rule does not exist, acquiring historical scanning preference, and scanning the file to be scanned according to the historical scanning preference;
if the historical scanning preference does not exist, the type of the code file to be scanned is counted, a scanning rule is recommended according to the type, and the code file to be scanned is scanned by using the scanning rule.
A2, the method of claim a1, wherein the scan rules include any one or several of:
code defect multi-language scanning, complexity scanning, repetition rate scanning, code line scanning, code vulnerability scanning, and incremental code scanning.
A3, the method of claim A2, wherein the incremental code scan comprises:
a new or modified code file is determined for which a scan is performed.
A4, the method of claim A3, wherein the determining a new or modified code file includes:
recording the scanning path;
and comparing the paths of the two previous and next scans to determine the difference, and determining the newly added and modified code files according to the difference.
A5, the method of claim a1, wherein the obtaining historical scan preferences comprises:
and determining historical scanning preference according to the record of the scanning log.
A6, the method of any one of claims a1-a5, wherein the method further comprises:
and if the number of the scanning rules is multiple, running all the scanning rules in parallel, wherein the scanning time is the maximum value of the time required by each scanning engine.
A7, the method of any one of claims a1-a5, wherein the method further comprises:
collecting scanning results, and acquiring at least one item of scanning result information as follows: vulnerability information, code line information, repetition rate information, and complexity information.
B8, a static code scanning optimization device, wherein the device comprises:
the preset scanning unit is suitable for scanning the code file to be scanned according to a preset scanning rule if the preset scanning rule exists;
the preference scanning unit is suitable for acquiring historical scanning preference if a preset scanning rule does not exist, and scanning the file to be scanned according to the historical scanning preference;
and the recommended scanning unit is suitable for counting the type of the code file to be scanned if the historical scanning preference does not exist, recommending a scanning rule according to the type, and scanning the code file to be scanned by using the scanning rule.
B9, the apparatus of claim B8, wherein the scanning rules include any one or several of:
code defect multi-language scanning, complexity scanning, repetition rate scanning, code line scanning, code vulnerability scanning, and incremental code scanning.
B10 the apparatus of claim B9, wherein the preset scanning unit is adapted to:
determining a newly added or modified code file;
scanning for the newly added or modified code file.
B11, the apparatus of claim B10, wherein the determining the new or modified code file comprises:
recording the scanning path;
comparing the paths scanned before and after, determining the difference between the paths, and determining the newly added and modified code files according to the difference.
B12 the apparatus of claim B8, wherein the preference scanning unit is adapted to:
and determining historical scanning preference according to the record of the scanning log.
B13 the apparatus of any one of claims B8-B12, wherein the apparatus further comprises a scan performing unit adapted to:
and if the number of the scanning rules is multiple, running the scanning rules in parallel, wherein the scanning time is the maximum value of the time required by each scanning rule.
B14 the device of any one of claims B8-B12, wherein the device further comprises a report collecting unit adapted to:
collecting scanning results, and acquiring and counting information of at least one scanning result as follows: vulnerability information, code line information, repetition rate information, and complexity information.
C15, an electronic device, wherein the electronic device comprises: a processor; and a memory arranged to store computer executable instructions that, when executed, cause the processor to perform the method of any one of claims a1-a 7.
D16, a computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement the method of any of claims a1-a 7.
Claims (10)
1. A static code scan optimization method, wherein the method comprises:
if the preset scanning rule exists, scanning the code file to be scanned according to the preset scanning rule;
if the preset scanning rule does not exist, acquiring historical scanning preference, and scanning the file to be scanned according to the historical scanning preference;
if the historical scanning preference does not exist, the type of the code file to be scanned is counted, a scanning rule is recommended according to the type, and the code file to be scanned is scanned by using the scanning rule.
2. The method of claim 1, wherein the scanning rules include any one or more of:
code defect multi-language scanning, complexity scanning, repetition rate scanning, code line scanning, code vulnerability scanning, and incremental code scanning.
3. The method of claim 2, wherein the incremental code scan comprises:
a new or modified code file is determined for which a scan is performed.
4. The method of claim 3, wherein the determining the new or modified code file comprises:
recording the scanning path;
and comparing the paths of the two previous and next scans to determine the difference, and determining the newly added and modified code files according to the difference.
5. The method of claim 1, wherein the obtaining historical scan preferences comprises:
and determining historical scanning preference according to the record of the scanning log.
6. The method of any one of claims 1-5, wherein the method further comprises:
and if the number of the scanning rules is multiple, running all the scanning rules in parallel, wherein the scanning time is the maximum value of the time required by each scanning engine.
7. The method of any one of claims 1-5, wherein the method further comprises:
collecting scanning results, and acquiring at least one item of scanning result information as follows: vulnerability information, code line information, repetition rate information, and complexity information.
8. An apparatus for static code scan optimization, wherein the apparatus comprises:
the preset scanning unit is suitable for scanning the code file to be scanned according to a preset scanning rule if the preset scanning rule exists;
the preference scanning unit is suitable for acquiring historical scanning preference if a preset scanning rule does not exist, and scanning the file to be scanned according to the historical scanning preference;
and the recommended scanning unit is suitable for counting the type of the code file to be scanned if the historical scanning preference does not exist, recommending a scanning rule according to the type, and scanning the code file to be scanned by using the scanning rule.
9. An electronic device, wherein the electronic device comprises: a processor; and a memory arranged to store computer-executable instructions that, when executed, cause the processor to perform the method of any one of claims 1-7.
10. A computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement the method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911082103.6A CN112783749A (en) | 2019-11-07 | 2019-11-07 | Static code scanning optimization method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911082103.6A CN112783749A (en) | 2019-11-07 | 2019-11-07 | Static code scanning optimization method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112783749A true CN112783749A (en) | 2021-05-11 |
Family
ID=75748223
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911082103.6A Pending CN112783749A (en) | 2019-11-07 | 2019-11-07 | Static code scanning optimization method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112783749A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113609004A (en) * | 2021-07-17 | 2021-11-05 | 深圳开源互联网安全技术有限公司 | Static code detection method and system |
| CN113987516A (en) * | 2021-11-02 | 2022-01-28 | 湖北天融信网络安全技术有限公司 | Vulnerability scanning method and device, storage medium and electronic equipment |
| CN114756875A (en) * | 2022-06-16 | 2022-07-15 | 荣耀终端有限公司 | Code scanning method and electronic equipment |
-
2019
- 2019-11-07 CN CN201911082103.6A patent/CN112783749A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113609004A (en) * | 2021-07-17 | 2021-11-05 | 深圳开源互联网安全技术有限公司 | Static code detection method and system |
| CN113609004B (en) * | 2021-07-17 | 2023-11-03 | 深圳开源互联网安全技术有限公司 | Static code detection method and system |
| CN113987516A (en) * | 2021-11-02 | 2022-01-28 | 湖北天融信网络安全技术有限公司 | Vulnerability scanning method and device, storage medium and electronic equipment |
| CN113987516B (en) * | 2021-11-02 | 2022-11-29 | 湖北天融信网络安全技术有限公司 | Vulnerability scanning method and device, storage medium and electronic equipment |
| CN114756875A (en) * | 2022-06-16 | 2022-07-15 | 荣耀终端有限公司 | Code scanning method and electronic equipment |
| CN114756875B (en) * | 2022-06-16 | 2022-10-25 | 荣耀终端有限公司 | Code scanning method and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112783749A (en) | Static code scanning optimization method and device, electronic equipment and storage medium | |
| CN109063178B (en) | Method and device for automatically expanding self-help analysis report | |
| US11093461B2 (en) | Method for computing distinct values in analytical databases | |
| CN109213773B (en) | Online fault diagnosis method and device and electronic equipment | |
| CN104216822B (en) | A kind of processing method and processing device of abnormal information | |
| CN103631603A (en) | Software cleaning method and system | |
| CN105260290A (en) | Application exception information collection method and apparatus | |
| US10528534B2 (en) | Method and system for deduplicating data | |
| JP2005222108A (en) | Bug analysis method and device | |
| CN110471945B (en) | Active data processing method, system, computer equipment and storage medium | |
| US7434132B2 (en) | Method and system of configuring a software program | |
| US10467206B2 (en) | Data sampling in a storage system | |
| CN112783751A (en) | Incremental code scanning method and device, electronic equipment and storage medium | |
| JP2005228241A (en) | Method and apparatus for managing bug | |
| CN109634845B (en) | Method and device for generating context record text | |
| US20060230034A1 (en) | Requirements management semantics modeling | |
| CN109343891B (en) | Data processing system, method and device | |
| CN106897224B (en) | Method and device for determining software testing range | |
| US20070299705A1 (en) | Method and apparatus for observation model validation | |
| CN115269444A (en) | Code static detection method and device and server | |
| CN113918370A (en) | Category determination method and device, electronic equipment and storage medium | |
| CN110737577B (en) | Test defect data storage method and device | |
| CN111753183A (en) | Search result processing method and device | |
| CN110752962A (en) | Monitoring method and device of advertisement interface | |
| CN111045849A (en) | Method, device, server and storage medium for identifying reason of checking abnormality |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |