CN112835588B - Code auditing method and device - Google Patents

Code auditing method and device Download PDF

Info

Publication number
CN112835588B
CN112835588B CN202110348677.4A CN202110348677A CN112835588B CN 112835588 B CN112835588 B CN 112835588B CN 202110348677 A CN202110348677 A CN 202110348677A CN 112835588 B CN112835588 B CN 112835588B
Authority
CN
China
Prior art keywords
code
auditor
modification
determining
core
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110348677.4A
Other languages
Chinese (zh)
Other versions
CN112835588A (en
Inventor
陈鸿基
刘刚
黄生平
尹智刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202110348677.4A priority Critical patent/CN112835588B/en
Publication of CN112835588A publication Critical patent/CN112835588A/en
Application granted granted Critical
Publication of CN112835588B publication Critical patent/CN112835588B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • G06F8/43Checking; Contextual analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention provides a code auditing method and device, belongs to the technical field of information security, and can be applied to the financial field or other fields. The code auditing method comprises the following steps: determining a core code according to the modification times and the called times of the source code file in a preset time period; determining the type of the auditor of each auditor according to the qualification index of the auditor, the number of the core codes and the number of the version library files; determining the code type of the incremental modification code according to the comparison result of the incremental modification code and the core code, and determining auditors according to the code type and the auditor type of each auditor to be audited; and transmitting the auditor and the incremental modification code identifier to a code audit server so that the code audit server transmits a code audit notification comprising the incremental modification code identifier to the auditor. The invention can further improve the efficiency and the management and control quality of code auditing on the basis of the native code auditing framework, and reduces auditing risks.

Description

Code auditing method and device
Technical Field
The invention relates to the technical field of information security, in particular to a code auditing method and device.
Background
With IT internet and financial science enterprises paying more attention to development of operation and maintenance integration modes (devots) and practice thereof, how to continuously improve the quality of codes and software products becomes a key determinant of continuous and flexible delivery value. In the development activity of the whole software product, code auditing is a main measure for improving the internal quality of the software, and in terms of mode, the code auditing comprises two aspects of automatic code auditing and manual auditing, and in terms of the time of the code auditing, the code auditing comprises two stages of in-process code auditing and post-process code auditing. The gerit platform provides an in-process real-time code auditing mechanism that requires that the code must be audited to be incorporated into the remote version library after the code is submitted. The in-process gerit code audit can find problems early before the code is put into library and shared to other members of project group, even before software version and product are made, prevent problem code from putting in storage, effectively solve the internal quality problem of code, and the mode has wide application in the code development of Internet enterprises and financial science and technology enterprises at present.
However, there is a certain limitation to the code auditing mechanism in the original business of the gerit platform. Under the code auditing mechanism of the gerit platform, after the code is released and changed, all auditors with auditing rights are added to an auditor list by a server to conduct code auditing. The original scheme is too crude in auditing authority management, fine granularity distinction between codes and auditors cannot be performed, and all codes issued to a platform can be audited by all code auditors and put in storage. But the importance of the code is different for the source code of the software. Important core codes are subjected to important management and auditing, and the native scheme has a defect in controlling the auditing quality of the important core codes.
Disclosure of Invention
The embodiment of the invention mainly aims to provide a code auditing method and device, so that the efficiency and the management and control quality of code auditing are further improved on the basis of a native code auditing framework, and auditing risks are reduced.
In order to achieve the above object, an embodiment of the present invention provides a code auditing method, including
Determining a core code according to the modification times and the called times of the source code file in a preset time period;
determining the type of the auditor of each auditor according to the qualification index of the auditor, the number of the core codes and the number of the version library files;
determining the code type of the incremental modification code according to the comparison result of the incremental modification code and the core code, and determining auditors according to the code type and the auditor type of each auditor to be audited;
and transmitting the auditor and the incremental modification code identifier to a code audit server so that the code audit server transmits a code audit notification comprising the incremental modification code identifier to the auditor.
The embodiment of the invention also provides a code auditing device, which comprises the following steps:
the core code determining module is used for determining a core code according to the modification times and the called times of the source code file in a preset time period;
the auditor type determining module is used for determining the auditor type of each auditor according to the qualification index of the auditor, the number of core codes and the number of version library files;
the auditor determining module is used for determining the code type of the incremental modification code according to the comparison result of the incremental modification code and the core code and determining auditors according to the code type and the auditor type of each auditor to be audited;
and the sending module is used for sending the auditor and the incremental modification code identifier to the code audit server so that the code audit server sends a code audit notification comprising the incremental modification code identifier to the auditor.
The embodiment of the invention also provides computer equipment, which comprises a memory, a processor and a computer program stored on the memory and running on the processor, wherein the processor realizes the steps of the code auditing method when executing the computer program.
The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, which when being executed by a processor, implements the steps of the code auditing method.
According to the code auditing method and device, the core code is determined according to the modification times and the called times of the source code file in the preset time period, the auditor corresponding to the code type is determined according to the comparison result of the incremental modification code and the core code, and finally the incremental modification code identification and the auditor are sent to the code auditing server, so that the code auditing server sends the code auditing notification comprising the incremental modification code identification to the auditor, the efficiency and the control quality of code auditing can be further improved on the basis of the original code auditing frame, and the auditing risk is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a code audit method in an embodiment of the present invention;
FIG. 2 is a flow chart of determining core code in an embodiment of the invention;
FIG. 3 is a flow chart of determining the type of auditor in an embodiment of the invention;
FIG. 4 is a flow chart of distributing audit code in an embodiment of the present invention;
FIG. 5 is a flowchart of S101 in an embodiment of the invention;
FIG. 6 is a flow chart of determining a percent modification threshold in an embodiment of the invention;
FIG. 7 is a block diagram of a code audit device in an embodiment of the present invention;
FIG. 8 is a block diagram of a code audit device according to another embodiment of the present invention;
FIG. 9 is a block diagram of the code submission module in an embodiment of the invention;
fig. 10 is a block diagram of a computer device in an embodiment of the invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Those skilled in the art will appreciate that embodiments of the invention may be implemented as a system, apparatus, device, method, or computer program product. Accordingly, the present disclosure may be embodied in the following forms, namely: complete hardware, complete software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
In view of the fact that the prior art lacks in the aspect of checking the important core codes, fine granularity of importance of the codes cannot be distinguished, and qualification of code auditors cannot be managed, the embodiment of the invention provides a code auditing method, the core codes and the common codes are automatically identified and distinguished through analyzing calling relations and history modification records among source codes of a code library, when a developer submits the codes, comparison and adaptation of the submitted source codes and the core codes are automatically triggered, distribution processing of the code auditors with different qualification is automatically carried out according to comparison results, the quality of the code auditors is effectively managed and controlled through grading of the codes and the code auditors, the efficiency of code auditing is further improved on the basis of a gerrit original code auditing framework, and auditing risks are reduced.
FIG. 1 is a flow chart of a code audit method in an embodiment of the present invention. FIG. 2 is a flow chart of determining core code in an embodiment of the invention. Figure 3 is a flow chart of determining the type of auditor in an embodiment of the invention. FIG. 4 is a flow chart of distributing audit code in an embodiment of the present invention. As shown in fig. 1 to 4, the code auditing method includes:
s101: and determining the core code according to the modification times and the called times of the source code file in a preset time period.
The project group can manually mark a certain or some source code files as core codes directly according to the actual condition of the service system and register the core codes into a core code library.
Fig. 5 is a flowchart of S101 in the embodiment of the present invention. As shown in fig. 5, S101 includes:
s201: and sequencing the modification times of each source code file in a preset time period according to the sequence from big to small, and determining the source code files sequenced before the modification percentage threshold value as core codes.
In specific implementation, the historical modification record scanning of the version library can be automatically triggered to acquire the number of files of the version library and analyze file submitting records and file modification records, the time period with average daily submitting times larger than 1 is determined to be a preset time period through the file submitting records, and the number of modification files and the modification times are determined through the file modification records.
The preset time period T and the modification percentage threshold value R both support manual self-defining value according to special conditions. When the modification percentage threshold is 10%, the source code files with the first 10% of the ordered modification times are core codes, and other source code files are general codes.
FIG. 6 is a flow chart of determining a percent modification threshold in an embodiment of the invention. As shown in fig. 6, the code auditing method further includes:
s301: and determining the modification ratio according to the number of the modification files and the number of the version library files in the preset time period.
The modification ratio is the ratio of the number of modification files to the number of version library files in a preset time period. And storing the preset time period, the number and the number of modification files in the preset time period, and the ranking and the modification ratio of the number of modification files in the preset time period of each source code file into an analysis result file.
S302: and determining a modification percentage threshold according to a comparison result of the modification ratio and a preset modification ratio threshold.
For example, the preset modification ratio threshold is 50%. When the modification ratio is less than 50%, the modification percentage threshold R is 10%; when the modification ratio is greater than or equal to 50%, the modification percentage threshold R is 20%.
S202: sequencing the called times of each source code file in a preset time period according to the sequence from large to small, and determining the source code files sequenced before the called percentage threshold value as core codes.
The method can automatically analyze the grammar tree of the source code in the version library, acquire the grammar calling analysis result of the source code, and acquire the calling times of the source code of the version library in a preset time period.
For example, when the called percentage threshold is 10%, the source code file with the first 10% of the ordered called times is a core code, and the other source code files are general codes.
In one embodiment, the method further comprises: and determining a called percentage threshold according to a comparison result of the number of the version library files and a preset version number threshold.
For example, the preset version number threshold is 5000. When the number of the version library files is greater than or equal to 5000, the called percentage threshold value is 20%; when the number of version library files is less than 5000, the called percentage threshold is 10%.
The modification percentage threshold and the called percentage threshold are default values automatically acquired according to the dynamic analysis version library scene, manual dynamic adjustment is supported according to special conditions of a service system, meanwhile, a channel for manually customizing core codes is provided, a source code file can be directly defined as the core code according to actual conditions, and flexibility is improved.
S102: and determining the type of the auditor of each auditor according to the qualification index of the auditor, the number of the core codes and the number of the version library files.
And S102, reading qualification indexes of the person to be audited from the information base of the person to be audited. The qualification index comprises working years and job level, can automatically take a default value by linking the number of version library files, and simultaneously supports the manual dynamic adjustment of the project group according to special conditions.
For example, the ratio of the number of core codes to the number of version library files is determined as the auditor threshold. When the threshold of the auditor is less than 10%, the threshold of the working life is 5 years, the threshold of the job level is the advanced manager, at this time, the auditor type of the to-be-audited person with the working life being more than 5 years and the job level being more than the advanced manager is determined as a core auditor, and the auditor types of other auditors which do not meet the condition are general auditors. When the threshold value of the auditor is more than or equal to 10%, the threshold value of the working period is 3 years, the threshold value of the job level is the middle-level manager, at the moment, the auditor type of the to-be-audited person with the working period more than 3 years and the job level more than the middle-level manager is determined to be the core auditor, and the auditor types of other auditors which do not meet the conditions are general auditors.
S103: and determining the code type of the incremental modification code according to the comparison result of the incremental modification code and the core code, and determining the auditor according to the code type and the auditor type of each auditor to be audited.
When the incremental modification code comprises a core code, determining that the code type of the incremental modification code is the core code, determining that the auditor type of the core code is a core auditor, and determining that the auditor type is a to-be-auditor of the core auditor. When the incremental modification code comprises a general code, determining that the code type of the incremental modification code is the general code, determining that the auditor type of the general code is a general auditor, and determining that the auditor type is a to-be-auditor of the general auditor.
Before executing S103, further comprising:
monitoring actions of a developer for submitting a source code file in real time through the configured jenkins operation, and automatically analyzing the current submission after capturing the actions of the developer for submitting the source code file to acquire an incremental modification code for local submission modification. The submitted source code file includes a plurality of modified files. And distributing the increment modification code submitted at the time to a core auditor as long as the core code is included in one of the modification files.
S104: and transmitting the auditor and the incremental modification code identifier to a code audit server so that the code audit server transmits a code audit notification comprising the incremental modification code identifier to the auditor.
The code auditing server is a gerit server. After the gerit server receives the incremental modification code identification of the incremental modification code and the auditor, the auditor is added into the auditor list, and a code audit notification comprising the incremental modification code identification is sent to the auditor.
The code audit method shown in fig. 1 may be executed by a computer. As can be seen from the flow shown in fig. 1, the code auditing method according to the embodiment of the invention determines the core code according to the modification times and the called times of the source code file in the preset time period, determines the auditor corresponding to the code type according to the comparison result of the incremental modification code and the core code, and finally sends the incremental modification code identifier and the auditor to the code auditing server so that the code auditing server sends the code auditing notification including the incremental modification code identifier to the auditor, thereby further improving the efficiency and the control quality of the code auditing on the basis of the original code auditing framework and reducing the auditing risk.
The specific flow of the embodiment of the invention is as follows:
1. and determining the modification ratio according to the number of the modification files and the number of the version library files in the preset time period.
2. And determining a modification percentage threshold according to a comparison result of the modification ratio and a preset modification ratio threshold.
3. And sequencing the modification times of each source code file in a preset time period according to the sequence from big to small, and determining the source code files sequenced before the modification percentage threshold value as core codes.
4. And determining a called percentage threshold according to a comparison result of the number of the version library files and a preset version number threshold.
5. Sequencing the called times of each source code file in a preset time period according to the sequence from large to small, and determining the source code files sequenced before the called percentage threshold value as core codes.
6. And determining the type of the auditor of each auditor according to the qualification index of the auditor, the number of the core codes and the number of the version library files.
7. And determining the code type of the incremental modification code according to the comparison result of the incremental modification code and the core code, and determining the auditor according to the code type and the auditor type of each auditor to be audited.
8. And sending the auditor and the incremental modification code identifier to a code audit server.
9. The code audit server sends a code audit notification including the delta modification code identification to an auditor.
In summary, the code auditing method of the embodiment of the invention automatically acquires the core code list and the to-be-audited person list after a developer submits the source code file, automatically matches whether the increment modification code contains the core code or not, and automatically performs corresponding code auditor distribution processing. Compared with a setting mechanism of a gerrit original auditor, the invention can automatically carry out hierarchical control on each change program, relatively accurately corresponds codes of different levels and auditors with different qualification, automatically distributes the codes, replaces a mode that a native system does not distinguish the codes and informs all auditors to carry out audit, has no sense on code submitting personnel in the whole process, more effectively controls the risk of core code audit, and further improves the efficiency and the control quality of code audit on the basis of a native code audit framework.
Based on the same inventive concept, the embodiment of the invention also provides a code auditing device, and because the principle of the device for solving the problem is similar to that of the code auditing method, the implementation of the device can be referred to the implementation of the method, and the repetition is omitted.
Fig. 7 is a block diagram of a code auditing apparatus according to an embodiment of the present invention. Fig. 8 is a block diagram showing the structure of a code audit device according to another embodiment of the present invention. As shown in fig. 7, the code auditing apparatus includes:
the core code determining module is used for determining a core code according to the modification times and the called times of the source code file in a preset time period;
the auditor type determining module is used for determining the auditor type of each auditor according to the qualification index of the auditor, the number of core codes and the number of version library files;
the auditor determining module is used for determining the code type of the incremental modification code according to the comparison result of the incremental modification code and the core code and determining auditors according to the code type and the auditor type of each auditor to be audited;
and the sending module is used for sending the auditor and the incremental modification code identifier to the code audit server so that the code audit server sends a code audit notification comprising the incremental modification code identifier to the auditor.
In one embodiment, the core code determination module includes:
the first core code determining unit is used for sequencing the modification times of each source code file in a preset time period according to the sequence from big to small, and determining the source code files sequenced before the modification percentage threshold value as core codes;
and the second core code determining unit is used for sequencing the called times of each source code file in a preset time period according to the sequence from large to small, and determining the source code files sequenced before the called percentage threshold value as core codes.
In one embodiment, the method further comprises:
the modification ratio determining module is used for determining modification ratio according to the number of modification files and the number of version library files in a preset time period;
and the modification percentage threshold determining module is used for determining the modification percentage threshold according to the comparison result of the modification ratio and the preset modification ratio threshold.
In one embodiment, the method further comprises:
the called percentage threshold determining module is used for determining the called percentage threshold according to the comparison result of the number of the version library files and the preset version number threshold.
As shown in fig. 8, in practical application, the code auditing device includes a code submitting module, a core source code discriminating module, a to-be-audited person type discriminating module and a code auditing automatic distributing module.
FIG. 9 is a block diagram of the code submission module in an embodiment of the invention. As shown in fig. 9, the code commit module includes a code commit listening unit and an incremental code acquisition unit. The code submitting and monitoring unit is used for monitoring actions of a developer for submitting a source code file in real time through the configured jenkins operation. After capturing actions of a developer submitting a source code file, the incremental code acquisition unit automatically analyzes the current submission and acquires an incremental modification code of local submission modification.
The core source code screening module is an execution subject of the flow in fig. 2 and comprises a core code determining module, a modification ratio determining module and a modification percentage threshold determining module.
The to-be-auditor type discriminating module is an execution subject of the flow in fig. 3, and comprises an auditor type determining module and a called percentage threshold determining module.
The code auditing automatic distribution module is an execution subject of the flow in fig. 4 and comprises an auditor determination module and a sending module.
In summary, the code auditing device of the embodiment of the invention determines the core code according to the modification times and the called times of the source code file in the preset time period, determines the auditor corresponding to the code type according to the comparison result of the incremental modification code and the core code, and finally sends the incremental modification code identifier and the auditor to the code auditing server so that the code auditing server sends the code auditing notification comprising the incremental modification code identifier to the auditor, thereby further improving the efficiency and the control quality of the code auditing on the basis of the original code auditing framework and reducing the auditing risk.
The embodiment of the invention also provides a concrete implementation mode of the computer equipment capable of realizing all the steps in the code auditing method in the embodiment. Fig. 10 is a block diagram of a computer device according to an embodiment of the present invention, and referring to fig. 10, the computer device specifically includes:
a processor (processor) 1001 and a memory (memory) 1002.
The processor 1001 is configured to invoke a computer program in the memory 1002, where the processor executes the computer program to implement all the steps in the code auditing method in the foregoing embodiment, for example, the processor executes the computer program to implement the following steps:
determining a core code according to the modification times and the called times of the source code file in a preset time period;
determining the type of the auditor of each auditor according to the qualification index of the auditor, the number of the core codes and the number of the version library files;
determining the code type of the incremental modification code according to the comparison result of the incremental modification code and the core code, and determining auditors according to the code type and the auditor type of each auditor to be audited;
and transmitting the auditor and the incremental modification code identifier to a code audit server so that the code audit server transmits a code audit notification comprising the incremental modification code identifier to the auditor.
In summary, the computer device of the embodiment of the invention determines the core code according to the modification times and the called times of the source code file in the preset time period, then determines the auditor corresponding to the code type according to the comparison result of the incremental modification code and the core code, and finally sends the incremental modification code identifier and the auditor to the code audit server, so that the code audit server sends the code audit notification comprising the incremental modification code identifier to the auditor, the efficiency and the control quality of the code audit can be further improved on the basis of the original code audit frame, and the audit risk is reduced.
The embodiment of the present invention also provides a computer readable storage medium capable of implementing all the steps of the code auditing method in the above embodiment, where the computer readable storage medium stores a computer program, and when the computer program is executed by a processor, the computer program implements all the steps of the code auditing method in the above embodiment, for example, the processor implements the following steps when executing the computer program:
determining a core code according to the modification times and the called times of the source code file in a preset time period;
determining the type of the auditor of each auditor according to the qualification index of the auditor, the number of the core codes and the number of the version library files;
determining the code type of the incremental modification code according to the comparison result of the incremental modification code and the core code, and determining auditors according to the code type and the auditor type of each auditor to be audited;
and transmitting the auditor and the incremental modification code identifier to a code audit server so that the code audit server transmits a code audit notification comprising the incremental modification code identifier to the auditor.
In summary, the computer readable storage medium of the embodiment of the invention determines the core code according to the modification times and the called times of the source code file in the preset time period, then determines the auditor corresponding to the code type according to the comparison result of the incremental modification code and the core code, and finally sends the incremental modification code identifier and the auditor to the code audit server so that the code audit server sends the code audit notification including the incremental modification code identifier to the auditor, thereby further improving the efficiency and the control quality of the code audit on the basis of the original code audit frame and reducing the audit risk.
The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the invention, and is not meant to limit the scope of the invention, but to limit the invention to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the invention are intended to be included within the scope of the invention.
Those of skill in the art will further appreciate that the various illustrative logical blocks (illustrative logical block), units, and steps described in connection with the embodiments of the invention may be implemented by electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components (illustrative components), elements, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design requirements of the overall system. Those skilled in the art may implement the described functionality in varying ways for each particular application, but such implementation is not to be understood as beyond the scope of the embodiments of the present invention.
The various illustrative logical blocks, or units, or devices described in the embodiments of the invention may be implemented or performed with a general purpose processor, a digital signal processor, an Application Specific Integrated Circuit (ASIC), a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described. A general purpose processor may be a microprocessor, but in the alternative, the general purpose processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a digital signal processor and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a digital signal processor core, or any other similar configuration.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. In an example, a storage medium may be coupled to the processor such that the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC, which may reside in a user terminal. In the alternative, the processor and the storage medium may reside as distinct components in a user terminal.
In one or more exemplary designs, the above-described functions of embodiments of the present invention may be implemented in hardware, software, firmware, or any combination of the three. If implemented in software, the functions may be stored on a computer-readable medium or transmitted as one or more instructions or code on the computer-readable medium. Computer readable media includes both computer storage media and communication media that facilitate transfer of computer programs from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, such computer-readable media may include, but is not limited to, RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that may be used to carry or store program code in the form of instructions or data structures and other data structures that may be read by a general or special purpose computer, or a general or special purpose processor. Further, any connection is properly termed a computer-readable medium, e.g., if the software is transmitted from a website, server, or other remote source via a coaxial cable, fiber optic cable, twisted pair, digital Subscriber Line (DSL), or wireless such as infrared, radio, and microwave, and is also included in the definition of computer-readable medium. The disks (disks) and disks (disks) include compact disks, laser disks, optical disks, DVDs, floppy disks, and blu-ray discs where disks usually reproduce data magnetically, while disks usually reproduce data optically with lasers. Combinations of the above may also be included within the computer-readable media.

Claims (10)

1. A code auditing method, comprising:
determining a core code according to the modification times or the called times of the source code file in a preset time period;
determining the type of the auditor of each auditor according to the qualification index of the auditor, the number of the core codes and the number of the version library files;
determining the code type of the incremental modification code according to the comparison result of the incremental modification code and the core code, and determining auditors according to the code type and the auditor type of each auditor to be audited;
and sending the auditor and the incremental modification code identifier to a code audit server so that the code audit server sends a code audit notification comprising the incremental modification code identifier to the auditor.
2. The code auditing method according to claim 1, wherein determining the core code according to the number of modifications or invocations of the source code file within a preset time period comprises:
sequencing the modification times of each source code file in a preset time period according to the sequence from big to small, and determining the source code files sequenced before the modification percentage threshold value as core codes; or (b)
And sequencing the called times of each source code file in the preset time period according to the sequence from large to small, and determining the source code files sequenced before the called percentage threshold value as core codes.
3. The code auditing method of claim 2, further comprising:
determining a modification ratio according to the number of modification files in a preset time period and the number of version library files;
and determining the modification percentage threshold according to a comparison result of the modification ratio and a preset modification ratio threshold.
4. The code auditing method of claim 2, further comprising:
and determining the called percentage threshold according to a comparison result of the number of the version library files and a preset version number threshold.
5. A code auditing apparatus, comprising:
the core code determining module is used for determining a core code according to the modification times or the called times of the source code file in a preset time period;
the auditor type determining module is used for determining the auditor type of each auditor according to the qualification index of the auditor, the number of core codes and the number of version library files;
the auditor determining module is used for determining the code type of the incremental modification code according to the comparison result of the incremental modification code and the core code, and determining auditors according to the code type and the auditor type of each auditor to be audited;
and the sending module is used for sending the auditor and the incremental modification code identifier to a code audit server so that the code audit server sends a code audit notification comprising the incremental modification code identifier to the auditor.
6. The code auditing apparatus of claim 5, wherein the core code determination module comprises:
the first core code determining unit is used for sequencing the modification times of each source code file in a preset time period according to the sequence from big to small, and determining the source code files sequenced before the modification percentage threshold value as core codes;
and the second core code determining unit is used for sequencing the called times of each source code file in the preset time period according to the sequence from large to small, and determining the source code files sequenced before the called percentage threshold value as core codes.
7. The code auditing device of claim 6, further comprising:
the modification ratio determining module is used for determining modification ratio according to the number of modification files and the number of version library files in a preset time period;
and the modification percentage threshold determining module is used for determining the modification percentage threshold according to the comparison result of the modification ratio and a preset modification ratio threshold.
8. The code auditing device of claim 6, further comprising:
and the called percentage threshold determining module is used for determining the called percentage threshold according to the comparison result of the number of the version library files and a preset version number threshold.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and running on the processor, characterized in that the processor implements the steps of the code auditing method of any of claims 1 to 4 when the computer program is executed.
10. A computer readable storage medium having stored thereon a computer program, characterized in that the computer program when executed by a processor implements the steps of the code auditing method of any of claims 1 to 4.
CN202110348677.4A 2021-03-31 2021-03-31 Code auditing method and device Active CN112835588B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110348677.4A CN112835588B (en) 2021-03-31 2021-03-31 Code auditing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110348677.4A CN112835588B (en) 2021-03-31 2021-03-31 Code auditing method and device

Publications (2)

Publication Number Publication Date
CN112835588A CN112835588A (en) 2021-05-25
CN112835588B true CN112835588B (en) 2024-03-29

Family

ID=75930675

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110348677.4A Active CN112835588B (en) 2021-03-31 2021-03-31 Code auditing method and device

Country Status (1)

Country Link
CN (1) CN112835588B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110865934A (en) * 2019-10-08 2020-03-06 北京百度网讯科技有限公司 Code verification method and device, electronic equipment and readable storage medium
US10838945B2 (en) * 2015-10-09 2020-11-17 Wei Xu Information processing network based on uniform code issuance, method therefor, and sensing access device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10838945B2 (en) * 2015-10-09 2020-11-17 Wei Xu Information processing network based on uniform code issuance, method therefor, and sensing access device
CN110865934A (en) * 2019-10-08 2020-03-06 北京百度网讯科技有限公司 Code verification method and device, electronic equipment and readable storage medium

Also Published As

Publication number Publication date
CN112835588A (en) 2021-05-25

Similar Documents

Publication Publication Date Title
US20060156381A1 (en) Approach for deleting electronic documents on network devices using document retention policies
US20230177206A1 (en) Data privacy integration services processing using multiple work packages and multiple responder groups
US20230177182A1 (en) Blocking operations for data privacy integration services using different blocking responder groups
US20230177183A1 (en) Redistribution operations for data privacy integration services using different redistribution responder groups
CN112800457A (en) Sensitive information supervision method and system for block chain network
CN112866282A (en) Method and device for verifying time information in block chain
US20090164970A1 (en) System for Managing Automated Report Versions
US9082085B2 (en) Computing environment climate dependent policy management
US20230179602A1 (en) Voting operations for data privacy integration services using different voting responder groups
CN112835588B (en) Code auditing method and device
CN116090015B (en) Intelligent authority application management system and method based on big data
CN111638885A (en) Plug-in issuing method and device, electronic equipment and storage medium
US12056250B2 (en) Responder groups for data privacy integration services
US8140476B2 (en) Statistical quality monitoring and enhancement
CN112651685B (en) Automatic bin supplementing method and system for value-added tax electronic invoice
CN108763933A (en) A kind of application management method and system based on auto-programming inventory
CN109857726B (en) Application feature library maintenance method and device, electronic equipment and storage medium
CN1737724A (en) Managing administration of data rights
CN112783773B (en) Automatic software testing method and device
CN111124566A (en) BMC user interface operation management method, equipment and readable medium
CN117455429B (en) Authority management method, device, equipment and storage medium
CN111159988A (en) Model processing method and device, computer equipment and storage medium
CN114302438B (en) Method, device, equipment and storage medium for processing abnormality of network element
CN115373948A (en) Big data cluster maintenance method and device
US20160246813A1 (en) System and method for machine information life cycle

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant