CN113254931B - Block chain-based code system updating method, device, equipment and storage medium - Google Patents

Block chain-based code system updating method, device, equipment and storage medium Download PDF

Info

Publication number
CN113254931B
CN113254931B CN202110594982.1A CN202110594982A CN113254931B CN 113254931 B CN113254931 B CN 113254931B CN 202110594982 A CN202110594982 A CN 202110594982A CN 113254931 B CN113254931 B CN 113254931B
Authority
CN
China
Prior art keywords
architecture
blockchain
newly added
code file
updating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110594982.1A
Other languages
Chinese (zh)
Other versions
CN113254931A (en
Inventor
沙沛磊
齐秀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Dianlian Technology Co ltd
Shenzhen Lian Intellectual Property Service Center
Original Assignee
Shenzhen Dianlian Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Dianlian Technology Co ltd filed Critical Shenzhen Dianlian Technology Co ltd
Priority to CN202110594982.1A priority Critical patent/CN113254931B/en
Publication of CN113254931A publication Critical patent/CN113254931A/en
Application granted granted Critical
Publication of CN113254931B publication Critical patent/CN113254931B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Virology (AREA)
  • Bioethics (AREA)
  • Data Mining & Analysis (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention provides a code system updating method based on a block chain, which comprises the following steps: acquiring a newly added code file uploaded by each second blockchain node through the first blockchain node; wherein the first blockchain node and each of the second blockchain nodes are nodes in the same blockchain; updating each newly added code file into a pre-stored original architecture to obtain a new architecture; inputting the new architecture into a security vulnerability model library for detection; wherein, various architecture cases which do not fit rules are prestored in the security vulnerability model library; and if the detection result is qualified, uploading each newly-added code file to a code system for updating through the first block chain link point. The invention has the beneficial effects that: the security of each newly added code file is ensured, and in addition, each newly added code file is automatically detected through a block chain, so that the investment of human resources is reduced, and the confidentiality of codes uploaded by each developer can be ensured.

Description

Block chain-based code system updating method, device, equipment and storage medium
Technical Field
The present invention relates to the field of development, and in particular, to a method, an apparatus, a device, and a storage medium for updating a code system based on a blockchain.
Background
In the development process of the product, a plurality of research personnel are involved for common development, so that when a code system is built or updated, vulnerability inspection is required to be carried out on the built or updated code system, at present, security inspection is generally carried out through corresponding security personnel, but the efficiency of manual inspection is lower, and the problem that codes of research personnel are easy to leak also exists.
Disclosure of Invention
The invention mainly aims to provide a method, a device, equipment and a storage medium for updating a code system based on a blockchain, which aim to solve the problems that the efficiency of manual inspection is low, and codes of research personnel are easy to leak.
The invention provides a code system updating method based on a block chain, which is applied to a first block chain node and comprises the following steps:
acquiring a newly added code file uploaded by each second blockchain node; wherein the first blockchain node and each of the second blockchain nodes are nodes in the same blockchain;
updating each newly added code file into a pre-stored original architecture to obtain a new architecture;
inputting the new architecture into a security vulnerability model library for detection; wherein, various architecture cases which do not fit rules are prestored in the security vulnerability model library;
and if the detection result is qualified, uploading each newly added code file to a code system for updating.
The invention also provides a code system updating device based on the block chain, which is arranged at a first block chain node and comprises:
the acquisition module is used for acquiring the newly-added code files uploaded by each second blockchain node; wherein the first blockchain node and each of the second blockchain nodes are nodes in the same blockchain;
the updating module is used for updating each newly added code file into a pre-stored original architecture to obtain a new architecture;
the input module is used for inputting the new architecture into a security vulnerability model library for detection; wherein, various architecture cases which do not fit rules are prestored in the security vulnerability model library;
and the uploading module is used for uploading each newly added code file to the code system for updating if the detection result is qualified.
The invention also provides a computer device comprising a memory storing a computer program and a processor implementing the steps of any of the methods described above when the processor executes the computer program.
The invention also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the method of any of the preceding claims.
The invention has the beneficial effects that: the newly-added code files uploaded by each second blockchain node are acquired through the first blockchain node, and the newly-added code files are detected in the first blockchain node, so that the safety of each newly-added code file is ensured.
Drawings
FIG. 1 is a flow chart of a method for updating a blockchain-based code system in accordance with an embodiment of the present invention;
FIG. 2 is a block diagram of a block chain based code system update apparatus according to one embodiment of the present invention;
fig. 3 is a block diagram schematically illustrating a structure of a computer device according to an embodiment of the present application.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that, in the embodiments of the present invention, all directional indicators (such as up, down, left, right, front, and back) are merely used to explain the relative positional relationship, movement conditions, and the like between the components in a specific posture (as shown in the drawings), if the specific posture is changed, the directional indicators correspondingly change, and the connection may be a direct connection or an indirect connection.
The term "and/or" is herein merely an association relation describing an associated object, meaning that there may be three relations, e.g., a and B, may represent: a exists alone, A and B exist together, and B exists alone.
Furthermore, descriptions such as those referred to as "first," "second," and the like, are provided for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implying an order of magnitude of the indicated technical features in the present disclosure. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be considered to be absent and not within the scope of protection claimed in the present invention.
Referring to fig. 1, the present invention proposes a method for updating a code system based on a blockchain, comprising:
s1: acquiring a newly added code file uploaded by each second blockchain node; wherein the first blockchain node and each of the second blockchain nodes are nodes in the same blockchain;
s2: updating each newly added code file into a pre-stored original architecture to obtain a new architecture;
s3: inputting the new architecture into a security vulnerability model library for detection; wherein, various architecture cases which do not fit rules are prestored in the security vulnerability model library;
s4: and if the detection result is qualified, uploading each newly added code file to a code system for updating.
And (2) acquiring the newly added code files uploaded by each second blockchain node as described in the step S1. The obtaining mode may be preset rules in the blockchain, and the obtaining is performed according to the preset rules, for example, when each second blockchain node receives a newly-added code file uploaded by a developer corresponding to each second blockchain node, the newly-added code file is transferred to the first blockchain node, that is, the first blockchain node obtains the newly-added code file uploaded by each second blockchain node, wherein the first blockchain node is preferably a virtual blockchain node, so that the newly-added code cannot be leaked, and the security of the newly-added code is ensured.
And step S2, updating each of the newly added code files to the pre-stored original architecture to obtain a new architecture. The pre-stored original architecture is an existing architecture in the code system, and may be stored in the first blockchain node in each development or update process, or may be directly obtained from the code system through the first blockchain node during development.
And (3) inputting the new architecture into a security hole model library for detection as described in the step (S3). The security vulnerability model library is stored in the first blockchain node in advance, and the security vulnerability model is obtained by recording some related vulnerability types and cases in the model library, and when detecting, only the new architecture and each vulnerability type or case need to be compared, so that whether the new architecture has a corresponding vulnerability or not can be known, and therefore, the automatic detection of the vulnerability is realized. In a preferred embodiment, in order to avoid some irreversible errors in directly inputting each newly added code into the code system, the first blockchain node and the code system may be separately set, and the data connection may be set, that is, the detection is performed in the first blockchain node, and after the detection is completed, the detection is uploaded to the code system through the first blockchain node.
And if the detection result is qualified, uploading each newly added code file to a code system for updating as described in the step S4. The security hole model library is uploaded to the code system by the first blockchain node to update after no security hole is detected, so that the security of each newly-added code file is guaranteed, in addition, the blockchain is used for automatically detecting each newly-added code file, so that the investment of manpower resources is reduced, the confidentiality of codes uploaded by each developer can be guaranteed, each developer only needs to upload the corresponding second blockchain node in the blockchain, and other second blockchain nodes are not authorized to acquire the code files which are not uploaded by the second blockchain node, and therefore the confidentiality of the up-passage code file can be guaranteed, in addition, codes developed by each developer do not need to pass a series of auditing, but are audited by the blockchain, and if the codes do not pass, the codes are sent to the corresponding developer under the blockchain, so that the development efficiency of the developer can be improved.
In one embodiment, the step S3 of inputting the new architecture into the security hole model for detection includes:
s301: acquiring first directory information of the original architecture and second directory information of the new architecture;
s302: comparing different architecture information in the first directory information and the second directory information;
s303: acquiring a code file of architecture information different from the first directory information under the second directory;
s304: and inputting the code file into a security vulnerability model, and comparing the code file with each architecture case in the security vulnerability model to obtain a detection result.
As described in the above steps S301-S304, the detection information extraction before the security hole model is implemented, and since the content in the first directory information under the previous architecture has been subjected to the hole inspection before, in order to improve the efficiency and avoid repeated detection, the first directory information of the previous architecture and the second directory information of the new architecture may be compared, so as to obtain the code file of the architecture information different from the first directory information under the second directory information, and at this time, the hole detection model only needs to detect the code file under the second directory information and under the architecture information different from the first directory information. It should be noted that, when a new code file is input into the original architecture, it may affect other code files in other original architectures, so that all directory information of the original architecture and the new architecture needs to be compared, rather than just under the directory to which the new code file is attached. The comparison method specifically compares each architecture case in the security hole model with the code files of different architecture information, and the corresponding code files can be compared with the architecture cases because the architecture cases recorded in the security hole model are all architecture cases with security holes. For example, if one of the architecture cases is a code statement having a logic conflict between the front and back, then the comparison process only needs to compare whether the code statement having the same logic conflict as the architecture case.
In one embodiment, before step S2 of updating each of the new code files to the pre-stored original architecture to obtain a new architecture, the method further includes:
s101: acquiring a coding specification corresponding to an original framework;
s102: judging whether each newly added code file meets the coding specification;
s103: and returning information of the code non-specification to the second blockchain node where the newly added code which does not meet the code specification is located.
As described in the above steps S101-S103, the inspection of the specification of the newly added code is achieved. The code specification of the original architecture is obtained.
In step S101, in the actual development process, because the developer can seldom code according to the coding specification strictly, the coding specification may be set in advance, for example, the variable method is set to be only three at most, the variable name is not accurate, the database key word appears, the interface request mode must be POST and GET types (two most commonly used interfaces of HTTP request), the domain name must be checked, and the like, and then the newly added code is checked based on the coding specification. Specifically, the coding specification may be obtained by the first blockchain node and then transmitted to each second blockchain node for inspection, or after the coding specification is obtained by the first blockchain node, each second blockchain node uploads the respective newly-added code to the first blockchain node for inspection in sequence.
In step S102, it is determined whether each of the newly added code files satisfies the coding specification. The specific step of judging is that the obtained code specifications are analyzed firstly, then the newly added code files are checked one by one aiming at each specification in the code specifications, for example, if the code specifications set the number of the parameters of the variable method to be added is three at most, the number of the parameters of the variable method to be added can be detected, if the number of the parameters of the variable method to be added is less than or equal to three, the requirements are judged to be met, if the number of the parameters of the variable method to be added is not less than or equal to three, the codes of the variable method to be added are judged to be not met, and the reasons of the non-met codes and the non-met specifications are recorded.
In step S103, the recorded reasons and the non-compliant specifications are fed back to the corresponding second nodes, which indicates that the codes uploaded by the developer are not compliant with the requirements and should be modified correspondingly, and the developer can intuitively see the non-compliant specifications and can quickly and intuitively perform the compliant modifications, thereby improving the development efficiency.
In one embodiment, before the step S1 of obtaining, by the first blockchain node, the newly added code file uploaded by each second blockchain node, the method further includes:
s001: receiving a detection protocol sent by a user terminal;
s002: transmitting the detection protocol to the second blockchain node;
s003: and if the confirmation message of the detection protocol returned by the second blockchain node is received, generating an intelligent contract according to the detection protocol and synchronizing to the blockchain.
As described in the above steps S001-S003, the message recording for acquiring data from the user terminal is implemented. That is, the user needs to send a data acquisition protocol, where the data acquisition protocol includes information of an index value required to be acquired by the user terminal, original data information required to calculate the index value, and the like, and when the second blockchain node confirms that the data acquisition protocol is correct, the first blockchain node can generate a corresponding intelligent contract according to the data acquisition protocol. Specifically, when the first blockchain node receives the information that the second blockchain node confirms that the data acquisition protocol is correct, the first blockchain node may generate a corresponding intelligent contract based on the data acquisition protocol. The intelligent contract can record the data acquired by the user terminal on one hand, and can also realize that the second blockchain node acquires the original data, so that the situation that the original data cannot be acquired due to the fact that the blockchain has no function is avoided. After the intelligent contract is generated, the intelligent contract needs to be sent to the blockchain for recording, and can be validated. Generating the smart contracts may also be referred to as deploying the smart contracts, and creating the smart contracts is initializing business data based on collective business needs. The intelligent contract is created and the contract name of the intelligent contract is generated, and it is understood that the contract name is also set according to specific business needs. Since the contract name is set according to specific business needs, the contract name includes business uses describing the smart contract. Of course, when describing the business use of the contract name, a unified format is adopted as much as possible in order to analyze the content in the intelligent contract. Therefore, the field information and the data parsing modes available for all contracts with the same contract name are the same, which fields exist in the contract can be judged according to the contract name, and how to parse can be known according to the contract name.
In one embodiment, the step S2 of updating each of the newly added code files to the pre-stored original architecture to obtain a new architecture includes:
s111: acquiring content information in each newly added code file;
s112: inputting the content information into a preset vector machine to obtain content vectors corresponding to the new codes;
s113: according to the formulaCalculating the association value of each content vector and other content vectors; wherein R (x) i ) Representing the associated value corresponding to the ith content vector, d is a preset parameter, x i Represents the ith content vector, x j Represents the j-th content vector, n represents the number of the content vectors;
s114: judging whether the newly added codes are compatible or not according to the association value;
s115: if so, updating each newly added code file into a pre-stored original architecture to obtain the new architecture.
As described in the above steps S111-S115, the correlation detection of the newly added code is realized, and the error-transmitting of the code file by each developer is avoided. The method for obtaining the content information in each newly-added code file can be obtained according to the label uploaded by each developer, namely, when each developer uploads the code file, the label is required to be carried in the newly-added code file, so that a code system can recognize the position and the action of the newly-added code, and therefore, vectorization is carried out on the content information, and then the association value of each content vector and other content vectors is calculated according to a formula, wherein the larger the calculated numerical value is, the larger the association degree of each content vector and other newly-added code files is, so that whether the newly-added code files are compatible with each other can be judged according to the association value, the judging method is not limited, for example, the average value of each association value can be calculated, if the average value is smaller than the preset association value, the transmission error of the newly-added code can be recognized, and other judging methods can be adopted to judge whether the newly-added codes are compatible with each other, and if the newly-added code files are compatible with each other, the newly-added code files are updated to the pre-stored original architecture, and the new architecture is obtained.
In one embodiment, before the step S1 of obtaining the newly added code file uploaded by each second blockchain node, the method further includes:
s011: creating a blockchain class by using a Go language, and instantiating the blockchain class to obtain an created block, wherein the hash value of the previous block is set to 0 in the created block;
s012: generating other blocks by adopting a preset block generation technology based on the created block, wherein the other blocks record the hash value of the previous block;
s013: and taking the preset terminal as a block chain node, and building the block chain network.
Building a blockchain is accomplished as described in steps S011-S013 above. The language in which the blockchain class is created may be any feasible language, such as JAVA, C++, go, etc., with the Go language being preferred for this embodiment to optimize the blockchain class. The method comprises the steps of defining a blockchain class (class), and instantiating the blockchain class, namely determining specific parameters of the blockchain, wherein the specific parameters are parameters of the type of the blockchain required to be constructed by a developer, so that a first block (an created block) is obtained, and the first block is used as a generation basis of other blocks. Since the created block is the first block, there is virtually no previous block, the hash value of the previous block can be set to 0 in the created block. The preset consensus mechanism can be any consensus mechanism, such as a workload proof mechanism, a rights proof mechanism, a Bayesian fault tolerance mechanism, etc. The preset block generation technology is, for example, setting a block head and a block body; a hash value of a previous block in the block header, a hash value of a local block and a timestamp; the data prepared in advance is stored in the block body so that the block head and the block body constitute one block.
In one embodiment, after step S4 of uploading each of the newly added code files to the code system for updating if the detection result is qualified, the method further includes:
s501: detecting and receiving architecture problems based on the newly added code feedback;
s502: and inputting the architecture problem into the security hole model library for feedback training.
As described in step S501, if the newly added code has some architecture problems that cannot be identified by the security hole model, feedback training may be performed on the security hole model library. Specifically, the architecture problem can be uploaded to the first blockchain node through the code system, or the related personnel can upload the architecture problem to the first blockchain node through other blockchain nodes, and the uploaded information should include a label based on the newly added code so as to indicate that the architecture problem is fed back based on the newly added code and also facilitate the identification of the first blockchain node.
As described in step S502, the architecture problem is input into the security hole model to perform feedback training, i.e. the reason why the hole occurs is recorded in the security hole model. The feedback training mode may be to record the reasons and problems of the architecture problem in a security vulnerability model library, and set corresponding recognition steps based on the reasons of the architecture problem, that is, finish retraining the security vulnerability model library, so that the security vulnerability model library has a learning function, and the vulnerability recognition function of the security vulnerability model library is enhanced.
Referring to fig. 2, the present application further provides a code system updating apparatus based on a blockchain, which is disposed at a first blockchain node, and includes:
the acquisition module 10 is used for acquiring the newly added code file uploaded by each second blockchain node; wherein the first blockchain node and each of the second blockchain nodes are nodes in the same blockchain;
the updating module 20 is configured to update each of the newly added code files to a pre-stored original architecture to obtain a new architecture;
the input module 30 is configured to input the new architecture into a security vulnerability model library for detection; wherein, various architecture cases which do not fit rules are prestored in the security vulnerability model library;
and the uploading module 40 is configured to upload each of the newly added code files to the code system for updating if the detection result is qualified.
In one embodiment, the input module 30 includes:
the first acquisition sub-module is used for acquiring the first directory information of the original architecture and the second directory information of the new architecture;
a comparing sub-module for comparing different architecture information in the first directory information and the second directory information;
a second obtaining sub-module, configured to obtain, under the second directory information, a code file of architecture information different from the first directory information;
and the input sub-module is used for inputting the code file into a security vulnerability model, and comparing the code file with each architecture case in the security vulnerability model to obtain a detection result.
In one embodiment, the blockchain-based code system updating device further includes:
the code specification acquisition module is used for acquiring the code specification corresponding to the original framework;
the code file judging module is used for judging whether each newly added code file meets the coding specification;
and the code non-standard returning module is used for returning information of code non-standard to the second block chain node where the newly added code which does not meet the code standard is located.
In one embodiment, the blockchain-based code system updating device further includes:
the detection protocol receiving module is used for receiving a detection protocol sent by the user terminal;
the detection protocol sending module is used for sending the detection protocol to the second blockchain node;
and if the confirmation message of the detection protocol returned by the second blockchain node is received, generating an intelligent contract according to the detection protocol and synchronizing to the blockchain.
In one embodiment, the update module 20 includes:
a content information acquisition sub-module for acquiring content information in each of the newly added code files;
the vectorization sub-module is used for inputting the content information into a preset vector machine to obtain content vectors corresponding to the newly added codes;
a correlation value calculation sub-module for calculating correlation value according to the formulaCalculating the association value of each content vector and other content vectors; wherein R (x) i ) Representing the associated value corresponding to the ith content vector, d is a preset parameter, x i Represents the ith content vector, x j Represents the j-th content vector, n represents the number of the content vectors;
the compatibility judging sub-module is used for judging whether the newly added codes are compatible or not according to the association value;
and the updating sub-module is used for updating each newly added code file into a pre-stored original architecture if the newly added code files are compatible, so as to obtain the new architecture.
In one embodiment, the blockchain-based code system updating device further includes:
the system comprises a blockchain class creation module, a block chain class generation module and a block chain generation module, wherein the blockchain class creation module is used for creating a blockchain class by using a Go language, obtaining an generated block after instantiating the blockchain class, and setting the hash value of the previous block to 0 in the generated block;
the other block generation module is used for generating other blocks by adopting a preset block generation technology based on the created block, wherein the other blocks record the hash value of the previous block;
the building module is used for taking a preset terminal as a blockchain node and building the blockchain network.
The invention has the beneficial effects that: the newly-added code files uploaded by each second blockchain node are acquired through the first blockchain node by setting the blockchain, and each newly-added code file is detected in the first blockchain node, so that the safety of each newly-added code file is ensured, and in addition, each newly-added code file is automatically detected through the blockchain, so that the input of human resources is reduced.
Referring to fig. 3, a computer device is further provided in the embodiment of the present application, where the computer device may be a server, and the internal structure of the computer device may be as shown in fig. 3. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the computer is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing various code data and the like. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, may implement the blockchain-based code system updating method of any of the embodiments described above.
Those skilled in the art will appreciate that the architecture shown in fig. 3 is merely a block diagram of a portion of the architecture in connection with the present application and is not intended to limit the computer device to which the present application is applied.
The present application further provides a computer readable storage medium, on which a computer program is stored, where the computer program when executed by a processor can implement the blockchain-based code system updating method described in any of the above embodiments.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by hardware associated with a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium provided herein and used in embodiments may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual speed data rate SDRAM (SSRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, apparatus, article or method that comprises the element.
Blockchains are novel application modes of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanisms, encryption algorithms, and the like. The Blockchain (Blockchain), which is essentially a decentralised database, is a string of data blocks that are generated by cryptographic means in association, each data block containing a batch of information of network transactions for verifying the validity of the information (anti-counterfeiting) and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, and an application services layer.
The blockchain underlying platform may include processing modules for user management, basic services, smart contracts, operation monitoring, and the like. The user management module is responsible for identity information management of all blockchain participants, including maintenance of public and private key generation (account management), key management, maintenance of corresponding relation between the real identity of the user and the blockchain address (authority management) and the like, and under the condition of authorization, supervision and audit of transaction conditions of certain real identities, and provision of rule configuration (wind control audit) of risk control; the basic service module is deployed on all block chain node devices, is used for verifying the validity of a service request, recording the service request on a storage after the effective request is identified, for a new service request, the basic service firstly analyzes interface adaptation and authenticates the interface adaptation, encrypts service information (identification management) through an identification algorithm, and transmits the encrypted service information to a shared account book (network communication) in a complete and consistent manner, and records and stores the service information; the intelligent contract module is responsible for registering and issuing contracts, triggering contracts and executing contracts, a developer can define contract logic through a certain programming language, issue the contract logic to a blockchain (contract registering), invoke keys or other event triggering execution according to the logic of contract clauses to complete the contract logic, and simultaneously provide a function of registering contract upgrading; the operation monitoring module is mainly responsible for deployment in the product release process, modification of configuration, contract setting, cloud adaptation and visual output of real-time states in product operation, for example: alarms, monitoring network conditions, monitoring node device health status, etc.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.

Claims (7)

1. A blockchain-based code system update method applied to a first blockchain node, comprising:
acquiring a newly added code file uploaded by each second blockchain node; wherein the first blockchain node and each of the second blockchain nodes are nodes in the same blockchain;
updating each newly added code file into a pre-stored original architecture to obtain a new architecture;
inputting the new architecture into a security vulnerability model library for detection; wherein, various architecture cases which do not fit rules are prestored in the security vulnerability model library;
if the detection result is qualified, uploading each newly added code file to a code system for updating;
the step of updating each newly added code file to a pre-stored original architecture to obtain a new architecture comprises the following steps:
acquiring content information in each newly added code file;
inputting the content information into a preset vector machine to obtain content vectors corresponding to the new codes;
according to the formulaCalculating the association value of each content vector and other content vectors; wherein R (x) i ) Representing the associated value corresponding to the ith content vector, d is a preset parameter, x i Represents the ith content vector, x j Represents the j-th content vector, n represents the number of the content vectors;
judging whether the newly added codes are compatible or not according to the association value;
if so, updating each newly added code file into a pre-stored original architecture to obtain the new architecture;
the step of inputting the new architecture into a security vulnerability model library for detection comprises the following steps:
acquiring first directory information of the original architecture and second directory information of the new architecture;
comparing different architecture information in the first directory information and the second directory information;
acquiring code files of architecture information different from the first directory information under the second directory information;
and inputting the code file into a security hole model library, and comparing the code file with each architecture case in the security hole model to obtain a detection result.
2. The method for updating a blockchain-based code system of claim 1, wherein before the step of updating each of the newly added code files to a pre-stored original architecture to obtain a new architecture, further comprising:
acquiring a coding specification corresponding to an original framework;
judging whether each newly added code file meets the coding specification;
and returning information of the code non-specification to the second blockchain node where the newly added code which does not meet the code specification is located.
3. The blockchain-based code system updating method of claim 1, wherein prior to the step of obtaining the newly added code file uploaded by each second blockchain node, further comprising:
receiving a detection protocol sent by a user terminal;
transmitting the detection protocol to the second blockchain node;
and if the confirmation message of the detection protocol returned by the second blockchain node is received, generating an intelligent contract according to the detection protocol and synchronizing to the blockchain.
4. The blockchain-based code system updating method of claim 1, wherein prior to the step of obtaining the newly added code file uploaded by each second blockchain node, further comprising:
creating a blockchain class by using a Go language, and instantiating the blockchain class to obtain an created block, wherein the hash value of the previous block is set to 0 in the created block;
generating other blocks by adopting a preset block generation technology based on the created block, wherein the other blocks record the hash value of the previous block;
and taking the preset terminal as a block chain node, and building the block chain network.
5. A blockchain-based code system updating device, disposed at a first blockchain node, comprising:
the acquisition module is used for acquiring the newly-added code files uploaded by each second blockchain node; wherein the first blockchain node and each of the second blockchain nodes are nodes in the same blockchain;
the updating module is used for acquiring the content information in each newly added code file;
inputting the content information into a preset vector machine to obtain content vectors corresponding to the new codes;
according to the formulaCalculating the association value of each content vector and other content vectors; wherein R (x) i ) Representing the associated value corresponding to the ith content vector, d is a preset parameter, x i Represents the ith content vector, x j Representing the jth content vectorN represents the number of said content vectors;
judging whether the newly added codes are compatible or not according to the association value;
if so, updating each newly added code file into a pre-stored original architecture to obtain a new architecture;
the input module is used for acquiring the first directory information of the original architecture and the second directory information of the new architecture;
comparing different architecture information in the first directory information and the second directory information;
acquiring code files of architecture information different from the first directory information under the second directory information;
inputting the code file into a security vulnerability model library, and comparing the code file with each architecture case in the security vulnerability model to obtain a detection result; wherein, various architecture cases which do not fit rules are prestored in the security vulnerability model library;
and the uploading module is used for uploading each newly added code file to the code system for updating if the detection result is qualified.
6. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 4 when the computer program is executed.
7. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 4.
CN202110594982.1A 2021-05-28 2021-05-28 Block chain-based code system updating method, device, equipment and storage medium Active CN113254931B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110594982.1A CN113254931B (en) 2021-05-28 2021-05-28 Block chain-based code system updating method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110594982.1A CN113254931B (en) 2021-05-28 2021-05-28 Block chain-based code system updating method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113254931A CN113254931A (en) 2021-08-13
CN113254931B true CN113254931B (en) 2024-02-06

Family

ID=77185261

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110594982.1A Active CN113254931B (en) 2021-05-28 2021-05-28 Block chain-based code system updating method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113254931B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109446814A (en) * 2018-09-30 2019-03-08 北京金山安全软件有限公司 Vulnerability detection method and device
CN110532782A (en) * 2019-07-30 2019-12-03 平安科技(深圳)有限公司 A kind of detection method of task execution program, device and storage medium
CN110619215A (en) * 2019-08-23 2019-12-27 苏州浪潮智能科技有限公司 Code security scanning method and system
CN112560045A (en) * 2020-12-11 2021-03-26 腾讯科技(深圳)有限公司 Application program vulnerability detection method and device, computer equipment and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109446814A (en) * 2018-09-30 2019-03-08 北京金山安全软件有限公司 Vulnerability detection method and device
CN110532782A (en) * 2019-07-30 2019-12-03 平安科技(深圳)有限公司 A kind of detection method of task execution program, device and storage medium
CN110619215A (en) * 2019-08-23 2019-12-27 苏州浪潮智能科技有限公司 Code security scanning method and system
CN112560045A (en) * 2020-12-11 2021-03-26 腾讯科技(深圳)有限公司 Application program vulnerability detection method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN113254931A (en) 2021-08-13

Similar Documents

Publication Publication Date Title
CN107508812B (en) Industrial control network data storage method, calling method and system
CN110933163B (en) Block chain contract deployment method, device, equipment and storage medium
US11582042B2 (en) Industrial data verification using secure, distributed ledger
US7590851B2 (en) Confirmation method of software and apparatus for executing software
CN110597541B (en) Interface updating processing method, device, equipment and storage medium based on block chain
CN112383535B (en) Method and device for detecting Hash transfer attack behavior and computer equipment
CN110569389A (en) Environment monitoring method and device, computer equipment and storage medium
CN110597818A (en) Block chain based volume query method, device, equipment and storage medium
CN113642039A (en) Configuration method and device of document template, computer equipment and storage medium
CN113918526A (en) Log processing method and device, computer equipment and storage medium
CN110825776B (en) Air quality detection report processing method and device, computing equipment and storage medium
CN111339141A (en) Data transmission method, block link node equipment and medium
CN112637282B (en) Information pushing method and device, computer equipment and storage medium
CN113254931B (en) Block chain-based code system updating method, device, equipment and storage medium
CN113672654A (en) Data query method and device, computer equipment and storage medium
CN112685012A (en) Block chain-based microservice architecture implementation method, device, equipment and medium
CN114416875B (en) Task processing method, device, equipment and storage medium based on blockchain
CN114579582B (en) Resource processing method and device based on block chain
CN113420307B (en) Ciphertext data evaluation method and device, computer equipment and storage medium
CN113919953A (en) Method, device, equipment and storage medium for realizing cross-chain generation of intelligent contract
CN113312481A (en) Text classification method, device and equipment based on block chain and storage medium
CN113766028A (en) Content copyright encryption traceability system and method based on cloud network
CN113435517A (en) Abnormal data point output method and device, computer equipment and storage medium
CN113342835A (en) Method, device, equipment and medium for modifying text to be checked based on block chain
CN113282710B (en) Training method and device of text relation extraction model and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20240104

Address after: 301, 304, Building 2, COFCO Chuangxin R&D Center, 69 Xingdong Community, Xin'an Street, Bao'an District, Shenzhen, Guangdong 518000

Applicant after: SHENZHEN DIANLIAN TECHNOLOGY Co.,Ltd.

Address before: 518000 Room 202, block B, aerospace micromotor building, No.7, Langshan No.2 Road, Xili street, Nanshan District, Shenzhen City, Guangdong Province

Applicant before: Shenzhen LIAN intellectual property service center

Effective date of registration: 20240104

Address after: 518000 Room 202, block B, aerospace micromotor building, No.7, Langshan No.2 Road, Xili street, Nanshan District, Shenzhen City, Guangdong Province

Applicant after: Shenzhen LIAN intellectual property service center

Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant before: PING AN PUHUI ENTERPRISE MANAGEMENT Co.,Ltd.

GR01 Patent grant
GR01 Patent grant