CN113448613A - Software delivery data checking method and device - Google Patents
Software delivery data checking method and device Download PDFInfo
- Publication number
- CN113448613A CN113448613A CN202111003197.0A CN202111003197A CN113448613A CN 113448613 A CN113448613 A CN 113448613A CN 202111003197 A CN202111003197 A CN 202111003197A CN 113448613 A CN113448613 A CN 113448613A
- Authority
- CN
- China
- Prior art keywords
- software
- data
- check
- inspection
- virus
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Stored Programmes (AREA)
Abstract
The invention provides a software delivery data checking method, which comprises the steps of classifying and collecting software delivery data, carrying out virus check on the software delivery data, carrying out data integrity check when virus files exist in the software delivery data which is not checked, wherein the data integrity check comprises document data integrity check, source code integrity check and third-party test report validity check, automatically generating software asset check identification information after the data integrity check is finished, converting the software delivery data into software assets, formally storing the software assets into a software asset library, uniformly managing the software assets by using the software asset library, providing a software asset query function and a software data extraction function for the software delivery data, and further providing a software delivery data checking device, carrying out deep automatic check on the software delivery data, the efficiency and the quality of software data inspection are greatly improved.
Description
Technical Field
The invention relates to the technical field of software asset management, in particular to a software delivery data checking method and device.
Background
At present, the method for checking software delivery data only carries out the most basic computer virus checking and killing, the checking strength of the basic computer virus checking and killing is weak, and the deep checking of specific contents of software core data, such as software source codes, software document data, third party test reports and the like, can not be carried out manually by technicians, the efficiency of checking the software delivery data manually is low, the method is greatly influenced by subjective factors such as the capability, the responsibility and the like of the technicians, and the checking quality can not be guaranteed. Therefore, there is a need for a method for inspecting delivered software that can greatly improve the efficiency and quality of inspection of delivered software.
Disclosure of Invention
The invention aims to solve the defects of the prior art and provide a method for checking software delivery data, which can greatly improve the data checking efficiency and quality.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
based on one aspect of the present invention, a method for checking delivery data of software is provided, which includes:
s101: classifying and collecting the data delivered by the software;
s102: virus inspection is carried out on the data delivered by the software;
s103: when the virus file exists in the data delivered by the software, performing data integrity check, wherein the data integrity check comprises document data integrity check, source code integrity check and third-party test report validity check;
s104: automatically generating software asset checking identification information after finishing the data integrity check, converting the data delivered by the software into the software asset, and formally storing the software asset into a software asset library;
s105: and uniformly managing the software assets by using a software asset library, wherein the software asset library provides a software asset query function and a software data extraction function.
In one embodiment, the classifying and collecting the data delivered by the software includes classifying and collecting document data, source code and third-party test reports formed at various stages of the software project by means of uploading via a web page or a file transfer protocol.
In one embodiment, the virus inspection includes using a command prompt to call antivirus software to perform virus inspection, and then analyzing a scan log file generated by the virus inspection to obtain a virus scan result.
In one embodiment, after the step S102, when it is checked that the data delivered by the software contains a virus file, performing killing and feeding back to the user, and ending the virus check.
In one embodiment, the document material integrity check includes:
reading the file size of the document data, and identifying the document data smaller than a preset document minimum value parameter as an incomplete document;
reading a directory structure of document data, automatically comparing the directory structure according to chapter requirements of various types of software document data in a preset software documentation specification, identifying incomplete documents with incomplete chapters, performing integrity scoring on each chapter according to the integrity degree of the document data chapter, and calculating the total integrity score of each document data according to the weight value of each chapter;
and identifying unqualified documents according to the total score, feeding the result back to the user when unqualified documents exist, finishing the inspection, and performing further data integrity inspection when all document data are qualified.
In one embodiment, the source code integrity check includes:
for a programming language capable of performing source code compiling, executing a compiling instruction under a compiling environment, and analyzing returned compiling information after executing the compiling instruction;
and when the returned compiling information has the prompt information of successful compiling and can generate a compiled program file, the source code is identified to be complete, and further data integrity check is carried out.
In one embodiment, the third party test report validity check includes:
reading the content of a software third-party test report, identifying the organization name, qualification type, qualification number and test conclusion information issued by the third-party test report, then comparing the organization name, qualification type and qualification number information in a local assessment organization qualification library, and checking whether the organization issuing the third-party test report has qualification so as to judge the validity of the third-party test report;
and when the third-party test report is invalid, feeding the result back to the user and finishing the check, and when the third-party test report is valid, performing further data integrity check.
In one embodiment, the software asset check identification information includes a software check unique number, a software brevity code, a software name, a software version number, a software vendor, and authorized license information.
In one embodiment, the condition of the software asset query comprises a software inspection unique number, a software brevity code, a software name and a warehousing time, and the object extracted by the software data comprises document data, source codes and third-party test reports corresponding to the software.
Based on another aspect of the invention, a software delivery data inspection device is provided, which comprises a data classification collection module, a data virus inspection module, a data integrity inspection module, an identification information generation module and a software database management module; the data classifying and collecting module is used for classifying and collecting data delivered by the software; the data virus check module is used for performing virus check on the data delivered by the software; the data integrity check module is used for checking data integrity, and the data integrity check comprises document data integrity check, source code integrity check and third-party test report validity check; the identification information generation module is used for automatically generating software asset inspection identification information after finishing the data integrity inspection, and converting the data delivered by the software into the software asset and formally storing the software asset into a software asset library; the software database management module is used for uniformly managing the software assets and providing a software asset query function and a software data extraction function.
Compared with the prior art, the method and the device for checking the software delivery data can be used for carrying out deep automatic checking on the software delivery data, greatly improving the efficiency and the quality of software data checking, realizing the integrity checking on software document data, generating software asset checking identification information, storing the checked software delivery data in a software asset library for unified management, providing the functions of inquiry and data extraction, and providing a support basis for the auditing of software assets.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart illustrating a method for checking delivery data according to an embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantageous effects to be solved by the present invention more clearly apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As shown in fig. 1, the present embodiment provides a method for checking delivery data of software, including:
s101: classifying and collecting the data delivered by the software; specifically, the software project comprises multiple stages of feasibility research, design, development, test, trial run, acceptance and the like, and the classified collection of the data delivered by the software comprises the classified collection of document data, source codes and third-party test reports formed at each stage of the software project in a webpage or FTP (file transfer protocol) uploading mode.
S102: virus inspection is carried out on the data delivered by the software; specifically, virus scanning is carried out on collected software delivery data to ensure that the software delivery data is free of viruses, the CMD command similar to sd.exe < software data directory >' is adopted to call antivirus software, virus checking is started, then a scanning log file generated by the virus checking is analyzed, and a virus scanning result is obtained.
S103: and when the virus files exist in the data delivered by the software, performing data integrity check, wherein the data integrity check comprises document data integrity check, source code integrity check and third-party test report validity check, and when the virus files exist in the data delivered by the software, performing killing and feeding back to a user to finish the virus check.
Specifically, the document material integrity check includes:
reading the file size of the document data, and identifying the document data smaller than a preset document minimum value parameter as an incomplete document;
reading a directory structure of document data, automatically comparing the directory structure according to chapter requirements of various types of software document data in a preset software documentation specification, identifying incomplete documents with incomplete chapters, performing integrity scoring on each chapter according to the integrity degree of the document data chapter, and calculating the total integrity score of each document data according to the weight value of each chapter. In this embodiment, the specific way of reading the document data is to obtain the size of the document by using the length () function of the File object in JAVA language, and analyze the content of the document by using the Apache POI tool package to obtain a document directory structure; the preset software documentation specification is GB/T8567 plus 2006 computer software documentation specification, and the automatic comparison is carried out on the directory structure according to the chapter requirements of various types of software document data in the GB/T8567 plus 2006 computer software documentation specification.
The specific total score calculation formula is as follows:
w: chapter weight (range between 0.01~1, total chapter weight of 1)
S: chapter score (range between 0 and 100)
TS (total score) = W1 × S1 + W2 × S2 + W3 × S3 +. + WN × SN
The full score is 100 points, and the documents identified as unqualified are 60 points below.
And identifying unqualified documents according to the total score, feeding the result back to the user when unqualified documents exist, finishing the inspection, and performing further data integrity inspection when all document data are qualified.
The source code integrity check includes:
for a programming language capable of performing source code compilation, such as common JAVA, C/C + +, C #, and the like, a compilation instruction is executed under a compilation environment, for example, the compilation instruction of the JAVA language comprises javac, maven, ant, and the like, the compilation instruction of the C/C + + language comprises gcc, make, cmake, and the like, the compilation instruction of the C # language comprises csc, msbuild, devnv, and the like, and the returned compilation information is analyzed after the compilation instruction is executed;
and when the returned compiling information contains success information and can generate a compiled program file, namely the compiling is successful, the source code is identified to be complete, and further data integrity check is carried out.
The third party test report validity check comprises:
reading the content of a software third-party test report, identifying the organization name, qualification type, qualification number and test conclusion information issued by the third-party test report, then comparing the organization name, qualification type and qualification number information in a local assessment organization qualification library, and checking whether the organization issuing the third-party test report has qualification so as to judge the validity of the third-party test report; meanwhile, the local evaluation institution qualification library performs data synchronization with official third-party institution qualification libraries such as CNAS (China qualified assessment national committee), CMA (China metering certification) and the like every day, and the real-time performance of the local evaluation institution qualification library data is ensured. In addition, if the conclusion of the third-party test report contains the conclusion description of 'fail, not conform', the conclusion description is also identified and fed back to the user.
And when the third-party test report is invalid, feeding the result back to the user and finishing the check, and when the third-party test report is valid, performing further data integrity check.
S104: after the software delivery data passes the document data integrity check, the source code integrity check and the third-party test report validity check, software asset check identification information is automatically generated, the software delivery data is changed into software assets, and the software assets are formally stored in a software asset library. The software asset checking identification information comprises a software checking unique number, a software brevity code, a software name, a software version number, a software supplier and authorization license information.
S105: and uniformly managing the software assets by using a software asset library, wherein the software asset library provides a software asset query function and a software data extraction function. The conditions for software asset query comprise a unique software inspection number, a software brevity code, a software name and warehousing time, and the object extracted by the software data comprises document data, a source code and a third-party test report corresponding to the software.
The invention also provides a software delivery data inspection device, which comprises a data classification collection module, a data virus inspection module, a data integrity inspection module, an identification information generation module and a software database management module; the system comprises a data classification collection module, a data virus check module, a data integrity check module, an identification information generation module and a software asset management module, wherein the data classification collection module is used for classifying and collecting data delivered by software, the data virus check module is used for performing virus check on the data delivered by the software, the data integrity check module is used for performing data integrity check, the data integrity check comprises document data integrity check, source code integrity check and third-party test report validity check, the identification information generation module is used for automatically generating software asset check identification information after the data integrity check is completed, converting the data delivered by the software into software assets and formally storing the software assets in a software asset library, and the software asset management module is used for uniformly managing the software assets and providing a software asset query function and a software data extraction function.
The method and the device for checking the software delivery data can be used for carrying out deep automatic checking on the software delivery data, greatly improving the efficiency and the quality of software data checking, realizing the integrity checking on software document data, generating software asset checking identification information, storing the checked software delivery data in a software asset library for unified management, providing the functions of inquiry and data extraction, and providing a support basis for the auditing of software assets.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to those examples; within the idea of the invention, also features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the invention as described above, which are not provided in detail for the sake of brevity.
The present embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the invention.
Claims (10)
1. A method for checking delivery data of software, comprising:
s101: classifying and collecting the data delivered by the software;
s102: virus inspection is carried out on the data delivered by the software;
s103: when the virus file exists in the data delivered by the software, performing data integrity check, wherein the data integrity check comprises document data integrity check, source code integrity check and third-party test report validity check;
s104: automatically generating software asset checking identification information after finishing the data integrity check, converting the data delivered by the software into the software asset, and formally storing the software asset into a software asset library;
s105: and uniformly managing the software assets by using a software asset library, wherein the software asset library provides a software asset query function and a software data extraction function.
2. The method as claimed in claim 1, wherein the step of collecting the delivered software material according to classification comprises collecting document material, source code and third-party test report formed at each stage of the software project according to classification by means of uploading via web page or file transfer protocol.
3. The method as claimed in claim 1, wherein the virus check includes using a command prompt to call antivirus software for virus check, and then parsing a scan log file generated by the virus check to obtain a virus scan result.
4. The method as claimed in claim 1, wherein after S102, when it is detected that the software delivery data contains a virus file, performing a virus killing and feeding back to the user to end the virus inspection.
5. The software delivery material inspection method of claim 1, wherein the document material integrity check comprises:
reading the file size of the document data, and identifying the document data smaller than a preset document minimum value parameter as an incomplete document;
reading a directory structure of document data, automatically comparing the directory structure according to chapter requirements of various types of software document data in a preset software documentation specification, identifying incomplete documents with incomplete chapters, and calculating the total integrity score of each document data according to the weight value of each chapter;
and identifying unqualified documents according to the total score, feeding the result back to the user when unqualified documents exist, finishing the inspection, and performing further data integrity inspection when all document data are qualified.
6. The software delivery material inspection method of claim 1, wherein the source code integrity check comprises:
for a programming language capable of performing source code compiling, executing a compiling instruction under a compiling environment, and analyzing returned compiling information after executing the compiling instruction;
and when the returned compiling information has the prompt information of successful compiling and can generate a compiled program file, the source code is identified to be complete, and further data integrity check is carried out.
7. The software delivery material inspection method of claim 1, wherein the third party test report validity check comprises:
reading the content of a software third-party test report, identifying the organization name, qualification type, qualification number and test conclusion information issued by the third-party test report, then comparing the organization name, qualification type and qualification number information in a local assessment organization qualification library, and checking whether the organization issuing the third-party test report has qualification so as to judge the validity of the third-party test report;
and when the third-party test report is invalid, feeding the result back to the user and finishing the check, and when the third-party test report is valid, performing further data integrity check.
8. The software delivery material inspection method of claim 1, wherein the software asset inspection identification information includes a software inspection unique number, a software brevity code, a software name, a software version number, a software vendor, and authorization license information.
9. The software delivery material inspection method of claim 1, wherein the condition of the software asset query includes a software inspection unique number, a software brevity code, a software name, and a warehousing time, and the object of the software material extraction includes a document material corresponding to the software, a source code, and a third party test report.
10. A software delivery data inspection device is characterized by comprising a data classification collection module, a data virus inspection module, a data integrity inspection module, an identification information generation module and a software database management module;
the data classifying and collecting module is used for classifying and collecting data delivered by the software;
the data virus check module is used for performing virus check on the data delivered by the software;
the data integrity check module is used for checking data integrity, and the data integrity check comprises document data integrity check, source code integrity check and third-party test report validity check;
the identification information generation module is used for automatically generating software asset inspection identification information after finishing the data integrity inspection, and converting the data delivered by the software into the software asset and formally storing the software asset into a software asset library;
the software database management module is used for uniformly managing the software assets and providing a software asset query function and a software data extraction function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111003197.0A CN113448613B (en) | 2021-08-30 | 2021-08-30 | Software delivery data checking method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111003197.0A CN113448613B (en) | 2021-08-30 | 2021-08-30 | Software delivery data checking method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113448613A true CN113448613A (en) | 2021-09-28 |
| CN113448613B CN113448613B (en) | 2021-12-14 |
Family
ID=77818917
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111003197.0A Active CN113448613B (en) | 2021-08-30 | 2021-08-30 | Software delivery data checking method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113448613B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024172475A1 (en) * | 2023-02-14 | 2024-08-22 | 삼성전자 주식회사 | Electronic device and database protection method thereof |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH0744392A (en) * | 1993-06-29 | 1995-02-14 | Mitsubishi Electric Corp | Software delivery service system |
| US20080028218A1 (en) * | 2006-06-13 | 2008-01-31 | Simon Jonathon B | Software & license and physical/virtual machine asset management library application with check-out/check-in, front-end asset load, tracking, reporting, reconciliation and associated methods |
| CN103971066A (en) * | 2014-05-20 | 2014-08-06 | 浪潮电子信息产业股份有限公司 | Verification method for integrity of big data migration in HDFS |
| US20190050220A1 (en) * | 2012-08-22 | 2019-02-14 | General Electric Company | Method and system for locomotive software management |
| CN110414228A (en) * | 2018-12-20 | 2019-11-05 | 腾讯科技(深圳)有限公司 | Detection method, device, storage medium and the computer equipment of computer virus |
| CN110826312A (en) * | 2019-10-12 | 2020-02-21 | 湖南大学 | Software requirement specification evaluation method |
| CN113296787A (en) * | 2021-06-10 | 2021-08-24 | 中国电子科技集团公司第十五研究所 | Online development and code hosting system based on cloud platform and using method |
-
2021
- 2021-08-30 CN CN202111003197.0A patent/CN113448613B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH0744392A (en) * | 1993-06-29 | 1995-02-14 | Mitsubishi Electric Corp | Software delivery service system |
| US20080028218A1 (en) * | 2006-06-13 | 2008-01-31 | Simon Jonathon B | Software & license and physical/virtual machine asset management library application with check-out/check-in, front-end asset load, tracking, reporting, reconciliation and associated methods |
| US20190050220A1 (en) * | 2012-08-22 | 2019-02-14 | General Electric Company | Method and system for locomotive software management |
| CN103971066A (en) * | 2014-05-20 | 2014-08-06 | 浪潮电子信息产业股份有限公司 | Verification method for integrity of big data migration in HDFS |
| CN110414228A (en) * | 2018-12-20 | 2019-11-05 | 腾讯科技(深圳)有限公司 | Detection method, device, storage medium and the computer equipment of computer virus |
| CN110826312A (en) * | 2019-10-12 | 2020-02-21 | 湖南大学 | Software requirement specification evaluation method |
| CN113296787A (en) * | 2021-06-10 | 2021-08-24 | 中国电子科技集团公司第十五研究所 | Online development and code hosting system based on cloud platform and using method |
Non-Patent Citations (1)
| Title |
|---|
| 李元凤等: "软件开发中的文档管理及其应用", 《石油科技论坛》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024172475A1 (en) * | 2023-02-14 | 2024-08-22 | 삼성전자 주식회사 | Electronic device and database protection method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113448613B (en) | 2021-12-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108628751B (en) | Useless dependency item detection method and device | |
| US8972938B2 (en) | Determining functional design/requirements coverage of a computer code | |
| CN105426310B (en) | A kind of method and apparatus for the performance for detecting target process | |
| CN106570159A (en) | Supplier bidding document qualification information verification system and method | |
| CN102945351A (en) | Security vulnerability fixing method based on two-dimensional code for mobile intelligent terminal in cloud environment | |
| CN103186463B (en) | Determine the method and system of the test specification of software | |
| CN113448613B (en) | Software delivery data checking method and device | |
| CN112506757A (en) | Automatic test method, system, computer device and medium thereof | |
| CN112148602B (en) | Source code security analysis method based on history optimization feature intelligent learning | |
| CN116186716A (en) | Security analysis method and device for continuous integrated deployment | |
| CN115269444A (en) | Code static detection method and device and server | |
| CN114579972A (en) | Vulnerability identification method and system for embedded development program | |
| US20120124428A1 (en) | Method and system for testing software on programmable devices | |
| CN115795488B (en) | Code detection system and code detection method | |
| CN109582582A (en) | A kind of automated testing method and system of web interface | |
| CN107341031B (en) | Method and device for adding firmware generation information into DSP firmware | |
| CN114625633A (en) | Method, system and storage medium for interface testing | |
| CN111151008B (en) | Verification method and device for game operation data, configuration background and medium | |
| CN113706056A (en) | Bidding unit performance identification early warning method, device, equipment and storage medium | |
| CN113360362B (en) | Dynamic sql efficiency checking method and plug-in | |
| CN112527757A (en) | Rapid retrieval method based on large-scale chip test result | |
| CN116401714B (en) | Security information acquisition method, device, equipment and medium | |
| CN110968821A (en) | Website processing method and device | |
| CN113778880B (en) | Intelligent contract function verification method and device based on formal verification | |
| CN112445760B (en) | File classification method, device, storage medium and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |