CN113486362A - Vulnerability repairing method and device for server and computer equipment - Google Patents

Vulnerability repairing method and device for server and computer equipment Download PDF

Info

Publication number
CN113486362A
CN113486362A CN202110944700.6A CN202110944700A CN113486362A CN 113486362 A CN113486362 A CN 113486362A CN 202110944700 A CN202110944700 A CN 202110944700A CN 113486362 A CN113486362 A CN 113486362A
Authority
CN
China
Prior art keywords
vulnerability
component
repair
installation package
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110944700.6A
Other languages
Chinese (zh)
Other versions
CN113486362B (en
Inventor
毛佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei Yifeng Digital Technology Co ltd
Shenzhen Lian Intellectual Property Service Center
Original Assignee
Ping An Puhui Enterprise Management Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Puhui Enterprise Management Co Ltd filed Critical Ping An Puhui Enterprise Management Co Ltd
Priority to CN202110944700.6A priority Critical patent/CN113486362B/en
Publication of CN113486362A publication Critical patent/CN113486362A/en
Application granted granted Critical
Publication of CN113486362B publication Critical patent/CN113486362B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Abstract

The application relates to an artificial intelligence technology and discloses a server vulnerability repairing method, a server vulnerability repairing device and computer equipment, wherein the method comprises the following steps: acquiring security vulnerability information of each server, and performing semantic analysis/syntax analysis based on the security vulnerability information to obtain the name of a vulnerability to be repaired by each server; further obtaining a CVE number of the vulnerability; searching a component update version number corresponding to the CVE number according to the CVE number of the vulnerability; downloading an assembly installation package in an yum database, and upgrading an assembly corresponding to the vulnerability by using the assembly installation package; searching a dependent component corresponding to the component in a preset dependent database, wherein the component is a component corresponding to the vulnerability; and sending a downloading request to a preset dependency database to download the dependency component installation package, upgrading the dependency component by using the dependency component installation package, and completing restoration. The server vulnerability repair method, device and computer equipment solve the technical problems that in the prior art, the vulnerability repair process is complicated and time-consuming.

Description

Vulnerability repairing method and device for server and computer equipment
Technical Field
The present application relates to the field of bug fixing technologies, and in particular, to a bug fixing method and apparatus for a server, and a computer device.
Background
Some unexpected problems exist in the process of designing the plug-in of the server, so that the plug-in is tested to have problems, namely bugs, after being operated for a period of time. The traditional vulnerability fixing mode is that a vulnerability scanning tool detects a vulnerability, then operation and maintenance personnel log in a server and upgrade to the latest version through yum mode or source codes. In the whole process, operation and maintenance personnel are required to inquire the solution version corresponding to the component to be upgraded, download the corresponding installation file and then upgrade the installation file to the latest version. In the process, as some bugs are not only used for repairing the components, but also other components are required to be installed to solve the dependence problem, the whole process is complicated, and the consumed time is long.
Disclosure of Invention
The application mainly aims to provide a server vulnerability repair method, device and computer equipment, and aims to solve the technical problems that in the prior art, a vulnerability repair process is complicated and time-consuming.
The application provides a server vulnerability repairing method, which comprises the following steps:
acquiring security vulnerability information of each server, and performing semantic analysis/syntax analysis based on the security vulnerability information to obtain the name of a vulnerability to be repaired of each server;
obtaining a CVE number of the vulnerability according to the name of the vulnerability;
searching a component update version number corresponding to the CVE number in a CVE database according to the CVE number of the vulnerability;
downloading a component installation package corresponding to the component update version number in an yum database according to the component update version number, and upgrading the component corresponding to the vulnerability by using the component installation package;
searching a dependent component corresponding to the component in a preset dependent database, wherein the component is the component corresponding to the vulnerability;
and sending a downloading request to the preset dependency database to download the dependency component installation package, and upgrading the dependency component by using the dependency component installation package to finish the repair of the vulnerability.
Further, after obtaining the security vulnerability information of each server and performing semantic analysis/syntax analysis based on the security vulnerability information to obtain the name of the vulnerability to be repaired by each server, the method further includes:
judging whether the current time is the restoration time preset by the user;
if the current time is not the repair time preset by the user, acquiring the repair habit of the user; the repairing habit comprises repairing the loopholes exceeding a first set number of times and repairing the loopholes with the repairing time less than a first set time;
obtaining the name of the corresponding vulnerability according to the repair habit;
and if the current time is the repair time preset by the user, acquiring the name of the vulnerability of the server with the authority of the user.
Further, after obtaining the security vulnerability information of each server and performing semantic analysis/syntax analysis based on the security vulnerability information to obtain the name of the vulnerability to be repaired by each server, the method further includes:
acquiring historical repair data of the loopholes, and extracting and repairing the loopholes exceeding a second set number of times to form a loophole set;
obtaining dimensions of all holes in the hole set; the dimensionality comprises the type of the vulnerability and a server to which the vulnerability belongs;
taking the dimension with the largest occurrence times as a target dimension, and sending a selection window like a user;
judging whether the user selects the target dimension;
if not, receiving a new repair dimension selected by a user;
and acquiring the name of the vulnerability corresponding to the new repairing dimension selected by the user.
Further, before obtaining the CVE number of the vulnerability according to the name of the vulnerability, the method further includes:
acquiring a log of the bug repairing process and judging whether a repairing failure record exists or not;
if the record of the repair failure does not exist, judging whether the user selects the minimum upgrade version;
if the user does not select the minimum upgrade version, downloading a latest component installation package corresponding to the vulnerability from an yum database according to the vulnerability, and upgrading the component corresponding to the vulnerability by using the latest component installation package; the latest component installation package is capable of upgrading the component corresponding to the vulnerability to the latest version;
if the user selects the minimum upgrade version, executing the step of acquiring the CVE number of the bug corresponding to the repair dimension;
if the record of the repair failure exists, judging whether a new repair document is received;
if a new repairing document is received, performing word segmentation on the repairing document to obtain a keyword;
searching and downloading a corresponding component installation package in the yum database according to the keyword, and upgrading the component corresponding to the vulnerability by using the component installation package;
and if the new repairing document is not received, the repairing is suspended, and the vulnerability and the reason for suspending the repairing of the vulnerability are displayed at the front end.
Further, before searching for a component update version number corresponding to the CVE number in a CVE database according to the CVE number of the vulnerability, the method further includes:
sending a window with an option of updating or not updating to a user within a first preset time period so that the user can select; wherein the window is an operation instruction for the CVE database;
judging whether an instruction that a user selects updating or not is received;
if the instruction of the user is not received, the CVE database is synchronously updated according to the red cap official network;
if receiving an instruction of a user, judging the instruction to be updated or not updated;
if the instruction is updating, the CVE database is synchronously updated according to the red cap official network;
and if the command is not updated, stopping updating the CVE database.
Further, after sending a download request to the preset dependency database to download the dependent component installation package and upgrading the dependent component by using the dependent component installation package, the method further includes:
judging whether the bug is repaired successfully or not;
if the bug fixing fails, rolling back the bug to a state before fixing and marking the bug;
sending a command for marking repair failure to the dependency database and the yum database so as to mark the component installation package and the dependency component installation package corresponding to the vulnerability;
when the component installation package and the dependent component installation package corresponding to the vulnerability are marked for more than a third set number of times, generating an instruction for processing the component installation package and the dependent component installation package so as to facilitate manual processing of a user;
if the bug repairing is successful, judging whether an application failure signal sent by a server corresponding to the bug is received;
and if a signal of application failure sent by the server corresponding to the vulnerability is received, generating an instruction of whether to rollback or not for the user to select.
Further, if the bug fixing fails, rolling back the bug to a state before fixing, further comprising:
recording a log and a repairing result of the repairing process of the vulnerability; when the repair result is a repair failure, the repair result further comprises a failure reason;
associating the log and the repair result of the repair process with the name of the bug, and storing the log and the repair result in a redis database;
and deleting the name of the bug stored before the second set time in the redis database and the log and the repairing result of the repairing process corresponding to the name of the bug in a third preset time period.
The application also provides a bug fixing device of server, includes:
the acquisition module is used for acquiring security vulnerability information of each server and performing semantic analysis/syntax analysis based on the security vulnerability information to obtain the name of a vulnerability to be repaired of each server;
the CVE number module is used for obtaining the CVE number of the vulnerability according to the name of the vulnerability;
the first searching module is used for searching a component update version number corresponding to the CVE number in a CVE database according to the CVE number of the vulnerability;
the first upgrading module is used for downloading an assembly installation package corresponding to the assembly updating version number from an yum database according to the assembly updating version number and upgrading the assembly corresponding to the vulnerability by using the assembly installation package;
the second searching module is used for searching a dependent component corresponding to the component in a preset dependent database, wherein the component is the component corresponding to the vulnerability;
and the second upgrading module is used for sending a downloading request to the preset dependency database to download the dependency component installation package, upgrading the dependency component by using the dependency component installation package and completing the repair of the bug.
The present application further provides a computer device comprising a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the above method when executing the computer program.
The present application also provides a computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the above-mentioned method.
The beneficial effect of this application does: the method comprises the steps of obtaining the name of a bug corresponding to each server through analysis, automatically obtaining the CVE number of the bug according to the bug name, further searching a component update version number corresponding to the CVE number in a CVE database, downloading a corresponding component installation package in an yum database to carry out preliminary repair on the bug, and downloading a dependent component installation package corresponding to a dependent component in a preset dependent database to carry out thorough repair on the bug. A login user can complete the complete restoration of all servers by clicking a restoration button without logging in a single server by operation and maintenance personnel, and manually searches and downloads versions and other components for solving the dependence problem corresponding to the components to be upgraded, so that the time is saved.
Drawings
Fig. 1 is a schematic flowchart of a bug fixing method for a server according to an embodiment of the present application.
Fig. 2 is a schematic structural diagram of a bug fixing device of a server according to an embodiment of the present application.
Fig. 3 is a schematic diagram of an internal structure of a computer device according to an embodiment of the present application.
The implementation, functional features and advantages of the objectives of the present application will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
As shown in fig. 1, the present application provides a server vulnerability repairing method, including:
s1, acquiring security vulnerability information of each server, and performing semantic analysis/syntax analysis based on the security vulnerability information to obtain the name of the vulnerability to be repaired by each server;
s2, obtaining a CVE number of the vulnerability according to the name of the vulnerability;
s3, searching a component update version number corresponding to the CVE number in a CVE database according to the CVE number of the vulnerability;
s4, downloading a component installation package corresponding to the component update version number in a yum database according to the component update version number, and upgrading the component corresponding to the vulnerability by using the component installation package;
s5, finding a dependent component corresponding to the component in a preset dependent database, wherein the component is the component corresponding to the vulnerability;
and S6, sending a downloading request to the preset dependency database to download the dependency component installation package, upgrading the dependency component by using the dependency component installation package, and completing the bug repair.
The embodiment of the application can acquire and process related data based on an artificial intelligence technology. Among them, Artificial Intelligence (AI) is a theory, method, technique and application system that simulates, extends and expands human Intelligence using a digital computer or a machine controlled by a digital computer, senses the environment, acquires knowledge and uses the knowledge to obtain the best result.
As described in the step S1, the present scheme provides a vulnerability repair platform, which performs vulnerability scanning on all accessed linux servers, where the scanning includes timing scanning and real-time scanning, and displays vulnerabilities to be repaired in scanning results, so that a user can select the vulnerabilities. Scanning time is set by a manager in the timing scanning, and when the scanning time set by the manager is reached, vulnerability scanning is carried out on all the linux servers. Or sending security vulnerability information to a vulnerability repair platform by all the accessed linux servers, wherein the security vulnerability information comprises vulnerability components with vulnerabilities in the servers and vulnerability risk levels. Vulnerability risk level is measured according to security vulnerability hazards and the scope of influence. For example, the industry typically divides vulnerabilities into four vulnerability risk levels, low, medium, high, and urgent at present. Here, vulnerability hazards and influence ranges are sequentially increased, and response repair requirements are sequentially increased. And carrying out syntactic analysis and semantic analysis on the security vulnerability information, wherein the syntactic analysis and the semantic analysis are analysis methods based on an artificial intelligence technology, and extracting security key information from the security vulnerability information, wherein the security key information comprises vulnerability names, types and the like. Therefore, after a user logs in the bug fixing platform and clicks a fixing instruction, the bug fixing platform fixes the bug to be fixed.
As described in the foregoing steps S2-S3, after the user selects the repair dimension, the names of the Vulnerabilities in the selected repair dimension are obtained, and then the CVE numbers of the Vulnerabilities can be obtained through the names of the Vulnerabilities (Common Vulnerabilities expose, the CVE number of the vulnerability is associated with the vulnerability name). Searching an updated version number corresponding to the CVE number in a CVE database according to the obtained CVE number of the vulnerability; the CVE database is mainly used for storing the CVE number, the corresponding relation between the CVE number and the component, recording the vulnerability name and the minimum update version number of the corresponding component, and is a minimum upgrade dependent library of the component, and the CVE database is updated through manual clicking of a user or is set to be updated at regular time, and the CVE database is updated from the red cap official side synchronously.
As described in step S4, according to the component update version number obtained from the CVE database, a component installation package corresponding to the component update version number is downloaded in a yum (Yellow dog update, Modified, front-end software package manager) database, before downloading the component installation package, the number of times that the component installation package is marked may be determined (when bugs corresponding to the component installation package fail to be repaired multiple times, the component installation package may be marked), when the number of times that the component installation package is marked exceeds a certain number of times, the component installation package may be repaired to cause a repair failure, at this time, the downloading may be suspended, the reason for the suspension may be presented to the user at the front end, and the user is waited for manual processing. yum database is mainly to provide complete component installation package, like CVE database, yum database is updated by user's manual click, or set up timing update, yum database update is to officially synchronize component installation package from red cap, to add new component installation package in yum database. After the component installation package corresponding to the component updating version number is downloaded, the component corresponding to the vulnerability is upgraded by using the component installation package, the version corresponding to the component installation package is upgraded, and the initial repair of the corresponding vulnerability is completed.
As described in the above steps S5-S6, the procedure of repairing bugs is to upgrade through yum commands, yum commands automatically install dependent components required for upgrading bug components, some component bugs need to upgrade other related components besides the components themselves, which are not strong dependence on the current components, and yum commands do not upgrade these components when upgrading; for example, a linux kernel local authority-giving (dirty) bug (CVE-2016-. Therefore, according to the scheme, a dependency database is preset, the dependent component name corresponding to the component installation package of the yum database and the installation package corresponding to the dependent component (the non-strongly dependent component of which the component bug needs to be additionally upgraded, such as the non-strongly dependent component python-per of the perf component) are stored in the database, and the dependent component installation package corresponding to the dependent component is searched and downloaded in the preset dependency database, so that the complete repair of the corresponding bug is completed. For example, after the perf component is upgraded, a python-perf component installation package is downloaded in a preset dependence database, the python-perf component is upgraded, the leak is completely repaired, operation and maintenance personnel do not need to manually repair the leak for the second time, and the method is convenient and quick and saves time.
In an embodiment, before obtaining the name of the vulnerability to be repaired by each server, the method further includes:
s011, acquiring login information of a user;
and S012, determining the authority of the user according to the login information of the user, and obtaining all servers of which the user has the authority.
As described in the above steps S011-S012, before the step of receiving the instruction of the user to click to repair, the user information is also acquired, and after the user logs in the bug repair platform, the user information (information such as an account number and a user name) is acquired, and the authority of the user can be determined according to the user information, that is, which linux servers the user can see on the bug repair platform, which bugs can be seen by the user, which bugs can be operated on, or the like. And after the authority of the user is obtained, all the linux servers under the authority of the user are obtained, so that the vulnerability can be automatically repaired subsequently.
In an embodiment, after obtaining the security vulnerability information of each server and performing semantic analysis/syntax analysis based on the security vulnerability information to obtain the name of the vulnerability to be repaired by each server, the method further includes:
s013, judging whether the current time is the repair time preset by the user;
s014, if the current time is not the repair time preset by the user, acquiring the repair habit of the user; the repairing habit comprises repairing the loopholes exceeding a first set number of times and repairing the loopholes with the repairing time less than a first set time;
s015, obtaining the name of the corresponding vulnerability according to the repairing habit;
and S016, if the current time is the repair time preset by the user, acquiring the name of the vulnerability of the server with the authority of the user.
As described in the above steps S013-S016, after all linux servers that log in the user with the right are obtained, it is further required to determine whether the current time is the repair time preset by the user (the preset repair time is usually set as a time period in which the linux server is not frequently used, and is specifically set according to the user' S needs, and is not limited herein), and if the current time is not the repair time preset by the user, the repair habit of the user is obtained; the bug repairing method comprises the steps that a bug exceeding a first set time is repaired, a bug whose repairing time is less than a first set time is repaired, the bug corresponding to the repairing habit is a bug which frequently goes wrong, or the bug whose repairing time is short can be quickly repaired without influencing other operations of a user, so that the bugs are automatically identified, manual operation of the user is not needed, the bug repairing platform automatically acquires the bug which logs in the repairing habit of the user at the current time to obtain a corresponding linux server, automatic repairing operation is directly conducted on the bugs, the user does not need to click, and the bug is quickly repaired. And if the current time is the repair time preset by the user, acquiring the name of the vulnerability of the server with the authority of the user, and repairing the vulnerability in the time period in which the linux server is not frequently used, so that the time consumed by the user for clicking repair and the waiting time are saved.
In an embodiment, after obtaining the security vulnerability information of each server and performing semantic analysis/syntax analysis based on the security vulnerability information to obtain the name of the vulnerability to be repaired by each server, the method further includes:
s021, obtaining historical repair data of the loopholes, and extracting and repairing the loopholes exceeding a second set number of times to form a loophole set;
s022, obtaining dimensions of all holes in the hole set; the dimensionality comprises the type of the vulnerability and a server to which the vulnerability belongs;
s023, taking the dimension with the most occurrence times as a target dimension, and sending a selection window like a user;
s024, judging whether a user selects the target dimension;
s025, if not, receiving a new repair dimension selected by a user;
and S026, acquiring the name of the vulnerability corresponding to the new repair dimension selected by the user.
As described in the foregoing steps S021-S024, historical repair data of vulnerabilities is obtained, and vulnerabilities exceeding a second set number of times are extracted and repaired to form a vulnerability set, the vulnerabilities in the vulnerability set are vulnerabilities that often need to be repaired, and unnecessary trouble is brought if a user needs to click each time, so that the dimensionalities of the vulnerabilities in the vulnerability set are obtained, each vulnerability corresponds to two dimensionalities (corresponding to linux servers and types of vulnerabilities), and the dimensionality with the largest occurrence number of times is used as a target dimensionality, where, if the server corresponding to most vulnerabilities in the vulnerability set is a linux server No. 1, the linux server No. 1 is a corresponding target dimensionality, or if the types of most vulnerabilities are the same type, the type is a target dimensionality. And if the user does not select the new repairing dimension, repairing according to the target dimension. The repairing dimensionality comprises a system dimensionality, an instance dimensionality, a vulnerability type and the like, the system dimensionality is selected to correspondingly repair the vulnerabilities of the Linux servers, it is understood that the vulnerability repair of the Linux servers is actually the updating software package version, and if the original package version is required to be restored after the vulnerability repair, the vulnerability repair can be achieved through a rollback task. The selection of instance dimensions corresponds to the specific selection of which vulnerabilities to repair, the selection of vulnerability types (component names such as opensh and bash) corresponds to the repair of which types of vulnerabilities, and the user can quickly repair vulnerabilities which the user wants to repair in batch by selecting the repair dimensions without selecting one by one for repair. The repair dimension includes not only the three dimensions described above, but also other dimensions capable of classifying vulnerabilities, which is not limited herein.
As described in the foregoing steps S025 to S026, before the user selects a new repair dimension, it is further required to determine whether the user selects the new repair dimension, a corresponding selection time may be set in a window for selecting the new repair dimension, within the selection time, if the user has not selected the new repair dimension, it indicates that the user has not selected the new repair dimension, at this time, a vulnerability of a linux server to which the user has authority is obtained, and a CVE number of the vulnerability is obtained, and then a component update version number corresponding to the CVE number is searched in a CVE database according to the CVE number of the vulnerability, a corresponding component installation package is downloaded in an yum database according to the component update version number to perform preliminary repair on the vulnerability, and a dependent component installation package corresponding to a dependent component is downloaded in a preset dependent database to completely repair the vulnerability. And when the user selects the new repairing dimension within the selection time, repairing the vulnerability corresponding to the repairing dimension according to the new repairing dimension selected by the user.
In an embodiment, before obtaining the CVE number of the vulnerability according to the name of the vulnerability, the method further includes:
s031, obtain the log of the repair process of the said vulnerability and judge whether there is a record of repairing the failure;
s032, if the record of the repair failure does not exist, judging whether the user selects the minimum upgrade version;
s033, if the user does not select the minimum upgrade version, downloading a latest component installation package corresponding to the vulnerability in an yum database according to the vulnerability, and upgrading the component corresponding to the vulnerability by using the latest component installation package; the latest component installation package is capable of upgrading the component corresponding to the vulnerability to the latest version;
s034, if the user selects the minimum upgrade version, executing the step of acquiring the CVE number of the bug corresponding to the repair dimension;
s035, if the record of the repair failure exists, judging whether a new repair document is received;
s036, if a new repairing document is received, performing word segmentation on the repairing document to obtain a keyword;
s037, searching and downloading a corresponding component installation package in the yum database according to the keyword, and upgrading a component corresponding to the vulnerability by using the component installation package;
s038, if a new repairing document is not received, stopping repairing and displaying the bug and the reason of the bug stopping repairing at the front end.
As described in the foregoing steps S031-S034, if the bug fails to be repaired for multiple times, manual processing is required, and automatic repair is not always required, which wastes repair time and is very tedious. Therefore, before the step of obtaining the CVE number of the bug corresponding to the repair dimension, it is further required to obtain a log of the repair process of the bug and determine whether there is a record of repair failure (a record of repair failure with a preset number of times may be set); when the bug repairing failure record does not exist, the bug repairing success rate is high, and whether the user selects the minimum upgrading version is judged, because the risk caused by the fact that the upgrading operation version span is larger is increased in the bug repairing process, the user is required to select whether to upgrade the bug to the latest version. The same as the selection of the repair dimension, a corresponding selection time may be set in a window (yes or no user selection) for selecting the minimum upgrade version, and in the selection time, if the user does not select the minimum upgrade version, the default user selects the minimum upgrade version required. If the user selects no (namely, does not select the minimum upgrade version) in the selection time, downloading a latest component installation package corresponding to the vulnerability to be repaired in the yum database (the latest component installation package can upgrade the component corresponding to the vulnerability to the latest version), and upgrading the component corresponding to the vulnerability to be repaired by using the latest component installation package to complete the primary repair; and downloading a corresponding dependency component installation package in a preset dependency database to completely repair the vulnerability. If the user does not select the minimum upgrade version within the selection time or the user selects the minimum upgrade version, the CVE number of the bug corresponding to the repair dimensionality is obtained, the minimum upgrade version of the component corresponding to the bug is upgraded, the component update version number corresponding to the CVE number is searched in the CVE database according to the CVE number of the bug, the corresponding component installation package is downloaded in the yum database according to the component update version number to carry out preliminary repair on the bug, and the corresponding dependent component installation package is downloaded in the preset database to carry out complete repair on the bug.
As described in the above steps S035 to S038, when the log of the repair process has a record of the repair failure, it is judged whether a new repair document is received (it is judged whether a new repair document is received when it can be set to exceed a preset number of times); when a new repairing document is received, performing word segmentation on the repairing document, wherein the word segmentation is based on a word segmentation method which can only be manually processed by natural language in the technology, and finally obtaining a keyword, and a plurality of keywords comprise partial words in the names of the component installation packages, so that the corresponding component installation packages can be searched and downloaded in the yum database according to the keyword, and the components corresponding to the loopholes are upgraded by utilizing the component installation packages; and if the new repairing document is not received, stopping repairing, and displaying the bug and the reason for stopping repairing the bug at the front end, wherein the reason for stopping repairing comprises the repairing failure times, the new repairing document is not received, or the corresponding component installation package cannot be searched after the new repairing document is received, and the like.
In one embodiment, before the searching, according to the CVE number of the vulnerability, a component update version number corresponding to the CVE number in a CVE database, the method further includes:
s041, in a first preset time period, sending a window with an updated option or an un-updated option to the user so that the user can select the window; wherein the window is an operation instruction for the CVE database;
s042, judging whether an instruction that a user selects updating or not is received;
s043, if the instruction of the user is not received, the CVE database is synchronously updated according to the red cap official network;
s044, if receiving the instruction of the user, judging that the instruction is updated or not updated;
s045, if the command is updating, synchronously updating the CVE database according to a red hat official website;
and S046, if the command is not updated, stopping updating the CVE database.
As described above in steps S041-S046, the first predetermined period of time is a fixed period of time per day, per week, or per month. For example, a first preset time period is set to be 12:00-14:00 at noon every day, whether an instruction of a user for updating the CVE database is received or not is judged in the time period, if the instruction is not received, the user is defaulted to select to update the CVE database, and then the CVE database is synchronously updated according to a red cap official network. If receiving the instruction of the user, judging whether the instruction is updated or not, and if the user selects updating, synchronously updating the CVE database according to the red cap official network; if the user chooses not to update, it indicates that the user may have other operations or is repairing the bug in the current time, and does not want to update the CVE database at this time. Therefore, it is necessary to stop updating the CVE database and wait to determine whether to update again within the next first preset time period.
In one embodiment, before downloading, according to the component update version number, the component installation package corresponding to the component update version number in the yum database, and upgrading the component corresponding to the vulnerability using the component installation package, the method further includes:
s051, in a second preset time period, sending a window with an option of updating or not updating to the user so that the user can select; wherein the window is an operation instruction for the yum database;
s052, judging whether an instruction that the user selects to update or not update is received;
s053, if the instruction of the user is not received, synchronously updating the yum database according to the red cap official network;
s054, if receiving the instruction of the user, judging the instruction is updated or not updated;
s055, if the instruction is updating, synchronously updating the yum database according to a red cap official network;
and S056, if the command is not updated, stopping updating the yum database.
As described in the above steps S051 to S056, the second preset time period is a fixed time period of every day, every week, or every month. For example, a second preset time period is set to be 18:00-20:00 every afternoon, in the time period, whether an yum database updating instruction of the user is received or not is judged, if the yum database updating instruction is not received, the yum database is selected to be updated by default, and then the yum database is updated synchronously according to the red cap official network. If receiving the instruction of the user, judging whether the instruction is updated or not, and if the user selects updating, synchronously updating the yum database according to the red hat official network; if the user chooses not to update, it indicates that the user may have other operations or is repairing the bug at the current time, and does not want to update yum database at this time. Therefore, it is necessary to stop updating yum the database and wait to determine again whether to update within the next second preset time period.
In an embodiment, after sending a download request to the preset dependency database to download a dependent component installation package and upgrading the dependent component by using the dependent component installation package, the method further includes:
s8, judging whether the bug is repaired successfully or not;
s9, if the bug fixing fails, rolling back the bug to the state before fixing and marking the bug;
s10, sending a command for marking repair failure to the dependency database and the yum database so as to mark the component installation package and the dependency component installation package corresponding to the vulnerability;
s11, when the component installation package and the dependent component installation package corresponding to the vulnerability are marked for more than a third set number of times, generating an instruction for processing the component installation package and the dependent component installation package so that a user can perform manual processing;
s12, if the bug fixing is successful, judging whether an application failure signal sent by a server corresponding to the bug is received;
and S13, if receiving an application failure signal sent by the server corresponding to the vulnerability, generating a command of whether to rollback for the user to select.
As described in the above steps S8-S11, after completing the complete bug repair, it is necessary to determine whether the bug repair is successful, and when the bug repair fails, the bug repair platform automatically rolls back the bug to the state before repair and marks the bug, and if necessary, the bug repair platform may also display the bug to the user at the front end, so that the user can perform subsequent processing; meanwhile, sending a failure marking and repairing instruction to the dependency database and the yum database to mark the component installation package and the dependency component installation package corresponding to the bug, when the mark exceeds the set times, indicating that the component installation package and the dependency component installation package cause bug repairing failure for many times, and the component installation package and the dependency component installation package are problematic installation packages and need to be deleted or changed, and the like, so that an instruction for processing the component installation package and the dependency component installation package is generated, and a user can conveniently carry out manual processing; meanwhile, the mark can help a user to check the overall situation of the installation package in the database, or whether the installation package can directly cause bug fixing failure is judged in advance through the mark times when the installation package is downloaded each time, so that the fixing time and the user troubleshooting time can be saved. When the bug is repaired successfully, only the upgrade of the component corresponding to the bug is successful, but the server corresponding to the bug is not necessarily capable of being applied successfully. Therefore, when the bug fixing is successful, whether a signal of application failure sent by a server corresponding to the bug is received or not needs to be judged, if the signal is received, the updated version of the component corresponding to the current bug cannot be applied by the server, a command of whether to rollback or not is generated for a user to select, and if the user selects to rollback, the bug is rolled back to the state before fixing; if the user chooses not to roll, the user may want to perform other upgrading operations, and the vulnerability repair platform does not roll back the repaired vulnerability.
In an embodiment, if the bug fix fails, rolling back the bug to a state before fix, further includes:
s12, recording a log of the bug fixing process and a fixing result; when the repair result is a repair failure, the repair result further comprises a failure reason;
s13, associating the log of the repairing process and the repairing result with the name of the vulnerability, and storing the log and the repairing result in a redis database;
and S14, deleting the name of the bug stored in the redis database before the second set time and the log and the repairing result of the repairing process corresponding to the name of the bug in a third preset time period.
As described in step S12, the log of the bug fixing process includes a bug name, a CVE number, a component update version number, a component name, a component installation package, a dependent component name, a dependent component installation package, and multiple different combinations in the latest component installation package, and when the fixing result is a fixing failure, the log further includes a failure reason, such as an update version number search failure, a component upgrade failure, a dependent component upgrade failure, and the like. By recording the log and the repairing result of the bug repairing process, the user can check the problem of the log of the bug repairing process in time so as to solve the problem in time.
As described in the foregoing steps S13-S14, the log of the repair process and the repair result are associated with the name of the bug, and the time of repair is recorded and stored in the redis database as a record, so that the redis database stores the history of bug repair, thereby facilitating the backtracking of the user. Meanwhile, after the existing time of some historical records is too long, the historical records may become useless data, so that in order to prevent the useless data in the redis database from being too much, the data stored in the redis database is deleted within a third preset time period (for example, 1:00-2:00 every morning), and the historical records three days ago or five days ago can be set to be deleted during deletion, so that the storage capacity of the redis database is reduced, and the new data can be conveniently stored in the redis database.
As shown in fig. 2, the present application further provides a bug fixing device for a server, including:
the system comprises an acquisition module 1, a storage module and a processing module, wherein the acquisition module is used for acquiring security vulnerability information of each server and performing semantic analysis/syntax analysis based on the security vulnerability information to obtain the name of a vulnerability needing to be repaired of each server;
the CVE number module 2 is used for obtaining a CVE number of the vulnerability according to the name of the vulnerability;
the first searching module 3 is used for searching a component update version number corresponding to the CVE number in a CVE database according to the CVE number of the vulnerability;
the first upgrading module 4 is configured to download, in the yum database, the component installation package corresponding to the component update version number according to the component update version number, and upgrade the component corresponding to the vulnerability by using the component installation package;
the second searching module 5 is configured to search a dependency component corresponding to the component in a preset dependency database, where the component is a component corresponding to the vulnerability;
and the second upgrading module 6 is used for sending a downloading request to the preset dependency database to download the dependency component installation package, upgrading the dependency component by using the dependency component installation package, and completing the repair of the vulnerability.
In one embodiment, further comprising:
the login information acquisition module is used for acquiring login information of a user;
and the user permission determining module is used for determining the permission of the user according to the login information of the user to obtain all servers with the permission of the user.
In one embodiment, further comprising:
the restoration time judging module is used for judging whether the current time is restoration time preset by a user;
the instruction receiving module is used for acquiring the repairing habit of the user when the current time is not the repairing time preset by the user; the repairing habit comprises repairing the loopholes exceeding a first set number of times and repairing the loopholes with the repairing time less than a first set time;
the name acquisition module is used for acquiring the name of the corresponding vulnerability according to the repair habit;
and the server vulnerability name acquisition module is used for acquiring the vulnerability name of the server with the authority of the user when the current time is the preset repair time of the user.
In one embodiment, further comprising:
the vulnerability set module is used for acquiring historical repair data of the vulnerabilities and extracting vulnerabilities of which the repair times exceed a second set number to form a vulnerability set;
the dimension module is used for acquiring the dimensions of all holes in the vulnerability set; the dimensionality comprises the type of the vulnerability and a server to which the vulnerability belongs;
the sending module is used for taking the dimension with the largest occurrence times as a target dimension and sending a selection window like a user;
the judging module is used for judging whether the user selects the target dimension;
the vulnerability name acquisition module is used for receiving a new repair dimension selected by a user when the user does not select the repair dimension;
and the repairing dimension bug name obtaining module is used for obtaining the name of a new bug corresponding to the repairing dimension selected by the user.
In one embodiment, further comprising:
acquiring a log of the bug repairing process and judging whether a repairing failure record exists or not;
the minimum upgrade version judging module is used for judging whether the user selects the minimum upgrade version when the record of the repair failure does not exist;
the latest downloading module is used for downloading the latest component installation package corresponding to the vulnerability from the yum database according to the vulnerability when a user does not select the minimum upgrade version, and upgrading the component corresponding to the vulnerability by using the latest component installation package; the latest component installation package is capable of upgrading the component corresponding to the vulnerability to the latest version;
the execution module is used for executing the step of acquiring the CVE number of the bug corresponding to the repair dimension when the user selects the minimum upgrade version;
the file repairing module is used for judging whether a new repairing file is received or not when a record of repairing failure exists;
the word segmentation module is used for segmenting words in the repaired document to obtain keywords when a new repaired document is received;
the searching module is used for searching and downloading a corresponding component installation package in the yum database according to the keyword, and upgrading the component corresponding to the vulnerability by using the component installation package;
and the suspension module is used for suspending repair and displaying the vulnerability and the reason for suspending repair of the vulnerability at the front end when a new repair document is not received.
In one embodiment, further comprising:
the CVE database updating module is used for sending a window with an option of updating or not updating to a user within a first preset time period so that the user can select the window; wherein the window is an operation instruction for the CVE database;
the first updating instruction module is used for judging whether an instruction selected by a user to update or not is received;
the first synchronous updating module is used for synchronously updating the CVE database according to the red cap official network when the instruction of the user is not received;
the first updating or non-updating module is used for judging whether the instruction is updated or not when receiving the instruction of the user;
the second synchronous updating module is used for synchronously updating the CVE database according to the red cap official network when the instruction is updated;
and the first update stopping module is used for stopping updating the CVE database when the instruction is not updated.
In one embodiment, further comprising:
yum a database update module for sending a window with an option of update or no update to the user for selection by the user during a second preset time period; wherein the window is an operation instruction for the yum database;
the second updating instruction module is used for judging whether an instruction selected by a user to update or not is received;
the third synchronous updating module is used for synchronously updating the yum database according to the red cap official network when the instruction of the user is not received;
the second updating or non-updating module is used for judging whether the instruction is updated or not when receiving the instruction of the user;
the fourth synchronous updating module is used for synchronously updating the yum database according to the red cap official network when the instruction is updated;
and the second updating stopping module is used for stopping updating the yum database when the instruction is not updated.
In one embodiment, further comprising:
the repairing success judging module is used for judging whether the bug is repaired successfully and marking the bug;
a marking instruction module, configured to send an instruction for marking a repair failure to the dependency database and the yum database, so as to mark the component installation package and the dependent component installation package corresponding to the vulnerability;
the manual processing module is used for generating an instruction for processing the component installation package and the dependent component installation package when the component installation package and the dependent component installation package corresponding to the vulnerability are marked for more than a third set number of times so that a user can perform manual processing;
the rollback module is used for rolling back the vulnerability to a state before the vulnerability is repaired when the vulnerability repair fails;
the signal receiving module is used for judging whether an application failure signal sent by a server corresponding to the vulnerability is received or not when the vulnerability repair is successful;
and the rollback selection module is used for generating an instruction whether to rollback or not for the user to select when receiving the application failure signal sent by the server corresponding to the vulnerability.
In one embodiment, further comprising:
the recording module is used for recording the log and the repairing result of the repairing process of the bug; when the repair result is a repair failure, the repair result further comprises a failure reason;
the correlation module is used for correlating the log of the repair process and the repair result with the name of the bug and storing the log and the repair result in a redis database;
and the deleting module is used for deleting the name of the bug stored in the redis database before the second set time and the log and the repairing result of the repairing process corresponding to the name of the bug in a third preset time period.
The above units and modules are all used for correspondingly executing each step in the bug fixing method for the server, and specific implementation manners thereof are described with reference to the above method embodiment, and are not described again here.
As shown in fig. 3, the present application also provides a computer device, which may be a server, and the internal structure of which may be as shown in fig. 3. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the computer designed processor is used to provide computational and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The memory provides an environment for the operation of the operating system and the computer program in the non-volatile storage medium. The database of the computer device is used for storing all data required by the procedure of the vulnerability fixing method of the server. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a server vulnerability fixing method.
Those skilled in the art will appreciate that the architecture shown in fig. 3 is only a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects may be applied.
An embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the bug fixing method for any one of the servers.
It will be understood by those skilled in the art that all or part of the processes of the methods of the above embodiments may be implemented by hardware associated with instructions of a computer program, which may be stored on a non-volatile computer-readable storage medium, and when executed, may include processes of the above embodiments of the methods. Any reference to memory, storage, database, or other medium provided herein and used in the examples may include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), double-rate SDRAM (SSRSDRAM), Enhanced SDRAM (ESDRAM), synchronous link (Synchlink) DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that includes the element.
The above description is only a preferred embodiment of the present application, and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application, or which are directly or indirectly applied to other related technical fields, are also included in the scope of the present application.

Claims (10)

1. A server vulnerability repairing method is characterized by comprising the following steps:
acquiring security vulnerability information of each server, and performing semantic analysis/syntax analysis based on the security vulnerability information to obtain the name of a vulnerability to be repaired by each server;
obtaining a CVE number of the vulnerability according to the name of the vulnerability;
searching a component update version number corresponding to the CVE number in a CVE database according to the CVE number of the vulnerability;
downloading a component installation package corresponding to the component update version number in an yum database according to the component update version number, and upgrading the component corresponding to the vulnerability by using the component installation package;
searching a dependent component corresponding to the component in a preset dependent database, wherein the component is the component corresponding to the vulnerability;
and sending a downloading request to the preset dependency database to download the dependency component installation package, and upgrading the dependency component by using the dependency component installation package to finish the repair of the vulnerability.
2. The server vulnerability fixing method according to claim 1, wherein after obtaining the security vulnerability information of each server and performing semantic analysis/syntax analysis based on the security vulnerability information to obtain the name of the vulnerability to be fixed of each server, further comprising:
judging whether the current time is the restoration time preset by the user;
if the current time is not the repair time preset by the user, acquiring the repair habit of the user; the repairing habit comprises repairing the loopholes exceeding a first set number of times and repairing the loopholes with the repairing time less than a first set time;
obtaining the name of the corresponding vulnerability according to the repair habit;
and if the current time is the repair time preset by the user, acquiring the name of the vulnerability of the server with the authority of the user.
3. The server vulnerability fixing method according to claim 1, wherein after obtaining the security vulnerability information of each server and performing semantic analysis/syntax analysis based on the security vulnerability information to obtain the name of the vulnerability to be fixed of each server, further comprising:
acquiring historical repair data of the loopholes, and extracting and repairing the loopholes exceeding a second set number of times to form a loophole set;
obtaining dimensions of all holes in the hole set; the dimensionality comprises the type of the vulnerability and a server to which the vulnerability belongs;
taking the dimension with the largest occurrence times as a target dimension, and sending a selection window like a user;
judging whether the user selects the target dimension;
if not, receiving a new repair dimension selected by a user;
and acquiring the name of the vulnerability corresponding to the new repairing dimension selected by the user.
4. The server vulnerability fixing method according to claim 1, wherein before obtaining the CVE number of the vulnerability according to the name of the vulnerability, the method further comprises:
acquiring a log of the bug repairing process and judging whether a repairing failure record exists or not;
if the record of the repair failure does not exist, judging whether the user selects the minimum upgrade version;
if the user does not select the minimum upgrade version, downloading a latest component installation package corresponding to the vulnerability from an yum database according to the vulnerability, and upgrading the component corresponding to the vulnerability by using the latest component installation package; the latest component installation package is capable of upgrading the component corresponding to the vulnerability to the latest version;
if the user selects the minimum upgrade version, executing the step of acquiring the CVE number of the bug corresponding to the repair dimension;
if the record of the repair failure exists, judging whether a new repair document is received;
if a new repairing document is received, performing word segmentation on the repairing document to obtain a keyword;
searching and downloading a corresponding component installation package in the yum database according to the keyword, and upgrading the component corresponding to the vulnerability by using the component installation package;
and if the new repairing document is not received, the repairing is suspended, and the vulnerability and the reason for suspending the repairing of the vulnerability are displayed at the front end.
5. The server vulnerability fixing method according to claim 1, wherein before searching a component update version number corresponding to the CVE number in a CVE database according to the CVE number of the vulnerability, the method further comprises:
sending a window with an option of updating or not updating to a user within a first preset time period so that the user can select; wherein the window is an operation instruction for the CVE database;
judging whether an instruction that a user selects updating or not is received;
if the instruction of the user is not received, the CVE database is synchronously updated according to the red cap official network;
if receiving an instruction of a user, judging the instruction to be updated or not updated;
if the instruction is updating, the CVE database is synchronously updated according to the red cap official network;
and if the command is not updated, stopping updating the CVE database.
6. The server bug fixing method according to claim 1, wherein after sending a download request to the preset dependency database to download a dependent component installation package and upgrading the dependent component by using the dependent component installation package, the method further comprises:
judging whether the bug is repaired successfully or not;
if the bug fixing fails, rolling back the bug to a state before fixing and marking the bug;
sending a command for marking repair failure to the dependency database and the yum database so as to mark the component installation package and the dependency component installation package corresponding to the vulnerability;
when the component installation package and the dependent component installation package corresponding to the vulnerability are marked for more than a third set number of times, generating an instruction for processing the component installation package and the dependent component installation package so as to facilitate manual processing of a user;
if the bug repairing is successful, judging whether an application failure signal sent by a server corresponding to the bug is received;
and if a signal of application failure sent by the server corresponding to the vulnerability is received, generating an instruction of whether to rollback or not for the user to select.
7. The server vulnerability fixing method according to claim 6, wherein if the vulnerability fixing fails, rolling back the vulnerability to a state before fixing further comprises:
recording a log and a repairing result of the repairing process of the vulnerability; when the repair result is a repair failure, the repair result further comprises a failure reason;
associating the log and the repair result of the repair process with the name of the bug, and storing the log and the repair result in a redis database;
and deleting the name of the bug stored before the second set time in the redis database and the log and the repairing result of the repairing process corresponding to the name of the bug in a third preset time period.
8. A bug fixing device of a server, comprising:
the acquisition module is used for acquiring security vulnerability information of each server and performing semantic analysis/syntax analysis based on the security vulnerability information to obtain the name of a vulnerability to be repaired of each server;
the CVE number module is used for obtaining the CVE number of the vulnerability according to the name of the vulnerability;
the first searching module is used for searching a component update version number corresponding to the CVE number in a CVE database according to the CVE number of the vulnerability;
the first upgrading module is used for downloading an assembly installation package corresponding to the assembly updating version number from an yum database according to the assembly updating version number and upgrading the assembly corresponding to the vulnerability by using the assembly installation package;
the second searching module is used for searching a dependent component corresponding to the component in a preset dependent database, wherein the component is the component corresponding to the vulnerability;
and the second upgrading module is used for sending a downloading request to the preset dependency database to download the dependency component installation package, upgrading the dependency component by using the dependency component installation package and completing the repair of the bug.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN202110944700.6A 2021-08-17 2021-08-17 Vulnerability restoration method and device for server and computer equipment Active CN113486362B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110944700.6A CN113486362B (en) 2021-08-17 2021-08-17 Vulnerability restoration method and device for server and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110944700.6A CN113486362B (en) 2021-08-17 2021-08-17 Vulnerability restoration method and device for server and computer equipment

Publications (2)

Publication Number Publication Date
CN113486362A true CN113486362A (en) 2021-10-08
CN113486362B CN113486362B (en) 2023-10-03

Family

ID=77945576

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110944700.6A Active CN113486362B (en) 2021-08-17 2021-08-17 Vulnerability restoration method and device for server and computer equipment

Country Status (1)

Country Link
CN (1) CN113486362B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573525A (en) * 2014-12-19 2015-04-29 中国航天科工集团第二研究院七〇六所 Special information service software vulnerability fixing system based on white lists
CN105893850A (en) * 2016-03-30 2016-08-24 百度在线网络技术(北京)有限公司 Bug fixing method and device
US20170034023A1 (en) * 2015-07-27 2017-02-02 Datagrid Systems, Inc. Techniques for evaluating server system reliability, vulnerability and component compatibility using crowdsourced server and vulnerability data
CN107480533A (en) * 2017-08-08 2017-12-15 深圳市腾讯计算机系统有限公司 A kind of method, apparatus and device of leak reparation
CN110334513A (en) * 2019-06-25 2019-10-15 广州嘉为科技有限公司 A kind of restorative procedure based on (SuSE) Linux OS loophole
CN111198694A (en) * 2018-11-20 2020-05-26 北京国双科技有限公司 Software installation method and device
CN111865927A (en) * 2020-06-24 2020-10-30 平安普惠企业管理有限公司 Vulnerability processing method and device based on system, computer equipment and storage medium
CN112230963A (en) * 2020-10-29 2021-01-15 北京字节跳动网络技术有限公司 Method and device for repairing security vulnerability, computer equipment and storage medium
CN112698846A (en) * 2020-12-30 2021-04-23 麒麟软件有限公司 Method and system for automatically installing patch in Linux system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573525A (en) * 2014-12-19 2015-04-29 中国航天科工集团第二研究院七〇六所 Special information service software vulnerability fixing system based on white lists
US20170034023A1 (en) * 2015-07-27 2017-02-02 Datagrid Systems, Inc. Techniques for evaluating server system reliability, vulnerability and component compatibility using crowdsourced server and vulnerability data
CN105893850A (en) * 2016-03-30 2016-08-24 百度在线网络技术(北京)有限公司 Bug fixing method and device
CN107480533A (en) * 2017-08-08 2017-12-15 深圳市腾讯计算机系统有限公司 A kind of method, apparatus and device of leak reparation
CN111198694A (en) * 2018-11-20 2020-05-26 北京国双科技有限公司 Software installation method and device
CN110334513A (en) * 2019-06-25 2019-10-15 广州嘉为科技有限公司 A kind of restorative procedure based on (SuSE) Linux OS loophole
CN111865927A (en) * 2020-06-24 2020-10-30 平安普惠企业管理有限公司 Vulnerability processing method and device based on system, computer equipment and storage medium
CN112230963A (en) * 2020-10-29 2021-01-15 北京字节跳动网络技术有限公司 Method and device for repairing security vulnerability, computer equipment and storage medium
CN112698846A (en) * 2020-12-30 2021-04-23 麒麟软件有限公司 Method and system for automatically installing patch in Linux system

Also Published As

Publication number Publication date
CN113486362B (en) 2023-10-03

Similar Documents

Publication Publication Date Title
US9940225B2 (en) Automated error checking system for a software application and method therefor
CN110321254B (en) Software version rollback method, device, server and storage medium
US7475286B2 (en) System and method for updating end user error reports using programmer defect logs
US8291405B2 (en) Automatic dependency resolution by identifying similar machine profiles
CN106815135B (en) Vulnerability detection method and device
US10289536B2 (en) Distinguishing public and private code in testing environments
CN111783103A (en) Dependency management method and device based on Maven, electronic device and storage medium
CN108847998B (en) Report monitoring method and device, computer equipment and storage medium
US20210056007A1 (en) Self-correcting dependent software upgrades
CN108874661B (en) Test mapping relation library generation method and device, computer equipment and storage medium
CN107992325B (en) Method for checking and comparing file information through feature codes
US20030088810A1 (en) Methods and apparatus for determining software component sizes associated with errors
CN108776643A (en) A kind of object code merging control method and system based on Version Control flow
US11544050B1 (en) Software patch automation
CN113642004A (en) Container mirror image security scanning and repairing method, device and equipment
US11422917B2 (en) Deriving software application dependency trees for white-box testing
CN106529281A (en) Executable file processing method and device
RU2004139189A (en) SUPPORT OF VERSION MANAGEMENT IN LANGUAGES AND INSTRUMENTAL TOOLS OF OBJECT-ORIENTED PROGRAMMING
CN107341110B (en) Tool for modifying and affecting range of software test positioning patch and implementation method
CN113486362A (en) Vulnerability repairing method and device for server and computer equipment
CN111865927A (en) Vulnerability processing method and device based on system, computer equipment and storage medium
CN115185821A (en) Version labeling method, system, equipment and storage medium in program test
CN110647344A (en) Vulnerability-containing software automatic updating method based on Internet
CN115599595B (en) Physical backup method based on distributed database
CN114595159B (en) Test data generation method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20230831

Address after: No. 122, Xingguo Avenue, Xingguo Town, Yangxin County, Huangshi City, Hubei Province, 435200

Applicant after: Hubei Yifeng Digital Technology Co.,Ltd.

Address before: 518000 Room 202, block B, aerospace micromotor building, No.7, Langshan No.2 Road, Xili street, Nanshan District, Shenzhen City, Guangdong Province

Applicant before: Shenzhen LIAN intellectual property service center

Effective date of registration: 20230831

Address after: 518000 Room 202, block B, aerospace micromotor building, No.7, Langshan No.2 Road, Xili street, Nanshan District, Shenzhen City, Guangdong Province

Applicant after: Shenzhen LIAN intellectual property service center

Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant before: PING AN PUHUI ENTERPRISE MANAGEMENT Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant