CN113709154B - Browser security processing method and device, computer equipment and storage medium - Google Patents
Browser security processing method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN113709154B CN113709154B CN202110993142.2A CN202110993142A CN113709154B CN 113709154 B CN113709154 B CN 113709154B CN 202110993142 A CN202110993142 A CN 202110993142A CN 113709154 B CN113709154 B CN 113709154B
- Authority
- CN
- China
- Prior art keywords
- target
- browser
- program
- verification
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a browser security processing method, a browser security processing device, computer equipment and a storage medium. The method comprises the following steps: obtaining a browser operation request, wherein the browser operation request comprises an operation object identifier; acquiring a target security check program corresponding to the browser operation request according to the browser operation request; determining a target operation object corresponding to the operation object identification according to the operation object identification; carrying out safety verification on the target operation object by adopting the target safety verification program to obtain a safety verification result; and executing the target browser operation matched with the security check result. The method can realize the safety check of the target operation object on one side of the browser or strengthen the safety of the browser, and ensure the safety of the browser.
Description
Technical Field
The present invention relates to the field of computer security technologies, and in particular, to a browser security processing method, a device, a computer device, and a storage medium.
Background
The browser is essential basic software of an operating system, the browser is in communication connection with the server, and a user can interact with the server through the browser, so that the user can acquire information services on the browser. The current browser has the following security problems: firstly, the safety protection of the information on the existing browser is generally based on the server, the safety protection is not carried out on one side of the browser, and when the server is broken, the information on the browser cannot guarantee the safety. Second, browser self security issues, including but not limited to uncontrollable browser plug-ins and browser extensions, large low-version browser kernel vulnerabilities, etc., can seriously affect the security of information on the browser.
Disclosure of Invention
The embodiment of the invention provides a browser security processing method, a browser security processing device, computer equipment and a storage medium, which are used for solving the problem that the security of information on the existing browser cannot be ensured.
A browser security processing method comprises the following steps:
obtaining a browser operation request, wherein the browser operation request comprises an operation object identifier;
acquiring a target security check program corresponding to the browser operation request according to the browser operation request;
Determining a target operation object corresponding to the operation object identification according to the operation object identification;
carrying out safety verification on the target operation object by adopting the target safety verification program to obtain a safety verification result;
and executing the target browser operation matched with the security check result.
A browser security processing apparatus comprising:
the operation request acquisition module is used for acquiring a browser operation request, wherein the browser operation request comprises an operation object identifier;
the verification program acquisition module is used for acquiring a target security verification program corresponding to the browser operation request according to the browser operation request;
the operation object acquisition module is used for determining a target operation object corresponding to the operation object identification according to the operation object identification;
the verification result acquisition module is used for carrying out safety verification on the target operation object by adopting the target safety verification program to acquire a safety verification result;
and the browser operation execution module is used for executing target browser operation matched with the security check result.
A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the browser security processing method described above when executing the computer program.
A computer readable storage medium storing a computer program which, when executed by a processor, implements the browser security processing method described above.
According to the browser safety processing method, the device, the computer equipment and the storage medium, the browser can receive different browser operation requests, different target safety verification programs are determined according to the browser operation requests, the target safety verification programs are adopted to carry out safety verification on target operation objects, safety verification results are obtained, and target browser operation matched with the safety verification results is executed, so that safety verification on the target operation objects or reinforcement on the safety of the browser are realized on one side of the browser, and the safety of the browser is ensured.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments of the present invention will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic view of an application environment of a browser security processing method according to an embodiment of the present invention;
FIG. 2 is a flowchart of a browser security processing method according to an embodiment of the present invention;
FIG. 3 is another flow chart of a browser security processing method in an embodiment of the present invention;
FIG. 4 is another flow chart of a browser security processing method in an embodiment of the present invention;
FIG. 5 is another flow chart of a browser security processing method in an embodiment of the present invention;
FIG. 6 is another flow chart of a browser security processing method in an embodiment of the present invention;
FIG. 7 is a schematic diagram of a browser security processing apparatus according to an embodiment of the present invention;
FIG. 8 is a schematic diagram of a computer device in accordance with an embodiment of the invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The browser security processing method provided by the embodiment of the invention can be applied to an application environment shown in fig. 1. The browser safety processing method is applied to a browser, the browser is in communication connection with a server so as to realize the basic function of information interaction on the browser between the browser and the server, and the browser safety processing method is executed on the browser, so that safety reinforcement of the browser can be realized, safety support is provided for network application on the browser, and information safety on the browser is guaranteed.
Understandably, as the functions and performances of the browser become more and more powerful, the HTML5 standard becomes more mature, so that the terminal software of the computer device essentially abandons the existing C/S architecture, and the browser is constructed by adopting a more flexible and convenient B/S architecture. Therefore, the browser security processing method can be applied to a browser constructed based on a B/S architecture and used for realizing security reinforcement of the browser.
In one embodiment, as shown in fig. 2, a method for processing security of a browser is provided, and the method is applied to the browser in fig. 1 for illustration, and includes the following steps:
s201: acquiring a browser operation request, wherein the browser operation request comprises an operation object identifier;
S202: according to the browser operation request, acquiring a target security check program corresponding to the browser operation request;
s203: determining a target operation object corresponding to the operation object identification according to the operation object identification;
s204: performing security check on the target operation object by adopting a target security check program to obtain a security check result;
s205: and executing the target browser operation matched with the security check result.
The browser operation request is an operation request triggered based on a browser interface. The browser operation request comprises a target request identifier, wherein the target request identifier is used for indicating a request type corresponding to the browser operation request. As an example, the target request identification may be any one of a web page access request, a file download request, a program change request, and a kernel update request. A web page access request is a request for accessing a particular web page. The program change request is a request for updating a browser add-on program, which here includes, but is not limited to, a browser plug-in and a browser extension. The file download request is a request for downloading a specific file. The kernel update request is a request for updating a browser kernel of a particular version.
The operation object identifier is an identifier for uniquely identifying an object to be operated when the browser operation request is triggered. In this example, the operation object identification corresponds to a browser operation request. For example, when the browser operation request is a web page access request, the operation object is identified as a target access URL, where the target access URL refers to a URL of a web page required to be accessed by the web page access request triggered at this time. For another example, when the browser operation request is a program change request, the operation target identifier is a target program identifier, and the target program identifier is a unique identifier of a processing program required for the program change request triggered this time. For another example, when the browser operation request is a file download request, the operation object identifier is a target file identifier, and the target file identifier is an identifier corresponding to a file to be downloaded in the current file download request. For another example, when the browser operation request is a kernel update request, the operation object identifier is a current kernel identifier, and the current kernel identifier is a unique identifier of a browser kernel of a version currently used by the browser.
In step S201, the browser may receive a browser operation request triggered by a user operating a browser interface, or may be based on a browser operation request triggered by a built-in timing update program, where the browser operation request may be, but is not limited to, any one of a web page access request, a file download request, a program change request, and a kernel update request, so that on one hand, in a process of communicating the browser with a server network, security verification may be performed on information on the browser on one side of the browser, so as to avoid that when the security protection of the server is broken, the security protection cannot be implemented on the information on the browser; on the other hand, the safety reinforcement of the browser can be realized.
The target security check program is a security check program matched with the browser operation request and used for being executed in the browser.
As an example, in step S202, the browser prestores configuration security check programs corresponding to different configuration request identifiers, which are preconfigured identifiers for indicating different request types, including, but not limited to, a web page access request identifier, a file download request identifier, a program change request identifier, and a kernel update request identifier. The configuration security check program is a program for realizing security check processing, which is set in advance for different configuration request identifications. In this example, after the browser obtains the browser operation request, the configuration security check program corresponding to the configuration request identifier matched with the browser operation request may be determined as the target security check program, so as to implement security check for different browser operation requests by adopting different target security check programs, which is helpful for guaranteeing security of browser operation.
As an example, in step S203, the browser determines, according to the operation object identifier, a target operation object corresponding to the operation object identifier, and specifically includes the following steps: (1) And acquiring an object acquisition channel corresponding to the operation object identifier according to the operation object identifier. In this example, the object acquisition channel is determined as a network acquisition channel and a local acquisition channel depending on the nature of whether communication with the server is required. For example, when the browser operation request is a web page access request, a file download request, and a kernel update request, since it needs to perform network communication with the server, its object acquisition channel may be determined as a network acquisition channel; when the browser operation request is a program change request and the browser is required to be communicated with a server, the object acquisition channel is a network acquisition channel; when the browser does not need to communicate with the server, the object acquisition channel is a local acquisition channel. (2) When the object acquisition channel corresponding to the operation object identifier is a network acquisition channel, the browser establishes a network communication link with the server, and acquires a target operation object corresponding to the operation object identifier from the server. For example, a target access web page corresponding to the target access URL is acquired from the server. (3) When the object acquisition channel corresponding to the operation object identifier is a local acquisition channel, the browser can acquire the target operation object corresponding to the operation object identifier from the local memory. For example, when the target additional program corresponding to the current kernel identification is stored in the local memory in advance, the target additional program may be acquired from the local memory.
As an example, in step S204, the browser may use target security check programs corresponding to different browser operation requests to perform security check on the target operation object obtained from the server or the local memory, and obtain the security check result, so as to implement security check on the target operation object on the browser side or secure the browser itself.
As an example, in step S205, after the browser obtains the security check result corresponding to the target operation object, the browser may execute the target browser operation matched with the security check result, so as to implement security protection on the target operation object on the browser side. For example, when the security check result is that the verification is passed, the browser may determine that the verification is passed through the corresponding first browser operation as a target browser operation, and execute the target browser operation, so as to ensure that the security operation is performed on the target operation object on the browser side. For another example, when the security check result is that the verification fails, the browser may determine that the verification fails through the corresponding second browser operation as the target browser operation, and execute the target browser operation to remind the user through the browser interface, where there is a security risk in operating the target operation object.
According to the browser security processing method provided by the embodiment, different browser operation requests can be received by the browser, different target security verification programs are determined according to the browser operation requests, the target operation objects are subjected to security verification by the target security verification programs, security verification results are obtained, and target browser operations matched with the security verification results are executed, so that the purpose of carrying out security verification on the target operation objects on one side of the browser or reinforcing the security of the browser is achieved, and the security of the browser is guaranteed.
In one embodiment, as shown in fig. 3, a method for processing security of a browser is provided, and the method is applied to the browser in fig. 1 for illustration, and includes the following steps:
s301: acquiring a webpage access request, wherein the webpage access request comprises a target access URL;
s302: acquiring a webpage security check program corresponding to the webpage access request according to the webpage access request;
s303: acquiring a target access webpage corresponding to the target access URL according to the target access URL;
s304: performing security verification on the target access webpage by adopting a webpage security verification program to obtain a webpage verification result;
s305: if the webpage verification result is that verification is passed, displaying a target access webpage;
S306: and if the verification result of the webpage is that the verification is not passed, displaying access refusal information.
Step S301 is an embodiment of step S201, step S302 is an embodiment of step S202, step S303 is an embodiment of step S203, step S304 is an embodiment of step S204, and step S305 and step S306 are an embodiment of step S205.
As an example, in step S301, the browser may receive a web page access request triggered by the user operating the browser interface, for example, the user clicking a specific key or link in the browser interface may trigger the web page access request based on a target access URL corresponding to the specific key or link. It is understood that the web page access request is one of browser operation requests, and is a request for implementing interaction with a server to implement web page access.
As an example, in step S302, the browser may query the browser memory according to the web page access request identifier corresponding to the web page access request, so as to determine the web page security check program for implementing security check on the specific web page. It is understood that the web page security check program is one of target security check programs, and is a program for implementing security check on a specific web page.
As an example, in step S303, the browser establishes a network communication link with the server to send a web page access request carrying a target access URL to the server, so that the server returns the target access web page corresponding to the target access URL. It is understood that the target access webpage is one of target operation objects, and is a webpage that needs to be subjected to security verification by adopting a webpage security verification program.
As an example, in step S304, the browser may execute a web page security check program to perform security check on the target access web page returned by the server, so as to determine whether the target access web page is a malicious web page, thereby obtaining a web page check result. In this example, if the target access webpage is a malicious webpage, the webpage verification result is that verification is not passed; if the target access webpage is not a malicious webpage, the webpage verification result is that verification is passed. Understandably, the webpage verification result is one of security verification results, and is used for reflecting whether the target access webpage is a malicious webpage or not, so as to avoid security risks existing in accessing the malicious webpage.
As an example, in step S305, when the verification result of the web page is that the verification is passed, the browser determines that the target access web page is not a malicious web page, so that the target access web page can be normally displayed on the browser interface, so as to implement security verification on the target access web page on the browser side, and ensure security of the target access web page finally displayed.
As an example, in step S306, when the verification result of the web page is that the verification fails, the browser identifies the target access web page as a malicious web page, and the malicious web page is not displayed on the browser interface, but access refusing information for reminding the target access web page of being a malicious web page is displayed, so as to avoid security risks caused by displaying the malicious web page by the browser.
According to the browser security processing method, whether the target access webpage is a malicious webpage or not is checked safely by adopting the webpage security checking program on one side of the browser, so that the browser interface is ensured to only display the target access webpage which passes the checking, and not to display the malicious webpage which does not pass the checking, and the security of displaying webpage content on the browser is realized.
In one embodiment, step S304, namely, adopting a web page security check program to perform security check on the target access web page, obtains a web page check result, specifically includes the following steps:
s3041: inquiring a malicious webpage database based on the target access URL, and judging whether the existing malicious webpage corresponding to the target access URL exists or not;
s3042: if the existing malicious webpage corresponding to the target access URL exists, acquiring a webpage verification result which is not passed by verification;
S3043: if the existing malicious webpage corresponding to the target access URL does not exist, acquiring a target webpage code corresponding to the target access webpage;
s3044: performing malicious code verification on the target webpage code to obtain a code verification result;
s3045: and acquiring a webpage verification result according to the code verification result.
The malicious webpage database is a preset database for storing the existing malicious webpages. Existing malicious web pages refer to malicious web pages that were collected and stored in a malicious web page database prior to the current time of the system.
As an example, in step S3041, the browser may query the malicious web page database based on the target access URL to perform matching processing on the target access URL and the existing access URLs corresponding to all the existing malicious web pages, and determine whether there is an existing access URL matching the target access URL; if the existing access URL matched with the target access URL exists, the existing malicious webpage corresponding to the target access URL is determined to exist; if the existing access URL matched with the target access URL does not exist, the existing malicious webpage corresponding to the target access URL is determined to exist, and whether the target access URL is the existing malicious webpage or not is judged.
As an example, in step S3042, when the existing malicious web page corresponding to the target access URL exists, the browser identifies the target access web page corresponding to the target access URL as the existing malicious web page, and may directly obtain the web page verification result that is not verified, so as to directly display the access refusing information on the browser interface.
As an example, in step S3043, when the existing malicious web page corresponding to the target access URL does not exist, the browser determines that the target access web page corresponding to the target access URL is not the existing malicious web page, and in order to further ensure the security of the target access web page, the source code corresponding to the target access web page needs to be determined as the target web page code corresponding to the target access web page, so that the security check is performed on the target web page code to determine whether the target access web page is a malicious web page.
As an example, in step S3044, the browser may use a pre-configured code verification tool to perform malicious code verification on the target web page code, and obtain a code verification result, so as to determine the web page verification result according to the code verification result. In this example, the code verification tool is a detection tool formed based on code features of Trojan, virus, security hole or other malicious codes existing before the current time of the system, and can realize targeted detection on whether the code features exist in the target webpage code, so as to obtain a code verification result.
Further, in step S3044, the browser performs malicious code verification on the target webpage code to obtain a code verification result, which specifically includes: (1) And extracting key feature source codes corresponding to the N key feature labels from the target webpage codes. The key feature tag can be a feature tag which is extracted by adopting a big data technology in advance and used for identifying malicious codes or pointing to page skip. For example, the key feature tag may be a code feature for an existing Trojan, virus, security hole, or other malicious code, or a tag for pointing to a page jump. (2) And verifying the key feature source codes corresponding to the key feature labels by adopting a code verification tool corresponding to the key feature labels, and obtaining code feature verification results corresponding to each key feature label. (3) And acquiring a code verification result based on the code feature verification results corresponding to the N key feature labels. For example, if the code feature verification results corresponding to the N key feature tags are all verified, the obtained code verification result is that no malicious code exists; if at least one code feature verification result corresponding to the N key feature labels is not passed, the obtained code verification result is that malicious codes exist.
For example, the browser may identify whether there is a key feature source code corresponding to a key feature tag for pointing to a Trojan, a virus, or a security hole from the target webpage code; if the key feature source codes corresponding to key feature labels for pointing to the existing Trojan, virus, security hole or other malicious codes exist, the target webpage codes are determined to contain the existing Trojan, virus, security hole or other malicious codes, and code verification results which are not passed by verification are obtained. For another example, the browser may identify from the target web page code whether there is a key feature tag for pointing to a page jump; if the key feature label for pointing to page skip exists, acquiring the key feature source code corresponding to the key feature label as a URL to be skipped, inquiring a malicious webpage database based on the URL to be skipped, and if the existing malicious webpage corresponding to the URL to be skipped exists, acquiring a code verification result which is not passed by verification; and if the existing malicious webpage corresponding to the URL to be skipped does not exist, acquiring a code verification result passing the verification.
As an example, in step S3045, when the code verification result is that no malicious code exists, the browser obtains a webpage verification result passing the verification; and when the code verification result is that malicious codes exist, acquiring a webpage verification result which is not passed by verification.
It is understood that if the code verification result is that malicious code exists, the target access URL may be determined to be a malicious webpage, and the target access URL may be stored in a malicious webpage database, so as to be used as an existing malicious webpage, and perform security verification on a subsequent webpage access request.
The browser security processing method provided by the embodiment can be based on the existing malicious webpage in the malicious webpage database, or the malicious code verification is performed on the target webpage code, so that double security verification is performed on the target webpage code, and the security of the target webpage code is guaranteed.
In one embodiment, step S304, that is, if the verification result of the web page is that the verification is passed, displays the target access web page, includes:
s3041: if the webpage verification result is that verification is passed, at least one webpage resource file corresponding to the target access webpage is obtained;
s3042: carrying out compatibility verification on the webpage resource file to obtain a compatibility verification result corresponding to the webpage resource file;
s3043: if the compatibility verification results corresponding to all the webpage resource files are verified, displaying original webpage contents corresponding to the webpage resource files;
s3044: if the compatibility verification result corresponding to the webpage resource file is that the verification is not passed, updating the webpage resource file by adopting a target replacement rule, acquiring an updated resource file, and displaying updated webpage content corresponding to the updated resource file.
The web page resource files refer to resource files corresponding to the target access web page, and for example, the web page resource files may include, but are not limited to, various JavaScript scripts.
As an example, in step S3041, when the verification result of the web page is that the verification is passed, the browser determines that the target access web page is not a malicious web page, and may display the target access web page, and in the process of displaying the target access web page, at least one web page resource file corresponding to the target access web page needs to be loaded and acquired.
As an example, in step S3042, when the browser obtains at least one web resource file, compatibility verification needs to be performed, which specifically includes: (1) And acquiring a current system architecture corresponding to the browser and a file system architecture corresponding to the webpage resource file. The current system architecture corresponding to the browser can be a B/S architecture or a C/S architecture. The file system architecture corresponding to the webpage resource file refers to a system architecture corresponding to the edited webpage resource file, and the file system architecture can be a B/S architecture or a C/S architecture. (2) And if the current system architecture is the same as the file system architecture, acquiring a compatible verification result passing the verification. (3) And if the current system architecture and the file system architecture are different, acquiring a compatible verification result which is not passed by verification.
As an example, in step S3043, when the compatibility verification results corresponding to all the web page resource files are verification passing, the browser recognizes that the current system architecture of the browser is the same as the file system architecture, so that the original web page content corresponding to the web page resource files can be directly displayed on the browser, and the problem of incompatibility does not exist, thereby being helpful to ensure the page display effect of the target access web page.
As an example, in step S3044, when the compatibility verification result corresponding to the existing web resource file is that the verification fails, the browser determines that the current system architecture of the browser is different from the file system architecture, and may determine the target replacement rule according to the current system architecture and the file system architecture; replacing the webpage resource file by adopting a target replacement rule to acquire an updated resource file; and displaying updated webpage content corresponding to the updated resource file on the browser interface. The target replacement rule is used for modifying the webpage resource file corresponding to the file system architecture so as to adapt to the replacement rule displayed by the browser of the current system architecture. For example, the specific tag XX is used to represent page skip in the current system architecture, the specific tag YY is used to represent page skip in the file system architecture, and when the browser of the current system architecture obtains the web page resource file corresponding to the file system architecture, the specific tag YY cannot be identified to perform page skip, so that the specific tag YY in the web page resource file needs to be converted into the specific tag XX by adopting the target replacement rule to obtain the updated resource file, and the content corresponding to the specific tag XX in the updated resource file can be loaded and displayed by the browser of the current system architecture to ensure the display effect of the browser.
In one embodiment, as shown in fig. 4, a method for processing security of a browser is provided, and the method is applied to the browser in fig. 1 for illustration, and includes the following steps:
s401: acquiring a file downloading request, wherein the file downloading request comprises a target file identifier;
s402: acquiring a file security check program corresponding to the file downloading request according to the file downloading request;
s403: acquiring a target downloading file corresponding to the target file identifier according to the target file identifier;
s404: carrying out security check on the target downloaded file by adopting a file security check program to obtain a file check result;
s405: if the file verification result is that the verification is passed, downloading the target downloading file to the target position;
s406: and if the file verification result is that the verification is not passed, displaying file risk information.
Step S401 is an embodiment of step S201, step S402 is an embodiment of step S202, step S403 is an embodiment of step S203, step S404 is an embodiment of step S204, and step S405 and step S406 are an embodiment of step S205.
As an example, in step S401, the browser may receive a file download request triggered by the user operating the browser interface, for example, the user clicks a specific file download button in the browser interface, and may trigger the file download request based on the target file identifier associated with the file download button. It is understood that the file download request is one of browser operation requests, and is a request for implementing interaction with a server to implement file download.
As an example, in step S402, the browser may query the browser memory according to the file download request identifier corresponding to the file download request to determine a file security check program for implementing security check on the specific file. It is understood that the file security verification program is one of target security verification programs, and is a program for implementing security verification on a specific file.
As an example, in step S403, the browser establishes a network communication link with the server to send a file download request carrying the target file identifier to the server, so that the server returns the target download file corresponding to the target file identifier. It can be understood that the target downloaded file is one of target operation objects, and is a file downloaded from a server through a browser according to a user requirement, and is a file that needs to be checked through a file security check program.
As an example, in step S404, the browser may execute a file security check program to perform security check on the target download file returned by the server, so as to determine whether the target download file is a high risk file, thereby obtaining a file check result. In this example, if the target downloaded file is a high risk file, the file verification result is that the verification is not passed; if the target downloaded file is not the high risk file, the file verification result is verification pass. It is understood that the file verification result is one of the security verification results, and is used for reflecting whether the target downloaded file is a high risk file, so as to avoid downloading to the target downloaded file with higher risk. High risk files herein refer to files that are at a higher security risk.
As an example, in step S405, when the file verification result is that the verification is passed, the browser determines that the target downloaded file is not a high risk file, and may enable the user to operate the browser interface to download the target downloaded file to a target position, where the target position is a spatial position designated by the user for storing the target downloaded file, so as to ensure the security of the target downloaded file downloaded through the browser, and further ensure the information security on the browser.
As an example, in step S406, when the file verification result is that the verification fails, the browser identifies the target download file as a high risk file, and displays file risk information for reminding the target download file of being the high risk file on the browser interface, so as to avoid security risk caused by downloading the high risk file by the browser.
According to the browser security processing method, the security check program is adopted on one side of the browser to check whether the target downloading file is the high-risk file or not, so that the browser can only download the target downloading file with low risk and cannot download the target downloading file with high risk, and the security of downloading the browser file is guaranteed.
In one embodiment, step S404, namely, performing security check on the target downloaded file by using the file security check program, obtains a file check result, includes:
s4041: acquiring file description information corresponding to a target download file;
s4042: carrying out security verification on the file description information to obtain a description verification result;
s4043: if the description verification result is that the verification is passed, performing full-text scanning verification on the target downloaded file to obtain a full-text verification result;
s4044: if the full text verification result is verification passing, acquiring a file verification result of verification passing;
s4045: if the description verification result is that the verification is not passed or the full text verification result is that the verification is not passed, obtaining a file verification result that the verification is not passed.
The file description information corresponding to the target download file is information extracted from the target download file and used for briefly describing the target download file.
As an example, in step S4041, when the browser obtains the target download file from the server, the browser may scan the file content corresponding to the identification description information tag, and determine the file description information corresponding to the target download file. The descriptive information tag is a pre-configured tag for pointing to a tag associated with the file descriptive information, e.g., a summary tag in the target download file.
As an example, in step S4042, the browser may perform character string matching on the file description information of the target download file by using a character string matching algorithm to determine whether the file description information contains high risk characters, thereby obtaining the description verification result. The high-risk character is a preset character used for identifying a high risk.
As an example, in step S4043, when the description verification result is verification, the browser determines that the extracted file description information does not include the high-risk character with higher risk, and at this time, the full-text scan may be performed on the target downloaded file to determine whether the high-risk character with higher risk is included, so as to obtain the full-text verification result.
As an example, in step S4044, when the full text verification result is verification, that is, the full text of the target downloaded file does not include the high risk character with higher risk, the browser may obtain the verification result of the file with verification.
As an example, in step S4045, when the description verification result is that verification fails, the browser determines that the extracted file description information includes high-risk characters with higher risk, and at this time, the file verification result that the verification fails can be directly obtained, so as to ensure the obtaining efficiency of the file verification result. Or when the description verification result is that the verification is passed but the full text verification is not passed, namely when the full text of the target downloaded file contains high-risk characters with higher risk, the file verification result that the verification is not passed is obtained, so that the comprehensiveness and the accuracy of the file verification result are ensured.
In one embodiment, as shown in fig. 5, a method for processing security of a browser is provided, and the method is applied to the browser in fig. 1, and includes the following steps:
s501: acquiring a program change request, wherein the program change request comprises a target program identifier and a program change type;
s502: acquiring a program security check program corresponding to the program change request according to the program change request;
s503: acquiring a target additional program corresponding to the target program identifier according to the target program identifier;
s504: performing security verification on the target additional program by adopting a program security verification program to obtain a program verification result;
s505: if the program verification result is that the verification is passed, executing a change operation corresponding to the program change type on the target additional program;
s506: and if the program verification result is that the verification is not passed, displaying the program risk information.
Step S501 is an embodiment of step S201, step S502 is an embodiment of step S202, step S503 is an embodiment of step S203, step S504 is an embodiment of step S204, and step S505 and step S506 are an embodiment of step S205.
As an example, in step S501, the browser may receive a program change request triggered by the user operating the browser interface, for example, the user clicks a program editing button in the browser interface, enters a program editing interface corresponding to the program editing button, inputs a target program identifier and a program change type in the program editing interface, and triggers the program change request. It is understood that the program change request is one of browser operation requests, and is a request for realizing a program change. The target program identification is an identification for uniquely pointing to a specific browser additional program. The browser additional program herein includes programs such as a browser plug-in and a browser extension. The program change type refers to change types such as addition, deletion, and modification.
As an example, in step S502, the browser may query the browser memory according to the program change request identifier corresponding to the program change request to determine a program security check program for implementing security check on the additional program of the browser corresponding to the program change request. It is to be understood that the program security check program is one of target security check programs, and is a program for implementing security check on the browser additional program.
As an example, in step S503, the browser may directly obtain the target additional program corresponding to the target program identifier from the local memory, or may establish a network communication link with the server, and obtain the target additional program corresponding to the target program identifier from the server. It is understood that the target additional program is one of target operation objects, is a browser additional program corresponding to the target program identifier, and is a file that needs to be checked by the program security check program.
As an example, in step S504, the browser may execute the program security check program to perform security check on the target additional program to determine whether the target additional program is a high risk additional program, thereby obtaining a program verification result. In this example, if the target additional program is a high-risk additional program, the program verification result is that the verification is not passed; if the target additional program is not the high-risk additional program, the program verification result is verification passing. It can be understood that the program verification result is one of the security verification results, and is used for reflecting whether the target additional program is a high-risk additional program, so as to avoid the problem that the browser has higher security risk caused by loading the target additional program with higher risk into the browser. The high-risk additional program herein refers to an additional program with a higher security risk.
As an example, in step S504, the browser adopts a program security check program to perform security check on the target additional program, and obtains a program verification result, which specifically includes: if the program change type is the deletion type, directly acquiring a program verification result passing verification; if the program change type is the add-on type or the modify type, the program security check program is adopted to perform security check on the target additional program, so that a program check result is obtained, and the security check on the target additional program of the delete type is not needed, thereby being beneficial to saving browser resources.
As an example, in step S505, when the program verification result is verification pass, the browser recognizes that the target additional program is not a high risk additional program, and at this time, performs a change operation corresponding to the program change type on the target additional program. That is, if the program change type is the add-on type, the target add-on program is added to the browser; if the program change type is a deletion type, deleting the target additional program from the browser; if the program change type is the modification type, replacing the corresponding existing additional program on the browser with the target additional program. Understandably, when the program verification result is that the verification is passed, a change operation corresponding to the program change type is performed on the target additional program, so as to ensure the safety of passing the target additional program on the browser.
As an example, in step S506, when the program verification result is that the verification fails, the browser identifies the target additional program as the high-risk additional program, and displays program risk information for reminding the target additional program of being the high-risk additional program on the browser interface, so as to avoid that the target additional program with higher browser risk causes higher security risk.
According to the browser security processing method provided by the embodiment, the security check program is adopted on one side of the browser to check whether the target additional program is the high-risk additional program, and only the target additional program with lower security risk is executed to perform the changing operation matched with the program changing type so as to ensure the security of the target additional program in the browser.
In one embodiment, in step S504, a program security check program is used to perform security check on the target additional program, and the obtaining of the program verification result includes:
s5041: acquiring a program version identifier corresponding to the target additional program, and inquiring a blacklist library and a whitelist library based on the program version identifier;
s5042: if a blacklist additional program corresponding to the program version identification exists in the blacklist library, a program verification result which is not passed by verification is obtained;
S5043, if a white list additional program corresponding to the program version identification exists in the white list library, acquiring a program verification result passing verification;
s5044: if the blacklist additional program corresponding to the program version identification does not exist in the blacklist library and the whitelist additional program corresponding to the program version identification does not exist in the whitelist library, performing online safety check on the target additional program to obtain a program check result.
Wherein the program version identification is an identification for uniquely identifying the target additional program. The blacklist library is a database for storing blacklist additional programs with high security risks. The white list library is a database for storing white list additional programs with low security risks.
As an example, in step S5041, the browser may acquire a program version identifier corresponding to the target additional program, where the program version identifier may uniquely point to a specific target additional program. And then, respectively inquiring a blacklist library and a whitelist library by using the program version identifier corresponding to the target additional program to determine whether the target additional program is the blacklist additional program or the whitelist additional program.
As an example, in step S5042, when there is a blacklist additional program corresponding to the program version identifier in the blacklist library, that is, when the target additional program is the blacklist additional program in the blacklist library, the browser may directly obtain the program verification result that the verification is failed.
As an example, in step S5043, when there is a white list additional program corresponding to the program version identifier in the white list library, that is, when the target additional program is the white list additional program in the white list library, the browser may directly obtain the program verification result that passes the verification.
As an example, in step S5044, when there is no blacklist additional program corresponding to the program version identifier in the blacklist library and there is no whitelist additional program corresponding to the program version identifier in the whitelist library, that is, the target additional program is not the blacklist additional program or the whitelist additional program, an online security check program may be adopted to perform online security check on the target additional program, so as to obtain a program check result, so as to determine whether to execute a change operation corresponding to the program change type according to the program check result.
In this example, the browser adopts an online security check program to perform online security check on the target additional program, and obtains a program check result, which specifically includes: and inquiring a program version database according to the program version identifier corresponding to the target additional program, and acquiring in-library program information corresponding to the program version identifier, wherein the in-library program information refers to program information stored in the program version database and associated with the program version identifier, and comprises, but is not limited to, a program certificate, a program source, a program change identifier and the like. Matching the in-library program information with target program information corresponding to a target additional program to obtain a program information matching result; if the program information matching result is that the information is consistent, acquiring a program verification result passing verification; if the program information matching result is that the information is inconsistent, a program verification result which is not passed by verification is obtained.
Understandably, a black-and-white list mechanism corresponding to the browser additional program such as a browser plug-in and a browser extension can be adopted, and the browser is adopted to carry out black-and-white name single-tube control on the browser plug-in and the browser extension so as to ensure the safety of the browser additional program.
In one embodiment, as shown in fig. 6, a method for processing security of a browser is provided, and the method is applied to the browser in fig. 1, and includes the following steps:
s601: acquiring a kernel update request, wherein the kernel update request comprises a current kernel identifier;
s602: according to the kernel update request, acquiring a kernel security check program corresponding to the kernel update request;
s603: acquiring a target browser kernel corresponding to the current kernel identifier according to the current kernel identifier;
s604: performing security verification on the kernel of the target browser by adopting a kernel security verification program to obtain a kernel verification result;
s605: if the kernel verification result is that the verification is passed, updating the current browser kernel by adopting the target browser kernel;
s606: if the kernel verification result is that the verification is not passed, maintaining the current browser kernel.
Step S601 is an embodiment of step S201, step S602 is an embodiment of step S202, step S603 is an embodiment of step S203, step S604 is an embodiment of step S204, and step S605 and step S606 are an embodiment of step S205.
As an example, in step S601, the browser may receive a kernel update request triggered manually by a user, or according to a timing update task built in the browser, when the current time of the system is the timing update time, or when the time difference between the current time of the system and the release time of the current browser kernel is greater than the target time difference, the kernel update request is triggered automatically. It is understood that the kernel update request is one of browser operation requests, and is a request for implementing update of the browser kernel. The current kernel identification is a version identification for uniquely pointing to the current browser kernel.
As an example, in step S602, the browser may query the browser memory according to the kernel update request identifier corresponding to the kernel update request to determine a kernel security check program for implementing security check on the browser kernel. It is understood that the kernel security check program is one of target security check programs, and is a program for implementing security check on the browser kernel, where the kernel security check program may be a conventional security check program.
As an example, in step S603, the browser may obtain current kernel information corresponding to the current kernel identifier according to the current kernel identifier corresponding to the current browser kernel, and determine the release time of the current browser kernel in the current kernel information as the current release time; then, at least one browser kernel with the release time after the current release time is determined as a target browser kernel. The target browser kernel is one of target operation objects, is a browser additional program corresponding to the current kernel identification, and is a browser kernel of a specific version which needs to be subjected to security verification by adopting a kernel security verification program.
As an example, in step S604, the browser may execute a kernel security check program to perform security check on the target browser kernels, and obtain a security risk score corresponding to each target browser kernel. If the security risk score is larger than the target risk threshold, the risk of the target browser kernel is higher, and a kernel verification result which is not passed by verification is obtained. If the security risk score is not greater than the target risk threshold, the risk of the target browser is lower, and a kernel verification result passing verification is obtained.
For example, the browser executing kernel security check program performs security check on the target browser kernel, specifically may perform security check on the target browser kernel based on K target evaluation indexes, to obtain an index risk value corresponding to each target evaluation index; and then weighting the index risk values corresponding to the K target evaluation indexes to obtain the security risk scores corresponding to the target browser kernels.
As an example, in step S605, when the kernel verification result is verification, the browser identifies that the risk of the target browser kernel is low, and the release time of the target browser kernel is after the release time of the current browser kernel, which can be understood as a newer browser kernel, and the browser itself is safe and has better various performances, so that the target browser kernel can be used to update the current browser kernel, so that the security of the browser itself can be ensured by using the target browser kernel.
As an example, in step S606, when the kernel verification result is that the verification fails, the browser determines that the target browser kernel risk is higher, that is, the target browser kernel risk of the release time after the current release time of the current browser kernel is higher, and in order to ensure the security of the browser, the current browser kernel is not updated by the target browser kernel, so as to achieve the purpose of ensuring the security of the browser.
According to the browser security processing method, the kernel security verification program is adopted on one side of the browser to carry out security verification on the target browser kernel, and the current browser kernel is updated only by adopting the target browser kernel which is low in security risk and has release time after the current release time, so that the purpose of guaranteeing the security of the browser is achieved.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present invention.
In an embodiment, a browser security processing apparatus is provided, where the browser security processing apparatus corresponds to the browser security processing method in the above embodiment one by one. As shown in fig. 7, the browser security processing apparatus includes a browser operation request acquisition module 701, a security check program acquisition module 702, a target operation object acquisition module 703, a security check result acquisition module 704, and a browser operation execution module 705. The functional modules are described in detail as follows:
A browser operation request obtaining module 701, configured to obtain a browser operation request, where the browser operation request includes an operation object identifier;
a security check program obtaining module 702, configured to obtain, according to the browser operation request, a target security check program corresponding to the browser operation request;
a target operation object obtaining module 703, configured to determine, according to the operation object identifier, a target operation object corresponding to the operation object identifier;
a security check result obtaining module 704, configured to perform security check on the target operation object by using a target security check program, to obtain a security check result;
the browser operation execution module 705 is configured to execute a target browser operation that matches the security check result.
Preferably, the browser operation request acquisition module 701 includes:
the webpage access request acquisition unit is used for acquiring a webpage access request, wherein the webpage access request comprises a target access URL;
the security check program acquisition module 702 includes:
the webpage security check program acquisition unit is used for acquiring a webpage security check program corresponding to the webpage access request according to the webpage access request;
the target operation object acquisition module 703 includes:
The target access webpage acquisition unit is used for acquiring a target access webpage corresponding to the target access URL according to the target access URL;
the security check result obtaining module 704 includes:
the webpage verification result acquisition unit is used for carrying out safety verification on the target access webpage by adopting a webpage safety verification program to acquire a webpage verification result;
the browser operation execution module 705 includes:
the target access webpage display unit is used for displaying the target access webpage if the webpage verification result is that verification is passed;
and the access refusal information display unit is used for displaying the access refusal information if the verification result of the webpage is that the verification is not passed.
Preferably, the web page verification result obtaining unit includes:
the webpage resource file acquisition subunit is used for acquiring at least one webpage resource file corresponding to the target access webpage if the webpage verification result is that verification is passed;
the compatibility verification result acquisition subunit is used for carrying out compatibility verification on the webpage resource file and acquiring a compatibility verification result corresponding to the webpage resource file;
the original webpage content display subunit is used for displaying the original webpage content corresponding to the webpage resource file if the compatibility verification results corresponding to all the webpage resource files are verified;
And the updated webpage content display subunit is used for updating the webpage resource file by adopting the target replacement rule if the compatibility verification result corresponding to the webpage resource file is that the verification is not passed, acquiring the updated resource file and displaying the updated webpage content corresponding to the updated resource file.
Preferably, the browser operation request acquisition module 701 includes:
the file downloading request acquisition unit is used for acquiring a file downloading request, wherein the file downloading request comprises a target file identifier;
the security check program acquisition module 702 includes:
the file security check program acquisition unit is used for acquiring a file security check program corresponding to the file downloading request according to the file downloading request;
the target operation object acquisition module 703 includes:
the target download file acquisition unit is used for acquiring a target download file corresponding to the target file identifier according to the target file identifier;
the security check result obtaining module 704 includes:
the file verification result acquisition unit is used for carrying out security verification on the target downloaded file by adopting a file security verification program to acquire a file verification result;
the browser operation execution module 705 includes:
the target download file downloading unit is used for downloading the target download file to the target position if the file verification result is that the verification is passed;
And the file risk information display unit is used for displaying the file risk information if the file verification result is that the verification is not passed.
Preferably, the browser operation request acquisition module 701 includes:
a program change request obtaining unit, configured to obtain a program change request, where the program change request includes a target program identifier and a program change type;
the security check program acquisition module 702 includes:
the program security check program acquisition unit is used for acquiring a program security check program corresponding to the program change request according to the program change request;
the target operation object acquisition module 703 includes:
the target additional program acquisition unit is used for acquiring a target additional program corresponding to the target program identifier according to the target program identifier;
the security check result obtaining module 704 includes:
the program verification result acquisition unit is used for carrying out safety verification on the target additional program by adopting a program safety verification program to acquire a program verification result;
the browser operation execution module 705 includes:
the change operation execution unit is used for executing the change operation corresponding to the program change type on the target additional program if the program verification result is that the verification is passed;
And the program risk information display unit is used for displaying program risk information if the program verification result is that the verification is not passed.
Preferably, the browser operation request acquisition module 701 includes:
the kernel updating request acquisition unit is used for acquiring a kernel updating request, wherein the kernel updating request comprises a current kernel identifier;
the security check program acquisition module 702 includes:
the kernel security check program acquisition unit is used for acquiring a kernel security check program corresponding to the kernel update request according to the kernel update request;
the target operation object acquisition module 703 includes:
the target browser kernel acquisition unit is used for acquiring a target browser kernel corresponding to the current kernel identifier according to the current kernel identifier;
the security check result obtaining module 704 includes:
the kernel verification result acquisition unit is used for carrying out safety verification on the kernel of the target browser by adopting a kernel safety verification program to acquire a kernel verification result;
the browser operation execution module 705 includes:
the browser kernel updating unit is used for updating the current browser kernel by adopting the target browser kernel if the kernel verification result is that the verification is passed;
the browser kernel maintaining unit is used for maintaining the current browser kernel if the kernel verification result is that the verification is not passed.
For specific limitations of the browser security processing apparatus, reference may be made to the above limitation of the browser security processing method, and no further description is given here. The above-described respective modules in the browser security processing apparatus may be implemented in whole or in part by software, hardware, or a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 8. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing data adopted or generated in the process of executing the browser security processing method. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a browser security processing method.
In one embodiment, a computer device is provided, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements the browser security processing method in the foregoing embodiment when executing the computer program, for example, S201-S205 shown in fig. 2, or S201-S205 shown in fig. 3-6, which are not repeated herein. Alternatively, the processor may implement the functions of each module/unit in this embodiment of the browser security processing apparatus when executing the computer program, for example, the functions of the browser operation request acquiring module 701, the security check program acquiring module 702, the target operation object acquiring module 703, the security check result acquiring module 704, and the browser operation executing module 705 shown in fig. 7, which are not described herein again for avoiding repetition.
In an embodiment, a computer readable storage medium is provided, and a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the method for processing browser security in the above embodiment is implemented, for example, S201-S205 shown in fig. 2, or S201-S205 shown in fig. 3-6, which are not repeated herein. Alternatively, the functions of each module/unit in the above embodiment of the browser security processing apparatus are implemented when the computer program is executed by the processor, for example, the functions of the browser operation request acquiring module 701, the security check program acquiring module 702, the target operation object acquiring module 703, the security check result acquiring module 704, and the browser operation executing module 705 shown in fig. 7 are not repeated here.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions.
The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention, and are intended to be included in the scope of the present invention.
Claims (10)
1. A browser security processing method, comprising:
obtaining a browser operation request, wherein the browser operation request comprises an operation object identifier;
According to the browser operation request, determining a configuration security check program corresponding to a configuration request identifier matched with the browser operation request as a target security check program corresponding to the browser operation request; the configuration request identifier is a preconfigured identifier for indicating different request types corresponding to the browser operation request; the configuration security check program is a program which is preset for different configuration request identifiers and is used for realizing security check processing;
according to the operation object identifier, an object acquisition channel corresponding to the operation object identifier is acquired;
when the object acquisition channel corresponding to the operation object identifier is a network acquisition channel, establishing a network communication link with a server, and acquiring a target operation object corresponding to the operation object identifier from the server;
when the object acquisition channel corresponding to the operation object identifier is a local acquisition channel, acquiring a target operation object corresponding to the operation object identifier from a local memory;
carrying out safety verification on the target operation object by adopting the target safety verification program to obtain a safety verification result;
and executing the target browser operation matched with the security check result.
2. The browser security processing method of claim 1, wherein the obtaining a browser operation request, the browser operation request including an operation object identifier, includes:
acquiring a webpage access request, wherein the webpage access request comprises a target access URL;
the obtaining, according to the browser operation request, a target security check program corresponding to the browser operation request includes:
acquiring a webpage security check program corresponding to the webpage access request according to the webpage access request;
the determining, according to the operation object identifier, a target operation object corresponding to the operation object identifier includes:
acquiring a target access webpage corresponding to the target access URL according to the target access URL;
the step of performing security verification on the target operation object by using the target security verification program to obtain a security verification result includes:
performing security verification on the target access webpage by adopting the webpage security verification program to obtain a webpage verification result;
the executing the target browser operation matched with the security check result comprises the following steps:
if the webpage verification result is that verification is passed, displaying the target access webpage;
And if the webpage verification result is that the verification is not passed, displaying access refusal information.
3. The method for processing browser security according to claim 2, wherein displaying the target access webpage if the verification result of the webpage is that verification is passed, comprises:
if the webpage verification result is that verification is passed, at least one webpage resource file corresponding to the target access webpage is obtained;
performing compatibility verification on the webpage resource file to obtain a compatibility verification result corresponding to the webpage resource file;
if all the compatibility verification results corresponding to the webpage resource files pass the verification, displaying original webpage content corresponding to the webpage resource files;
if the compatibility verification result corresponding to the webpage resource file is that the verification is not passed, updating the webpage resource file by adopting a target replacement rule, obtaining an updated resource file, and displaying updated webpage content corresponding to the updated resource file.
4. The browser security processing method of claim 1, wherein the obtaining a browser operation request, the browser operation request including an operation object identifier, includes:
Acquiring a file downloading request, wherein the file downloading request comprises a target file identifier;
the obtaining, according to the browser operation request, a target security check program corresponding to the browser operation request includes:
acquiring a file security check program corresponding to the file downloading request according to the file downloading request;
the determining, according to the operation object identifier, a target operation object corresponding to the operation object identifier includes:
acquiring a target download file corresponding to the target file identifier according to the target file identifier;
the step of performing security verification on the target operation object by using the target security verification program to obtain a security verification result includes:
carrying out security verification on the target downloaded file by adopting the file security verification program to obtain a file verification result;
the executing the target browser operation matched with the security check result comprises the following steps:
if the file verification result is that the verification is passed, downloading the target downloading file to a target position;
and if the file verification result is that the verification is not passed, displaying file risk information.
5. The browser security processing method of claim 1, wherein the obtaining a browser operation request, the browser operation request including an operation object identifier, includes:
Acquiring a program change request, wherein the program change request comprises a target program identifier and a program change type;
the obtaining, according to the browser operation request, a target security check program corresponding to the browser operation request includes:
acquiring a program security check program corresponding to the program change request according to the program change request;
the determining, according to the operation object identifier, a target operation object corresponding to the operation object identifier includes:
acquiring a target additional program corresponding to the target program identifier according to the target program identifier;
the step of performing security verification on the target operation object by using the target security verification program to obtain a security verification result includes:
performing security verification on the target additional program by adopting the program security verification program to obtain a program verification result;
the executing the target browser operation matched with the security check result comprises the following steps:
if the program verification result is that the verification is passed, executing a change operation corresponding to the program change type on the target additional program;
and if the program verification result is that the verification is not passed, displaying program risk information.
6. The browser security processing method of claim 1, wherein the obtaining a browser operation request, the browser operation request including an operation object identifier, includes:
acquiring a kernel update request, wherein the kernel update request comprises a current kernel identifier;
the obtaining, according to the browser operation request, a target security check program corresponding to the browser operation request includes:
according to the kernel updating request, acquiring a kernel security check program corresponding to the kernel updating request;
the determining, according to the operation object identifier, a target operation object corresponding to the operation object identifier includes:
acquiring a target browser kernel corresponding to the current kernel identifier according to the current kernel identifier;
the step of performing security verification on the target operation object by using the target security verification program to obtain a security verification result includes:
performing security verification on the target browser kernel by adopting the kernel security verification program to obtain a kernel verification result;
the executing the target browser operation matched with the security check result comprises the following steps:
If the kernel verification result is that verification is passed, updating the current browser kernel by adopting the target browser kernel;
and if the kernel verification result is that the verification is not passed, maintaining the current browser kernel.
7. A browser security processing apparatus, comprising:
the operation request acquisition module is used for acquiring a browser operation request, wherein the browser operation request comprises an operation object identifier;
the verification program acquisition module is used for determining a configuration security verification program corresponding to a configuration request identifier matched with the browser operation request as a target security verification program corresponding to the browser operation request according to the browser operation request; the configuration request identifier is a preconfigured identifier for indicating different request types corresponding to the browser operation request; the configuration security check program is a program which is preset for different configuration request identifiers and is used for realizing security check processing;
the operation object acquisition module is used for acquiring an object acquisition channel corresponding to the operation object identifier according to the operation object identifier; when the object acquisition channel corresponding to the operation object identifier is a network acquisition channel, establishing a network communication link with a server, and acquiring a target operation object corresponding to the operation object identifier from the server; when the object acquisition channel corresponding to the operation object identifier is a local acquisition channel, acquiring a target operation object corresponding to the operation object identifier from a local memory;
The verification result acquisition module is used for carrying out safety verification on the target operation object by adopting the target safety verification program to acquire a safety verification result;
and the browser operation execution module is used for executing target browser operation matched with the security check result.
8. The browser security processing apparatus of claim 7, wherein the operation request acquisition module comprises:
a web page access request acquisition unit, configured to acquire a web page access request, where the web page access request includes a target access URL;
the verification program acquisition module comprises:
the webpage security check program acquisition unit is used for acquiring a webpage security check program corresponding to the webpage access request according to the webpage access request;
the operation object acquisition module includes:
a target access webpage obtaining unit, configured to obtain a target access webpage corresponding to the target access URL according to the target access URL;
the verification result obtaining module comprises:
the webpage verification result acquisition unit is used for carrying out safety verification on the target access webpage by adopting the webpage safety verification program to acquire a webpage verification result;
The browser operation execution module comprises:
the target access webpage display unit is used for displaying the target access webpage if the webpage verification result is that verification is passed;
and the access refusal information display unit is used for displaying access refusal information if the webpage verification result is that the verification is not passed.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the browser security processing method according to any of claims 1 to 6 when executing the computer program.
10. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the browser security processing method of any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110993142.2A CN113709154B (en) | 2021-08-25 | 2021-08-25 | Browser security processing method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110993142.2A CN113709154B (en) | 2021-08-25 | 2021-08-25 | Browser security processing method and device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113709154A CN113709154A (en) | 2021-11-26 |
| CN113709154B true CN113709154B (en) | 2023-08-15 |
Family
ID=78655683
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110993142.2A Active CN113709154B (en) | 2021-08-25 | 2021-08-25 | Browser security processing method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113709154B (en) |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103065089A (en) * | 2012-12-11 | 2013-04-24 | 深信服网络科技(深圳)有限公司 | Method and device for detecting webpage Trojan horses |
| CN103077349A (en) * | 2013-01-05 | 2013-05-01 | 北京奇虎科技有限公司 | Method and device for prompting access safety information on browser side |
| CN103716394A (en) * | 2013-12-26 | 2014-04-09 | 北京奇虎科技有限公司 | Downloaded file management method and device |
| CN103761114A (en) * | 2013-10-18 | 2014-04-30 | 北京奇虎科技有限公司 | Method and device for loading extensions and/or plugins on browser side |
| CN104572914A (en) * | 2014-12-27 | 2015-04-29 | 北京奇虎科技有限公司 | Method and device for intercepting advertisements of double-core browser |
| CN106354484A (en) * | 2015-07-16 | 2017-01-25 | 中兴通讯股份有限公司 | Browser compatibility method and browser |
| CN106815031A (en) * | 2017-02-22 | 2017-06-09 | 百度在线网络技术(北京)有限公司 | Kernel module loading method and device |
| CN107025104A (en) * | 2016-02-02 | 2017-08-08 | 龙芯中科技术有限公司 | kernel development management system and method |
| CN107231379A (en) * | 2017-08-01 | 2017-10-03 | 西安交大捷普网络科技有限公司 | The recognition methods of web extension horse webpages |
| CN108108219A (en) * | 2017-12-30 | 2018-06-01 | 上海壹账通金融科技有限公司 | Application program operation method, device, computer equipment and storage medium |
| CN109582907A (en) * | 2018-12-06 | 2019-04-05 | 深圳前海微众银行股份有限公司 | Method of calibration, device, equipment and the readable storage medium storing program for executing of web page resources integrality |
| CN109656535A (en) * | 2018-12-24 | 2019-04-19 | 苏州思必驰信息科技有限公司 | The offline development approach of voice technical ability based on browser |
| CN110348980A (en) * | 2018-04-08 | 2019-10-18 | 阿里巴巴集团控股有限公司 | System, the method and apparatus of safety check |
| CN111199001A (en) * | 2019-12-03 | 2020-05-26 | 云深互联(北京)科技有限公司 | Resource overloading compatibility processing method and system for browser |
| CN113190837A (en) * | 2021-03-29 | 2021-07-30 | 贵州电网有限责任公司 | Web attack behavior detection method and system based on file service system |
| CN113268366A (en) * | 2020-02-17 | 2021-08-17 | 斑马智行网络(香港)有限公司 | Kernel operation method, device and system |
-
2021
- 2021-08-25 CN CN202110993142.2A patent/CN113709154B/en active Active
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103065089A (en) * | 2012-12-11 | 2013-04-24 | 深信服网络科技(深圳)有限公司 | Method and device for detecting webpage Trojan horses |
| CN103077349A (en) * | 2013-01-05 | 2013-05-01 | 北京奇虎科技有限公司 | Method and device for prompting access safety information on browser side |
| CN103761114A (en) * | 2013-10-18 | 2014-04-30 | 北京奇虎科技有限公司 | Method and device for loading extensions and/or plugins on browser side |
| CN103716394A (en) * | 2013-12-26 | 2014-04-09 | 北京奇虎科技有限公司 | Downloaded file management method and device |
| CN104572914A (en) * | 2014-12-27 | 2015-04-29 | 北京奇虎科技有限公司 | Method and device for intercepting advertisements of double-core browser |
| CN106354484A (en) * | 2015-07-16 | 2017-01-25 | 中兴通讯股份有限公司 | Browser compatibility method and browser |
| CN107025104A (en) * | 2016-02-02 | 2017-08-08 | 龙芯中科技术有限公司 | kernel development management system and method |
| CN106815031A (en) * | 2017-02-22 | 2017-06-09 | 百度在线网络技术(北京)有限公司 | Kernel module loading method and device |
| CN107231379A (en) * | 2017-08-01 | 2017-10-03 | 西安交大捷普网络科技有限公司 | The recognition methods of web extension horse webpages |
| CN108108219A (en) * | 2017-12-30 | 2018-06-01 | 上海壹账通金融科技有限公司 | Application program operation method, device, computer equipment and storage medium |
| CN110348980A (en) * | 2018-04-08 | 2019-10-18 | 阿里巴巴集团控股有限公司 | System, the method and apparatus of safety check |
| CN109582907A (en) * | 2018-12-06 | 2019-04-05 | 深圳前海微众银行股份有限公司 | Method of calibration, device, equipment and the readable storage medium storing program for executing of web page resources integrality |
| CN109656535A (en) * | 2018-12-24 | 2019-04-19 | 苏州思必驰信息科技有限公司 | The offline development approach of voice technical ability based on browser |
| CN111199001A (en) * | 2019-12-03 | 2020-05-26 | 云深互联(北京)科技有限公司 | Resource overloading compatibility processing method and system for browser |
| CN113268366A (en) * | 2020-02-17 | 2021-08-17 | 斑马智行网络(香港)有限公司 | Kernel operation method, device and system |
| CN113190837A (en) * | 2021-03-29 | 2021-07-30 | 贵州电网有限责任公司 | Web attack behavior detection method and system based on file service system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113709154A (en) | 2021-11-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110297672B (en) | Page dynamic generation method and device, computer equipment and storage medium | |
| US9407658B1 (en) | System and method for determining modified web pages | |
| CN108366058B (en) | Method, device, equipment and storage medium for preventing traffic hijacking of advertisement operator | |
| CN108804159B (en) | Javascript module loading method and preprocessing method and device thereof, and computer equipment | |
| US20150012924A1 (en) | Method and Device for Loading a Plug-In | |
| US20170214704A1 (en) | Method and device for feature extraction | |
| CN109522500B (en) | Webpage display method, device, terminal and storage medium | |
| CN115562992A (en) | File detection method and device, electronic equipment and storage medium | |
| CN108494728B (en) | Method, device, equipment and medium for creating blacklist library for preventing traffic hijacking | |
| CN111767109A (en) | H5 page display method and device based on terminal application and readable storage medium | |
| CN112214714A (en) | Request processing method, device and equipment based on configuration file and storage medium | |
| CN112637361A (en) | Page proxy method, device, electronic equipment and storage medium | |
| CN110941779A (en) | Page loading method and device, storage medium and electronic equipment | |
| CN107786644B (en) | Channel package downloading method, device and equipment | |
| CN114003432A (en) | Parameter checking method and device, computer equipment and storage medium | |
| CN112965732A (en) | Resource package obtaining method, intelligent wearable device and storage medium | |
| CN113709154B (en) | Browser security processing method and device, computer equipment and storage medium | |
| CN110727477B (en) | Component loading method and device, computer equipment and storage medium | |
| CN114626061A (en) | Webpage Trojan horse detection method and device, electronic equipment and medium | |
| CN111240790A (en) | Multi-language adaptation method and device for application, client and storage medium | |
| CN109684844B (en) | Webshell detection method and device, computing equipment and computer-readable storage medium | |
| CN110213211B (en) | Method, device, terminal and storage medium for identifying secure download link | |
| CN112395603A (en) | Vulnerability attack identification method and device based on instruction execution sequence characteristics and computer equipment | |
| CN114253441B (en) | Method and device for enabling target function, storage medium and electronic device | |
| CN111414525B (en) | Method, device, computer equipment and storage medium for acquiring data of applet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |