CN114072799A - Node.js组件漏洞检测方法及系统 - Google Patents

Node.js组件漏洞检测方法及系统 Download PDF

Info

Publication number
CN114072799A
CN114072799A CN202080036386.5A CN202080036386A CN114072799A CN 114072799 A CN114072799 A CN 114072799A CN 202080036386 A CN202080036386 A CN 202080036386A CN 114072799 A CN114072799 A CN 114072799A
Authority
CN
China
Prior art keywords
information
node
vulnerability
component
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202080036386.5A
Other languages
English (en)
Inventor
汪杰
万振华
王颉
董燕
李华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Seczone Technology Co Ltd
Original Assignee
Seczone Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Seczone Technology Co Ltd filed Critical Seczone Technology Co Ltd
Publication of CN114072799A publication Critical patent/CN114072799A/zh
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明提供了一种NODE.JS组件漏洞检测方法及系统,该方法包括如下步骤:从NODE.JS漏洞数据库中搜集第一基础漏洞信息;解析package.json文件,获得NODE.JS组件的关键信息;根据NODE.JS组件的关键信息,从第一基础漏洞信息提取第一目标漏洞信息。应用了本发明提供的NODE.JS组件漏洞检测方法,可以从NODE.JS漏洞数据库中搜集第一基础漏洞信息,快速获得可能存在的NODE.JS组件的漏洞信息。package.json文件是NODE.JS组件中的一个文件,在解析package.json文件,即可获得待检测NODE.JS组件的关键信息,有助于数据的调用与整理。由此,只需要检测少量关键信息,即可从待检测NODE.JS组件获得大量的漏洞信息。并以此生成第一目标漏洞信息。

Description

PCT国内申请,说明书已公开。

Claims (10)

  1. PCT国内申请,权利要求书已公开。
CN202080036386.5A 2020-04-28 2020-04-28 Node.js组件漏洞检测方法及系统 Pending CN114072799A (zh)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/087399 WO2021217397A1 (zh) 2020-04-28 2020-04-28 Node.js组件漏洞检测方法及系统

Publications (1)

Publication Number Publication Date
CN114072799A true CN114072799A (zh) 2022-02-18

Family

ID=78373265

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080036386.5A Pending CN114072799A (zh) 2020-04-28 2020-04-28 Node.js组件漏洞检测方法及系统

Country Status (4)

Country Link
US (1) US20230351025A1 (zh)
EP (1) EP4145319A4 (zh)
CN (1) CN114072799A (zh)
WO (1) WO2021217397A1 (zh)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114760355B (zh) * 2022-03-18 2023-09-26 麒麟软件有限公司 一种Node.js依赖离线管理方法

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9117021B2 (en) * 2013-03-14 2015-08-25 Intel Corporation Methods and apparatus to manage concurrent predicate expressions
CN110392028A (zh) * 2018-04-20 2019-10-29 上海巍擎信息技术有限责任公司 Android系统漏洞无线检测方法、装置、计算机设备和存储介质
CN108763928B (zh) * 2018-05-03 2020-10-02 北京邮电大学 一种开源软件漏洞分析方法、装置和存储介质
CN109871696A (zh) * 2018-12-29 2019-06-11 重庆城市管理职业学院 一种漏洞信息的自动收集与漏洞扫描系统及方法、计算机
CN110427757A (zh) * 2019-08-06 2019-11-08 南方电网科学研究院有限责任公司 一种Android漏洞检测方法、系统及相关装置

Also Published As

Publication number Publication date
WO2021217397A1 (zh) 2021-11-04
EP4145319A1 (en) 2023-03-08
US20230351025A1 (en) 2023-11-02
EP4145319A4 (en) 2023-12-27

Similar Documents

Publication Publication Date Title
CN110737594B (zh) 自动生成测试用例的数据库标准符合性测试方法及装置
CN111460241A (zh) 一种数据查询方法、装置、电子设备及存储介质
CN112926060A (zh) 一种检测.net项目组件及其漏洞的方法和装置
CN113111669B (zh) 基于增量的前端多语言国际化翻译方法及装置
CN114072799A (zh) Node.js组件漏洞检测方法及系统
CN111984264B (zh) 一种静态库的生成方法和装置
CN111352631B (zh) 一种接口兼容性检测方法及装置
CN116775488A (zh) 异常数据确定方法、装置、设备、介质及产品
CN112579604A (zh) 测试系统的造数方法、装置、设备及存储介质
CN116185391A (zh) 应用程序编程接口生成方法、装置、设备及存储介质
CN109284278B (zh) 基于数据分析技术的计算逻辑迁移方法及终端设备
CN112948478A (zh) 基于链路的代码分析方法、装置、电子设备及存储介质
CN112114870A (zh) 一种打包代码的方法、装置、终端设备和存储介质
US10726109B2 (en) Method and system for identifying whether an application is genuine by means of digital watermarks
CN113051329B (zh) 基于接口的数据采集方法、装置、设备及存储介质
CN112328241B (zh) 一种应用程序开发中创建Android库模块依赖关系的方法及装置
CN116483735B (zh) 一种代码变更的影响分析方法、装置、存储介质及设备
CN115099216A (zh) 一种统一文本解析方法及装置
CN117763559A (zh) 一种漏洞确定方法及电子设备
CN114996758A (zh) 一种数据脱敏方法、装置及电子设备
CN116775120A (zh) 一种函数指纹生成方法、装置、设备及存储介质
CN117215591A (zh) 一种软件项目编译方法、系统、计算机设备及介质
CN117742779A (zh) 资源配置信息的核查方法、装置、设备和存储介质
CN117744090A (zh) 一种漏洞检测方法、装置及系统
CN113935029A (zh) 一种基于导入类判定的同源性检测方法、装置及设备

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination