CN114780133A

CN114780133A - Data processing method, electronic device and computer program product

Info

Publication number: CN114780133A
Application number: CN202210524074.XA
Authority: CN
Inventors: 林子敏; 庞然; 李奇; 王哲夫
Original assignee: Alibaba China Co Ltd
Current assignee: Alibaba China Co Ltd
Priority date: 2022-05-13
Filing date: 2022-05-13
Publication date: 2022-07-22

Abstract

The embodiment of the disclosure discloses a data processing method, an electronic device and a computer program product, wherein the method comprises the following steps: acquiring an application program and identification information of a target interface in the application program; modifying the application program based on the identification information of the target interface so that the modified application program collects program running information when the target interface is called in the installation and running process and uploads the collected program running information to a cloud service terminal; and releasing the modified application program. According to the technical scheme, the problem positioning accuracy rate when the application program executes abnormal or behavior risks can be improved, and the problem positioning complexity is reduced.

Description

Data processing method, electronic device and computer program product

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to a data processing method, an electronic device, and a computer program product.

Background

With the development of internet technology and mobile devices, more and more applications are emerging. When an application program is abnormal or behavior risks in the running process, the reason for the abnormality or the risks needs to be located by recovering the execution scene at that time. In order to recover the current execution scenario of the application so as to help the relevant personnel to effectively locate the problem, a common method is to reproduce the execution scenario of the application when an anomaly or a behavior risk occurs by constructing test parameters. However, depending on the complexity of different applications, especially large and complex applications, it is difficult to trigger an exception or to generate an execution scenario of an application where a risk of behavior occurs by constructing a test output, and especially, it is difficult to reproduce the execution scenario when the application logic is not familiar or the scenario to be recovered is hidden.

Therefore, a solution is needed to easily reproduce the application scenario at the time of the exception or behavior risk when the application program has the exception or behavior risk, so as to locate the problem.

Disclosure of Invention

The embodiment of the disclosure provides a data processing method, electronic equipment and a computer program product.

In a first aspect, an embodiment of the present disclosure provides a data processing method, where the method includes:

acquiring an application program and identification information of a target interface in the application program;

modifying the application program based on the identification information of the target interface so that the modified application program collects program running information when the target interface is called in the installation and running process and uploads the collected program running information to a cloud service terminal;

and releasing the modified application program.

Further, modifying the application program based on the identification information of the target interface, so that the modified application program collects program running information when the target interface is called in the installation and running processes, including:

inserting a calling code of a replacement interface before a calling code of the target interface in the application program so as to call the replacement interface before calling the target interface; the replacement interface is used for collecting program running information when the target interface is called.

inserting an interception program into the application program so that the application program starts the interception program in the running process; and after detecting the calling event of the target interface, the interception program collects program running information when the target interface is called.

Further, the program running information includes calling information of the target interface and/or context information when the target interface is called.

In a second aspect, an embodiment of the present disclosure provides a data processing method, including:

receiving program running information of an application program running on terminal equipment;

restoring an execution scene of the application program when a target interface in the application program is called based on the program running information, and recording related data;

and analyzing the abnormal condition when the target interface is called based on the related data and/or the program running information to obtain an analysis result.

Further, the method further comprises:

and saving the interface switching process of the application program in the execution scene in a screen capturing and/or recording mode.

Further, the method further comprises:

and displaying the analysis result and/or the interface switching process stored in the screen capture and/or screen recording.

In a third aspect, an embodiment of the present disclosure provides a data processing method, including:

modifying the application program based on the identification information of the target interface so that the modified application program collects program running information when the target interface is called in the installation and running process, and uploading the collected program running information to a cloud server;

providing the modified application program to a terminal device so as to install and run the application program on the terminal device;

receiving program running information of the application program running on the terminal equipment;

In a fourth aspect, an embodiment of the present disclosure provides a data processing apparatus, including:

the device comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is configured to acquire an application program and identification information of a target interface in the application program;

the first modification module is configured to modify the application program based on the identification information of the target interface, so that the modified application program collects program running information when the target interface is called in the installation and running processes, and uploads the collected program running information to a cloud server;

a publishing module configured to publish the modified application.

Further, the first modification module includes:

the first inserting sub-module is configured to insert calling codes of a replacement interface before calling codes of the target interface in the application program so as to call the replacement interface before calling the target interface; the replacement interface is used for collecting program running information when the target interface is called.

Further, the first modification module includes:

the second inserting sub-module is configured to insert an interception program into the application program so that the application program starts the interception program in the running process; and after detecting the calling event of the target interface, the interception program collects program running information when the target interface is called.

In a fifth aspect, an embodiment of the present disclosure provides a data processing apparatus, including:

a first receiving module configured to receive program running information from an application program running on a terminal device;

the first restoring module is configured to restore an execution scene of the application program when a target interface in the application program is called based on the program running information, and record related data;

and the first analysis module is configured to analyze the abnormal condition when the target interface is called based on the related data and/or the program running information to obtain an analysis result.

Further, the apparatus further comprises:

and the saving module is configured to save the interface switching process of the application program in the execution scene in a screen capturing and/or recording mode.

Further, the apparatus further comprises:

and the display module is configured to display the analysis result and/or the interface switching process stored in the screen capture and/or screen recording.

In a sixth aspect, an embodiment of the present disclosure provides a data processing apparatus, including:

the second acquisition module is configured to acquire an application program and identification information of a target interface in the application program;

the second modification module is configured to modify the application program based on the identification information of the target interface, so that the modified application program collects program running information when the target interface is called in the installation and running processes, and uploads the collected program running information to a cloud server;

a providing module configured to provide the modified application program to a terminal device so as to install and run the application program on the terminal device;

a second receiving module configured to receive program running information from the application program running on the terminal device;

the second restoring module is configured to restore an execution scene of the application program when a target interface in the application program is called based on the program running information, and record related data;

and the second analysis module is configured to analyze the abnormal condition when the target interface is called based on the related data and/or the program running information to obtain an analysis result.

The functions can be realized by hardware, and the functions can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above.

In one possible design, the apparatus includes a memory configured to store one or more computer instructions that enable the apparatus to perform the corresponding method, and a processor configured to execute the computer instructions stored in the memory. The apparatus may also include a communication interface for the apparatus to communicate with other devices or a communication network.

In a seventh aspect, an embodiment of the present disclosure provides an electronic device, including a memory, a processor, and a computer program stored on the memory, where the processor executes the computer program to implement the method of any one of the foregoing aspects.

In an eighth aspect, the disclosed embodiments provide a computer-readable storage medium for storing computer instructions for any one of the above apparatuses, which when executed by a processor, implement the method of any one of the above aspects.

In a ninth aspect, the present disclosure provides a computer program product comprising computer instructions, which when executed by a processor, are configured to implement the method of any one of the above aspects.

The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:

in order to detect the possible abnormity or behavior risk and the like in the running process of the application program, acquiring a file package of the application program and a target interface list needing to be detected before the application program is released, and then modifying the file package of the application program based on the identification information of the target interface so as to collect the program running information when the target interface is called during the running process of the application program, further uploading the collected program running information to the cloud service terminal, so that the cloud service terminal can reproduce an execution scene when the target interface is called based on the received program running information, and further analyzing possible abnormal and/or behavior risks and the like when the target interface is called based on the execution scene and the program running information, and providing the analysis result and/or the operation flow of the application program interface in the execution scene for relevant personnel to check. According to the technical scheme, the execution scene of the application program on the terminal equipment is recovered at the cloud based on the program running information of the application program on the terminal equipment, the problems that the test data of the application program is difficult to construct and the application interface scene during the execution of the application program is difficult to recover in the prior art are solved, the problem positioning accuracy rate when the application program is executed abnormally or at the action risk is improved, and the problem positioning complexity is reduced.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

Other features, objects, and advantages of the present disclosure will become more apparent from the following detailed description of non-limiting embodiments when taken in conjunction with the accompanying drawings. In the drawings:

FIG. 1 shows a flow diagram of a data processing method according to an embodiment of the present disclosure;

FIG. 2 shows a flow diagram of a data processing method according to another embodiment of the present disclosure;

FIG. 3 shows a flow diagram of a data processing method according to yet another embodiment of the present disclosure;

fig. 4 shows a schematic flow chart of anomaly monitoring for an APP according to an embodiment of the present disclosure;

fig. 5 is a schematic structural diagram of an electronic device suitable for implementing a data processing method according to an embodiment of the present disclosure.

Detailed Description

Hereinafter, exemplary embodiments of the present disclosure will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily implement them. Furthermore, parts that are not relevant to the description of the exemplary embodiments have been omitted from the drawings for the sake of clarity.

In the present disclosure, it is to be understood that terms such as "including" or "having," etc., are intended to indicate the presence of the disclosed features, numbers, steps, actions, components, parts, or combinations thereof, and do not preclude the possibility that one or more other features, numbers, steps, actions, components, parts, or combinations thereof are present or added.

It should be further noted that the embodiments and features of the embodiments in the present disclosure may be combined with each other without conflict. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.

The details of the embodiments of the present disclosure are described in detail below with reference to specific embodiments.

Fig. 1 shows a flow diagram of a data processing method according to an embodiment of the present disclosure. As shown in fig. 1, the data processing method includes the steps of:

in step S101, acquiring an application program and identification information of a target interface in the application program;

in step S102, modifying the application program based on the identification information of the target interface, so that the modified application program collects program running information when the target interface is called in an installation running process, and uploads the collected program running information to a cloud server;

in step S103, the modified application is released.

In this embodiment, the data processing method may be executed on a cloud server or other servers. The application program may be any application APP to be published. As described in the background art, when an application program is in an operating process and an exception or a behavior risk occurs, the reason for the exception or the risk needs to be located by recovering the execution scene at that time. In order to recover the current execution scenario of the application so as to help the relevant personnel to effectively locate the problem, a common method is to reproduce the execution scenario of the application when an anomaly or a behavior risk occurs by constructing test parameters. However, depending on the complexity of different applications, especially large and complex applications, it is difficult to construct an application execution scenario in which an exception is triggered or a behavioral risk occurs by a test output, and especially difficult to reproduce the execution scenario at that time in the case where the application logic is not familiar or the scenario to be recovered is hidden.

Therefore, the application program is modified before the application program is released, and the modification principle is that a calling event of a target interface is monitored in the execution process of the application program, program operation information is collected when the target interface is called, and the collected program operation information is reported to a cloud server. In some embodiments, the program run information includes calling information when the target interface is called and/or execution scenario-related context information in the target interface when called. In the embodiment of the disclosure, after the application program is modified and released, in the process of installing and operating the released application program, program operation information when the target interface is called can be collected and uploaded to a cloud server; and the running scene of the application program at that time can be recovered and reproduced at the cloud service terminal based on the uploaded program running information so as to facilitate auditing or abnormal positioning and the like.

In some embodiments, the target interface may be an interface in the application that is prone to cause an exception or behavioral risk. The target interface may be predetermined based on experience or information provided by the application developer. Multiple target interfaces may be included in an application. The embodiment of the disclosure can acquire the target interface list in the application program while acquiring the application program. The target interface list includes information of a plurality of target interfaces that need to be monitored in the application program, such as identification information of the target interfaces.

In some embodiments, the manner of modification to the application may include, but is not limited to, a static manner of modification and a dynamic manner of modification. The static modification mode can be that the calling code of the target interface is directly modified in the file packet of the application program; and the dynamic modification mode can be that the interception program is inserted into the file packet of the application program for modification.

In some embodiments, after the calling code of the target interface is modified in the static modification mode, an inserted section of code may be called before the target interface is called, so as to collect program running information when the target interface is called by executing the section of code. The program run information may include, but is not limited to, invocation information for the target interface and/or context information when the target interface is invoked.

In other embodiments, the interception program inserted in the dynamic modification manner may be a piece of separately executable program code, and the piece of program code may monitor a calling event of the target interface during execution, and collect program running information when the target interface is called after detecting the calling event of the target interface.

In the embodiment of the present disclosure, after each target interface in the application program is modified correspondingly, the modified application program may be released. It should be noted that the manner of issuing the application program may include multiple manners, for example, the application program may be directly stored on the server, and the storage address of the application program is pushed to each terminal device, so that the terminal device can download the application program based on the storage address, and install and run the application program on the terminal device. The application program can also be released in an application store so that the user searches for the application program and downloads it for execution through an application store interface on the terminal device.

After the application is installed in the terminal device, the application may be started to run in response to an operation by the user. During the execution process, when the code calling the target interface is executed based on the operation trigger of the user on the application program interface or other trigger operations, the modified code or the inserted interception program may be triggered to be called, and during the execution process, the modified code or the inserted interception program may collect program execution information in the current execution scenario, for example, identification information of the currently called target interface, context information when the target interface is called, and the like. The collected program running information can be uploaded to the cloud server, so that the cloud server can reproduce the execution scene based on the received program running information, further can analyze abnormal or behavior risks and the like which may occur in the execution scene of the target interface, and further can provide the analysis result and the performance flow of the execution scene on the application program interface at that time for relevant personnel to audit.

In order to detect the possible abnormity or behavior risk and the like in the running process of the application program, acquiring a file package of the application program and a target interface list needing to be detected before the application program is released, and then modifying the file package of the application program based on the identification information of the target interface so as to collect the program running information when the target interface is called during the running process of the application program, further uploading the collected program running information to the cloud server, so that the cloud server can reproduce an execution scene when the target interface is called based on the received program running information, and further analyzing possible abnormal and/or behavior risks and the like when the target interface is called based on the execution scene and the program running information, and providing the analysis result and/or the operation flow of the application program interface in the execution scene for relevant personnel to check. According to the technical scheme, the execution scene of the application program on the terminal equipment is recovered at the cloud based on the program running information of the application program on the terminal equipment, the problems that the test data of the application program is difficult to construct and the application interface scene during the execution of the application program is difficult to recover in the prior art are solved, the problem positioning accuracy rate when the application program is executed abnormally or at the action risk is improved, and the problem positioning complexity is reduced.

In an optional implementation manner of this embodiment, in step S102, that is, the step of modifying the application program based on the identification information of the target interface, so that the modified application program collects program running information when the target interface is called in an installation running process, further includes the following steps:

In this alternative implementation, as described above, the modification manner for the application program may include, but is not limited to, a static modification manner and a dynamic modification manner. The static modification mode can be that the calling code of the target interface is directly modified in the file packet of the application program; and the dynamic modification mode can be to insert an interception program in a file packet of the application program.

In some embodiments, after the calling code of the target interface is modified in the static modification mode, an inserted segment of code may be called before the target interface is called, so as to collect program running information when the target interface is called by executing the segment of code. The program run information may include, but is not limited to, invocation information for the target interface and/or context information when the target interface is invoked.

In this embodiment, the application program may be modified by inserting the calling code of the replacement interface before the calling code of the target interface. Through the modification, if a certain operation triggers the calling of the target interface in the running process of the application program, the replacement interface is called first, and then the target interface is called. When the replacement interface is called, the current program running information can be collected.

The following examples illustrate:

if the LIST of TARGET interfaces that need to be detected in the application is set to TARGET _ METHOD _ LIST, the single TARGET interface is denoted as TARGET _ METHOD.

The calling code of each TARGET interface TARGET _ METHOD is changed through code replacement in the file packet of the application program, and the calling code of the replacement interface PROXY _ METHOD is added before the calling code of the TARGET interface.

In the file package of the application program, the original call link of the target interface before modification can be represented as: the modified invocation link may be expressed as: the METHOD calls the alternate interface, then calls the TARGET interface, and then calls the TARGET interface, the TARGET interface.

It should be noted that, the obtained file package of the application program may be an original code file of the application program, or may be a binary file (for example, an APK file) obtained by compiling the original code of the application program, and when the call code of the target interface is modified, if the obtained file is the original code file of the application program, the call code of the replacement interface may be directly added before the original call code of the target interface; and if the obtained binary file is the compiled binary file of the application program, adding the binary byte corresponding to the calling code of the replacement interface before the binary byte corresponding to the calling code of the target interface.

After the file package of the application program is modified in the above manner, the file package can be recompiled and packaged to generate a modified file package of the application program, and the modified file package of the application program can be released, so that a user can obtain the released file package of the application program through the terminal device and perform installation and operation.

When an application program runs on a terminal device, if a replacement interface PROXY _ METHOD is triggered, the replacement interface may report program running information (SCENE _ DATA) to a cloud server, where the program running information may include, but is not limited to, call information of a target interface and context information of a current execution scenario. All program running information reported by the application program to the cloud service terminal can be identified in the form of a DATA LIST SCENE _ DATA _ LIST.

In some embodiments, each set of program run information SCENE _ DATA may include, but is not limited to, the following basic four-tuple: identification information of a TARGET interface TARGET _ METHOD, call STACK information of the TARGET interface, namely call link information (which may include identification information of an upper interface calling the TARGET interface, etc.), an interface component ACTIVITY on a foreground interface of an application program in a current scene, and event information (communication data transmitted when entering the interface component). It is understood that the calling information mentioned above may correspond to identification information of TARGET interface TARGET _ METHOD in the basic quadruple, call STACK information of TARGET interface, called _ STACK (i.e. call link information, which may include identification information of an upper interface calling the TARGET interface, etc.), and the context information in the current execution scenario may correspond to interface component ACTIVITY, event information (communication data incoming when entering the interface component) on the foreground interface of the application in the current scenario, etc.

In an optional implementation manner of this embodiment, step S102, namely, the step of modifying the application program based on the identification information of the target interface, so that the modified application program collects program running information when the target interface is called in an installation running process, further includes the following steps:

In this alternative implementation, as described above, the modification manner for the application program includes a dynamic modification manner in addition to the static modification manner. The dynamic modification mode can be a mode of inserting an interception program into a file packet of the application program.

The interception program inserted in the dynamic modification mode may be a section of program code that can be executed independently, and the section of program code may monitor a call event of the target interface during execution, and collect program running information when the target interface is called after monitoring the call event.

In some embodiments, the interceptor program may be started after the application is started and may remain in the open state until the application exits. The interception program may monitor a call event of each target interface in the target interface list, and collect current program running information, such as identification information of a currently called target interface, call stack information, interface component information on a foreground interface of an application program in a current call scenario, communication data transmitted when entering the interface component, and the like, after monitoring the call event of any one target interface. The interception program can report the collected information to the cloud server.

Fig. 2 shows a flow diagram of a data processing method according to another embodiment of the present disclosure. As shown in fig. 2, the data processing method includes the steps of:

in step S201, program running information from an application running on the terminal device is received;

in step S202, restoring an execution scene of the application program when a target interface in the application program is called based on the program running information, and recording related data;

in step S203, an abnormal condition when the target interface is called is analyzed based on the related data and/or the program running information, and an analysis result is obtained.

In this embodiment, the data processing method may be executed at a cloud server. The application program may be any application APP to be published. As described in the background art, when an application program is abnormal or behavior risk occurs during the running process, the reason for the abnormality or risk needs to be located by recovering the execution scenario at that time. In order to recover the current execution scenario of the application so as to help the relevant personnel to effectively locate the problem, a currently common method is to reproduce the execution scenario of the application when an abnormality or a behavior risk occurs by constructing test parameters. However, depending on the complexity of different applications, especially large and complex applications, it is difficult to trigger an exception or to generate an execution scenario of an application where a risk of behavior occurs by constructing a test output, and especially, it is difficult to reproduce the execution scenario when the application logic is not familiar or the scenario to be recovered is hidden.

Therefore, the application program is modified before the application program is released, and the modification principle is that a calling event of a target interface is monitored in the execution process of the application program, program operation information is collected when the target interface is called, and the collected program operation information is reported to a cloud server. In some embodiments, the program run information includes calling information when the target interface is called and/or context information related to an execution scenario in which the target interface is called. In the embodiment of the disclosure, after the application program is modified and released, in the process of installing and operating the released application program, program operation information when the target interface is called can be collected and uploaded to a cloud server; and the running scene of the application program at that time can be restored and reproduced on the cloud server side based on the uploaded program running information, so that auditing or abnormal positioning and the like are facilitated.

In some embodiments, the manner of modification to the application may include, but is not limited to, a static manner of modification and a dynamic manner of modification. The static modification mode can be that the calling code of the target interface is directly modified in the file packet of the application program; and the dynamic modification mode can be that the interception program is inserted into the file packet of the application program to modify.

In other embodiments, the interception program inserted in the dynamic modification manner may be a separately executable program code, and the program code may monitor a calling event of the target interface during execution, and collect program running information when the target interface is called after detecting the calling event of the target interface.

In the embodiment of the disclosure, after each target interface in the application program is modified correspondingly, the modified application program can be released. It should be noted that the manner of issuing the application program may include multiple manners, for example, the application program may be directly stored on the server, and the storage address of the application program is pushed to each terminal device, so that the terminal device can download the application program based on the storage address, and install and run the application program on the terminal device. The application program can also be released in an application store so that the user searches for the application program and downloads it for execution through an application store interface on the terminal device.

After the application is installed in the terminal device, the application may be started to run in response to an operation by the user. During the execution process, when the code calling the target interface is executed based on the operation trigger of the user on the application program interface or other trigger operations, the modified code or the inserted interception program may be triggered to be called, and during the execution process, the modified code or the inserted interception program may collect program execution information in the current execution scenario, for example, identification information of the currently called target interface, context information when the target interface is called, and the like. The collected program running information can be uploaded to a cloud server, so that the cloud server can reproduce the execution scene based on the received program running information and record related data in the process of recovering the execution scene. The related data may include, but is not limited to, data such as operation behavior data of the application program, behavior data generated during the operation of the application program, and/or operation flow of an application interface of the application program.

The cloud server side can analyze abnormal or behavior risks and the like which may occur when the target interface is called by combining the originally received program running information based on the recovered execution scene and the recorded related data, and further can provide the analysis result and the execution scene at that time for related personnel to perform auditing or risk judgment.

In order to detect the possible abnormal or behavior risk and the like in the running process of the application program, acquiring a file package of the application program and a target interface list needing to be detected before the application program is released, and then modifying the file package of the application program based on the identification information of the target interface so as to collect the program running information when the target interface is called during the running process of the application program, further uploading the collected program running information to the cloud server, so that the cloud server can reproduce an execution scene when the target interface is called based on the received program running information, and further analyzing possible abnormal and/or behavior risks and the like when the target interface is called based on the execution scene and the program running information, and providing the analysis result and/or the operation flow of the application program interface in the execution scene for relevant personnel to check. According to the technical scheme, the execution scene of the application program on the terminal equipment is recovered at the cloud end based on the program running information of the application program on the terminal equipment, the problems that the test data of the application program is difficult to construct and the application interface scene is difficult to recover when the application program is executed in the prior art are solved through end cloud combination, the problem positioning accuracy rate is improved when the application program is executed abnormally or at the action risk, and the problem positioning complexity is reduced.

In an optional implementation manner of this embodiment, the method further includes the following steps:

In the optional implementation manner, when restoring the execution scene when the target interface in the application program is called, the cloud server may further save the interface switching process of the application program in the execution scene in a screen capture and/or screen recording manner, and provide the saved screen capture or screen recording file for the relevant personnel to perform further review and risk judgment.

In this optional implementation manner, the cloud server may automatically analyze whether an abnormal condition or a behavior risk occurs at that time based on the execution scenario of the application program and the program running information when the recovery target interface is called according to a predefined analysis principle, and if an abnormal condition or a behavior risk occurs, may feed back the analysis result and/or the stored interface switching process file of the application program in the recovered execution scenario to the relevant staff together, and the relevant staff may perform final auditing and risk judgment based on the analysis result, the interface switching process file, and the originally reported program running information.

In an optional implementation manner of this embodiment, based on the execution scenario of the recovered application program and the application interface in the execution scenario, the code file of the application program or the configuration information of the application program may be modified, so that when the modified application program is run, the application interface corresponding to the recovered execution scenario can be directly skipped to.

sending control information to the terminal equipment based on the analysis result; the control information is used for indicating the terminal equipment to control the operation process of the target interface.

In this optional implementation manner, as described above, the cloud server may automatically analyze whether an abnormality or a behavior risk occurs at that time based on the execution scenario of the target interface at that time when the recovery target interface is called and the program running information according to a predefined analysis principle, and if an abnormality or a behavior risk occurs, may feed back the analysis result and/or the stored interface switching process file of the target interface under the recovered execution scenario to the relevant staff together, and the relevant staff may perform final review and risk judgment based on the analysis result, the interface switching process file, and the originally reported program running information. After the auditing and risk judgment of related personnel, if the existence of the preset risk is confirmed, the cloud server can also send control information to the terminal equipment based on the analysis result so as to indicate the terminal equipment to carry out operation control on the target interface with the risk.

In other embodiments, the configuration information may be preset at the cloud server, and when the analysis result is matched with the features in the configuration information, the control information corresponding to the matched features may be issued to the terminal device, and the terminal device may perform operation control on the target interface based on the control information.

In some embodiments, the control information may include an identifier of the control mode, a correspondence between the identifier of the control mode and the control mode may be preset on the terminal device, and after the control information sent by the server is received, what control mode is to be used to control the target interface with risk may be determined based on the identifier of the control mode.

In some embodiments, the control manner may include, but is not limited to, suspending calls to the risky target interface from the front end and/or the background, setting an upper limit on the frequency of calls to the risky target interface, and the like.

By the method, the online terminal equipment can be safely protected in a mode of combining the cloud end and the equipment, and when the application program calling risk is found, the application program does not need to be reissued in a mode of updating codes, but the terminal equipment can be controlled to call the application program with the risk in a mode of combining the cloud end and the equipment, so that the safety verification cost is saved.

In an optional implementation manner of this embodiment, in step S203, the step of analyzing an abnormal condition when the target interface is called based on the relevant data and/or the program running information to obtain an analysis result further includes the following steps:

determining the security type of the terminal equipment;

and analyzing the abnormal condition when the target interface is called in the terminal equipment under the safety type based on the related data and/or the program running information to obtain an analysis result.

In this optional implementation manner, different security types may be assigned to different terminal devices, and the security types may be reported to the cloud service end by the terminal devices, or security types corresponding to different terminal devices may be set in the cloud service end by a third party in advance. Different security types, the same execution scenario may trigger different risk situations when calling the same target interface. For terminal devices with higher security requirements, a higher level risk analysis result may be triggered, and for terminal devices with lower security requirements, a risk analysis result may not be triggered.

When analyzing abnormal conditions when calling a target interface based on related data and/or program operation information received from the terminal equipment, the cloud server side can determine the security type of the terminal equipment; and analyzing whether an abnormal condition exists when the target interface is called on the current terminal equipment or not based on different security types. The mode can carry out differentiated security configuration aiming at the security verification mode combining the opposite end cloud, and the security verification mode is expanded.

Fig. 3 shows a flow chart of a data processing method according to yet another embodiment of the present disclosure. As shown in fig. 3, the data processing method includes the steps of:

in step S301, acquiring an application program and identification information of a target interface in the application program;

in step S302, modifying the application program based on the identification information of the target interface, so that the modified application program collects program running information when the target interface is called in an installation running process, and uploads the collected program running information to a cloud server;

in step S303, providing the modified application program to a terminal device, so as to install and run the application program on the terminal device;

in step S304, receiving program running information from the application program running on the terminal device;

in step S305, an execution scenario of the application program when the target interface in the application program is called is restored based on the program running information, and related data is recorded.

Therefore, the application program is modified before the application program is released, and the modifying principle is to monitor a calling event of a target interface in the execution process of the application program, collect program running information when the target interface is called, and report the collected program running information to a cloud server. In some embodiments, the program run information includes calling information when the target interface is called and/or execution scenario-related context information in the target interface when called.

In some embodiments, after the calling code of the target interface is modified in the static modification mode, an inserted segment of code may be called before the target interface is called, so as to collect program running information when the target interface is called by executing the segment of code. The program run information may include, but is not limited to, invocation information of the target interface and/or context information when the target interface is invoked.

In the embodiment of the present disclosure, after each target interface in the application program is modified correspondingly, the modified application program may be released. The manner of issuing the application may include multiple manners, for example, the application may be directly stored in the server, and the storage address of the application is pushed to each terminal device, so that the terminal device can download the application based on the storage address and install and run on the terminal device. The application program can also be released in an application store so that the user searches for the application program and downloads it for execution through an application store interface on the terminal device.

After the application is installed in the terminal device, the application may be started to run in response to an operation by the user. During the execution process, when the code calling the target interface is executed based on the operation trigger of the user on the application program interface or other trigger operations, the modified code or the inserted interception program may be triggered to be called, and the modified code or the inserted interception program may collect program execution information in the current execution scenario during the execution process, for example, identification information of the currently called target interface, context information when the target interface is called, and the like. The collected program running information can be uploaded to a cloud server, so that the cloud server can reproduce the execution scene based on the received program running information and record related data in the process of recovering the execution scene. The related data may include, but is not limited to, data such as operation behavior data of the application program, behavior data generated by the application program during running, and/or operation flow of an application interface of the application program.

In some embodiments, the cloud server further analyzes an abnormal condition when the target interface is called based on the related data and/or the program running information, and obtains an analysis result. The cloud server side can analyze possible abnormal or behavior risks and the like when the target interface is called by combining the originally received program running information based on the recovered execution scene and the recorded related data, and further can provide the analysis result and the execution scene at that time for related personnel to perform abnormal positioning or risk judgment.

In other embodiments, the related data may also be provided to related personnel for auditing, so as to determine whether the application program has a risk condition, and the like.

In order to detect the possible abnormal or behavior risk and the like in the running process of the application program, acquiring a file package of the application program and a target interface list needing to be detected before the application program is released, and then modifying the file package of the application program based on the identification information of the target interface so as to collect the program running information when the target interface is called during the running process of the application program, further uploading the collected program running information to the cloud server, so that the cloud server can reproduce an execution scene when the target interface is called based on the received program running information, and further analyzing possible abnormal and/or behavior risks and the like when the target interface is called based on the execution scene and the program running information, and providing the analysis result and/or the operation flow of the application program interface in the execution scene for relevant personnel to check. According to the technical scheme, the execution scene of the application program on the terminal equipment is recovered at the cloud based on the program running information of the application program on the terminal equipment, so that the problems that the test data of the application program is difficult to construct and the application interface scene is difficult to recover when the application program is executed in the prior art are solved, the problem positioning accuracy rate is improved when the application program is executed abnormally or at the action risk, and the problem positioning complexity is reduced.

In an optional implementation manner of this embodiment, the step S302, that is, modifying the application program based on the identification information of the target interface, so that the modified application program collects program running information when the target interface is called in an installation running process, includes:

In an optional implementation manner of this embodiment, the program running information includes calling information of the target interface and/or context information of the target interface when being called.

In an optional implementation manner of this embodiment, the method further includes:

The data processing method in this embodiment corresponds to the embodiment and related embodiments shown in fig. 1-2, and specific details can refer to the contents described in the embodiment and related embodiments shown in fig. 1-2, which are not repeated herein.

In some embodiments, the control information may include an identifier of the control mode, a correspondence between the identifier of the control mode and the control mode may be preset on the terminal device, and after receiving the control information issued by the server, it may be determined which control mode is to be used to control the target interface with the risk based on the identifier of the control mode.

In some embodiments, the control manner may include, but is not limited to, suspending calls to the risky target interface by the front end and/or the background, setting an upper limit on the frequency of calls to the risky target interface, and the like.

By the method, the online terminal equipment can be safely protected in a mode of combining the cloud end and the equipment, the application program does not need to be reissued in a mode of updating codes under the condition that the application program calling risk exists, the terminal equipment can be controlled to call the application program with the risk through the cloud end in a mode of combining the cloud end and the equipment, and the safety check cost is saved.

In an optional implementation manner of this embodiment, the step of analyzing, based on the relevant data and/or the program running information, an abnormal condition when the target interface is called to obtain an analysis result further includes the following steps:

determining the security type of the terminal equipment;

and analyzing the abnormal condition when the target interface is called in the terminal equipment under the security type based on the related data and/or the program running information to obtain an analysis result.

When analyzing an abnormal condition when calling a target interface based on related data and/or program running information received from the terminal equipment, the cloud server side can determine the security type of the terminal equipment; and analyzing whether an abnormal condition exists when the target interface is called on the current terminal equipment or not based on different security types. The mode can carry out differentiated security configuration aiming at the security verification mode combining the opposite end cloud, and the security verification mode is expanded.

Fig. 4 shows a schematic flow diagram of anomaly monitoring for an application APP according to an embodiment of the present disclosure. As shown in fig. 4, the cloud server obtains a file package of the application APP needing to be monitored for the anomaly and a target interface list corresponding to the application APP needing to be monitored, where the file package may be a source code file of the application APP or a compiled binary file. And modifying the file package of the application program APP, and inserting the calling code of the replacement interface before the calling code of each target interface in the target interface list in the file package. And compiling and packaging the modified file package, and issuing the file package to a plurality of terminal devices as an installation package of the application APP. And after the terminal equipment downloads and installs the installation package, executing the application APP on the terminal equipment. When a target interface is called in the execution process of the application APP, the terminal equipment uploads program operation information of the application program to the cloud service end, the cloud service end restores an execution scene when the corresponding target interface is called in the execution process of the application program on the terminal equipment based on identification information, call stack information, application interface information and the like of the target interface in the program operation information, and analysis results are fed back to related personnel for auditing, risk judgment and the like based on the reported program operation information and the analysis of abnormal and/or risk behaviors of the execution scene.

The following are embodiments of the disclosed apparatus that may be used to perform embodiments of the disclosed methods.

According to the data processing apparatus of an embodiment of the present disclosure, the apparatus may be implemented as part or all of an electronic device by software, hardware, or a combination of both. The data processing apparatus includes:

the first modification module is configured to modify the application program based on the identification information of the target interface, so that the modified application program collects program running information when the target interface is called in an installation running process, and uploads the collected program running information to a cloud server;

a publishing module configured to publish the modified application.

In an optional implementation manner of this embodiment, the first modifying module includes:

The data processing apparatus in this embodiment corresponds to the data processing method described in the embodiment and related embodiments shown in fig. 1, and specific details can be referred to the description in the embodiment and related embodiments shown in fig. 1, which are not described herein again.

According to another embodiment of the present disclosure, the data processing apparatus may be implemented as part or all of an electronic device by software, hardware, or a combination of both. The data processing apparatus includes:

the first restoring module is configured to restore an execution scene of the application program when a target interface in the application program is called based on the program running information and record related data;

In an optional implementation manner of this embodiment, the apparatus further includes:

The data processing apparatus in this embodiment corresponds to the data processing method described in the embodiment and the related embodiment shown in fig. 2, and specific details can be referred to the description in the embodiment and the related embodiment shown in fig. 2, which are not described herein again.

According to the data processing apparatus of another embodiment of the present disclosure, the apparatus may be implemented as part or all of an electronic device by software, hardware, or a combination of both. The data processing apparatus includes:

the second modification module is configured to modify the application program based on the identification information of the target interface, so that the modified application program collects program running information when the target interface is called in an installation running process, and uploads the collected program running information to a cloud server;

and the second restoring module is configured to restore the execution scene of the application program when the target interface in the application program is called based on the program running information, and record related data.

The data processing apparatus in this embodiment corresponds to the data processing method described in the embodiment and the related embodiment shown in fig. 3, and specific details can be referred to the description in the embodiment and the related embodiment shown in fig. 3, which are not described herein again.

As shown in fig. 5, the electronic device 500 includes a processing unit 501, which may be implemented as a CPU, GPU, FPGA, NPU, or the like processing unit. The processing unit 501 may perform various processes in the embodiments of any one of the methods described above of the present disclosure according to a program stored in a Read Only Memory (ROM)502 or a program loaded from a storage section 508 into a Random Access Memory (RAM) 503. In the RAM503, various programs and data necessary for the operation of the electronic apparatus 500 are also stored. The processing unit 501, the ROM502, and the RAM503 are connected to each other through a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.

The following components are connected to the I/O interface 505: an input portion 506 including a keyboard, a mouse, and the like; an output portion 507 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 508 including a hard disk and the like; and a communication section 509 including a network interface card such as a LAN card, a modem, or the like. The communication section 509 performs communication processing via a network such as the internet. The driver 510 is also connected to the I/O interface 505 as necessary. A removable medium 511 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 510 as necessary, so that a computer program read out therefrom is mounted into the storage section 508 as necessary.

In particular, according to embodiments of the present disclosure, any of the methods described above with reference to embodiments of the present disclosure may be implemented as a computer software program. For example, embodiments of the present disclosure include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing any of the methods of the embodiments of the present disclosure. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 509, and/or installed from the removable medium 511.

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units or modules described in the embodiments of the present disclosure may be implemented by software or hardware. The units or modules described may also be provided in a processor, and the names of the units or modules do not in some cases constitute a limitation on the units or modules themselves.

As another aspect, the present disclosure also provides a computer-readable storage medium, which may be the computer-readable storage medium included in the apparatus in the above embodiment; or it may be a separate computer readable storage medium not incorporated into the device. The computer readable storage medium stores one or more programs for use by one or more processors in performing the methods described in the present disclosure.

The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention in the present disclosure is not limited to the specific combination of the above-mentioned features, but also encompasses other embodiments in which any combination of the above-mentioned features or their equivalents is possible without departing from the inventive concept. For example, the above features and (but not limited to) the features disclosed in this disclosure having similar functions are replaced with each other to form the technical solution.

Claims

1. A method of data processing, comprising:

and releasing the modified application program.

2. The method of claim 1, wherein modifying the application program based on the identification information of the target interface so that the modified application program collects program running information when the target interface is called during installation and running comprises:

3. The method of claim 1, wherein modifying the application program based on the identification information of the target interface so that the modified application program collects program running information when the target interface is called during installation and running comprises:

4. The method of any of claims 1-3, wherein the program execution information includes invocation information for the target interface and/or context information when the target interface is invoked.

5. A data processing method, comprising:

6. The method of claim 5, wherein the method further comprises:

7. The method of claim 6, wherein the method further comprises:

8. A method of data processing, comprising:

and restoring the execution scene of the application program when a target interface in the application program is called based on the program running information, and recording related data.

9. An electronic device comprising a memory, a processor, and a computer program stored on the memory, wherein the processor executes the computer program to implement the method of any of claims 1-8.

10. A computer program product comprising computer instructions, wherein the computer instructions, when executed by a processor, implement the method of any one of claims 1-8.