CN115686477A - Application program creating method and device and electronic equipment - Google Patents
Application program creating method and device and electronic equipment Download PDFInfo
- Publication number
- CN115686477A CN115686477A CN202211435413.3A CN202211435413A CN115686477A CN 115686477 A CN115686477 A CN 115686477A CN 202211435413 A CN202211435413 A CN 202211435413A CN 115686477 A CN115686477 A CN 115686477A
- Authority
- CN
- China
- Prior art keywords
- information
- detected
- files
- file
- abnormal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The application discloses a method and a device for creating an application program and electronic equipment, and relates to the field of information security. Wherein, the method comprises the following steps: responding to an application program creating instruction, and acquiring a plurality of files to be detected required by creating the application program, wherein direct dependency relations or indirect dependency relations exist among the files to be detected; identifying three-factor information of each file to be detected, wherein the three-factor information at least comprises developer information, version information and function description information of the file to be detected; determining whether abnormal files exist in the plurality of files to be detected according to the three-element information, wherein the abnormal files are files with information security risks; and when the abnormal files do not exist in the plurality of files to be detected, constructing the application program according to the plurality of files to be detected. The application program safety problem existing in the prior art when the application program is built according to the file is solved.
Description
Technical Field
The application relates to the field of information security, in particular to a method and a device for creating an application program and electronic equipment.
Background
At present, there are two main development modes for application programs, one is a completely manual development mode, that is, the development of the application program is realized by writing codes by developers. Another way is to use existing files (e.g., jar package) for incremental development, that is, to use the dependency relationship between existing files, to refer to existing files directly, then to write other necessary codes by developers according to actual services, and finally to build an application based on the codes written by developers and the referenced existing files. Among them, the second development method has become a mainstream method in the field of application development because of its low development cost and high development efficiency.
However, since the second development mode usually refers to an existing file such as an existing jar package directly, if there is a security vulnerability in the referred jar package, the developed application may have a large security risk, and even a large economic loss may be caused to a user of the application.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the application provides an application program creating method and device and electronic equipment, and aims to at least solve the technical problem that in the prior art, when an application program is built according to a file, the safety of the application program is poor.
According to an aspect of an embodiment of the present application, there is provided a method for creating an application program, including: responding to an application program creating instruction, and acquiring a plurality of files to be detected required by creating the application program, wherein direct dependency relations or indirect dependency relations exist among the files to be detected; identifying three-factor information of each file to be detected, wherein the three-factor information at least comprises developer information, version information and function description information of the file to be detected; determining whether abnormal files exist in the plurality of files to be detected according to the three-element information, wherein the abnormal files are files with information security risks; and when the abnormal files do not exist in the plurality of files to be detected, constructing the application program according to the plurality of files to be detected.
Further, the method for creating the application program further comprises the following steps: determining a preset development language corresponding to the application program from the application program creating instruction; analyzing each file to be detected according to a preset development language to obtain an analysis result; identifying the three-element information of each file to be detected from the analysis result, wherein the analysis result is tuple or slice data, the tuple is a sequence capable of being stored in a relational database, and the slice data is pointer type data.
Further, the method for creating the application program further comprises the following steps: when the preset development language is a first development language, analyzing each file to be detected into tuples, wherein the first development language is a dynamic development language; and when the preset development language is a second development language, analyzing each file to be detected into slice data, wherein the second development language is a static type development language.
Further, the method for creating the application program further comprises the following steps: before determining whether abnormal files exist in the files to be detected according to the three-factor information, detecting whether at least two first files to be detected exist in the files to be detected, wherein the three-factor information of the at least two first files to be detected is the same; when at least two first files to be detected exist in the plurality of files to be detected, performing duplicate removal on the at least two first files to be detected to obtain a target file to be detected, and generating a target list according to the three-element information of the target file to be detected and the three-element information of other files to be detected, wherein the other files to be detected are the files to be detected except the at least two first files to be detected in the plurality of files to be detected; and storing the target list into the target server.
Further, the method for creating the application program further comprises the following steps: reading a preset list from a target server, wherein a plurality of target three-element information are recorded in the preset list, and files corresponding to the target three-element information are files with information security risks; detecting whether abnormal three-element information exists in the target list or not, wherein the abnormal three-element information is the three-element information in the intersection of the target list and the preset list; and when the abnormal three-factor information exists in the target list, determining that abnormal files exist in the multiple files to be detected, and forbidding to construct the application program.
Further, the method for creating the application program further comprises the following steps: before reading a preset list from a target server, detecting whether at least two first target three-element information exist in the preset list, wherein developer information, function description information and version information between the at least two first target three-element information are the same, and all the version information are different; when at least two first target three-factor information exists in the preset list, merging the at least two first target three-factor information to obtain a second target three-factor information, wherein the second target three-factor information has the same developer information and function description information as the first target three-factor information, and the version information in the second target three-factor information is a set of version information in the at least two first target three-factor information.
Further, the method for creating the application program further comprises the following steps: after determining that abnormal files exist in the plurality of files to be detected, generating prompt information according to the abnormal three-factor information; and sending the prompt information to target terminal equipment, wherein the target terminal equipment is equipment for sending an application program creation instruction.
Further, the method for creating the application program further comprises the following steps: determining a replacement file of the abnormal file according to the abnormal three-factor information corresponding to the abnormal file, wherein the similarity between the three-factor information of the replacement file and the abnormal three-factor information corresponding to the abnormal file is greater than a preset threshold value, and the three-factor information of the replacement file is not recorded in a preset list; acquiring file information of the replacement file, wherein the file information at least comprises three-element information of the replacement file; and generating prompt information according to the file information and the abnormal three-factor information corresponding to the abnormal file.
According to another aspect of the embodiments of the present application, there is also provided an apparatus for creating an application, including: the acquisition module is used for responding to an application program creation instruction and acquiring a plurality of files to be detected required by the creation of the application program, wherein a direct dependency relationship or an indirect dependency relationship exists among the plurality of files to be detected; the identification module is used for identifying the three-element information of each file to be detected, wherein the three-element information at least comprises developer information, version information and function description information of the file to be detected; the determining module is used for determining whether abnormal files exist in the multiple files to be detected according to the three-factor information, wherein the abnormal files are files with information security risks; and the detection module is used for constructing the application program according to the plurality of files to be detected when the plurality of files to be detected do not have abnormal files.
According to another aspect of embodiments of the present application, there is also provided an electronic device including one or more processors and a memory for storing one or more programs, wherein when the one or more programs are executed by the one or more processors, the one or more processors implement the above-described creation method of the application program.
According to the method, whether abnormal files exist in the files to be detected or not is determined according to the three-element information of each file to be detected, the files to be detected required by the application program are obtained in response to an application program creating instruction, then the three-element information of each file to be detected is identified, whether abnormal files exist in the files to be detected or not is determined according to the three-element information, and when abnormal files do not exist in the files to be detected, the application program is built according to the files to be detected. The three-element information at least comprises developer information, version information and function description information of the files to be detected, and the abnormal files are files with information security risks.
According to the method and the device, whether the abnormal files exist in the multiple files to be detected or not is determined according to the three-element information of each file to be detected, the purpose of timely finding the abnormal files at the beginning of creating the application program is achieved, the application program can be established only when the abnormal files do not exist in the multiple files to be detected, and therefore the effect of avoiding generating the application program with safety risks is achieved, the development efficiency of the application program can be improved, and the repair cost of the application program can be reduced.
Therefore, the technical scheme of the application achieves the purpose of identifying whether the files required by constructing the application have safety risks, so that the effect of improving the safety of the application is achieved, and the technical problem that the safety of the application is poor when the application is constructed according to the files in the prior art is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a flow chart of an alternative application creation method according to an embodiment of the application;
FIG. 2 is a schematic diagram of an application creation system according to an embodiment of the present application;
FIG. 3 is an alternative application creation flow diagram according to an embodiment of the present application;
FIG. 4 is a schematic diagram of an alternative application creation apparatus according to an embodiment of the present application;
FIG. 5 is a schematic diagram of an alternative electronic device according to an embodiment of the application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Moreover, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In addition, it should be noted that the relevant information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for presentation, analyzed data, etc.) referred to in the present disclosure are information and data authorized by the user or sufficiently authorized by each party. For example, an interface is provided between the system and the relevant user or organization, before obtaining the relevant information, an obtaining request needs to be sent to the user or organization through the interface, and after receiving the consent information fed back by the user or organization, the relevant information is obtained.
Example 1
In accordance with an embodiment of the present application, there is provided an embodiment of a method for creating an application, it should be noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions, and that while a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than that herein.
In order to better understand the contents of the embodiments of the present application, some key terms referred to in the embodiments of the present application are described below:
and (6) Maven: a Java project management facility software and automated build tool includes a project object model, a set of criteria, a project lifecycle management component, a dependent file management system, and logic for running plug-in objects defined during lifecycle phases. Maven can easily manage project dependence on jar files.
Jar: a software package archiving method is generally used for organizing a large number of compiled class files of Java class files, related metadata and resource files into one file so as to develop Java platform application software or libraries.
DevOps: the combination of the development and the Operations is a collective term of a group of processes, methods and systems, and is used for promoting communication, cooperation and integration among development, technical operation and maintenance and quality assurance.
Fig. 1 is a flowchart of an alternative application creation method according to an embodiment of the present application, and as shown in fig. 1, the method includes the following steps:
step S101, responding to an application program creating instruction, and acquiring a plurality of files to be detected required by creating the application program.
In step S101, a direct dependency relationship or an indirect dependency relationship exists between a plurality of files to be detected. Specifically, the files to be detected in the application may be jar packages, and it should be noted that, in the development process of the application program, a plurality of jar packages are usually introduced, and a direct dependency relationship or an indirect dependency relationship exists between the jar packages, for example, a direct dependency relationship exists between jar1 and jar2, a direct dependency relationship exists between jar2 and jar3, and an indirect dependency relationship exists between jar1 and jar 3.
In addition, a creation system of an application program may be used as an execution subject of the creation method of the application program in the embodiment of the present application, where fig. 2 shows a schematic diagram of a creation system of an application program according to the embodiment of the present application, and as shown in fig. 2, the creation system includes an infrastructure layer, a system layer, an application layer, and a DevOps layer.
Specifically, as shown in fig. 2, the infrastructure layer is configured to provide environment resources required by system layer deployment, including CPU, memory, storage, and network resources. The base device layer may be deployed on physical machines, virtual machines, and bare metal servers. The system layer is the main implementation layer for creating the system, and includes common software for CI (persistent integration)/CD (persistent delivery), such as Jenkins component, which is commonly used in the industry. The identification method of the application program is mainly applied to the front-end process of the CI/CD. In addition, the system layer also comprises an identification micro-service which is used for configuring a preset list and detecting whether the file to be detected is an abnormal file according to the preset list.
In addition, as shown in fig. 2, the application layer characterizes the application programs to be created (e.g., APP _1, APP _2, etc.), and in the application layer, files required by the application programs to be created in the creation process are managed by Maven. All application programs need to receive security detection of a system layer on files in the compiling and packaging stage. The DevOps layer is a loop of the delivery process of the application program, and automatic delivery of the application program can be realized based on the DevOps layer.
And step S102, identifying the three-element information of each file to be detected.
In step S102, the three-factor information at least includes developer information, version information, and function description information of the file to be detected. Specifically, the three-element information can be understood as a unique identifier of a document to be detected. The three-element information of the file to be detected represents the current version, the developer and the specifically realized functions of the file to be detected. For example, the three-factor information of the file a to be detected represents that the file a to be detected is developed by company B, the current version is 1.3.90, and the function that can be realized is to encrypt and decrypt the bank card number.
And step S103, determining whether abnormal files exist in the plurality of files to be detected according to the three-factor information.
In step S103, the abnormal file is a file with information security risk. For example, a file virus exists in a certain abnormal file, so that an application program built by using the jar package has a large information security risk.
And step S104, when the abnormal files do not exist in the plurality of files to be detected, constructing the application program according to the plurality of files to be detected.
Optionally, the creating system may build the application program according to the files to be detected only when all the files to be detected are verified as normal files, and if any one of the files to be detected is an abnormal file, the creating system may prohibit building the application program and may generate corresponding prompt information so as to prompt the developer to check the abnormal file in time.
Based on the content of the above steps S101 to S104, in the present application, a manner of determining whether an abnormal file exists in the multiple files to be detected according to the three-factor information of each file to be detected is adopted, and first, in response to an application program creating instruction, multiple files to be detected required for creating the application program are obtained, then, the three-factor information of each file to be detected is identified, and whether an abnormal file exists in the multiple files to be detected is determined according to the three-factor information, and when an abnormal file does not exist in the multiple files to be detected, the application program is constructed according to the multiple files to be detected. The three-element information at least comprises developer information, version information and function description information of the files to be detected, and the abnormal files are files with information safety risks.
According to the method and the device, whether the abnormal files exist in the multiple files to be detected or not is determined according to the three-element information of each file to be detected, the purpose of timely finding the abnormal files at the beginning of creating the application program is achieved, the application program can be established only when the abnormal files do not exist in the multiple files to be detected, and therefore the effect of avoiding generating the application program with safety risks is achieved, the development efficiency of the application program can be improved, and the repair cost of the application program can be reduced.
Therefore, the technical scheme of the application achieves the purpose of identifying whether the files required by constructing the application have safety risks, so that the effect of improving the safety of the application is achieved, and the technical problem that the safety of the application is poor when the application is constructed according to the files in the prior art is solved.
In an optional embodiment, the creating system determines a preset development language corresponding to the application program from the application program creating instruction, then analyzes each file to be detected according to the preset development language to obtain an analysis result, and finally, the creating system identifies three-element information of each file to be detected from the analysis result, wherein the analysis result is tuple or slice data, the tuple is a sequence capable of being stored in a relational database, and the slice data is pointer-type data.
Optionally, when the preset development language is a first development language, the creating system analyzes each file to be detected as a tuple, wherein the first development language is a dynamic development language; when the preset development language is a second development language, the creating system analyzes each file to be detected into slice data, wherein the second development language is a static development language.
Specifically, the first development language is python language, the second development language is gold language, and in order to accurately identify the three-element information of the file to be detected, if the preset development language is python language, the creation system analyzes the file to be detected as tuple; and if the preset development language is Golang language, the creating system analyzes the file to be detected into slice data slice.
In an optional embodiment, before determining whether an abnormal file exists in the multiple files to be detected according to the three-factor information, the creating system may further detect whether at least two files to be detected exist in the multiple files to be detected, where the three-factor information of the at least two files to be detected is the same. When at least two first files to be detected exist in the plurality of files to be detected, the creating system performs duplicate removal processing on the at least two first files to be detected to obtain a target file to be detected, and generates a target list according to the three-element information of the target file to be detected and the three-element information of other files to be detected, wherein the other files to be detected are the files to be detected except the at least two first files to be detected in the plurality of files to be detected. Finally, the creation system stores the target list in the target server.
Optionally, assuming that the number of the files to be detected is N, where three element information of M files to be detected is completely the same (i.e., version information is the same, developer information is the same, and function description information is the same), in order to save data storage space and improve subsequent abnormal file detection efficiency, the creation system performs deduplication processing on the M files to be detected, only one file to be detected in the M files to be detected is reserved as a target file to be detected, and three element information corresponding to the target file to be detected is represented as three element information of the M files to be detected in a unified manner. It is easy to note that, in this way, the number of the three-factor information finally stored in the target server is (N-M + 1), whereas if the M files to be detected are not deduplicated, the number of the three-factor information required to be stored in the target server is N. Wherein M is more than or equal to 2, N is more than or equal to M.
It is easy to notice that the application not only reduces the data amount required to be stored in the target server by de-duplicating the file to be detected with the same three-element information, but also can improve the detection efficiency of the abnormal file due to the reduction of the number of the three-element information required to be traversed. In addition, the three-element information needs to be stored in the target server in a network transmission mode, so that the network transmission pressure can be reduced and the network transmission efficiency can be improved by reducing the number of the three-element information.
In an optional embodiment, the creating system further reads a preset list from the target server, wherein the preset list records a plurality of target three-factor information, and a file corresponding to the target three-factor information is a file with information security risk. And then, a system is created to detect whether abnormal three-element information exists in the target list, wherein the abnormal three-element information is the three-element information in the intersection of the target list and the preset list. And when the abnormal three-factor information exists in the target list, the creation system determines that abnormal files exist in the files to be detected and forbids the application program to be constructed.
Optionally, the creating system may pre-deploy a preset list in the target server, where the preset list records a plurality of target three-factor information, and each target three-factor information corresponds to a known document with information security risk. On the basis, the creating system determines whether abnormal files exist in the files to be detected or not by comparing the preset list with the target list. Specifically, if a certain three-factor information exists in the target list and is also recorded in the preset list, it is indicated that the three-factor information is abnormal three-factor information, and the file to be detected corresponding to the three-factor information is an abnormal file. After the exception file is identified, the creation system will automatically prohibit the application from continuing to be built in order to ensure the security of the application that is finally built.
In an optional embodiment, before reading the preset list from the target server, the creation system further detects whether at least two first target three-factor information exists in the preset list, where developer information, function description information, and version information of the at least two first target three-factor information are the same, and all the information are different. When at least two first target three-element information exists in the preset list, the creating system merges the at least two first target three-element information to obtain a second target three-element information, wherein the second target three-element information has the same developer information and function description information as the first target three-element information, and the version information in the second target three-element information is a set of version information in the at least two first target three-element information.
Alternatively, it is assumed that there are three target three-factor information, which are target three-factor information 1[ developer a, function a, version 1.1.2], target three-factor information 2[ developer a, function a, version 1.1.3], and target three-factor information 3[ developer a, function a, version 1.1.4]. It is easy to note that the developer information and the function description information are identical between the three target three-factor information, except for version information, so in order to improve the management efficiency of the preset list and reduce the amount of data to be stored, the three target three-factor information may be merged to obtain a new target three-factor information [ developer a, function a, version 1.1.2, 1.1.3, 1.1.4] or [ developer a, function a, version 1.1.2-1.1.4]. The three target three-factor information is three first target three-factor information, and the new target three-factor information is one second target three-factor information.
It should be noted that, in the above example, since the developer information and the function description information between the three target three-factor information are completely the same, the creation system does not store three pieces of developer information and function description information repeatedly, but only keeps a set of one piece of developer information, one piece of function description information, and one piece of version information, thereby reducing the amount of data to be stored and improving the storage space utilization of the target server.
Further, taking the second target three-factor information [ developer a, function a, version 1.1.2-1.1.4] as an example, if one piece of three-factor information [ developer a, function a, version 1.1.3] is recorded in the target list, since version 1.1.3 is actually included in version 1.1.2-1.1.4, the creation system may determine that the three-factor information [ developer a, function a, version 1.1.3] is one piece of abnormal three-factor information based on the second target three-factor information.
In an optional embodiment, after determining that an abnormal file exists in a plurality of files to be detected, creating the file to generate prompt information according to the abnormal three-element information, and sending the prompt information to target terminal equipment, wherein the target terminal equipment is equipment for sending an application program creating instruction.
Optionally, the creating system may send the prompt message to a target terminal device through a mail, a voice, or the like, so as to prompt a developer to process the abnormal file, where the target terminal device includes, but is not limited to, a notebook computer, a desktop computer, an intelligent tablet, an intelligent mobile phone, or the like.
In an optional embodiment, the creating system may further determine a replacement file of the abnormal file according to the abnormal three-factor information corresponding to the abnormal file, and then acquire file information of the replacement file, where the file information at least includes the three-factor information of the replacement file. And finally, the creating system generates prompt information according to the file information and the abnormal three-factor information corresponding to the abnormal file. The similarity between the three-element information of the replacement file and the abnormal three-element information corresponding to the abnormal file is greater than a preset threshold value, and the three-element information of the replacement file is not recorded in a preset list;
optionally, assuming that the abnormal three-factor information corresponding to one abnormal file is [ developer a, function a, version 1.1.3], in order to facilitate a developer to quickly determine a substitute file for the abnormal file, the creation system may determine the substitute file from the file library according to the abnormal three-factor information corresponding to the abnormal file, where a similarity between the three-factor information of the substitute file and the abnormal three-factor information is greater than a preset threshold, and the preset threshold may be set by a user. For example, if one piece of three-factor information is [ developer a, function a, version 1.1.6], which is different from the above-mentioned abnormal three-factor information [ developer a, function a, version 1.1.3] only in version information, the similarity between the two pieces of information is greater than a preset threshold, and since the three-factor information is not recorded in a preset list, the file corresponding to the three-factor information is not a file with information security risk. On the basis, the creation system can take the file corresponding to the three-element information [ developer a, function a, version 1.1.6] as a substitute file, send the three-element information [ developer a, function a, version 1.1.6] and the abnormal three-element information to the developer in the form of prompt information, and finally determine whether to use the substitute file by the developer.
In an alternative embodiment, FIG. 3 illustrates an alternative application creation flow diagram according to an embodiment of the present application. As shown in fig. 3, the method comprises the following steps:
step 1, a DevOps layer in the creation system is used as an initiating end of an application program creation process and is responsible for configuring information of a plurality of application programs of the application layer, wherein the information includes configuration of application names, application versions, code warehouses and the like. When an application needs to be built, the creation system can automatically initiate a process or an operator can initiate a building task. The DevOps calls the construction task of Jenkins (a continuous integration tool developed based on java) with parameters.
And 2, jenkins receives a construction request sent by the DevOps and pulls the latest code from the VCS system (svn/gitlab).
Step 3, before constructing the task, jenkins executes mvn: the dependency command acquires a plurality of jar packages, wherein the plurality of jar packages have direct dependency and indirect dependency.
And 4, storing a plurality of jar packages as a variable in a list form.
Step 5, analyzing each jar packet to obtain an analysis result, wherein the analysis result is tuple or slice data
And 6, sending the analysis result to the identification microservice.
And 7, identifying three-element information of each jar packet by the identification micro-service based on the analysis result, and generating a target list based on the three-element information.
And 8, loading the preset list by the identification micro service in a scheduler mode, wherein the identification micro service can also manage the preset list, for example, adding, deleting, modifying and checking target three-element information in the preset list.
And 9, the identification micro-service determines whether abnormal three-element information exists in the target list according to the preset list, wherein the abnormal three-element information is the three-element information in the intersection of the target list and the preset list.
And step 10, when the abnormal three-element information exists in the target list, identifying the micro service to determine that abnormal files exist in the plurality of files to be detected. And the micro service is identified to generate prompt information according to the abnormal three-factor information, and the prompt information is sent to the mail service layer. Meanwhile, the identification microservice sends the abnormal three-factor information to Jenkins, the Jenkins stops building the application program, and sends information of application program building failure to DevOps.
And step 11, when the abnormal three-factor information does not exist in the target list, the identification micro-service sends the detection result to Jenkins, the Jenkins continues to build the application program, and sends information that the application program is successfully built to DevOps.
According to the method and the device, whether the abnormal files exist in the multiple files to be detected is determined according to the three-element information of each file to be detected, so that the purpose of timely finding the abnormal files at the beginning of creating the application program is achieved, the application program can be constructed only when the abnormal files do not exist in the multiple files to be detected, the effect of avoiding generating the application program with safety risks is achieved, the development efficiency of the application program can be improved, and the repair cost of the application program can be reduced.
Example 2
According to an embodiment of the present application, there is further provided an apparatus for creating an application, where fig. 4 is a schematic diagram of an optional apparatus for creating an application according to an embodiment of the present application, and as shown in fig. 4, the apparatus includes: an obtaining module 401, configured to respond to an application program creating instruction, to obtain multiple files to be detected, which are required to create an application program, where a direct dependency relationship or an indirect dependency relationship exists among the multiple files to be detected; the identification module 402 is configured to identify three-factor information of each to-be-detected file, where the three-factor information at least includes developer information, version information, and function description information of the to-be-detected file; the determining module 403 is configured to determine whether an abnormal file exists in the multiple files to be detected according to the three-factor information, where the abnormal file is a file with an information security risk; the detecting module 404 is configured to build an application program according to the multiple files to be detected when the abnormal files do not exist in the multiple files to be detected.
It should be noted that the acquiring module 401, the identifying module 402, the determining module 403, and the detecting module 404 correspond to steps S101 to S104 in the above embodiment 1, and the four modules are the same as the corresponding steps in the implementation example and the application scenario, but are not limited to the disclosure in the above embodiment 1.
Optionally, the identification module includes: the device comprises a first determining unit, an analyzing unit and a recognizing unit. The first determining unit is used for determining a preset development language corresponding to the application program from the application program creating instruction; the analysis unit is used for analyzing each file to be detected according to a preset development language to obtain an analysis result; and the identification unit is used for identifying the three-element information of each file to be detected from the analysis result, wherein the analysis result is tuple or slice data, the tuple is a sequence which can be stored in a relational database, and the slice data is pointer type data.
Optionally, the parsing unit further includes: the first analysis subunit and the second analysis subunit. The system comprises a first analysis subunit and a second analysis subunit, wherein the first analysis subunit is used for analyzing each file to be detected into tuples when a preset development language is a first development language, and the first development language is a dynamic development language; and the second analysis subunit is used for analyzing each file to be detected into slice data when the preset development language is a second development language, wherein the second development language is a static type development language.
Optionally, the creating device of the application further includes: the device comprises a first detection module, a duplicate removal processing module and a storage module. The system comprises a first detection module, a second detection module and a third detection module, wherein the first detection module is used for detecting whether at least two files to be detected exist in the plurality of files to be detected, and the three-element information of the at least two files to be detected is the same; the duplicate removal processing module is used for performing duplicate removal processing on at least two first files to be detected when the at least two first files to be detected exist in the plurality of files to be detected to obtain a target file to be detected, and generating a target list according to the three-element information of the target file to be detected and the three-element information of other files to be detected, wherein the other files to be detected are the files to be detected except the at least two first files to be detected in the plurality of files to be detected; and the storage module is used for storing the target list into the target server.
Optionally, the determining module further includes: the device comprises a reading unit, a first detection unit and a second determination unit. The reading unit is used for reading a preset list from a target server, wherein a plurality of target three-element information are recorded in the preset list, and files corresponding to the target three-element information are files with information security risks; the device comprises a first detection unit, a second detection unit and a third detection unit, wherein the first detection unit is used for detecting whether abnormal three-element information exists in a target list or not, and the abnormal three-element information is three-element information in an intersection of the target list and a preset list; and the second determining unit is used for determining that abnormal files exist in the plurality of files to be detected and forbidding the construction of the application program when the abnormal three-element information exists in the target list.
Optionally, the creating apparatus of the application further includes: the second detection module and the merging processing module. The second detection module is used for detecting whether at least two first target three-element information exist in the preset list, wherein the developer information, the function description information and the version information of the at least two first target three-element information are the same, and all the version information are different; and the merging processing module is used for merging the at least two first target three-element information to obtain a second target three-element information when the at least two first target three-element information exists in the preset list, wherein the second target three-element information has the same developer information and function description information as the first target three-element information, and the version information in the second target three-element information is a set of version information in the at least two first target three-element information.
Optionally, the creating apparatus of the application further includes: the device comprises a generating module and a sending module. The generating module is used for generating prompt information according to the abnormal three-factor information; and the sending module is used for sending the prompt information to the target terminal equipment, wherein the target terminal equipment is equipment for sending the application program creating instruction.
Optionally, the generating module further includes: the device comprises a third determining unit, an acquiring unit and a generating unit. The third determining unit is used for determining a replacement file of the abnormal file according to the abnormal three-element information corresponding to the abnormal file, wherein the similarity between the three-element information of the replacement file and the abnormal three-element information corresponding to the abnormal file is greater than a preset threshold value, and the three-element information of the replacement file is not recorded in a preset list; the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring file information of a replacement file, and the file information at least comprises three-element information of the replacement file; and the generating unit is used for generating prompt information according to the file information and the abnormal three-factor information corresponding to the abnormal file.
Example 3
According to an embodiment of the present application, an embodiment of an electronic device is further provided, where fig. 5 is a schematic diagram of an optional electronic device according to an embodiment of the present application, as shown in fig. 5, the electronic device includes a processor, a memory, and a program stored in the memory and operable on the processor, and when the processor executes the program, the following steps are implemented:
responding to an application program creating instruction, and acquiring a plurality of files to be detected required by creating the application program, wherein direct dependency or indirect dependency exists among the files to be detected; identifying three-factor information of each file to be detected, wherein the three-factor information at least comprises developer information, version information and function description information of the file to be detected; determining whether abnormal files exist in the plurality of files to be detected according to the three-element information, wherein the abnormal files are files with information security risks; and when the abnormal files do not exist in the plurality of files to be detected, constructing an application program according to the plurality of files to be detected.
Optionally, the processor executes the program to further implement the following steps: determining a preset development language corresponding to the application program from the application program creating instruction; analyzing each file to be detected according to a preset development language to obtain an analysis result; identifying the three-element information of each file to be detected from the analysis result, wherein the analysis result is tuple or slice data, the tuple is a sequence capable of being stored in a relational database, and the slice data is pointer type data.
Optionally, the processor executes the program to further implement the following steps: when the preset development language is a first development language, analyzing each file to be detected into tuples, wherein the first development language is a dynamic development language; and when the preset development language is a second development language, analyzing each file to be detected into slice data, wherein the second development language is a static type development language.
Optionally, the following steps are also implemented when the processor executes the program: before determining whether abnormal files exist in the files to be detected according to the three-factor information, detecting whether at least two first files to be detected exist in the files to be detected, wherein the three-factor information of the at least two first files to be detected is the same; when at least two files to be detected exist in the files to be detected, performing duplicate removal on the at least two files to be detected to obtain a target file to be detected, and generating a target list according to the three-element information of the target file to be detected and the three-element information of other files to be detected, wherein the other files to be detected are the files to be detected except the at least two files to be detected in the files to be detected; and storing the target list into the target server.
Optionally, the processor executes the program to further implement the following steps: reading a preset list from a target server, wherein a plurality of target three-element information are recorded in the preset list, and files corresponding to the target three-element information are files with information security risks; detecting whether abnormal three-element information exists in the target list, wherein the abnormal three-element information is the three-element information in the intersection of the target list and the preset list; and when the abnormal three-element information exists in the target list, determining that abnormal files exist in the plurality of files to be detected, and forbidding the construction of the application program.
Optionally, the processor executes the program to further implement the following steps: before reading a preset list from a target server, detecting whether at least two first target three-element information exist in the preset list, wherein developer information, function description information and version information between the at least two first target three-element information are the same, and all the version information are different; and merging the at least two first target three-factor information to obtain a second target three-factor information, wherein the second target three-factor information has the same developer information and function description information as the first target three-factor information, and the version information in the second target three-factor information is a set of version information in the at least two first target three-factor information.
Optionally, the processor executes the program to further implement the following steps: after determining that abnormal files exist in the plurality of files to be detected, generating prompt information according to the abnormal three-factor information; and sending the prompt information to target terminal equipment, wherein the target terminal equipment is equipment for sending an application program creating instruction.
Optionally, the processor executes the program to further implement the following steps: determining a replacement file of the abnormal file according to the abnormal three-factor information corresponding to the abnormal file, wherein the similarity between the three-factor information of the replacement file and the abnormal three-factor information corresponding to the abnormal file is greater than a preset threshold value, and the three-factor information of the replacement file is not recorded in a preset list; acquiring file information of the replacement file, wherein the file information at least comprises three-element information of the replacement file; and generating prompt information according to the document information and the abnormal three-factor information corresponding to the abnormal document.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
In the embodiments of the present application, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to the related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technical content can be implemented in other manners. The above-described apparatus embodiments are merely illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or may not be executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may also be implemented in the form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application, or portions or all or portions of the technical solutions that contribute to the prior art, may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk, and various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present application and it should be noted that, as will be apparent to those skilled in the art, numerous modifications and adaptations can be made without departing from the principles of the present application and such modifications and adaptations are intended to be considered within the scope of the present application.
Claims (10)
1. A method for creating an application program, comprising:
responding to an application program creating instruction, and acquiring a plurality of files to be detected required by creating the application program, wherein a direct dependency relationship or an indirect dependency relationship exists among the plurality of files to be detected;
identifying three-factor information of each file to be detected, wherein the three-factor information at least comprises developer information, version information and function description information of the file to be detected;
determining whether abnormal files exist in the files to be detected according to the three-element information, wherein the abnormal files are files with information security risks;
and when the abnormal files do not exist in the files to be detected, constructing the application program according to the files to be detected.
2. The method of claim 1, wherein identifying three-factor information for each document to be detected comprises:
determining a preset development language corresponding to the application program from the application program creating instruction;
analyzing each file to be detected according to the preset development language to obtain an analysis result;
identifying the three-element information of each file to be detected from an analysis result, wherein the analysis result is tuple or slice data, the tuple is a sequence capable of being stored in a relational database, and the slice data is pointer type data.
3. The method according to claim 2, wherein analyzing each file to be detected according to the preset development language to obtain an analysis result comprises:
when the preset development language is a first development language, analyzing each file to be detected into the tuple, wherein the first development language is a dynamic development language;
and when the preset development language is a second development language, analyzing each file to be detected into the slice data, wherein the second development language is a static type development language.
4. The method according to claim 1, wherein before determining whether there is an abnormal document among the plurality of documents to be detected based on the three-factor information, the method further comprises:
detecting whether at least two files to be detected exist in the files to be detected, wherein the three-element information of the at least two files to be detected is the same;
when the at least two files to be detected exist in the plurality of files to be detected, performing duplicate removal processing on the at least two files to be detected to obtain a target file to be detected, and generating a target list according to the three-element information of the target file to be detected and the three-element information of other files to be detected, wherein the other files to be detected are the files to be detected except the at least two files to be detected in the plurality of files to be detected;
and storing the target list into a target server.
5. The method according to claim 4, wherein determining whether an abnormal document exists in the plurality of documents to be detected according to the three-factor information comprises:
reading a preset list from the target server, wherein a plurality of target three-element information are recorded in the preset list, and files corresponding to the target three-element information are files with information security risks;
detecting whether abnormal three-element information exists in the target list or not, wherein the abnormal three-element information is three-element information in an intersection of the target list and the preset list;
and when the abnormal three-element information exists in the target list, determining that the abnormal files exist in the plurality of files to be detected, and forbidding the construction of the application program.
6. The method of claim 5, wherein prior to reading the predetermined list from the target server, the method further comprises:
detecting whether at least two first target three-element information exists in the preset list, wherein the developer information, the function description information and the version information of the at least two first target three-element information are the same, and all the version information are different;
when at least two first target three-element information exists in the preset list, merging the at least two first target three-element information to obtain a second target three-element information, wherein the second target three-element information has developer information and function description information which are the same as those of the first target three-element information, and version information in the second target three-element information is a set of version information in the at least two first target three-element information.
7. The method according to claim 5, wherein after determining that the exception file exists in the plurality of files to be detected, the method further comprises:
generating prompt information according to the abnormal three-factor information;
and sending the prompt information to target terminal equipment, wherein the target terminal equipment is equipment for sending the application program creating instruction.
8. The method of claim 7, wherein generating a hint from the anomalous three element information comprises:
determining a replacement file of the abnormal file according to the abnormal three-factor information corresponding to the abnormal file, wherein the similarity between the three-factor information of the replacement file and the abnormal three-factor information corresponding to the abnormal file is greater than a preset threshold value, and the three-factor information of the replacement file is not recorded in the preset list;
acquiring file information of the replacement file, wherein the file information at least comprises three-element information of the replacement file;
and generating the prompt information according to the file information and the abnormal three-factor information corresponding to the abnormal file.
9. An apparatus for creating an application program, comprising:
the acquisition module is used for responding to an application program creation instruction and acquiring a plurality of files to be detected required by the creation of the application program, wherein a direct dependency relationship or an indirect dependency relationship exists among the files to be detected;
the identification module is used for identifying three-element information of each file to be detected, wherein the three-element information at least comprises developer information, version information and function description information of the file to be detected;
the determining module is used for determining whether abnormal files exist in the files to be detected according to the three-factor information, wherein the abnormal files are files with information security risks;
and the detection module is used for constructing the application program according to the plurality of files to be detected when the abnormal files do not exist in the plurality of files to be detected.
10. An electronic device, comprising one or more processors and memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of creating an application program of any of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211435413.3A CN115686477A (en) | 2022-11-16 | 2022-11-16 | Application program creating method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211435413.3A CN115686477A (en) | 2022-11-16 | 2022-11-16 | Application program creating method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115686477A true CN115686477A (en) | 2023-02-03 |
Family
ID=85054919
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211435413.3A Pending CN115686477A (en) | 2022-11-16 | 2022-11-16 | Application program creating method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115686477A (en) |
-
2022
- 2022-11-16 CN CN202211435413.3A patent/CN115686477A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11449488B2 (en) | System and method for processing logs | |
| EP2761462B1 (en) | Method and device for obtaining using-frequency of application program | |
| CN112099880B (en) | Method and system for reducing application program driven by scene | |
| CN111694612A (en) | Configuration checking method, device, computer system and storage medium | |
| CN109284331B (en) | Certificate making information acquisition method based on service data resources, terminal equipment and medium | |
| CN110063042A (en) | A kind of response method and its terminal of database failure | |
| CN111694750A (en) | Method and device for constructing software testing environment | |
| CN112631763A (en) | Program changing method and device of host program | |
| CN112416725A (en) | Pressure testing method and device | |
| CN111200654A (en) | Client request error processing method and device | |
| CN115686477A (en) | Application program creating method and device and electronic equipment | |
| CN107092671B (en) | Method and equipment for managing meta information | |
| CN107193721B (en) | Method and device for generating log | |
| CN111209138A (en) | Operation and maintenance method and device of data storage system | |
| KR20120116295A (en) | Apparatus and method for managing name of document file | |
| CN107239505B (en) | Cluster mirror synchronization method and system | |
| CN106293897B (en) | Automatic scheduling system of subassembly | |
| CN113722208B (en) | Project progress verification method and device for software test report | |
| CN114900531B (en) | Data synchronization method, device and system | |
| CN111625853B (en) | Snapshot processing method, device and equipment and readable storage medium | |
| CN111158746B (en) | Method and device for acquiring call relationship | |
| CN113792326A (en) | Method and device for limiting copying of file content | |
| CN118227486A (en) | Release version debugging method, release version debugging device, electronic device and storage medium | |
| CN113342779A (en) | Project updating method and device and computer readable storage medium | |
| CN114327670A (en) | Integrated configuration processing method and device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |