CN115758339A - Open source component access detection method and device and computer readable storage medium - Google Patents

Open source component access detection method and device and computer readable storage medium Download PDF

Info

Publication number
CN115758339A
CN115758339A CN202211454477.8A CN202211454477A CN115758339A CN 115758339 A CN115758339 A CN 115758339A CN 202211454477 A CN202211454477 A CN 202211454477A CN 115758339 A CN115758339 A CN 115758339A
Authority
CN
China
Prior art keywords
open source
detection
access
source component
access request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211454477.8A
Other languages
Chinese (zh)
Inventor
刘安
徐雷
郭新海
丁攀
蓝鑫冲
苏俐竹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202211454477.8A priority Critical patent/CN115758339A/en
Publication of CN115758339A publication Critical patent/CN115758339A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Debugging And Monitoring (AREA)

Abstract

The invention provides an open source component access detection method, an open source component access detection device and a computer readable storage medium, relates to the technical field of network security, and is used for solving the problem that the prior art has defects in vulnerability defense of an open source component, and the method comprises the following steps: when an access request is received, judging whether the access request comprises preset sensitive path information for accessing an open source assembly or not; if the sensitive path information is included, performing open source component access detection on the access request according to a preset detection mechanism; and if the access detection is carried out through the open source component, returning response information comprising a processing result of the open source component aiming at the sensitive path information to the access request according to the access request. According to the method and the device, the open source component for the sensitive path information can continue to be safely accessed even in the period that no bug is found or no bug is found but the rectification is not finished due to the existence of the bug, so that a bug defense mechanism of the open source component is enhanced.

Description

Open source component access detection method and device and computer readable storage medium
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a method and an apparatus for detecting access to an open source component, and a computer-readable storage medium.
Background
The use of the open source software library greatly shortens the development period and reduces the workload of developers, but once the open source software has security holes, the open source software has influence on all applications which quote the open source software, and the spread range is wider.
At present, the protection means for the open source software vulnerability mainly comprises that open source software containing the vulnerability in a software package is detected through an open source component detection engine and then is rectified and modified. However, since a certain time is required for discovering the vulnerability and proposing the rectification measure, for some important applications, the access cannot be stopped in the period, and at this time, vulnerability defense for the switch source component has defects, which causes network security risks.
Disclosure of Invention
The present invention provides a method, an apparatus, and a computer readable storage medium for detecting access to an open source component, so as to solve the problem that a vulnerability defense of the open source component in the prior art has a defect, which causes a network security hidden danger.
In a first aspect, the present invention provides an open source component access detection method, which
The method comprises the following steps:
when an access request is received, judging whether the access request comprises preset sensitive path information for accessing an open source assembly or not;
if the sensitive path information is included, performing open source component access detection on the access request according to a preset detection mechanism;
and if the access detection is carried out through the open source component, returning response information comprising a processing result of the open source component aiming at the sensitive path information to the access request according to the access request.
Optionally, the access request specifically includes: and the user side initiates an access request to the application.
Optionally, the sensitive path information of the access open source component is preset through the following steps:
combing the access path information of a plurality of open source components which can be called by the project software package according to the project software package;
setting access path information of the open source components with the discovered vulnerabilities in the plurality of open source components as sensitive path information;
and according to the service aimed by the project, the access path information of part of the open source components in the plurality of open source components is designated as sensitive path information.
Optionally, the method further comprises:
and for the open source component found to have the vulnerability, deleting the corresponding sensitive path information after acquiring the latest official patch package.
Optionally, the performing, according to a preset detection mechanism, access detection on the access request by the open source component specifically includes:
performing first detection on a path access parameter of an open source component aiming at the access sensitive path information carried in the access request according to a preset detection rule to detect whether the path access parameter has an abnormality specified by the preset detection rule;
and if the first detection is passed, further carrying out second detection on the input and output information of the open source component function for which the sensitive path information is called according to the access request by using a preset detection function so as to monitor whether attack parameters exist in the input and output information.
Optionally, the preset detection rule specifically includes:
detection rules which are pre-made according to the path access parameters and comprise regular expressions, black and white lists and special characters;
the first detection is performed on the path access parameter of the open source component, which is carried in the access request and is used for accessing the sensitive path information, according to a preset detection rule, so as to detect whether the path access parameter has an abnormality specified by the preset detection rule, and specifically includes:
acquiring a path access parameter of an open source component for accessing the sensitive path information, wherein the path access parameter is carried in the access request;
detecting whether the path access parameters have the abnormity specified by the regular expression, the black and white list or the special characters;
if the abnormality exists, judging that the access request does not pass the first detection, and blocking the access request;
if no anomaly exists, determining that the access request passes the first detection.
Optionally, the preset detection function specifically includes:
a hook function is preset at an application programming API (application programming interface) function for calling the open source component function for the sensitive path information;
the second detection is performed on the input and output information of the open source component function to which the sensitive path information is directed according to the access request by using a preset detection function to monitor whether attack parameters exist in the input and output information, and the method specifically includes:
when the input and output information of the open source component function aimed at by the sensitive path information passes through a corresponding API (application program interface) function according to the access request, monitoring whether attack parameters exist in the input and output information by using a corresponding preset hook function;
if the attack parameters exist, judging that the access request does not pass the second detection, and blocking the access request;
and if the attack parameters do not exist, judging that the access request passes the second detection, and further judging that the access request passes the open source component access detection.
In a second aspect, the present invention provides an open source component access detection apparatus, comprising:
the judging module is used for judging whether the access request comprises preset sensitive path information for accessing the open source assembly or not when the access request is received;
the detection module is connected with the judgment module and is used for carrying out open source component access detection on the access request according to a preset detection mechanism if the sensitive path information is included;
and the response module is connected with the detection module and used for returning response information comprising a processing result of the open source component aiming at the sensitive path information to the access request according to the access request if the access detection is carried out through the open source component.
In a third aspect, the present invention provides an open source component access detection apparatus, including a memory and a processor, where the memory stores a computer program, and when the processor runs the computer program stored in the memory, the processor executes the open source component access detection method described above.
In a fourth aspect, the invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the open source component access detection method as described above.
The invention provides an open source component access detection method, an open source component access detection device and a computer readable storage medium, wherein when an access request comprises sensitive path information for accessing an open source component, the access request is subjected to open source component access detection according to a preset detection mechanism, and only when the access request passes the open source component access detection, a processing result of the open source component for which the sensitive path information aims is allowed to be obtained, so that the open source component for which the sensitive path information aims can continue to be safely accessed even in the period that no bug exists or no bug is found but no rectification is finished, the defense mechanism of the bug is enhanced, and the network security is improved.
Drawings
FIG. 1 is a flow diagram of an open source component access detection method according to an embodiment of the invention;
fig. 2 is a schematic structural diagram of a preset detection mechanism of an open source component access detection method according to an embodiment of the present invention;
FIG. 3 is a flow diagram of another open source component access detection method of an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of an open source component access detection apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of another open source component access detection apparatus according to an embodiment of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the following detailed description will be made with reference to the accompanying drawings.
It is to be understood that the specific embodiments and figures described herein are merely illustrative of the invention and are not limiting of the invention.
It is to be understood that the embodiments and features of the embodiments can be combined with each other without conflict.
It is to be understood that, for the convenience of description, only parts related to the present invention are shown in the drawings of the present invention, and parts not related to the present invention are not shown in the drawings.
It should be understood that each unit and module related in the embodiments of the present invention may correspond to only one physical structure, may also be composed of multiple physical structures, or multiple units and modules may also be integrated into one physical structure.
It will be understood that, without conflict, the functions, steps and processes noted in the flowcharts and block diagrams of the present invention may occur in an order different from that noted in the figures.
It is to be understood that the flowchart and block diagrams of the present invention illustrate the architecture, functionality, and operation of possible implementations of systems, apparatus, devices and methods according to various embodiments of the present invention. Each block in the flowchart or block diagrams may represent a unit, module, segment, code, which comprises executable instructions for implementing the specified function(s). Furthermore, each block or combination of blocks in the block diagrams and flowchart illustrations can be implemented by a hardware-based system that performs the specified functions or by a combination of hardware and computer instructions.
It is to be understood that the units and modules involved in the embodiments of the present invention may be implemented by software, and may also be implemented by hardware, for example, the units and modules may be located in a processor.
For a better understanding of the present invention, the open source component vulnerability protection is first introduced.
With the development of open source software libraries, over 60% of enterprises now base their own code architecture on open source components. At the same time, however, the removability and convenience of the open source components may be the preferred point of attack for the attacker. 16555 new vulnerabilities are found in an open source community in 2018, the total number of vulnerabilities breaks through 10-million gateways, the use frequency of open source components is hundreds of millions, and therefore the potential safety hazard of the network is great.
At present, an open source component detection engine is applied, vulnerability security protection is realized by detecting a software package based on the existing information of a vulnerability library, but a certain time is needed from the appearance of a vulnerability to the entry of the vulnerability library, the threat of a 0day vulnerability (also called a zero-day vulnerability and a zero-time difference attack, which means a security vulnerability which is immediately utilized maliciously after being found) existing in the open source component vulnerability to application is fatal, and after the 0day vulnerability appears, the patch is also manufactured for a period of time, and in the period of time, the security protection is realized by introducing the open source software package containing the vulnerability into a project package in the prior art, so that the application or the corresponding function cannot be accessed.
The interactive application detection technology and the runtime self-protection technology can be used for reference as a means for preventing 0day vulnerability, but the technologies are not developed aiming at preventing the open source component, have weak pertinence and can only prevent 0day vulnerability attack to a certain extent.
In view of this, the invention combs open source software packages introduced into the project package, then arranges out resource access paths related to each open source software package and functions exposed to the outside in the software package, and monitors access parameters of the resource paths related to the specified open source software packages and the functions of the open source software packages, thereby identifying attack behaviors aiming at the software packages and achieving the purpose of performing security protection on applications.
Example 1:
as shown in fig. 1, the present invention provides an open source component access detection method, including:
s1, when an access request is received, judging whether the access request comprises preset sensitive path information for accessing an open source assembly;
s2, if the sensitive path information is included, performing open source component access detection on the access request according to a preset detection mechanism;
and S3, if the access detection of the open source assembly is passed, returning response information including a processing result of the open source assembly for the sensitive path information to the access request according to the access request.
Specifically, in this embodiment, the method implements, when receiving an access request to the open source component, performing, according to a preset detection mechanism, open source component access detection on the access request if the access request includes sensitive path information for accessing the open source component, and only after the access request passes the open source component access detection, allowing the open source component to be invoked to process the access request to obtain a processing result of the open source component for which the sensitive path information is specific, so that the open source component for which the sensitive path information is specific can continue to perform secure access to the open source component even when a bug is present but not found or a bug is found but not completed, thereby enhancing a bug defense mechanism of the open source component and improving network security.
Optionally, the access request specifically includes: and the user side initiates an access request to the application.
Specifically, in this embodiment, the invoking of the open source component is implemented by an Application, the Application may specifically be a program, and in a network environment, the Application generally includes a user side program and a server side program, the detection method corresponding to this embodiment may be set in a corresponding program of a client and/or a server side, a user may access the Application at the user side through an APP (Application) or a browser, and may send an access request to the server side from the user side, the server side executes the open source component access detection method after receiving the access request, invokes the corresponding open source component and returns an access result to the user side after detection, or initiates the access request by the user side, executes the open source component access detection method at the user side part, sends a request parameter passing detection to the server side after detection, and then obtains an access result returned by the server side after subsequent detection is completed.
Optionally, the sensitive path information of the access open source component is preset through the following steps:
combing the access path information of a plurality of open source components which can be called by the project software package according to the project software package;
setting access path information of the open source components which have been found to have the bugs in the plurality of open source components as sensitive path information;
and according to the service aimed by the project, the access path information of part of the open source components in the plurality of open source components is designated as sensitive path information.
Optionally, the method further comprises:
and for the open source component with the discovered vulnerability, deleting the corresponding sensitive path information after acquiring the latest official patch package.
Specifically, in this embodiment, in the project software package structure shown in fig. 2, a number of open source component dependency packages for calling open source components are included, access path information for calling corresponding open source components is obtained by combing according to codes of the open source component dependency packages, specifically, when a browser accesses the corresponding open source components, a resource path generated by access of a Web (World Wide Web) application is obtained, and when a Web application accesses one open source component connection, a number of do accesses are triggered, that is, a Web backend calls an entry of the open source component, such as a query operation: the resource path is set to "/find.do, the code flow involved in the query flow calls an interface of an open source component software package (for example, an interface software package for querying a database), and a corresponding relationship is formed: for example,/find.do → software packages for querying databases xx.jar, etc., a project software package may correspond to multiple resource paths, and a resource path may also correspond to multiple project software packages. Setting sensitive path information for the carded resource path, which may specifically include: setting the resource path of the open source component which has been found to have the bug but is not repaired to be a first-class sensitive path, so that the application can carry out security detection when calling the open source component without stopping to wait for an official to output a patch package, and correspondingly, aiming at the open source component, after the official generates the patch package and the open source software package is upgraded, removing the sensitive path and carrying out normal access; and a second type of sensitive path is designated according to the specific service type of the application operated by the project software package, such as an access path for changing money in a financial system, an access path for deleting a user and the like all belong to sensitive paths, and the sensitive paths can be continuously detected to ensure safety.
Optionally, the performing, according to a preset detection mechanism, access detection on the access request by the open source component specifically includes:
performing first detection on a path access parameter of an open source component for accessing the sensitive path information, which is carried in the access request, according to a preset detection rule to detect whether the path access parameter has an abnormality specified by the preset detection rule;
if the first detection is passed, the input and output information of the open source component function aimed at by the sensitive path information is further called according to the access request, and second detection is carried out by using a preset detection function so as to monitor whether attack parameters exist in the input and output information.
Optionally, the preset detection rule specifically includes:
detection rules including regular expressions, black and white lists and special characters are preset according to the path access parameters;
the first detection is performed on the path access parameter of the open source component, which is carried in the access request and is used for accessing the sensitive path information, according to a preset detection rule, so as to detect whether the path access parameter has an abnormality specified by the preset detection rule, and specifically includes:
obtaining a path access parameter of an open source component for accessing the sensitive path information, wherein the path access parameter is carried in the access request;
detecting whether the path access parameter has the abnormity specified by the regular expression, the black and white list or the special character;
if the abnormality exists, judging that the access request fails the first detection, and blocking the access request;
if no exception exists, then the access request is determined to pass the first detection.
Optionally, the preset detection function specifically includes:
a hook function which is preset at an Application Programming Interface (API) Interface function for calling the open source component function for which the sensitive path information aims;
the second detection is performed on the input and output information of the open source component function to which the sensitive path information is directed according to the access request by using a preset detection function to monitor whether attack parameters exist in the input and output information, and the method specifically includes:
when the input and output information of the open source component function aimed at by the sensitive path information is called according to the access request and passes through the corresponding API interface function, monitoring whether attack parameters exist in the input and output information by using a corresponding preset hook function;
if the attack parameters exist, judging that the access request does not pass the second detection, and blocking the access request;
and if the attack parameters do not exist, judging that the access request passes the second detection, and further judging that the access request passes the open source component access detection.
Specifically, in this embodiment, in the project software package structure shown in fig. 2, a detection rule for performing first detection on a resource path and a detection function for performing second detection on an open source component function need to be preset, specifically, a resource path related to an open source component for which sensitive path information is directed is subjected to emphasis processing, the first layer of protection is to strictly limit parameters carried by an access request, and parameters can be monitored in a manner of formulating a regular expression of the parameters, a black and white list, special characters, and the like according to a service type, the second layer of protection is to further sort out, for each open source component dependent package, a referenced API interface function is used as a hook (hook) function to monitor an attack behavior, the API function refers to an interface function called in the open source software package, for example, a database needs to be connected in a code, a software package connected to the database is called, an API function connected to the database is provided in the software package, and at this time, the ok interface needs to be subjected to monitor input and output of the function to see whether there is an attack parameter. After the preset is completed, the access detection of the open source component shown in fig. 3 may be performed, which specifically includes: the method comprises the steps that a user side initiates an access request for accessing an application through an APP or a browser, an application side judges whether the access request comprises a sensitive path or not, if not, the application is normally accessed, the application normally returns response information after the application performs back-end (server-side) processing on the access request, if so, the access request is subjected to first detection to detect whether abnormal parameters exist in carried access parameters, such as typical trojans listed in a parameter blacklist, if the abnormal parameters do not exist, a service flow reaches an open source software function of the back end through the first detection, at the moment, second detection is performed to detect input and output information of the open source component function, only specific input and output information is allowed to pass through the open source component function according to service characteristics, after the second detection is passed, the back end performs response on the access request, the response information is returned to the user side APP or the browser, and if any one of the first detection or the second detection does not pass, the user side blocks the access, corresponding prompt can be sent to the APP or the browser.
In the embodiment 1 of the invention, parameters in the access request are detected by combing the corresponding relation between the source component and the resource path in the project software package, and the input and output information of the source component function through which the service flows is detected, so that the effect of accurately protecting the vulnerability of the source component is achieved; when the open source component vulnerability explodes, only a resource path and a function related to the vulnerability need to be monitored, the service does not need to be shut down, and the continuity of the service is kept; and only the switch component with the vulnerability and the important business association is monitored, so that the performance overhead is reduced.
Example 2:
as shown in fig. 4, embodiment 2 of the present invention provides an open source component access detection apparatus, including:
the system comprises a judging module 1, a processing module and a processing module, wherein the judging module is used for judging whether an access request comprises preset sensitive path information for accessing an open source assembly or not when the access request is received;
the detection module 2 is connected with the judgment module 1 and is used for carrying out open source component access detection on the access request according to a preset detection mechanism if the sensitive path information is included;
and the response module 3 is connected with the detection module 2 and is used for returning response information including a processing result of the open source component for which the sensitive path information is directed to the access request according to the access request if the access detection is performed through the open source component.
Optionally, the access request specifically includes: and the user side initiates an access request to the application.
Optionally, the apparatus further includes a preset module, configured to preset sensitive path information for accessing the open source component, where the preset module specifically includes:
the carding unit is used for carding access path information of a plurality of open source components which can be called by the project software package according to the project software package;
the first preset unit is used for setting access path information of the open source component with the discovered vulnerability in the plurality of open source components as sensitive path information;
and the second preset unit is used for appointing access path information of part of the open source assemblies in the plurality of open source assemblies as sensitive path information according to the service aimed at by the project.
Optionally, the first preset unit is further configured to:
and for the open source component found to have the vulnerability, deleting the corresponding sensitive path information after acquiring the latest official patch package.
Optionally, the detection module 2 specifically includes:
a first detecting unit, configured to perform first detection on a path access parameter of an open source component for which the sensitive path information is accessed, where the path access parameter is carried in the access request, according to a preset detection rule, so as to detect whether the path access parameter has an exception specified by the preset detection rule;
and the second detection unit is used for further carrying out second detection on the input and output information of the open source component function for which the sensitive path information is called according to the access request by using a preset detection function if the first detection unit passes the first detection so as to monitor whether attack parameters exist in the input and output information.
Optionally, the preset module specifically further includes:
the third preset module is used for presetting detection rules comprising regular expressions, black and white lists and special characters aiming at the path access parameters;
the first detection unit specifically includes:
an obtaining unit, configured to obtain a path access parameter, carried in the access request, for accessing the open source component to which the sensitive path information is directed;
the first detection subunit is configured to detect whether the path access parameter has an abnormality specified by the regular expression, the black and white list, or the special character;
a determination unit configured to determine that the access request fails the first detection and block the access request if there is an abnormality; and (c) a second step of,
if no anomaly exists, determining that the access request passes the first detection.
Optionally, the preset module specifically further includes:
a fourth preset unit, configured to set a hook function in advance at an API interface function of an application programming that calls an open source component function targeted by the sensitive path information;
the second detection unit specifically includes:
the second detection subunit is configured to monitor whether attack parameters exist in input and output information of an open source component function for which the sensitive path information is directed by using a corresponding preset hook function when the input and output information passes through a corresponding API interface function according to the access request;
a determining unit, configured to determine that the access request fails the second detection if there is an attack parameter, and block the access request; and the number of the first and second groups,
and if the attack parameters do not exist, judging that the access request passes the second detection, and further judging that the access request passes the open source component access detection.
Example 3:
as shown in fig. 5, embodiment 3 of the present invention provides an open source component access detection apparatus, where the apparatus includes a memory 10 and a processor 20, where the memory 10 stores a computer program, and when the processor 20 runs the computer program stored in the memory 10, the processor 20 executes the open source component access detection method according to embodiment 1.
The memory 10 is connected to the processor 20, the memory 10 may be a flash memory, a read-only memory or other memories, and the processor 20 may be a central processing unit or a single chip microcomputer.
Example 4:
embodiment 4 of the present invention provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the method for detecting access to an open source component according to embodiment 1 is implemented.
The computer-readable storage media include volatile or nonvolatile, removable or non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, computer program modules or other data. Computer-readable storage media include, but are not limited to, RAM (Random Access Memory), ROM (Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), flash Memory or other Memory technology, CD-ROM (Compact disk Read-Only Memory), digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer.
Embodiments 1 to 4 of the present invention provide an open source component access detection method, an open source component access detection apparatus, and a computer-readable storage medium, where when an access request includes sensitive path information for accessing an open source component, the access request is subjected to open source component access detection according to a preset detection mechanism, and only when the access request passes the open source component access detection, a processing result of the open source component for which the sensitive path information is specific is allowed to be obtained, so that even when a vulnerability exists but is not found or the vulnerability is found but is not completely modified, the open source component for which the sensitive path information is specific can continue to be safely accessed, thereby enhancing a vulnerability defense mechanism of the open source component and improving network security.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.

Claims (10)

1. An open source component access detection method, the method comprising:
when an access request is received, judging whether the access request comprises preset sensitive path information for accessing an open source assembly;
if the sensitive path information is included, performing open source component access detection on the access request according to a preset detection mechanism;
and if the access detection of the open source component is passed, returning response information including a processing result of the open source component for which the sensitive path information is directed to the access request according to the access request.
2. The method according to claim 1, wherein the access request is specifically: and the user side initiates an access request to the application.
3. The method according to claim 1, wherein the sensitive path information of the access open source component is preset by the following steps:
combing the access path information of a plurality of open source components which can be called by the project software package according to the project software package;
setting access path information of the open source components which have been found to have the bugs in the plurality of open source components as sensitive path information;
and according to the service aimed by the project, the access path information of part of the open source components in the plurality of open source components is designated as sensitive path information.
4. The method of claim 3, further comprising:
and for the open source component with the discovered vulnerability, deleting the corresponding sensitive path information after acquiring the latest official patch package.
5. The method according to any one of claims 1 to 4, wherein the performing access detection on the access request according to a preset detection mechanism specifically includes:
performing first detection on a path access parameter of an open source component for accessing the sensitive path information, which is carried in the access request, according to a preset detection rule to detect whether the path access parameter has an abnormality specified by the preset detection rule;
if the first detection is passed, the input and output information of the open source component function aimed at by the sensitive path information is further called according to the access request, and second detection is carried out by using a preset detection function so as to monitor whether attack parameters exist in the input and output information.
6. The method according to claim 5, wherein the preset detection rule specifically includes:
detection rules which are pre-made according to the path access parameters and comprise regular expressions, black and white lists and special characters;
the first detection is performed on the path access parameter of the open source component, which is carried in the access request and is used for accessing the sensitive path information, according to a preset detection rule, so as to detect whether the path access parameter has an abnormality specified by the preset detection rule, and specifically includes:
obtaining a path access parameter of an open source component for accessing the sensitive path information, wherein the path access parameter is carried in the access request;
detecting whether the path access parameter has the abnormity specified by the regular expression, the black and white list or the special character;
if the abnormality exists, judging that the access request does not pass the first detection, and blocking the access request;
if no anomaly exists, determining that the access request passes the first detection.
7. The method according to claim 5, wherein the presetting of the detection function specifically includes:
a hook function is preset at an application programming API (application programming interface) function for calling the open source component function for the sensitive path information;
the second detection is performed on the input and output information of the open source component function to which the sensitive path information is directed according to the access request by using a preset detection function to monitor whether attack parameters exist in the input and output information, and the method specifically includes:
when the input and output information of the open source component function aimed at by the sensitive path information is called according to the access request and passes through the corresponding API interface function, monitoring whether attack parameters exist in the input and output information by using a corresponding preset hook function;
if the attack parameters exist, judging that the access request does not pass the second detection, and blocking the access request;
and if the attack parameters do not exist, judging that the access request passes the second detection, and further judging that the access request passes the open source component access detection.
8. An open source component access detection apparatus, the apparatus comprising:
the judging module is used for judging whether the access request comprises preset sensitive path information for accessing the open source assembly or not when the access request is received;
the detection module is connected with the judgment module and is used for carrying out open source component access detection on the access request according to a preset detection mechanism if the sensitive path information is included;
and the response module is connected with the detection module and used for returning response information comprising a processing result of the open source assembly for the sensitive path information to the access request according to the access request if the open source assembly passes the access detection.
9. An open source component access detection apparatus comprising a memory and a processor, the memory having stored therein a computer program, the processor performing the open source component access detection method according to any one of claims 1 to 7 when the processor executes the computer program stored in the memory.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the open source component access detection method according to any one of claims 1 to 7.
CN202211454477.8A 2022-11-21 2022-11-21 Open source component access detection method and device and computer readable storage medium Pending CN115758339A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211454477.8A CN115758339A (en) 2022-11-21 2022-11-21 Open source component access detection method and device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211454477.8A CN115758339A (en) 2022-11-21 2022-11-21 Open source component access detection method and device and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN115758339A true CN115758339A (en) 2023-03-07

Family

ID=85333361

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211454477.8A Pending CN115758339A (en) 2022-11-21 2022-11-21 Open source component access detection method and device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN115758339A (en)

Similar Documents

Publication Publication Date Title
US7587724B2 (en) Kernel validation layer
US10235524B2 (en) Methods and apparatus for identifying and removing malicious applications
CN107851155B (en) System and method for tracking malicious behavior across multiple software entities
CN106487775B (en) Service data processing method and device based on cloud platform
US9158919B2 (en) Threat level assessment of applications
US8613080B2 (en) Assessment and analysis of software security flaws in virtual machines
US7665139B1 (en) Method and apparatus to detect and prevent malicious changes to tokens
US20180075233A1 (en) Systems and methods for agent-based detection of hacking attempts
Baca et al. Improving software security with static automated code analysis in an industry setting
US20070067623A1 (en) Detection of system compromise by correlation of information objects
US20200012793A1 (en) System and Method for An Automated Analysis of Operating System Samples
CN105408911A (en) Hardware and software execution profiling
CN113761519B (en) Method and device for detecting Web application program and storage medium
US11449618B2 (en) Active testing of access control policy
Possemato et al. Preventing and Detecting State Inference Attacks on Android.
US10802863B2 (en) Apparatus and method for storing audit trail in response to virtual-machine process execution
CN113779589B (en) Android smart phone application misconfiguration detection method
CN115758339A (en) Open source component access detection method and device and computer readable storage medium
Almotairy et al. B-droid: a static taint analysis framework for android applications
Chang et al. Vulnerable service invocation and countermeasures
US11971979B2 (en) Integrity violation detection for system services
CN111538990B (en) Internet analysis system
CN112395599B (en) Attack detection method and device for system kernel data, storage medium and computer equipment
CN108256320B (en) Dynamic detection method, device, equipment and storage medium for differential domain
Basutakara et al. A review of static code analysis methods for detecting security flaws

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination