CN116107973A - Compressed file processing method and device and nonvolatile storage medium - Google Patents

Compressed file processing method and device and nonvolatile storage medium Download PDF

Info

Publication number
CN116107973A
CN116107973A CN202211620647.5A CN202211620647A CN116107973A CN 116107973 A CN116107973 A CN 116107973A CN 202211620647 A CN202211620647 A CN 202211620647A CN 116107973 A CN116107973 A CN 116107973A
Authority
CN
China
Prior art keywords
compressed file
compressed
comparison result
identification information
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211620647.5A
Other languages
Chinese (zh)
Inventor
姬照中
付迎鑫
刘桥
槐正
徐蕾
王健
徐锐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202211620647.5A priority Critical patent/CN116107973A/en
Publication of CN116107973A publication Critical patent/CN116107973A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/174Redundancy elimination performed by the file system
    • G06F16/1744Redundancy elimination performed by the file system using compression, e.g. sparse files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Human Computer Interaction (AREA)
  • Computer Hardware Design (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Debugging And Monitoring (AREA)
  • Retry When Errors Occur (AREA)

Abstract

The application discloses a method and a device for processing a compressed file and a nonvolatile storage medium. Wherein the method comprises the following steps: acquiring the identification information of the compressed file, and determining a pre-detection code of the compressed file according to the identification information; determining a check code of the compressed file, and comparing the pre-detection code with the check code to obtain a first comparison result; under the condition that the first comparison result is that the pre-detection code is consistent with the check code, the compression ratio of the compressed file is obtained, and the compression ratio is compared with a first preset threshold value to obtain a second comparison result; and decompressing the compressed file by adopting a decompression strategy corresponding to the second comparison result. The method and the device solve the technical problem that the server is attacked by the compressed bomb due to the fact that the compressed file is not detected and defended.

Description

Compressed file processing method and device and nonvolatile storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for processing a compressed file, and a nonvolatile storage medium.
Background
In some business scenarios, the application will decompress the compressed packet to perform corresponding business logic, if the decompressed compressed packet is a compressed bomb, a large amount of resources of servers such as a central processing unit (Central Processing Unit, CPU) and a memory will be occupied in the decompression process, resulting in server crash and server unresponsiveness
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
The embodiment of the application provides a processing method and device of a compressed file and a nonvolatile storage medium, which at least solve the technical problem that a server is attacked by a compressed bomb because the compressed file is not detected and defended.
According to an aspect of an embodiment of the present application, there is provided a method for processing a compressed file, including: acquiring the identification information of the compressed file, and determining a pre-detection code of the compressed file according to the identification information; determining a check code of the compressed file, and comparing the pre-detection code with the check code to obtain a first comparison result; under the condition that the first comparison result is that the pre-detection code is consistent with the check code, the compression ratio of the compressed file is obtained, and the compression ratio is compared with a first preset threshold value to obtain a second comparison result; and decompressing the compressed file by adopting a decompression strategy corresponding to the second comparison result.
Optionally, determining the pre-detection code of the compressed file according to the identification information includes: comparing the identification information of the compressed file with the identification information in a target database to obtain a third comparison result, wherein the target database is a database for storing the identification information of the compressed bomb; if the third comparison result indicates that the identification information of the compressed file belongs to the target database, determining that the compressed file is a compressed bomb and sending an error code, wherein the error code is used for indicating that the compressed file is the compressed bomb; if the third comparison result indicates that the compressed file does not belong to the target database, the pre-detection code is determined according to the identification information of the compressed file.
Optionally, decompressing the compressed file by adopting a decompression policy corresponding to the second comparison result, including: decompressing the compressed file under the condition that the second comparison result indicates that the compression ratio is smaller than a first preset threshold value; and under the condition that the second comparison result indicates that the compression ratio is greater than or equal to a first preset threshold value, acquiring the identification of the compressed file, and storing the identification in a target list, wherein the target list is used for storing the identification of the compressed file to be rechecked.
Optionally, after storing the identifier in the target list, the processing method of the compressed file further includes: decompressing the compressed file in the isolation sandbox; acquiring the memory occupied by the decompressed and compressed file, and comparing the memory occupied by the decompressed and compressed file with a second preset threshold; if the memory occupied by the decompressed compressed file is smaller than a second preset threshold, determining that the compressed file is not a compressed bomb; and if the memory occupied by the decompressed compressed file is greater than or equal to a second preset threshold, determining that the compressed file is a compressed bomb.
Optionally, after determining that the compressed file is a compressed bomb, the processing method of the compressed file further includes: the identification information is stored in the target database.
Optionally, the processing method of the compressed file further includes: and sending a prompt message for indicating that the pre-detection code is inconsistent with the check code to the terminal under the condition that the first comparison result is that the pre-detection code is inconsistent with the check code.
Optionally, determining the check code of the compressed file includes: before uploading the compressed file to a server, acquiring a pre-detection code; if the server receives the compressed file and the pre-detection code, generating a check code according to the identification information of the compressed file; if the server side only receives the compressed file or only receives the pre-detection code, the generation of the check code according to the identification information of the compressed file is refused.
According to another aspect of the embodiments of the present application, there is also provided a processing apparatus for compressing a file, including: the acquisition module is used for acquiring the identification information of the compressed file and determining a pre-detection code of the compressed file according to the identification information; the first comparison module is used for determining the check code of the compressed file, and comparing the pre-detection code with the check code to obtain a first comparison result; the second comparison module is used for obtaining the compression ratio of the compressed file under the condition that the first comparison result is that the pre-detection code is consistent with the check code, and comparing the compression ratio with a first preset threshold value to obtain a second comparison result; and the decompression module is used for decompressing the compressed file by adopting a decompression strategy corresponding to the second comparison result.
According to another aspect of the embodiments of the present application, there is further provided a nonvolatile storage medium having a program stored therein, wherein when the program runs, a device on which the nonvolatile storage medium is controlled to execute the above-described method for processing a compressed file.
According to another aspect of the embodiments of the present application, there is also provided an electronic device, including: the device comprises a memory and a processor, wherein the processor is used for running a program stored in the memory, and the processing method of the compressed file is executed when the program runs.
In the embodiment of the application, the identification information of the compressed file is acquired, and the pre-detection code of the compressed file is determined according to the identification information; determining a check code of the compressed file, and comparing the pre-detection code with the check code to obtain a first comparison result; under the condition that the first comparison result is that the pre-detection code is consistent with the check code, the compression ratio of the compressed file is obtained, and the compression ratio is compared with a first preset threshold value to obtain a second comparison result; the method for detecting and defending the compressed file is provided by adopting a decompression strategy corresponding to the second comparison result, and whether the compressed file is the compressed bomb is judged by detecting the identification information and the compression ratio of the compressed file; meanwhile, the isolation sandbox is provided for decompressing the compressed file with the abnormal detection result, so that the abnormal compressed file is rechecked, the purposes of detecting and defending the compressed bomb are achieved, the technical effect of avoiding potential safety hazards caused by uploading the compressed file is achieved, and the technical problem that a server is attacked by the compressed bomb due to the fact that the compressed file is not detected and defended is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
fig. 1 is a hardware block diagram of a computer terminal (or mobile device) implementing a method of processing a compressed file according to an embodiment of the present application;
FIG. 2 is a flow chart of a method of processing compressed files according to an embodiment of the present application;
FIG. 3 is a block diagram of a processing device for compressing files according to an embodiment of the present application;
FIG. 4 is a flow chart of detecting compressed files according to an embodiment of the present application.
Detailed Description
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For better understanding of the embodiments of the present application, technical terms related in the embodiments of the present application are explained below:
compression bomb: a compressed virus, the ratio of the size of the compressed bomb before decompression and the size of the compressed bomb after decompression is larger than 20, and the decompression of the compressed bomb occupies a large amount of resources of a server, so that the server crashes.
Isolation sandbox: and an independent running environment which is isolated from the system and is established in the disk by utilizing a virtualization technology is used for running files with unknown security.
Hash value: also known as a hash value, is a random number, typically in the form of a string of random letters and numbers, that uniquely identifies the corresponding file.
In the related art, whether the compressed file is a compressed bomb is determined by determining the number of files in the compressed package, so that the problem that the server is attacked by the compressed bomb when the server decompresses the compressed bomb is caused by missed detection. In order to solve the problem, in the embodiment of the present application, whether the compressed file is a compressed bomb is determined by detecting the hash value and the compression ratio of the compressed file, and the isolation sandbox is provided for rechecking the compressed file with the detected abnormality, so that the error detection and omission are avoided, and the above problem can be solved, as described in detail below.
According to an embodiment of the present application, there is provided a method embodiment of a method of processing a compressed file, it should be noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowchart, in some cases, the steps illustrated or described may be performed in an order different from that herein.
The method embodiments provided by the embodiments of the present application may be performed in a mobile terminal, a computer terminal, or similar computing device. Fig. 1 shows a block diagram of a hardware structure of a computer terminal (or mobile device) for implementing a processing method of compressed files. As shown in fig. 1, the computer terminal 10 (or mobile device 10) may include one or more processors 102 (shown as 102a, 102b, … …,102 n) which may include, but are not limited to, a microprocessor MCU or a processing device such as a programmable logic device FPGA, a memory 104 for storing data, and a transmission module 106 for communication functions. In addition, the method may further include: a display, an input/output interface (I/O interface), a Universal Serial BUS (USB) port (which may be included as one of the ports of the BUS), a network interface, a power supply, and/or a camera. It will be appreciated by those of ordinary skill in the art that the configuration shown in fig. 1 is merely illustrative and is not intended to limit the configuration of the electronic device described above. For example, the computer terminal 10 may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
It should be noted that the one or more processors 102 and/or other data processing circuits described above may be referred to generally herein as "data processing circuits. The data processing circuit may be embodied in whole or in part in software, hardware, firmware, or any other combination. Furthermore, the data processing circuitry may be a single stand-alone processing module, or incorporated, in whole or in part, into any of the other elements in the computer terminal 10 (or mobile device). As referred to in the embodiments of the present application, the data processing circuit acts as a processor control (e.g., selection of the path of the variable resistor termination to interface).
The memory 104 may be used to store software programs and modules of application software, such as program instructions/data storage devices corresponding to the processing method of the compressed file in the embodiment of the present application, and the processor 102 executes the software programs and modules stored in the memory 104, thereby executing various functional applications and data processing, that is, implementing the processing method of the compressed file of the application program. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the computer terminal 10 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission means 106 is arranged to receive or transmit data via a network. The specific examples of the network described above may include a wireless network provided by a communication provider of the computer terminal 10. In one example, the transmission device 106 includes a network adapter (Network Interface Controller, NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module for communicating with the internet wirelessly.
The display may be, for example, a touch screen type Liquid Crystal Display (LCD) that may enable a user to interact with a user interface of the computer terminal 10 (or mobile device).
Fig. 2 is a flowchart of a method for processing a compressed file according to an embodiment of the present application, as shown in fig. 2, the method includes the following steps:
step S202, obtaining the identification information of the compressed file, and determining the pre-detection code of the compressed file according to the identification information.
Pre-detecting the compressed file before uploading the compressed file to the server through step S202; the method comprises the steps of obtaining identification information of a compressed file at a browser end, wherein the identification information is hash value of the compressed file or related information of the compressed file such as file name of the compressed file, and obtaining a pre-detection code of the compressed file through operation of the identification information of the compressed file after pre-detection.
Step S204, determining the check code of the compressed file, and comparing the pre-check code with the check code to obtain a first comparison result.
In step S204, if the compressed file passes the pre-detection in step S202, the identification information of the compressed file is operated to obtain a check code, and the check code is compared with the pre-detection code obtained in step S202 to obtain a (first) comparison result.
Step S206, under the condition that the first comparison result is that the pre-detection code is consistent with the check code, the compression ratio of the compressed file is obtained, and the compression ratio is compared with a first preset threshold value, so that a second comparison result is obtained.
If the (first) comparison result obtained in step 204 is that the pre-detection code is inconsistent with the check code, in step S206, the compression ratio of the compressed file is detected and compared with the compression ratio threshold (i.e. the first preset threshold), so as to obtain a (second) comparison result.
And step S208, decompressing the compressed file by adopting a decompression strategy corresponding to the second comparison result.
In step S208, a decompression policy for the compressed file is determined according to a comparison result (i.e., a second comparison result) of the compression ratio of the compressed file and the compression ratio threshold (i.e., a first preset threshold), and the compressed file is decompressed when the compressed file satisfies a decompression condition.
By the steps, the compressed file can be pre-detected by detecting the hash value of the compressed file before the file is uploaded to the server; after the compressed file is uploaded to the server, detecting the compressed file again by detecting the compression ratio of the compressed file; double detection of the compressed file is achieved, and safety is higher.
According to an alternative embodiment of the present application, the method for determining the pre-detection code of the compressed file according to the identification information comprises the following steps: comparing the identification information of the compressed file with the identification information in a target database to obtain a third comparison result, wherein the target database is a database for storing the identification information of the compressed bomb; if the third comparison result indicates that the identification information of the compressed file belongs to the target database, determining that the compressed file is a compressed bomb and sending an error code, wherein the error code is used for indicating that the compressed file is the compressed bomb; if the third comparison result indicates that the compressed file does not belong to the target database, the pre-detection code is determined according to the identification information of the compressed file.
In this embodiment, the compressed file is pre-detected, and the pre-detection code of the compressed file is determined after the pre-detection is passed, where the pre-detection method is as follows: acquiring the identification information of the compressed file, inquiring in a database (namely a target database) storing the identification information of the compressed bomb, and judging whether the compressed file is the compressed bomb or not according to an inquiry result; for example, the hash value of the compressed file is obtained, the hash value of the compressed file is queried in the compressed bomb database storing the hash value of the compressed file, the query result (i.e. the third comparison result) is obtained, if the hash value of the compressed file is queried in the compressed bomb database, the compressed file is determined to be a compressed bomb, at this time, an error code is sent to the browser end, and the browser end is prompted to prompt that the compressed file is the compressed bomb, so that the security problem exists. Otherwise, if the hash value of the compressed file is not queried in the compressed bomb database, judging that the compressed file is not the compressed bomb, and at the moment, calculating the identification information of the compressed file to obtain a pre-detection code; for example, the hash value of the compressed file, the file name of the compressed file, the compression time of the compressed file and other identification information are comprehensively operated to obtain the pre-detection code, and meanwhile, a success code for prompting success of the pre-detection is sent to the browser side.
According to another alternative embodiment of the present application, the decompression of the compressed file using a decompression policy corresponding to the second comparison result includes the following steps: decompressing the compressed file under the condition that the second comparison result indicates that the compression ratio is smaller than a first preset threshold value; and under the condition that the second comparison result indicates that the compression ratio is greater than or equal to a first preset threshold value, acquiring the identification of the compressed file, and storing the identification in a target list, wherein the target list is used for storing the identification of the compressed file to be rechecked.
In this embodiment, the compression ratio threshold is denoted as Y2, the compression ratio of the compressed file is denoted as Y1, and determining the decompression policy for the compressed file according to the comparison result (i.e., the second comparison result) of the compression ratio of the compressed file and the compression ratio threshold (i.e., the first preset threshold) in the above step S208 includes the following two policies: when the compression ratio of the compressed file is smaller than a compression ratio threshold (namely a first preset threshold), namely Y1< Y2, determining the compressed file as a normal compressed file and decompressing; when the compression ratio of the compressed file is greater than or equal to a compression ratio threshold (namely a first preset threshold), namely Y1 is more than or equal to Y2, the file is judged to be a compression bomb or other abnormal phenomena occur, and at the moment, the identification of the compressed file, such as the name of the compressed file, is stored in a file list to be rechecked (namely a target list), so that the compressed file can be rechecked conveniently.
According to the above embodiment, after storing the identification in the target list, the processing method of compressing the file further includes: decompressing the compressed file in the isolation sandbox; acquiring the memory occupied by the decompressed and compressed file, and comparing the memory occupied by the decompressed and compressed file with a second preset threshold; if the memory occupied by the decompressed compressed file is smaller than a second preset threshold, determining that the compressed file is not a compressed bomb; and if the memory occupied by the decompressed compressed file is greater than or equal to a second preset threshold, determining that the compressed file is a compressed bomb.
In this embodiment, after storing the identifier of the compressed file whose compression ratio is greater than or equal to the compression ratio threshold (i.e., the first preset threshold) in the file list to be rechecked (i.e., the target list), the compressed file is rechecked by a manual detection method, where the method is as follows: reading a file list to be rechecked (namely a target list), selecting a compressed file, and moving the compressed file into an isolation sandbox; because the isolation sandbox provides an independent environment isolated from an external system and cannot influence the system, the compressed file is decompressed in the isolation sandbox, the size of the memory occupied by the decompressed compressed file is obtained, and if the memory occupied by the decompressed compressed file is far smaller than the memory occupied by the compressed bomb (namely, a second preset threshold value), the compressed file is judged to be a normal file and the compressed file is decompressed; otherwise, if the memory occupied by the decompressed compressed file is greater than or equal to the memory occupied by the compressed bomb (i.e., the second preset threshold), determining that the compressed file is the compressed bomb.
It should be noted that, in the process of decompressing the compressed file in the isolation sandbox, the percentage of the CPU occupied when decompressing the compressed file is recorded, and compared with the percentage of the CPU occupied when decompressing the compressed bomb (i.e. the second preset threshold value), if the percentage of the CPU occupied when decompressing the compressed file is smaller than the percentage of the CPU occupied when decompressing the compressed bomb (i.e. the second preset threshold value), the compressed file is judged to be a normal file and decompressed; otherwise, if the percentage of the CPU occupied by the decompressed compressed file is greater than or equal to the percentage of the CPU occupied by the decompressed compressed bomb (i.e., the second preset threshold), the compressed file is determined to be the compressed bomb.
According to some preferred embodiments of the present application, after determining that the compressed file is a compressed bomb, the method for processing the compressed file further includes: the identification information is stored in the target database.
In some preferred embodiments, after determining that the compressed file is a compressed bomb according to the method of the above embodiments, storing identification information of the compressed file in a database (i.e., a target database) storing identification information of the compressed bomb to update the target database; otherwise, if it is determined that the compressed file is not a compressed bomb according to the above embodiment, storing identification information of the compressed file in a whitelist database; by the method, whether the compressed file is a compressed bomb can be rapidly judged next time.
According to an optional embodiment of the present application, the method for processing a compressed file further includes: and sending a prompt message for indicating that the pre-detection code is inconsistent with the check code to the terminal under the condition that the first comparison result is that the pre-detection code is inconsistent with the check code.
In this embodiment, if the comparison result (i.e., the first comparison result) obtained when comparing the pre-check code with the check code in step S204 is that the pre-check code is inconsistent with the check code, an error is reported to the terminal, and a prompt message is sent to prompt the terminal user that the pre-check code of the compressed file is inconsistent with the check code, and the compressed file fails to pass the security detection.
According to further preferred embodiments of the present application, determining a check code for a compressed file includes: before uploading the compressed file to a server, acquiring a pre-detection code; if the server receives the compressed file and the pre-detection code, generating a check code according to the identification information of the compressed file; if the server side only receives the compressed file or only receives the pre-detection code, the generation of the check code according to the identification information of the compressed file is refused.
In other preferred embodiments, whether the compressed file is a compressed bomb is judged through the identification information and the compression ratio of the compressed file, and after the compressed file is uploaded to the server side, the compressed file can be uploaded to the server side only through pre-detection, wherein if the compressed file and the pre-detection code are received at the server side at the same time, the compressed file passes the pre-detection, and at the moment, the identification information of the compressed file is operated to obtain the check code of the compressed file; otherwise, if only the compressed file is received or only the pre-detection code is received at the server, judging that the compressed file does not pass the pre-detection.
Fig. 3 is a block diagram of a processing device for compressing files according to an embodiment of the present application, as shown in fig. 3, the device includes: the acquiring module 30 is configured to acquire identification information of the compressed file, and determine a pre-detection code of the compressed file according to the identification information; the first comparing module 32 is configured to determine a check code of the compressed file, and compare the pre-detection code with the check code to obtain a first comparison result; the second comparing module 34 is configured to obtain a compression ratio of the compressed file when the first comparison result is that the pre-detection code is consistent with the check code, and compare the compression ratio with a first preset threshold value to obtain a second comparison result; and a decompression module 36, configured to decompress the compressed file by using a decompression policy corresponding to the second comparison result.
Fig. 4 is a flowchart of detecting a compressed file, and as shown in fig. 4, the processing device for a compressed file starts to operate, and the compressed file is pre-detected by acquiring the identification information of the compressed file by the acquisition module 30: inquiring the identification information in the compressed bomb database, judging that the detection is not passed in advance if the identification information is inquired in the compressed bomb database, and sending an abnormal file prompt; if not, it is determined that the compressed file is not a compressed bomb and a pre-detection pass is determined. After passing the pre-detection, the compressed file is security detected by the first contrast module 32: after receiving the uploaded compressed file, the server side extracts the identification information of the compressed file and carries out operation to obtain a pre-detection check code, and whether the pre-detection code is consistent with the pre-detection check code or not is judged; if the file is inconsistent, an abnormal file prompt is sent, and if the file is inconsistent, the safety detection is passed. After passing the security detection, the second comparison module 34 obtains the compression ratio of the compressed file, and performs the compression ratio detection: comparing the compression ratio of the compressed file with a compression ratio threshold, if the compression ratio of the compressed file is smaller than the compression ratio threshold, judging that the compression ratio detection passes, determining that the compressed file is not a compression bomb, and detecting successfully; if the compression ratio of the compressed file is greater than or equal to the compression ratio threshold, judging that the compression ratio detection is not passed, storing the identification information of the compressed file in a file list to be rechecked through a decompression module 36, moving the compressed file into an isolation sandbox for decompression, and manually judging whether the file is a compressed bomb or not through observing a CPU occupied by decompressing the compressed file, a memory occupied by decompressing the compressed file and the content of the decompressed file; if the compressed file is not passed, detecting that the compressed file does not pass, sending an abnormal file prompt, and adding the identification information of the compressed file into a compressed bomb database; if not, the compressed file is detected to pass, and the identification information of the compressed file is added into a white list database.
It should be noted that, the preferred implementation manner of the embodiment shown in fig. 3 may refer to the related description of the embodiment shown in fig. 2, which is not repeated herein.
The embodiment of the application also provides a nonvolatile storage medium, wherein the nonvolatile storage medium stores a program, and the processing method for the compressed file is controlled to be executed by the equipment where the nonvolatile storage medium is located when the program runs.
The above-described nonvolatile storage medium is used to store a program that performs the following functions: acquiring the identification information of the compressed file, and determining a pre-detection code of the compressed file according to the identification information; determining a check code of the compressed file, and comparing the pre-detection code with the check code to obtain a first comparison result; under the condition that the first comparison result is that the pre-detection code is consistent with the check code, the compression ratio of the compressed file is obtained, and the compression ratio is compared with a first preset threshold value to obtain a second comparison result; and decompressing the compressed file by adopting a decompression strategy corresponding to the second comparison result.
The embodiment of the application also provides electronic equipment, which comprises: the device comprises a memory and a processor for running a program stored in the memory, wherein the program runs to execute the above method for processing the compressed file.
The processor in the electronic device is configured to execute a program that performs the following functions: acquiring the identification information of the compressed file, and determining a pre-detection code of the compressed file according to the identification information; determining a check code of the compressed file, and comparing the pre-detection code with the check code to obtain a first comparison result; under the condition that the first comparison result is that the pre-detection code is consistent with the check code, the compression ratio of the compressed file is obtained, and the compression ratio is compared with a first preset threshold value to obtain a second comparison result; and decompressing the compressed file by adopting a decompression strategy corresponding to the second comparison result.
Note that each module in the compressed file processing apparatus may be a program module (for example, a set of program instructions for implementing a specific function), or may be a hardware module, and for the latter, it may be represented by the following form, but is not limited thereto: the expression forms of the modules are all a processor, or the functions of the modules are realized by one processor.
The foregoing embodiment numbers of the present application are merely for describing, and do not represent advantages or disadvantages of the embodiments.
In the foregoing embodiments of the present application, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed technology content may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, for example, may be a logic function division, and may be implemented in another manner, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be essentially or a part contributing to the related art or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely a preferred embodiment of the present application and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present application and are intended to be comprehended within the scope of the present application.

Claims (10)

1. A method of processing a compressed file, comprising:
acquiring identification information of a compressed file, and determining a pre-detection code of the compressed file according to the identification information;
determining a check code of the compressed file, and comparing the pre-detection code with the check code to obtain a first comparison result;
under the condition that the first comparison result is that the pre-detection code is consistent with the check code, obtaining the compression ratio of the compressed file, and comparing the compression ratio with a first preset threshold value to obtain a second comparison result;
and decompressing the compressed file by adopting a decompression strategy corresponding to the second comparison result.
2. The method of claim 1, wherein determining the pre-check code of the compressed file based on the identification information comprises:
comparing the identification information of the compressed file with the identification information in a target database to obtain a third comparison result, wherein the target database is a database for storing the identification information of the compressed bomb;
if the third comparison result indicates that the identification information of the compressed file belongs to the target database, determining that the compressed file is the compressed bomb and sending an error code, wherein the error code is used for indicating that the compressed file is the compressed bomb;
and if the third comparison result indicates that the compressed file does not belong to the target database, determining the pre-detection code according to the identification information of the compressed file.
3. The method of claim 1, wherein decompressing the compressed file using a decompression policy corresponding to the second comparison result comprises:
decompressing the compressed file under the condition that the second comparison result indicates that the compression ratio is smaller than the first preset threshold value;
and under the condition that the second comparison result indicates that the compression ratio is greater than or equal to the first preset threshold value, acquiring the identification of the compressed file, and storing the identification in a target list, wherein the target list is used for storing the identification of the compressed file to be rechecked.
4. The method of claim 2, wherein after storing the identification in a target list, the method further comprises:
decompressing the compressed file in an isolation sandbox;
acquiring a memory occupied by decompressing the compressed file, and comparing the memory occupied by decompressing the compressed file with a second preset threshold;
if the memory occupied by decompressing the compressed file is smaller than the second preset threshold, determining that the compressed file is not the compressed bomb;
and if the memory occupied by decompressing the compressed file is greater than or equal to the second preset threshold, determining that the compressed file is the compressed bomb.
5. The method of claim 2, wherein after determining that the compressed file is the compressed bomb, the method further comprises: and storing the identification information in the target database.
6. The method of processing a compressed file according to claim 1, further comprising:
and sending a prompt message for indicating that the pre-detection code is inconsistent with the check code to a terminal under the condition that the first comparison result is that the pre-detection code is inconsistent with the check code.
7. The method of claim 1, wherein determining the check code of the compressed file comprises:
before uploading the compressed file to a server, acquiring the pre-detection code;
if the server receives the compressed file and the pre-detection code, generating the check code according to the identification information of the compressed file;
and if the server side only receives the compressed file or only receives the pre-detection code, refusing to generate the check code according to the identification information of the compressed file.
8. A compressed file processing apparatus, comprising:
the acquisition module is used for acquiring the identification information of the compressed file and determining the pre-detection code of the compressed file according to the identification information;
the first comparison module is used for determining the check code of the compressed file, and comparing the pre-detection code with the check code to obtain a first comparison result;
the second comparison module is used for obtaining the compression ratio of the compressed file and comparing the compression ratio with a first preset threshold value to obtain a second comparison result when the first comparison result is that the pre-detection code is consistent with the check code;
and the decompression module is used for decompressing the compressed file by adopting a decompression strategy corresponding to the second comparison result.
9. A nonvolatile storage medium, wherein a program is stored in the nonvolatile storage medium, and wherein the program, when executed, controls a device in which the nonvolatile storage medium is located to execute the method of processing a compressed file according to any one of claims 1 to 7.
10. An electronic device, comprising: a memory and a processor for executing a program stored in the memory, wherein the program is executed to perform the method of processing a compressed file according to any one of claims 1 to 7.
CN202211620647.5A 2022-12-15 2022-12-15 Compressed file processing method and device and nonvolatile storage medium Pending CN116107973A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211620647.5A CN116107973A (en) 2022-12-15 2022-12-15 Compressed file processing method and device and nonvolatile storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211620647.5A CN116107973A (en) 2022-12-15 2022-12-15 Compressed file processing method and device and nonvolatile storage medium

Publications (1)

Publication Number Publication Date
CN116107973A true CN116107973A (en) 2023-05-12

Family

ID=86255291

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211620647.5A Pending CN116107973A (en) 2022-12-15 2022-12-15 Compressed file processing method and device and nonvolatile storage medium

Country Status (1)

Country Link
CN (1) CN116107973A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116361786A (en) * 2023-05-31 2023-06-30 中国矿业大学(北京) Detection defense method, system, medium and electronic equipment of decompression bomb

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116361786A (en) * 2023-05-31 2023-06-30 中国矿业大学(北京) Detection defense method, system, medium and electronic equipment of decompression bomb
CN116361786B (en) * 2023-05-31 2023-08-15 中国矿业大学(北京) Detection defense method, system, medium and electronic equipment of decompression bomb

Similar Documents

Publication Publication Date Title
CN110427785B (en) Equipment fingerprint acquisition method and device, storage medium and electronic device
CN111796858B (en) Method, system and related equipment for detecting access of application programs in Kubernetes cluster
CN110389815A (en) Task processing method, apparatus and system
CN106339613B (en) A kind of processing method, terminal and server using data
CN110661829B (en) File downloading method and device, client and computer readable storage medium
CN116107973A (en) Compressed file processing method and device and nonvolatile storage medium
CN113452772B (en) Intelligent scene processing method and device, storage medium and electronic equipment
CN109067883B (en) Information pushing method and device
CN105791246A (en) Information verification method, device and system
CN111061693B (en) Method, device and medium for decompressing, separating and compressing file during downloading
CN115208951A (en) Request processing method and device, electronic equipment and computer readable storage medium
CN115314319A (en) Network asset identification method and device, electronic equipment and storage medium
CN112130460B (en) Page display method and device and storage medium
CN117750371A (en) Wireless network access method, system and terminal equipment
CN112398786B (en) Method and device for identifying penetration attack, system, storage medium and electronic device
CN110598797B (en) Fault detection method and device, storage medium and electronic device
CN105100056A (en) Application data processing method and system
CN111159048A (en) Application program testing method and device and computer readable storage medium
CN116070210A (en) Method and device for determining abnormal progress and virus checking and killing method
CN113542308B (en) Information processing method, system and storage medium, electronic device
CN112788078B (en) Data transmission method, receiving device, sending device and computer equipment
CN112671556B (en) Router configuration method and device, storage medium and electronic device
CN111782291A (en) Test page starting method and device
JP6903978B2 (en) Mobile terminals, server devices, information processing systems, control methods, and programs
CN114172890B (en) File second transmission processing method and device, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination