CN116467047A - Method and device for detecting container configuration compliance, storage medium and terminal - Google Patents

Method and device for detecting container configuration compliance, storage medium and terminal Download PDF

Info

Publication number
CN116467047A
CN116467047A CN202310450585.6A CN202310450585A CN116467047A CN 116467047 A CN116467047 A CN 116467047A CN 202310450585 A CN202310450585 A CN 202310450585A CN 116467047 A CN116467047 A CN 116467047A
Authority
CN
China
Prior art keywords
command
dockerfire
compliance
dockerfile
steps
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310450585.6A
Other languages
Chinese (zh)
Inventor
朱辉
罗敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruan'an Technology Co ltd
Original Assignee
Ruan'an Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruan'an Technology Co ltd filed Critical Ruan'an Technology Co ltd
Priority to CN202310450585.6A priority Critical patent/CN116467047A/en
Publication of CN116467047A publication Critical patent/CN116467047A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/205Parsing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/253Grammatical analysis; Style critique
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/30Semantic analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45591Monitoring or debugging support
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The invention relates to a method, a device, a storage medium and a terminal for detecting container configuration compliance, which comprise the following steps: inputting Dockerfile file content, and carrying out grammar analysis to obtain an abstract grammar tree; traversing the abstract syntax tree, analyzing the corresponding Dockerfire instruction, and mapping the Dockerfire instruction into a Dockerfire command set of the Dockerfire syntax entity object; loading compliance policy terms and mapping to corresponding sets; traversing the Dockerfile command set, judging whether violated clauses exist, if yes, taking out the clauses to assemble the current command violation compliance information, the security risk level information and the solution information, and if not, continuing the next command. The method is simple and efficient based on text analysis Dockerfile, popular and easy to understand, the compliance type exists in the program memory, a third party database is not used, and efficient operation based on the memory is achieved.

Description

Method and device for detecting container configuration compliance, storage medium and terminal
Technical Field
The present invention relates to the field of software security technologies, and in particular, to a method and apparatus for detecting compliance of container configuration, a storage medium, and a terminal.
Background
The problems involved in the security of the container are numerous, and incorrect configuration may cause security problems after server deployment; deposit keys as in the environment variables: key deployment is a very tricky problem and is prone to error, and for containerized applications they can be displayed from the file system by the mounted volume or more conveniently by the environment variables; using environment variables to store keys is often not good because the Dockerfile file is often deployed with an application, which is not unlike hard-coded keys in code; another example is that using a root image is also not secure: the attack chain for the containerized application is also from the hierarchical structure used for constructing the container, wherein the main culprit is obviously the used root image, the untrusted root image has high risk and should be avoided from being used at any time, and if the used root image is a last label, the update package is unknowingly supported, which affects the reliability of the application and even possibly introduces a vulnerability; another example is the use of root users: the root in the container is the same as the root on the host, but is limited by the configuration of the docker daemon, however, no matter what limitation exists, if someone breaks through the container, the complete right of accessing the host can be obtained, which is definitely dangerous; therefore, how to improve compliance of Dockerfile and reduce security problems that may occur in Dockerfile is currently a consideration.
It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a detection method, a device storage medium and a terminal for container configuration compliance.
The aim of the invention is achieved by the following technical scheme: a method of detecting compliance with a container configuration, the method comprising:
s1, inputting Dockerfile file contents, and carrying out grammar analysis on each Dockerfile file content to obtain an abstract grammar tree;
s2, traversing an abstract syntax tree, analyzing a corresponding Dockerfire instruction of each syntax tree node, converting the Dockerfire instruction into a command which can be identified by a Docker daemon, and mapping the command into a Dockerfire command set of a Dockerfire syntax entity object;
s3, loading built-in compliance policy clauses of the system and mapping the compliance policy clauses into a Dockerfile configuration compliance clause set;
s4, traversing the Dockerfire command set, and searching whether the traversed current Dockerfire command has violated clauses in the Dockerfire compliance clause set, and if yes, taking out the clauses to assemble the current command violated compliance information, the security risk level information and the solution information;
and S5, if no violated clause exists, continuing the next Dockerfile command and repeating the step S4 until all the Dockerfile commands are traversed.
The step of S1 specifically comprises the following steps:
s101, dividing a character sequence in the Dockerfile into tokens;
s102, converting a sequence formed by Token into a grammar tree representing each instruction and parameters thereof in the Dockerfire according to the grammar rule of the Dockerfire;
s103, carrying out semantic analysis on the syntax tree, and checking whether instructions in the Dockerfile have syntax errors, unsupported instructions and labels which define the unlawful instructions;
s104, generating an abstract syntax tree representing each instruction and parameters and semantic information thereof in the Dockerfile according to the syntax tree and the semantic analysis result.
The step of S2 specifically comprises the following steps:
s201, traversing the sub-node information in the parsed abstract syntax tree structure, obtaining the Value field command attribute of a sub-node, and obtaining different command resolvers according to different command attribute fields;
s202, dividing one child node data of the abstract syntax tree through blank symbols, wherein the first character set is a command attribute, the latter character set is a Value attribute, assigning the original attribute information of the child node to a Value corresponding to the command, and finally analyzing the child node data into stages of a Dockerfile structure, wherein each Stage contains a specific analysis result command set of the command.
A detection device for container configuration compliance comprises an analysis module, a traversal mapping module, a loading mapping module, a traversal inquiry module and a circulation module;
the analysis module is used for: the method comprises the steps of carrying out grammar analysis on each input Dockerf file content to obtain an abstract grammar tree;
the traversal mapping module: the method comprises the steps of traversing abstract syntax trees, analyzing corresponding Dockerfire instructions for each syntax tree node, converting the commands into commands which can be identified by a Docker daemon, and mapping the commands into a Dockerfire command set of a Dockerfire syntax entity object;
the loading mapping module: the method comprises the steps of loading built-in compliance policy clauses of a system and mapping the compliance policy clauses into a Dockerfile configuration compliance clause set;
the traversal query module: the method comprises the steps of traversing a Dockerf ile command set, searching whether a violated clause exists in the traversed current Dockerf ile command in the Dockerf ile compliance clause set, and if the violated clause exists, taking out the clause to assemble current command violation compliance information, security risk level information and solution information;
the circulation module: and when the violated clause does not exist, continuing the next Dockerf ile command and repeatedly traversing the query module until all the Dockerf ile commands are traversed.
A computer-readable storage medium having stored thereon a computer program, characterized by: the computer program realizes the steps of the detection method when being executed by a processor.
A terminal device comprising a memory and a processor, said memory having stored thereon a computer program, said processor implementing the steps of said detection method when executing said computer program.
The invention has the following advantages: the method, the device storage medium and the terminal for detecting the container configuration compliance are simple and efficient based on text analysis Dockerfile, popular and easy to understand, the compliance is stored in the program memory, a third party database is not used, and efficient operation based on the memory is achieved.
Drawings
FIG. 1 is a schematic flow chart of the method of the present invention.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Accordingly, the following detailed description of the embodiments of the present application, provided in connection with the accompanying drawings, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, are intended to be within the scope of the present application. The invention is further described below with reference to the accompanying drawings.
As shown in fig. 1, one embodiment of the present invention relates to a detection method for Dockerfile configuration compliance, where the detection method includes:
s1, receiving Dockerf file contents input by a user, loading the Dockerf file contents into a memory through a file stream, and carrying out grammar analysis on each Dockerf file content to obtain an abstract grammar tree (AST);
further, the step of S1 specifically includes the following:
s101, dividing a character sequence in the Dockerfile into tokens;
specifically, the character sequence in Dockerfile is decomposed into individual Token according to a certain rule. For example, instruction names, instruction parameters, notes, etc. will all be parsed into different Token.
S102, converting a sequence formed by Token into a grammar tree representing each instruction and parameters thereof in the Dockerfire according to the grammar rule of the Dockerfire;
specifically, a sequence of Token components is converted into a syntax tree. The syntax tree represents each instruction in Dockerfile and its parameters and reflects the relationship between these instructions. For example, there is a sequential relationship between the FROM instruction and the RUN instruction, and a mutually exclusive relationship between the COPY instruction and the ADD instruction.
S103, carrying out semantic analysis on the syntax tree, and checking whether instructions in the Dockerfile have syntax errors, unsupported instructions and labels which define the unlawful instructions;
specifically, semantic analysis is performed on the grammar tree, and whether grammar errors or unreasonable operations exist in instructions in the Dockerfile are checked. For example, it is checked whether unsupported instructions are used in Dockerfile, whether illegal tags are defined, etc. The process of semantic analysis typically needs to be done in combination with semantic rules and context information for Dockerfile.
S104, generating an abstract syntax tree representing each instruction and parameters and semantic information thereof in the Dockerfile according to the syntax tree and the semantic analysis result.
Specifically, an abstract syntax tree is generated according to the syntax tree and the result of semantic analysis. The abstract syntax tree represents each instruction in Dockerfile and its parameters, and contains semantic information. An abstract syntax tree is a simplified syntax tree that removes some of the detail information in the syntax tree and makes a finer representation of the syntax information. Through the abstract syntax tree, dockerfile can be more conveniently analyzed, analyzed and processed.
S2, traversing an abstract syntax tree, analyzing a corresponding Dockerfire instruction of each syntax tree node, converting the Dockerfire instruction into a command which can be identified by a Docker daemon, and mapping the command into a Dockerfire command set of a Dockerfire syntax entity object;
further, the step of S2 specifically includes the following:
s201, traversing the sub-node information in the parsed abstract syntax tree structure, obtaining the Value field command attribute of a sub-node, and obtaining different command resolvers according to different command attribute fields;
s202, dividing one sub-node data of the abstract syntax tree through blank symbols, wherein the first character set is a command attribute, the later character set is a Value attribute (such as FROM), assigning the original attribute information of the sub-node to a Value corresponding to the command, and finally analyzing the sub-node data into stages of a Dockerfire structure, wherein each Stage contains a specific analysis result command set of the command.
Wherein the data structure of the Dockerfile describes a Dockerfile construction process, and includes a plurality of Stages (Stages) and commands of each stage, that is, includes a stage array, wherein each element is a stage, each stage includes a Name field indicating a mirror Name of the stage, and a command array indicating a command sequence of the stage; each command contains a plurality of fields.
S3, loading built-in compliance policy clauses of the system and mapping the compliance policy clauses into a Dockerfile configuration compliance clause set;
for example, a problem named "ADD instead of COPY" is described in JSON format data of compliance policy clauses, namely, ADD command is used in dockfile, and COPY command should be used, where ADD command has a function of extracting tar file, which may cause risk of Zip vulnerability, and therefore, COPY command needs to be used instead of ADD command to avoid such risk.
S4, traversing the Dockerfire command set, and searching whether the traversed current Dockerfire command has violated clauses in the Dockerfire compliance clause set, and if yes, taking out the clauses to assemble the current command violated compliance information, the security risk level information and the solution information;
for example, traversing Command sets in Dockerf file to obtain Cmd attributes for Command. For example, an ADD command checks whether the Value attribute contains an archive format file such as tar, and if so, traverses the set of compliance terms to find out the corresponding ADD compliance terms.
S5, packaging data according to the compliance clauses matched with the violations in the step S4, and executing the next command in the similar way, and finally obtaining a result response to the user. The user makes modifications according to the clause proposal against compliance.
Another embodiment of the invention relates to a detection device for the compliance of a Dockerf ile configuration, which comprises an analysis module, a traversal mapping module, a loading mapping module, a traversal inquiry module and a circulation module;
further, the parsing module: the method comprises the steps of carrying out grammar analysis on each input Dockerf file content to obtain an abstract grammar tree;
traversing the mapping module: the method comprises the steps of traversing abstract syntax trees, analyzing corresponding Dockerfire instructions for each syntax tree node, converting the commands into commands which can be identified by a Docker daemon, and mapping the commands into a Dockerfire command set of a Dockerfire syntax entity object;
and (3) loading a mapping module: the method comprises the steps of loading built-in compliance policy clauses of a system and mapping the compliance policy clauses into a Dockerfile configuration compliance clause set;
traversing the query module: the method comprises the steps of traversing a Dockerf ile command set, searching whether a violated clause exists in the traversed current Dockerf ile command in the Dockerf ile compliance clause set, and if the violated clause exists, taking out the clause to assemble current command violation compliance information, security risk level information and solution information;
the circulation module: and when the violated clause does not exist, continuing the next Dockerf ile command and repeatedly traversing the query module until all the Dockerf ile commands are traversed.
Yet another embodiment of the present invention is directed to a computer-readable storage medium having stored thereon a computer program characterized by: the computer program realizes the steps of the detection method when being executed by a processor.
Wherein the computer program comprises computer program code, which may be in the form of source code, object code, executable files or in some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the computer readable medium contains content that can be appropriately scaled according to the requirements of jurisdictions in which such content is subject to legislation and patent practice, such as in certain jurisdictions in which such content is subject to legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunication signals.
A further embodiment of the invention relates to a terminal device comprising a memory and a processor, the memory having stored thereon a computer program, the processor implementing the steps of the detection method when executing the computer program.
The foregoing is merely a preferred embodiment of the invention, and it is to be understood that the invention is not limited to the form disclosed herein but is not to be construed as excluding other embodiments, but is capable of numerous other combinations, modifications and environments and is capable of modifications within the scope of the inventive concept, either as taught or as a matter of routine skill or knowledge in the relevant art. And that modifications and variations which do not depart from the spirit and scope of the invention are intended to be within the scope of the appended claims.

Claims (6)

1. The method for detecting the compliance of container configuration is characterized by comprising the following steps: the detection method comprises the following steps:
s1, inputting Dockerfile file contents, and carrying out grammar analysis on each Dockerfile file content to obtain an abstract grammar tree;
s2, traversing an abstract syntax tree, analyzing a corresponding Dockerfire instruction of each syntax tree node, converting the Dockerfire instruction into a command which can be identified by a Docker daemon, and mapping the command into a Dockerfire command set of a Dockerfire syntax entity object;
s3, loading built-in compliance policy clauses of the system and mapping the compliance policy clauses into a Dockerfile configuration compliance clause set;
s4, traversing the Dockerfire command set, and searching whether the traversed current Dockerfire command has violated clauses in the Dockerfire compliance clause set, and if yes, taking out the clauses to assemble the current command violated compliance information, the security risk level information and the solution information;
and S5, if no violated clause exists, continuing the next Dockerfile command and repeating the step S4 until all the Dockerfile commands are traversed.
2. The method of claim 1, wherein the method further comprises: the step of S1 specifically comprises the following steps:
s101, dividing a character sequence in the Dockerfile into tokens;
s102, converting a sequence formed by Token into a grammar tree representing each instruction and parameters thereof in the Dockerfire according to the grammar rule of the Dockerfire;
s103, carrying out semantic analysis on the syntax tree, and checking whether instructions in the Dockerfile have syntax errors, unsupported instructions and labels which define the unlawful instructions;
s104, generating an abstract syntax tree representing each instruction and parameters and semantic information thereof in the Dockerfile according to the syntax tree and the semantic analysis result.
3. The method of claim 1, wherein the method further comprises: the step of S2 specifically comprises the following steps:
s201, traversing the sub-node information in the parsed abstract syntax tree structure, obtaining the Value field command attribute of a sub-node, and obtaining different command resolvers according to different command attribute fields;
s202, dividing one child node data of the abstract syntax tree through blank symbols, wherein the first character set is a command attribute, the latter character set is a Value attribute, assigning the original attribute information of the child node to a Value corresponding to the command, and finally analyzing the child node data into stages of a Dockerfile structure, wherein each Stage contains a specific analysis result command set of the command.
4. A device for detecting compliance of a container configuration, comprising: the system comprises an analysis module, a traversal mapping module, a loading mapping module, a traversal inquiry module and a circulation module;
the analysis module is used for: the method comprises the steps of carrying out grammar analysis on each input Dockerf file content to obtain an abstract grammar tree;
the traversal mapping module: the method comprises the steps of traversing abstract syntax trees, analyzing corresponding Dockerfire instructions for each syntax tree node, converting the commands into commands which can be identified by a Docker daemon, and mapping the commands into a Dockerfire command set of a Dockerfire syntax entity object;
the loading mapping module: the method comprises the steps of loading built-in compliance policy clauses of a system and mapping the compliance policy clauses into a Dockerfile configuration compliance clause set;
the traversal query module: the method comprises the steps of traversing a Dockerf ile command set, searching whether a violated clause exists in the traversed current Dockerf ile command in the Dockerf ile compliance clause set, and if the violated clause exists, taking out the clause to assemble current command violation compliance information, security risk level information and solution information;
the circulation module: and when the violated clause does not exist, continuing the next Dockerf ile command and repeatedly traversing the query module until all the Dockerf ile commands are traversed.
5. A computer-readable storage medium having stored thereon a computer program, characterized by: the computer program, when executed by a processor, implements the steps of the detection method of any of claims 1-3.
6. A terminal device comprising a memory and a processor, the memory having stored thereon a computer program, characterized in that: the processor, when executing the computer program, implements the steps of the detection method of any one of claims 1-3.
CN202310450585.6A 2023-04-24 2023-04-24 Method and device for detecting container configuration compliance, storage medium and terminal Pending CN116467047A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310450585.6A CN116467047A (en) 2023-04-24 2023-04-24 Method and device for detecting container configuration compliance, storage medium and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310450585.6A CN116467047A (en) 2023-04-24 2023-04-24 Method and device for detecting container configuration compliance, storage medium and terminal

Publications (1)

Publication Number Publication Date
CN116467047A true CN116467047A (en) 2023-07-21

Family

ID=87182193

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310450585.6A Pending CN116467047A (en) 2023-04-24 2023-04-24 Method and device for detecting container configuration compliance, storage medium and terminal

Country Status (1)

Country Link
CN (1) CN116467047A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116932305A (en) * 2023-09-15 2023-10-24 新华三信息技术有限公司 Test file generation method and device, electronic equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116932305A (en) * 2023-09-15 2023-10-24 新华三信息技术有限公司 Test file generation method and device, electronic equipment and storage medium
CN116932305B (en) * 2023-09-15 2023-12-12 新华三信息技术有限公司 Test file generation method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
KR101755365B1 (en) Managing record format information
US9384187B2 (en) Document analysis, commenting, and reporting system
US10545999B2 (en) Building features and indexing for knowledge-based matching
CN100470480C (en) Hardware accelerator personality compiler
US7210096B2 (en) Methods and apparatus for constructing semantic models for document authoring
US11361008B2 (en) Complex query handling
US20150205778A1 (en) Reducing programming complexity in applications interfacing with parsers for data elements represented according to a markup languages
CN110688307B (en) JavaScript code detection method, device, equipment and storage medium
CN109189395B (en) Data analysis method and device
CN108664546B (en) XML data structure conversion method and device
CN116467047A (en) Method and device for detecting container configuration compliance, storage medium and terminal
CN112181924A (en) File conversion method, device, equipment and medium
CN114168149A (en) Data conversion method and device
CN116842042A (en) Universal method, device, electronic equipment and storage medium for dissimilating database
CN115357286B (en) Program file comparison method and device, electronic equipment and storage medium
Wyatt Work in progress: Demystifying PDF through a machine-readable definition
CN111984970B (en) SQL injection detection method and system, electronic equipment and storage medium
Le Zou et al. On synchronizing with web service evolution
JP2010186412A (en) Document management method and management device
CN117077148B (en) Program security analysis method, system, computer device and storage medium
CN111930607B (en) Method and system for generating change test case of combined Web service
CN112836477B (en) Method and device for generating code annotation document, electronic equipment and storage medium
Mathias et al. Machine-readable encoding standard specifications in ATC
CN116756341A (en) Complete knowledge graph construction method based on multi-source vulnerability data
CN115858494A (en) Graph database knowledge system construction method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination