CN116566971A - Third party library downloading method and device based on client, medium and client - Google Patents
Third party library downloading method and device based on client, medium and client Download PDFInfo
- Publication number
- CN116566971A CN116566971A CN202310439632.7A CN202310439632A CN116566971A CN 116566971 A CN116566971 A CN 116566971A CN 202310439632 A CN202310439632 A CN 202310439632A CN 116566971 A CN116566971 A CN 116566971A
- Authority
- CN
- China
- Prior art keywords
- target
- client
- package
- downloading
- target dependent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 230000001419 dependent effect Effects 0.000 claims description 119
- 238000001514 detection method Methods 0.000 claims description 22
- 244000035744 Hura crepitans Species 0.000 claims description 18
- 238000004088 simulation Methods 0.000 claims description 18
- 230000003068 static effect Effects 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 description 10
- 241000700605 Viruses Species 0.000 description 7
- 238000009434 installation Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000002955 isolation Methods 0.000 description 3
- 239000004576 sand Substances 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 238000011900 installation process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a third party library downloading method, a device, a medium and a client based on a client, which relate to the field of computers, and after a client receives an instruction for downloading a target dependency package, whether the target dependency package meets the downloading condition is judged, the target dependency package is proved to pass through a first security check of the client according to the downloading condition, whether the target dependency package is an internal dependency package stored in an intranet where the client is located is continuously judged, if the target dependency package exists in the intranet, the target dependency package can be directly downloaded from the intranet, the situation that a malicious dependency package with the same name is created in an external network after an illegal person knows the library name of the target dependency package can be avoided, and the malicious dependency package with the same name is unintentionally downloaded in the external network by the client.
Description
Technical Field
The present invention relates to the field of computers, and in particular, to a method, an apparatus, and a medium for downloading a third party library based on a client. The invention also relates to a client.
Background
In the process of program development, the development is completed by using a proprietary code to cooperate with a third party code, for example, pypi (Python Package Index, python's Packag index) in the third party code, which has universality and convenience, and forms an important loop on the Python development supply chain. The flow of use of pypi is as follows: the developer writes the third party library and uploads to the pypi repository, and then the user downloads the required third party library from the pypi repository and installs the running third party library. In this process, the security of the third party library is very important, if the third party library is attacked, large-scale security events, such as large-scale host takeover and sensitive information leakage events, are likely to be caused, so that authorities continuously increase uploading of the third party library and security detection and filtering means of the existing third party library, such as two-factor authentication and API tokens, python public vulnerability library, python vulnerability scanner and the like; however, aiming at the client using the third party library, no effective detection and blocking means for the malicious third party library exists at present, so that the security event happens sometimes and the influence is large.
Disclosure of Invention
The invention aims to provide a third party library downloading method, device, medium and client based on a client.
In order to solve the technical problems, the invention provides a third party library downloading method based on a client, which is applied to the client and comprises the following steps:
after receiving an instruction for downloading a target dependent packet, judging whether the target dependent packet meets a downloading condition or not;
if the target dependent packet accords with the downloading condition, judging whether the target dependent packet is an internal dependent packet, wherein the internal dependent packet is a dependent packet stored in an intranet where the client is located;
and if the target dependent packet is an internal dependent packet, downloading the target dependent packet from the intranet.
Preferably, determining whether the target dependent package meets a download condition includes:
acquiring the name of the target dependent package;
judging whether the name of the target dependent package is in a preset white list or not;
and if the name of the target dependent package is in the preset white list, judging that the target dependent package accords with the downloading condition.
Preferably, the method further comprises:
and if the target dependent package does not accord with the downloading condition, refusing to download the target dependent package and alarming.
Preferably, the method further comprises:
and if the target dependent packet is not an internal dependent packet, downloading the target dependent packet from an external network.
Preferably, after downloading the target dependent package from the external network, the method further comprises:
carrying out static code scanning on the target dependent package;
judging whether suspicious dangerous codes exist in the codes of the target dependent package;
if suspicious dangerous codes exist in the codes of the target dependent package, alarming is carried out;
and if the suspicious dangerous code does not exist in the code of the target dependent package, installing the target dependent package.
Preferably, after the alerting, the method further comprises:
judging whether an instruction uploaded to the dynamic sandbox for simulation detection is received or not;
if an instruction uploaded to the dynamic sandbox for simulation detection is received, uploading the target dependent packet to the dynamic sandbox for simulation detection;
judging whether the target dependent packet passes simulation detection or not;
and if the target dependent packet passes the simulation detection, installing the target dependent packet.
Preferably, after downloading the target dependent package, the method further comprises:
installing the target dependency package;
periodically acquiring the latest vulnerability information of the dependent package;
judging whether the target dependent package has a vulnerability or not according to the latest vulnerability information;
and if the target dependency package has a loophole, alarming.
In order to solve the technical problem, the invention also provides a third party library downloading device based on the client, which comprises:
a memory for storing a computer program;
and the processor is used for realizing the step of the third party library downloading method based on the client when executing the computer program.
To solve the above technical problem, the present invention further provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of the client-based third party library downloading method.
In order to solve the technical problem, the invention also provides a client, which comprises the client and the third party library downloading device based on the client.
According to the third party library downloading method, device, medium and client based on the client, after the client receives the instruction for downloading the target dependency package, whether the target dependency package meets the downloading condition is judged, the target dependency package passes the first security check of the client according to the downloading condition, if the target dependency package meets the downloading condition, whether the target dependency package is an internal dependency package stored in an intranet where the client is located is continuously judged, if the target dependency package exists in the intranet, the target dependency package can be directly downloaded from the intranet, the situation that a malicious dependency package with the same name is created in an external network after an illegal person knows the library name of the target dependency package, and the client unintentionally downloads the malicious dependency package in the external network is avoided.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required in the prior art and the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a third party library downloading method based on a client side;
FIG. 2 is a flowchart of another client-based third party library downloading method according to the present invention;
FIG. 3 is a schematic structural diagram of a third party library downloading device based on a client;
fig. 4 is a schematic structural diagram of a client according to the present invention.
Detailed Description
The invention aims at the client using the third party library, can effectively detect and block the malicious third party library, and improves the safety and reliability of the client when using the third party library for downloading from the perspective of the client.
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The pip is a mainstream full-automatic third party library installation tool, the installation process can be split into third party library downloading and third party library installation, and related functional units of the system can be inserted before and after the two nodes to perform defending detection of the python third party library. Pip is a Python package management tool that provides the functions of lookup, download, install, and uninstall of Python packages. The use of third party libraries has wide spread and convenience, but also causes problems, such as the current common third party library attacks: pit attack, one of the hacking modes, setting a trap to wait for the active 'middle-aged' of a victim; domain name robbing attacks, spoofed social engineering attacks embodied as similar reservoir names in python, the victim being attacked mostly by typographic errors; a dependency confusion attack, where the internal library name is grasped by a malicious person, creates a homonym package on the external pypi and waits for a developer to download the third party library of the external pypi by mistake. The present invention detects from the client side the attacks described above.
The invention provides a third party library downloading method based on a client, which is applied to the client, please refer to fig. 1, fig. 1 is a flow chart diagram of the third party library downloading method based on the client, the method comprises the following steps:
s11: after receiving an instruction for downloading the target dependent package, judging whether the target dependent package meets the downloading condition, and if so, entering S12;
s12: judging whether the target dependent packet is an internal dependent packet, wherein the internal dependent packet is a dependent packet stored in an intranet where the client is located, and if the target dependent packet is the internal dependent packet, entering S13;
s13: and downloading the target dependent package from the intranet.
When a client downloads a program in a third library, the client can firstly acquire relevant information of a target dependency package, such as the name of the target dependency package, from the instruction after receiving the instruction for downloading the target dependency package, and then judge whether the target dependency package meets the downloading condition, wherein the target dependency package refers to the dependency package which the client of the client wants to download, the position of the target dependency package is not limited, the target dependency package can exist in any network connected with the client, such as an intranet in which the client is located or an extranet which the client can access, the downloading condition can be set according to the actual situation, for example, the target dependency package is considered to meet the downloading condition if the target dependency package is a predesignated dependency package, or is considered to meet the downloading condition if the target dependency package is manually judged to be downloadable, and the like, and the method is not limited. When the target dependent package accords with the downloading condition, domain name robbing attack can be avoided, namely, due to the fact that an instruction for downloading the target dependent package is input, the instruction is input in error, and the input dependent package with similar library name with the target dependent package causes that the dependent package with virus is downloaded.
The above-mentioned judging process avoids domain name robbing attack, but cannot avoid dependency confusion attack, so the present invention continues to detect, by judging whether the target dependency packet is a dependency packet in the intranet, where the intranet is a network where the client is located, in general, each company has its own intranet, where dependency packets frequently used by the company are often stored, and the sources of these dependency packets are not limited, and may come from external pypi sources or other mirror sources, so if the target dependency packet is an internal dependency packet, the target dependency packet is directly downloaded from the intranet, instead of downloading the target dependency packet from the external network, because an illegal person creates a malicious packet of the same name in the external network, for example, on the external pypi, if the target dependency packet is downloaded from the external network, the client may download the malicious packet of the same name at this time. Wherein an external network refers to a network other than an internal network, and may be an external official pypi source or other mirrored source. By the aid of the judgment, dependency confusion attack can be avoided, and safety of the client side in downloading through the third-party library is further improved.
According to the third party library downloading method based on the client, after the client receives the instruction for downloading the target dependency package, whether the target dependency package meets the downloading condition is judged, the condition that the target dependency package meets the downloading condition shows that the target dependency package passes through the first security check of the client, if the condition is met, whether the target dependency package is an internal dependency package stored in an intranet where the client is located is continuously judged, if the target dependency package exists in the intranet, the target dependency package can be directly downloaded from the intranet, the situation that a same name malicious dependency package is created in an external network after a different person knows the library name of the target dependency package, and the client unintentionally downloads the same name malicious dependency package in the external network is avoided.
Based on the above embodiments:
as a preferred embodiment, determining whether the target-dependent package meets the download condition includes:
acquiring the name of a target dependent package;
judging whether the name of the target dependent package is in a preset white list or not;
if the name of the target dependent package is in the preset white list, judging that the target dependent package meets the downloading condition.
In this embodiment, a specific manner of determining whether the target dependency package meets the downloading condition is provided, where the manner of acquiring the name of the target dependency package may be that the name of the target dependency package is acquired through a received instruction for downloading the target dependency package, and after the name of the target dependency package is acquired, whether the name of the target dependency package is in a preset whitelist is determined, where the preset whitelist may be preset, that is, a preset whitelist stored in a storage module in advance is called, and whether the preset whitelist includes the name of the target dependency package may be determined, or may be acquired in real time, that is, the content of the preset whitelist may be determined in real time by a user.
Specifically, when the preset whitelist is preset, the preset whitelist depends on the project to perform the store name addition, and passive scanning identification is required, so that the generation of the customized whitelist suitable for the development team is a long-term process, and the customization is required, so that the method has no universality. Firstly, an internal library name list is created, a corresponding version hash is added, a warehouse source is designated, all dependencies of the project are passively scanned, a white list is created, and the availability of the white list is manually authenticated. Before downloading the target dependent package by using pypi, firstly analyzing a downloaded instruction, then acquiring the name of the target dependent package, comparing the name with a preset white list, judging whether the name of the target dependent package is in the preset white list, and if yes, judging that the target dependent package meets the downloading condition and carrying out the next step.
The embodiment uses the white list to conduct dependency management, adds a one-time and perpetual manual identification process, fundamentally avoids deceptive social engineering attacks of similar reservoir names or attacks of users due to typing misspellings, and avoids damages caused by downloading and installing malicious packages of the similar reservoir names.
As a preferred embodiment, the method further comprises:
and if the target dependent package does not accord with the downloading condition, rejecting the downloading of the target dependent package and alarming.
In this embodiment, a step is provided after the target dependency package does not meet the download condition, that is, the target dependency package is refused to be downloaded and an alarm is given. The target dependent package not meeting the download condition may be that the client spells out the wrong target dependent package name when typing, which is not present in the preset whitelist and thus alerts. The method can avoid downloading the dependent package with virus caused by the fact that when an instruction for downloading the target dependent package is input, the instruction is input incorrectly, and when the name of the dependent package with similar library name as the target dependent package is input, the name of the dependent package with virus is input. The present embodiment is not limited to the alarm mode.
The embodiment improves the reliability of the third party library downloading method based on the client by rejecting the downloading of the target dependent package which does not meet the downloading condition and alarming.
As a preferred embodiment, after downloading the target dependency package from the intranet, the method further comprises:
and if the target dependent packet is not the internal dependent packet, downloading the target dependent packet from the external network.
When the target dependency package does not exist in the intranet, searching the external network, and downloading the target dependency package from the external network, wherein the external network can be an external official pypi source or other mirror image sources. The reason why the internal and external network repository sources are distinguished in this embodiment is to create a malicious package with the same name as the target dependency package on the external network repository source such as the external pypi after the internal project dependency repository name is known by an illegal person, and the user does not want to download the target dependency package in the external network repository source.
The present embodiment increases the way in which the target-dependency package is downloaded when it is not an internal dependency package, and increases the way in which the target-dependency package is downloaded.
As a preferred embodiment, further comprising:
static code scanning is carried out on the target dependent package;
judging whether suspicious dangerous codes exist in the codes of the target dependent package;
if suspicious dangerous codes exist in the codes of the target dependent package, alarming is carried out;
and if the suspicious dangerous code does not exist in the code of the target dependent package, installing the target dependent package.
When the target dependency package is not an internal dependency package, the security is lower than that of the target dependency package downloaded from an intranet when the target dependency package is downloaded from the extranet, and viruses are likely to be contained in the downloaded target dependency package, so that the step of scanning static codes of the target dependency package is added, whether suspicious dangerous codes exist in codes of the target dependency package can be judged through the static code scanning, if the suspicious dangerous codes exist in the codes of the target dependency package, an alarm is given, and if the suspicious dangerous codes do not exist in the codes of the target dependency package, the target dependency package is installed. Static code scanning may also be performed on the target dependency package when it is a downloaded dependency package from an intranet.
Wherein static source code scanning is one of the more software application security solutions mentioned in recent years. In software engineering, a programmer directly scans source codes by using a plurality of scanning tools without compiling the source codes by a compiler to find out the solutions of some semantic defects and security holes in the codes. The static scanning technology has developed from 90 s, the coding rule matching, which is an analysis technology expanded by a compiling technology, to the full path execution direction of program simulation, so that the simulation execution has more relative execution paths than dynamic execution, and a plurality of defects which are difficult to discover in dynamic test can be discovered.
The embodiment further improves the security and reliability when the target dependent package is downloaded by adding the static code scanning to the target dependent package.
As a preferred embodiment, after the alerting, the method further comprises:
judging whether an instruction uploaded to the dynamic sandbox for simulation detection is received or not;
if an instruction uploaded to the dynamic sandbox for simulation detection is received, uploading the target dependent package to the dynamic sandbox for simulation detection;
judging whether the target dependent packet passes simulation detection or not;
if the target dependent package passes the simulation detection, the target dependent package is installed.
After the static code scanning is carried out on the downloaded target dependency package, the dependency package with the suspicious dangerous code is alarmed, a user is informed whether the dependency package is uploaded to an interface for simulating and detecting the dynamic sandbox, if necessary, the dependency package can be uploaded to the sandbox for simulating operation, known dangerous IOCs, dangerous computer behaviors and suspicious computer network connection are captured, and the installation of the high-risk dependency package is filtered. If the target dependent package fails the simulation detection, the installation of the target dependent package is abandoned.
The sandbox is safe software, and a program can be put into the sandbox to run, so that all files and registries created by the sandbox are virtually redirected, that is, all operations are virtual, the real files and registries are not changed, and the virus cannot change key parts of the system to damage the system. In addition, the sandboxes now generally have partial or complete HIPS-like program control functions, and some high-risk activities of the program, such as installation of drivers, bottom disk operations and the like, are prohibited. At present, two major types of sand tables exist, namely, a traditional sand table adopting a virtual technology and a sand table adopting policy limitation. Changes made by programs running in the sandboxes may be removed at any time. The method can be used for protecting the safety of a real system when browsing the webpage, clearing the trace of surfing the internet and running a program, and can also be used for testing software, virus and the like. Even files downloaded during the sandboxed process may be deleted as the sandbox empties.
By adding the simulation detection to the target dependent package, an isolation layer is established between the program to be run and the system, the program is directly tuned into the isolation layer when the program is run, and after that, the modification to the system by the program is mapped into the isolation layer without actually touching the system. In this way, even if the computer is infected with viruses and Trojan, the system is not really damaged, and the safety and reliability of downloading the target dependent package are further improved.
As a preferred embodiment, after downloading the target-dependent package, the method further comprises:
installing a target dependency package;
periodically acquiring the latest vulnerability information of the dependent package;
judging whether the target dependent package has a vulnerability or not according to the latest vulnerability information;
and if the target dependency package has a loophole, alarming.
Through the target dependency package which is installed after the filtering process, the third party library and the third party library dependency component of the target dependency package are required to be ensured not to be influenced by the python disclosed loopholes.
The periodic acquisition may be to access the intranet or the extranet every preset time and receive the latest vulnerability information therefrom, or may be to access the intranet or the extranet and receive the latest vulnerability information therefrom once the intranet or the extranet is detected to be updated in a correlation manner. In addition, if the alarm indicates that the vulnerability is serious, the vulnerability can be automatically updated, so that the user is prevented from causing serious consequences due to the fact that the vulnerability is not repaired in time.
According to the method and the device for achieving the target dependence package security, the latest vulnerability information of the dependence package is periodically obtained after the target dependence package is installed, if the latest vulnerability information shows that the target dependence package has vulnerabilities, warning is conducted so that a user can update the vulnerability information, and the security of the target dependence package of the client after the target dependence package is installed is improved.
Referring to fig. 2, fig. 2 is a schematic flow chart of another client-based third party library downloading method provided by the present invention, focusing on a python third party library full-automatic installation manager pip, reading the source code of the pip, decomposing the downloading installation process of the pip packet, and performing third party library name white list detection and internal and external network warehouse source distinction before the pip packet manager downloads the third party library from pypi; after the third party library is downloaded, the third party library is safely filtered and installed through static detection and dynamic sandbox interface behavior analysis, a safety maintenance function is provided, and a python open source vulnerability library, such as an OSV vulnerability library, is received in time for safety update reminding.
The invention also provides a third party library downloading device based on the client, please refer to fig. 3, fig. 3 provides a schematic structure diagram of the third party library downloading device based on the client, comprising:
a memory 1 for storing a computer program;
and a processor 2 for implementing the steps of the client-based third party library downloading method when executing the computer program.
The memory 1 includes at least one type of readable storage medium including flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc.
The processor 2 may in some embodiments be a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor or other data processing chip for executing program code or processing data stored in a memory.
The present invention also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor implements the steps of the client-based third party library downloading method.
It will be appreciated that the methods of the above embodiments, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored on a computer readable storage medium. With such understanding, the technical solution of the present application, or a part contributing to the prior art or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium, performing all or part of the steps of the method described in the various embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The invention also provides a client comprising the client itself 41 and the client-based third party library downloading device 42. Referring to fig. 4, fig. 4 is a schematic structural diagram of a client according to the present invention.
Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
Claims (10)
1. A third party library downloading method based on a client, which is characterized by being applied to the client, the method comprising the following steps:
after receiving an instruction for downloading a target dependent packet, judging whether the target dependent packet meets a downloading condition or not;
if the target dependent packet accords with the downloading condition, judging whether the target dependent packet is an internal dependent packet, wherein the internal dependent packet is a dependent packet stored in an intranet where the client is located;
and if the target dependent packet is an internal dependent packet, downloading the target dependent packet from the intranet.
2. The client-based third party library downloading method as claimed in claim 1, wherein determining whether the target dependent package meets a download condition comprises:
acquiring the name of the target dependent package;
judging whether the name of the target dependent package is in a preset white list or not;
and if the name of the target dependent package is in the preset white list, judging that the target dependent package accords with the downloading condition.
3. The client-based third party library downloading method as claimed in claim 1, wherein the method further comprises:
and if the target dependent package does not accord with the downloading condition, refusing to download the target dependent package and alarming.
4. The client-based third party library downloading method as claimed in claim 1, wherein the method further comprises:
and if the target dependent packet is not an internal dependent packet, downloading the target dependent packet from an external network.
5. The client-based third party library downloading method as claimed in claim 4, further comprising, after downloading said target dependency package from the external network:
carrying out static code scanning on the target dependent package;
judging whether suspicious dangerous codes exist in the codes of the target dependent package;
if suspicious dangerous codes exist in the codes of the target dependent package, alarming is carried out;
and if the suspicious dangerous code does not exist in the code of the target dependent package, installing the target dependent package.
6. The client-based third party library downloading method as claimed in claim 5, further comprising, after alerting:
judging whether an instruction uploaded to the dynamic sandbox for simulation detection is received or not;
if an instruction uploaded to the dynamic sandbox for simulation detection is received, uploading the target dependent packet to the dynamic sandbox for simulation detection;
judging whether the target dependent packet passes simulation detection or not;
and if the target dependent packet passes the simulation detection, installing the target dependent packet.
7. A client-based third party library downloading method as claimed in any one of claims 1 to 6, further comprising, after downloading said target-dependent package:
installing the target dependency package;
periodically acquiring the latest vulnerability information of the dependent package;
judging whether the target dependent package has a vulnerability or not according to the latest vulnerability information;
and if the target dependency package has a loophole, alarming.
8. A client-based third party library downloading apparatus, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the client-based third party library downloading method according to any of claims 1 to 7 when executing said computer program.
9. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the client-based third party library downloading method according to any of claims 1 to 7.
10. A client comprising the client itself and the client-based third party library downloading device of claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310439632.7A CN116566971A (en) | 2023-04-23 | 2023-04-23 | Third party library downloading method and device based on client, medium and client |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310439632.7A CN116566971A (en) | 2023-04-23 | 2023-04-23 | Third party library downloading method and device based on client, medium and client |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116566971A true CN116566971A (en) | 2023-08-08 |
Family
ID=87493807
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310439632.7A Pending CN116566971A (en) | 2023-04-23 | 2023-04-23 | Third party library downloading method and device based on client, medium and client |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116566971A (en) |
-
2023
- 2023-04-23 CN CN202310439632.7A patent/CN116566971A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109684832B (en) | System and method for detecting malicious files | |
| Xing et al. | Upgrading your android, elevating my malware: Privilege escalation through mobile os updating | |
| CN109583193B (en) | System and method for cloud detection, investigation and elimination of target attacks | |
| US9571520B2 (en) | Preventing execution of task scheduled malware | |
| US8056134B1 (en) | Malware detection and identification via malware spoofing | |
| KR101255359B1 (en) | Efficient white listing of user-modifiable files | |
| US8528087B2 (en) | Methods for combating malicious software | |
| US20140053267A1 (en) | Method for identifying malicious executables | |
| US20170171229A1 (en) | System and method for determining summary events of an attack | |
| US20190141075A1 (en) | Method and system for a protection mechanism to improve server security | |
| US8443354B1 (en) | Detecting new or modified portions of code | |
| KR101647487B1 (en) | Analysis system and method for patch file | |
| US7665139B1 (en) | Method and apparatus to detect and prevent malicious changes to tokens | |
| US20090165131A1 (en) | Detection and prevention of malicious code execution using risk scoring | |
| CN107330328B (en) | Method and device for defending against virus attack and server | |
| WO2007003916A2 (en) | Methods and apparatus for dealing with malware | |
| CN110119619B (en) | System and method for creating anti-virus records | |
| KR101137128B1 (en) | Containment of worms | |
| JP6176622B2 (en) | Malware detection method | |
| US8763129B2 (en) | Vulnerability shield system | |
| US20100235916A1 (en) | Apparatus and method for computer virus detection and remediation and self-repair of damaged files and/or objects | |
| KR101588542B1 (en) | Malware risk scanner | |
| KR100745639B1 (en) | Method for protecting file system and registry and apparatus thereof | |
| KR100745640B1 (en) | Method for protecting kernel memory and apparatus thereof | |
| KR101311367B1 (en) | Method and apparatus for diagnosing attack that bypass the memory protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |