CN116893830A - Application system updating method, device, equipment, storage medium and program product - Google Patents

Application system updating method, device, equipment, storage medium and program product Download PDF

Info

Publication number
CN116893830A
CN116893830A CN202310659829.1A CN202310659829A CN116893830A CN 116893830 A CN116893830 A CN 116893830A CN 202310659829 A CN202310659829 A CN 202310659829A CN 116893830 A CN116893830 A CN 116893830A
Authority
CN
China
Prior art keywords
software
open source
vulnerability
source software
repair
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310659829.1A
Other languages
Chinese (zh)
Inventor
李秋衡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202310659829.1A priority Critical patent/CN116893830A/en
Publication of CN116893830A publication Critical patent/CN116893830A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Stored Programmes (AREA)

Abstract

The present application relates to an application system updating method, apparatus, device, storage medium and program product. Relates to the technical field of block chains. The method comprises the following steps: determining open source software vulnerability information; comparing software identifications of all system open source software included in the target application system with all software identifications recorded in the open source software vulnerability information to obtain system vulnerability open source software; the system vulnerability open source software refers to system open source software with vulnerabilities; acquiring a software acquisition mode of repair software corresponding to system vulnerability open source software from open source software vulnerability information, and downloading the software acquisition mode to acquire target repair software corresponding to the system vulnerability open source software; and updating the system vulnerability open source software of the target application system according to the target repair software corresponding to the system vulnerability open source software. By adopting the method, the updating efficiency of the application system can be improved.

Description

Application system updating method, device, equipment, storage medium and program product
Technical Field
The present application relates to the field of blockchain technologies, and in particular, to an application system updating method, apparatus, device, storage medium, and program product.
Background
With the development of computer technology, online application systems are commonly operated in various industries. However, the running application system is not necessarily free of security vulnerabilities.
In general, an application system is composed of one or more open source software, in the development process of the application system, the open source software is generally obtained from an open source software publishing platform, and if the open source software published on the open source software publishing platform has a security hole, the application system correspondingly composed also has the security hole. In order to avoid the system operation risk caused by the security hole of the application system, at present, the hole of the open source software in the application system is usually solved by manually processing the hole of the open source software, so that the purpose of updating the application system is achieved, and the updating efficiency of the application system is low. Therefore, how to improve the update efficiency of the application system is a problem to be solved.
Disclosure of Invention
In view of the foregoing, it is desirable to provide an application system updating method, apparatus, device, storage medium, and program product that can improve the efficiency of application system updating.
In a first aspect, the present application provides an application system update method. The method comprises the following steps:
Determining open source software vulnerability information; the vulnerability information of the open source software records the software identifications of a plurality of vulnerability open source software and the software acquisition modes of the repair software corresponding to the plurality of vulnerability open source software; the vulnerability open source software refers to open source software with vulnerabilities; the repair software corresponding to the vulnerability open source software has repaired the vulnerability in the system vulnerability open source software;
comparing software identifications of all system open source software included in the target application system with all software identifications recorded in the open source software vulnerability information to obtain system vulnerability open source software; the system vulnerability open source software refers to system open source software with vulnerabilities;
acquiring a software acquisition mode of repair software corresponding to system vulnerability open source software from open source software vulnerability information, and downloading the software acquisition mode to acquire target repair software corresponding to the system vulnerability open source software;
and updating the system vulnerability open source software of the target application system according to the target repair software corresponding to the system vulnerability open source software.
In one embodiment, downloading the target repair software corresponding to the system vulnerability open source software based on a software acquisition mode includes:
determining a plurality of pieces of repair software corresponding to the system vulnerability open source software based on a software acquisition mode;
And selecting target repair software corresponding to the system vulnerability open source software from the plurality of repair software according to the downloaded information.
In one embodiment, selecting target repair software corresponding to system vulnerability open source software from a plurality of repair software according to download information includes:
determining respective vulnerability repair records of a plurality of repair software;
and selecting target repair software corresponding to the system vulnerability open source software from the plurality of repair software according to the downloaded information and the vulnerability repair record.
In one embodiment, comparing software identifiers of system open source software included in a target application system with software identifiers recorded in open source software vulnerability information to obtain system vulnerability open source software, including:
comparing the software identification of the system open source software with the software identification recorded in the open source software vulnerability information aiming at each system open source software included in the target application system;
and under the condition of consistent comparison, determining the system open source software as the system vulnerability open source software.
In one embodiment, the method further comprises:
generating update information of the system vulnerability open source software based on the software identification of the system vulnerability open source software and the software identification of the target repair software corresponding to the system vulnerability open source software;
And storing the update information of the system vulnerability open source software into the blockchain.
In one embodiment, the system vulnerability open source software is a plurality of; storing update information of system vulnerability open source software into a blockchain includes:
generating system update information of a target application system based on respective update information of each system vulnerability open source software;
and storing the system update information of the target application system into the blockchain.
In a second aspect, the application further provides an application system updating device. The device comprises:
the vulnerability information determining module is used for determining vulnerability information of open source software; the vulnerability information of the open source software records the software identifications of a plurality of vulnerability open source software and the software acquisition modes of the repair software corresponding to the plurality of vulnerability open source software; the vulnerability open source software refers to open source software with vulnerabilities; the repair software corresponding to the vulnerability open source software has repaired the vulnerability in the system vulnerability open source software;
the software identification comparison module is used for comparing the software identification of each system open source software included in the target application system with each software identification recorded in the open source software vulnerability information to obtain the system vulnerability open source software; the system vulnerability open source software refers to system open source software with vulnerabilities;
The system comprises a repair software acquisition module, a software acquisition module and a software download module, wherein the repair software acquisition module is used for acquiring a software acquisition mode of repair software corresponding to system vulnerability open source software from open source software vulnerability information, and downloading the target repair software corresponding to the system vulnerability open source software based on the software acquisition mode;
and the open source software updating module is used for updating the system vulnerability open source software of the target application system according to the target repair software corresponding to the system vulnerability open source software.
In a third aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:
determining open source software vulnerability information; the vulnerability information of the open source software records the software identifications of a plurality of vulnerability open source software and the software acquisition modes of the repair software corresponding to the plurality of vulnerability open source software; the vulnerability open source software refers to open source software with vulnerabilities; the repair software corresponding to the vulnerability open source software has repaired the vulnerability in the system vulnerability open source software;
comparing software identifications of all system open source software included in the target application system with all software identifications recorded in the open source software vulnerability information to obtain system vulnerability open source software; the system vulnerability open source software refers to system open source software with vulnerabilities;
Acquiring a software acquisition mode of repair software corresponding to system vulnerability open source software from open source software vulnerability information, and downloading the software acquisition mode to acquire target repair software corresponding to the system vulnerability open source software;
and updating the system vulnerability open source software of the target application system according to the target repair software corresponding to the system vulnerability open source software.
In a fourth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
determining open source software vulnerability information; the vulnerability information of the open source software records the software identifications of a plurality of vulnerability open source software and the software acquisition modes of the repair software corresponding to the plurality of vulnerability open source software; the vulnerability open source software refers to open source software with vulnerabilities; the repair software corresponding to the vulnerability open source software has repaired the vulnerability in the system vulnerability open source software;
comparing software identifications of all system open source software included in the target application system with all software identifications recorded in the open source software vulnerability information to obtain system vulnerability open source software; the system vulnerability open source software refers to system open source software with vulnerabilities;
Acquiring a software acquisition mode of repair software corresponding to system vulnerability open source software from open source software vulnerability information, and downloading the software acquisition mode to acquire target repair software corresponding to the system vulnerability open source software;
and updating the system vulnerability open source software of the target application system according to the target repair software corresponding to the system vulnerability open source software.
In a fifth aspect, the present application also provides a computer program product. The computer program product comprising a computer program which, when executed by a processor, performs the steps of:
determining open source software vulnerability information; the vulnerability information of the open source software records the software identifications of a plurality of vulnerability open source software and the software acquisition modes of the repair software corresponding to the plurality of vulnerability open source software; the vulnerability open source software refers to open source software with vulnerabilities; the repair software corresponding to the vulnerability open source software has repaired the vulnerability in the system vulnerability open source software;
comparing software identifications of all system open source software included in the target application system with all software identifications recorded in the open source software vulnerability information to obtain system vulnerability open source software; the system vulnerability open source software refers to system open source software with vulnerabilities;
Acquiring a software acquisition mode of repair software corresponding to system vulnerability open source software from open source software vulnerability information, and downloading the software acquisition mode to acquire target repair software corresponding to the system vulnerability open source software;
and updating the system vulnerability open source software of the target application system according to the target repair software corresponding to the system vulnerability open source software.
According to the application system updating method, device, equipment, storage medium and program product, the computer equipment can determine the system vulnerability open source software in the target application system by comparing the software identification recorded in the predetermined open source software vulnerability information with the software identification of each system open source software in the target application system, so that the mode of determining the system vulnerability open source software is simpler. And the computer equipment can correspondingly search the software acquisition mode of the repair software corresponding to the system vulnerability open source software from the open source software vulnerability information according to the determined software identification of the system vulnerability open source software, so that the efficiency of determining the repair software is improved to a certain extent. Furthermore, the computer equipment can complete the downloading of the target repair software in the software acquisition mode, and update the system vulnerability open source software by utilizing the target software to obtain the system open source software without the vulnerability, thereby obtaining the application system without the vulnerability. The whole process can improve the updating efficiency of the application system.
Drawings
Fig. 1 is an application environment diagram of an application system updating method provided in this embodiment;
fig. 2 is a flowchart of a first method for updating an application system according to the present embodiment;
FIG. 3 is a flowchart illustrating a step of determining target repair software according to the present embodiment;
fig. 4 is a flowchart of a second method for updating an application system according to the present embodiment;
fig. 5 is a block diagram of a first application system updating device according to the present embodiment;
fig. 6 is a block diagram of a second application system updating device according to the present embodiment;
fig. 7 is a block diagram of a third application system updating device according to the present embodiment;
fig. 8 is a block diagram of a fourth application system updating device according to the present embodiment;
fig. 9 is an internal structural diagram of a first computer device provided in the present embodiment;
fig. 10 is an internal structural diagram of a second computer device according to the present embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The application system updating method provided by the embodiment of the application can be applied to an application environment shown in fig. 1. The application environment comprises computer equipment and a blockchain system, when the update requirement of the application system exists, the computer equipment firstly determines vulnerability information of open source software, wherein the vulnerability information of the open source software records software identifications of a plurality of vulnerability open source software and software acquisition modes of repair software corresponding to the plurality of vulnerability open source software respectively; then, the computer equipment compares the software identification of each system open source software included in the target application system with each software identification recorded in the open source software vulnerability information, and further obtains the system vulnerability open source software; (wherein, the system vulnerability open source software refers to system open source software with vulnerabilities); further, the computer equipment acquires a software acquisition mode of the repair software corresponding to the system vulnerability open source software from the open source software vulnerability information, and downloads the target repair software corresponding to the system vulnerability open source software based on the software acquisition mode; and updating the system vulnerability open source software of the target application system according to the target repair software corresponding to the system vulnerability open source software. And generating update information of the system vulnerability open source software based on the software identification of the system vulnerability open source software and the software identification of the target repair software corresponding to the system vulnerability open source software, and storing the update information of the system vulnerability open source software into a blockchain of the blockchain system, so that the follow-up query record is convenient.
In one embodiment, as shown in fig. 2, an application system updating method is provided, and the method is applied to the computer device in fig. 1 for illustration, and includes the following steps:
s201, determining open source software vulnerability information.
The vulnerability information of the open source software records the software identifications of a plurality of vulnerability open source software. The vulnerability information of the open source software can also record the software acquisition mode of the repair software corresponding to each of the plurality of vulnerability open source software. The vulnerability open source software refers to open source software with vulnerabilities. At least one bug in system bug open source software is repaired by repair software corresponding to the bug open source software, for example, the repair software is software obtained by repairing one or more bugs in the bug open source software, and the plurality of bugs is at least two. The software identifier may include a software type identifier and a software version information identifier of the open source software, and illustratively, vulnerability information of the open source software may be recorded with vulnerability open source software a-16.0.1, where "a" is the software type identifier of the vulnerability open source software, and "16.0.1" is the version information identifier of the vulnerability open source software. It can be understood that the vulnerability information corresponding to the vulnerability open source software can also be recorded in the open source software vulnerability information. The vulnerability information corresponding to the vulnerability open source software comprises 1day vulnerabilities (which indicate that relevant patches are found and disclosed by manufacturers, but are available because part of users are not patched in time), historical vulnerabilities (which indicate vulnerabilities with long patch release time), low-level vulnerabilities, medium-level vulnerabilities, important vulnerabilities, serious vulnerabilities and the like. The software acquisition of the repair software may be, for example, an official download link of the repair software.
Optionally, the method of determining the open source software vulnerability information by the computer device may be that the computer device periodically collects the open source software vulnerability information published by each vulnerability publishing platform, and performs statistics and summary on all collected information to serve as the open source software vulnerability information.
S202, comparing software identifications of all system open source software included in the target application system with all software identifications recorded in the open source software vulnerability information to obtain the system vulnerability open source software.
The target application system may be an application system composed of one or more open source software, and may be an application system of an enterprise (e.g., a financial institution) by way of example. The system open source software refers to open source software included in the target application system. The system vulnerability open source software refers to system open source software with vulnerabilities.
Optionally, in this embodiment, the computer device may compare, for each system open source software included in the target application system, a software identifier of the system open source software with a software identifier recorded in the open source software vulnerability information. And under the condition of consistent comparison, determining the system open source software as the system vulnerability open source software. The computer device may collect software identifiers of all system open source software included in the target application system, and generate a system open source software identifier comparison table. In the system open source software identification comparison table, each system open source software corresponds to the software identification one by one. Correspondingly, the computer equipment also gathers the open source software vulnerability information into an open source software vulnerability identification comparison table, and in the open source software vulnerability identification comparison table, each vulnerability open source software identifier corresponds to the corresponding vulnerability information one by one. Further, the computer equipment compares the system open source software identification comparison table with the open source software vulnerability identification comparison table, judges whether the open source software identification recorded in the system open source software identification comparison table exists in the open source software vulnerability identification comparison table, and takes the system open source software corresponding to the open source software identification as the system vulnerability open source software if the open source software identification exists in the system open source software vulnerability identification comparison table.
In the embodiment, the software identification of the system open source software is compared with the software identification recorded in the open source software vulnerability information, and the system vulnerability open source software is determined according to the comparison result, so that the method for determining the system vulnerability open source software is simpler and more convenient, and a foundation is provided for improving the updating efficiency of the application system.
S203, acquiring a software acquisition mode of the repair software corresponding to the system vulnerability open source software from the open source software vulnerability information, and downloading the target repair software corresponding to the system vulnerability open source software based on the software acquisition mode.
The target repair software can be one repair software for replacing the system bug open source software in the repair software corresponding to the system bug open source software. The software acquisition mode can be used for acquiring one or more pieces of repair software of the system vulnerability open source software. The target repair software can be any one of repair software of system bug open source software.
It should be noted that, the software obtaining manner of the repair software may be used to obtain repair software of a plurality of system bug open source software, and in this embodiment, one may be selected from the plurality of repair software as the target repair software. And the repair software with the latest update time and the current time can be used as the target repair software corresponding to the system vulnerability open source software.
In this embodiment, since the software acquisition modes of the repair software corresponding to each of the vulnerability open source software are recorded in the open source software vulnerability information, after determining the system vulnerability open source software in the target application system, the software acquisition modes of the repair software corresponding to the system vulnerability open source software can be correspondingly found from the open source software vulnerability information, thereby improving the efficiency of acquiring the repair software, and further improving the updating efficiency of the target application system.
S204, updating the system vulnerability open source software of the target application system according to the target repair software corresponding to the system vulnerability open source software.
Specifically, in this embodiment, the computer device replaces the system bug open source software with the downloaded corresponding target repair software, so as to solve the problem that the system bug open source software has bugs. Further, the computer equipment replaces all system vulnerability open source software in the target application system with downloaded target repair software corresponding to all system vulnerability open source software to obtain an updated target application system, so that vulnerabilities do not exist in the updated target application system.
In the application system updating method, the computer equipment can determine the system vulnerability open source software in the target application system by comparing the software identification recorded in the predetermined open source software vulnerability information with the software identification of each system open source software in the target application system, so that the mode of determining the system vulnerability open source software is simpler. And the computer equipment can correspondingly search the software acquisition mode of the repair software corresponding to the system vulnerability open source software from the open source software vulnerability information according to the determined software identification of the system vulnerability open source software, so that the efficiency of determining the repair software is improved to a certain extent. Furthermore, the computer equipment can complete the downloading of the target repair software in the software acquisition mode, and update the system vulnerability open source software by utilizing the target software to obtain the system open source software without the vulnerability, thereby obtaining the application system without the vulnerability. The whole process can improve the updating efficiency of the application system.
The application system updating method provided by the application can be applied to the financial field and used for updating the application system in the financial field so as to improve the updating efficiency of the application system in the financial field, for example, the application system updating method can be used for updating the application system of a bank so as to improve the updating efficiency of the application system of the bank.
In addition, in the application system updating method, when the application system is found to have the loopholes, the application system can be updated at a higher speed, so that the loopholes of the application system are solved, and the security threats caused by the loopholes to the application system are removed at a higher speed. Therefore, the application system updating method also improves the safety of the application system in running to a certain extent.
Further, in order to enable the update record of the target application system to be tracked, in one embodiment, after updating the system vulnerability open source software of the target application system according to the target repair software corresponding to the system vulnerability open source software, the computer device generates update information of the system vulnerability open source software based on the software identification of the system vulnerability open source software and the software identification of the target repair software corresponding to the system vulnerability open source software; and storing the update information of the system vulnerability open source software into the blockchain. The computer device may store the software identifier of the system bug open source software and the software identifier of the target repair software corresponding to the system bug open source software as update information of the system bug open source software in the blockchain, so as to facilitate subsequent query records.
It can be appreciated that, in order to make the update information of the system bug open source software richer and more complete, in this embodiment, the update information of the system bug open source software may further include update time of the system bug open source software or update users.
Further, when the number of the system vulnerability open source software in the target application system is multiple, the computer device may generate system update information of the target application system based on respective update information of each system vulnerability open source software; and storing the system update information of the target application system into the blockchain. The computer device may use the update information corresponding to each system vulnerability open source software in the target application system as one piece of system update information of the target application system, and perform statistical arrangement on the system update information corresponding to all system vulnerability open source software, and store the system update information as the system update information of the target application system in the blockchain, so as to facilitate subsequent query records.
Further, in order to make the determined target repair software more accurate, so that the target repair software can solve the vulnerability in the system vulnerability open source software, so that the target application system updated by the target repair software is safer, in one embodiment, as shown in fig. 3, the downloading of the target repair software corresponding to the system vulnerability open source software based on the software acquisition mode includes:
S301, determining a plurality of pieces of repair software corresponding to the system vulnerability open source software based on a software acquisition mode.
Specifically, in this embodiment, after the computer device takes the download network corresponding to the repair software as an example according to the acquired software acquisition mode of the repair software corresponding to the system vulnerability open source software, clicking to enter the download network can display a plurality of repair software corresponding to the system vulnerability open source software.
S302, selecting target repair software corresponding to the system vulnerability open source software from the plurality of repair software according to the download information.
The download information may include, among other things, historical download times of repair software.
Optionally, in this embodiment, the computer device may determine the download information of each piece of repair software from the software obtaining manner, and exemplarily, may click to obtain the attribute information of each piece of repair software, and obtain the historical download times corresponding to each piece of repair software from the attribute information of each piece of repair software. Further, according to the historical download times of each piece of repair software, the computer equipment determines one piece of repair software with the largest historical download times as the target repair software corresponding to the system vulnerability open source software.
Further, in one embodiment, the computer device may also determine respective vulnerability fix records for the plurality of fix software; and selecting target repair software corresponding to the system vulnerability open source software from the plurality of repair software according to the downloaded information and the vulnerability repair record.
The bug fix record is used for recording the historical bug fix condition of the fix software, and can also reflect the current bug condition of the fix software. Illustratively, the bug fix record of each piece of repair software may be stored in a blockchain, and a historical bug fix record corresponding to each piece of repair software is obtained from the blockchain, so as to determine the bug situation of the repair software existing at present (for example, whether the repair software still has a bug at present or not, and which loopholes still exist may be determined).
Optionally, in this embodiment, the computer device may sort (e.g. from less to more) the number of vulnerabilities existing in each piece of repair software according to the vulnerability repair record of each piece of repair software, sort (e.g. from more to less) the historical download times of each piece of repair software according to the download information of each piece of repair software, sort the number of vulnerabilities of each piece of repair software according to the sort condition of the number of vulnerabilities of each piece of repair software and the sort condition of the historical download times, and comprehensively determine the target repair software corresponding to the system vulnerability open source software in combination with a predetermined target repair software determination policy. For example, the repair software ranked at the front in two dimensions may be respectively scored, the scoring condition of the same repair software in the two dimensions may be weighted and summed, and the final score of the repair software may be the most scored as the target repair software.
In the above embodiment, the computer device determines the target repair software according to the historical download condition of each repair software, so that the process of determining the target repair software is more strict, and further, the target repair software can better solve the loopholes existing in the system loopholes open source software, thereby achieving the effect of improving the safety of the application system.
For the convenience of understanding of those skilled in the art, the above application system updating method will be described in detail, and as shown in fig. 4, the method may include:
s401, determining open source software vulnerability information.
The system comprises an open source software vulnerability information, a plurality of vulnerability open source software vulnerability information and a plurality of vulnerability open source software vulnerability information, wherein the open source software vulnerability information records the software identifiers of a plurality of vulnerability open source software and the software acquisition modes of repair software corresponding to the vulnerability open source software; the vulnerability open source software refers to open source software with vulnerabilities; the repair software corresponding to the vulnerability open source software has repaired the vulnerability in the system vulnerability open source software.
S402, comparing the software identification of the system open source software with the software identification recorded in the open source software vulnerability information aiming at each system open source software included in the target application system.
S403, determining the system open source software as the system vulnerability open source software under the condition of consistent comparison.
The system vulnerability open source software refers to system open source software with vulnerabilities.
S404, acquiring a software acquisition mode of the repair software corresponding to the system vulnerability open source software from the open source software vulnerability information, and determining a plurality of repair software corresponding to the system vulnerability open source software based on the software acquisition mode.
S405, determining respective bug fix records of a plurality of fix software.
S406, selecting target repair software corresponding to the system bug open source software from the plurality of repair software according to the download information and the bug repair record.
S407, updating the system vulnerability open source software of the target application system according to the target repair software corresponding to the system vulnerability open source software.
S408, based on the software identification of the system vulnerability open source software and the software identification of the target repair software corresponding to the system vulnerability open source software, updating information of the system vulnerability open source software is generated.
S409, generating system update information of the target application system based on the update information of each system vulnerability open source software.
S410, storing the system update information of the target application system into the blockchain.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides an application system updating device for realizing the above related application system updating method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiments of the application system updating device or devices provided below may refer to the limitation of the application system updating method hereinabove, and will not be described herein.
In one embodiment, as shown in fig. 5, there is provided an application system updating apparatus 1, including: the system comprises a vulnerability information determining module 10, a software identification comparing module 11, a repairing software acquiring module 12 and an open source software updating module 13, wherein:
the vulnerability information determining module 10 is configured to determine open source software vulnerability information.
The system comprises an open source software vulnerability information, a plurality of vulnerability open source software vulnerability information and a plurality of vulnerability open source software vulnerability information, wherein the open source software vulnerability information records the software identifiers of a plurality of vulnerability open source software and the software acquisition modes of repair software corresponding to the vulnerability open source software; the vulnerability open source software refers to open source software with vulnerabilities; the repair software corresponding to the vulnerability open source software has repaired the vulnerability in the system vulnerability open source software.
The software identification comparison module 11 is configured to compare software identifications of system open source software included in the target application system with software identifications recorded in the open source software vulnerability information, so as to obtain system vulnerability open source software.
The system vulnerability open source software refers to system open source software with vulnerabilities.
The repair software obtaining module 12 is configured to obtain a software obtaining mode of repair software corresponding to the system bug open source software from the open source software bug information, and obtain target repair software corresponding to the system bug open source software based on the software obtaining mode.
And the open source software updating module 13 is used for updating the system vulnerability open source software of the target application system according to the target repair software corresponding to the system vulnerability open source software.
In one embodiment, as shown in fig. 6, the application system updating apparatus 1 as shown in fig. 5 further includes a target repair software determining module 14 including a first determining unit 140 and a second determining unit 141. Wherein:
the first determining unit 140 is configured to determine, based on a software acquisition manner, a plurality of repair software corresponding to the system vulnerability open source software.
The second determining unit 141 is configured to select, according to the download information, a target repair software corresponding to the system bug open source software from the plurality of repair software.
In one embodiment, the second determining unit 141 is specifically configured to determine vulnerability repair records of each of the plurality of repair software; and selecting target repair software corresponding to the system vulnerability open source software from the plurality of repair software according to the downloaded information and the vulnerability repair record.
In one embodiment, as shown in fig. 7, the software identification comparison module 11 includes a software identification comparison unit 110 and a vulnerability open source software determination unit 111. Wherein:
the software identifier comparing unit 110 is configured to compare, for each system open source software included in the target application system, a software identifier of the system open source software with a software identifier recorded in the open source software vulnerability information.
And the vulnerability open source software determining unit 111 is configured to determine the system open source software as the system vulnerability open source software if the comparison is consistent.
In one embodiment, as shown in fig. 8, the application system updating apparatus 1 as shown in fig. 5 further includes a storage module 15 including a software update information generating unit 150 and a storage unit 151. Wherein:
the software update information generating unit 150 is configured to generate update information of the system bug open source software based on a software identifier of the system bug open source software and a software identifier of the target repair software corresponding to the system bug open source software.
And the storage unit 151 is configured to store update information of the system bug open source software into the blockchain.
In one embodiment, when the number of system vulnerability open source software is multiple, the storage unit 151 is specifically configured to generate system update information of the target application system based on respective update information of each system vulnerability open source software; and storing the system update information of the target application system into the blockchain.
The modules in the application system updating device may be implemented in whole or in part by software, hardware, or a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a terminal, and the internal structure thereof may be as shown in fig. 9. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement an application system update method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by persons skilled in the art that the architecture shown in fig. 9 is merely a block diagram of some of the architecture relevant to the present inventive arrangements and is not limiting as to the computer device to which the present inventive arrangements are applicable, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 10. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing relevant data for updating the application system. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement an application system update method.
In one embodiment, a computer device is provided comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of:
determining open source software vulnerability information; the vulnerability information of the open source software records the software identifications of a plurality of vulnerability open source software and the software acquisition modes of the repair software corresponding to the plurality of vulnerability open source software; the vulnerability open source software refers to open source software with vulnerabilities; the repair software corresponding to the vulnerability open source software has repaired the vulnerability in the system vulnerability open source software;
comparing software identifications of all system open source software included in the target application system with all software identifications recorded in the open source software vulnerability information to obtain system vulnerability open source software; the system vulnerability open source software refers to system open source software with vulnerabilities;
acquiring a software acquisition mode of repair software corresponding to system vulnerability open source software from open source software vulnerability information, and downloading the software acquisition mode to acquire target repair software corresponding to the system vulnerability open source software;
and updating the system vulnerability open source software of the target application system according to the target repair software corresponding to the system vulnerability open source software.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:
determining open source software vulnerability information; the vulnerability information of the open source software records the software identifications of a plurality of vulnerability open source software and the software acquisition modes of the repair software corresponding to the plurality of vulnerability open source software; the vulnerability open source software refers to open source software with vulnerabilities; the repair software corresponding to the vulnerability open source software has repaired the vulnerability in the system vulnerability open source software;
comparing software identifications of all system open source software included in the target application system with all software identifications recorded in the open source software vulnerability information to obtain system vulnerability open source software; the system vulnerability open source software refers to system open source software with vulnerabilities;
acquiring a software acquisition mode of repair software corresponding to system vulnerability open source software from open source software vulnerability information, and downloading the software acquisition mode to acquire target repair software corresponding to the system vulnerability open source software;
and updating the system vulnerability open source software of the target application system according to the target repair software corresponding to the system vulnerability open source software.
In one embodiment, a computer program product is provided comprising a computer program which, when executed by a processor, performs the steps of:
determining open source software vulnerability information; the vulnerability information of the open source software records the software identifications of a plurality of vulnerability open source software and the software acquisition modes of the repair software corresponding to the plurality of vulnerability open source software; the vulnerability open source software refers to open source software with vulnerabilities; the repair software corresponding to the vulnerability open source software has repaired the vulnerability in the system vulnerability open source software;
comparing software identifications of all system open source software included in the target application system with all software identifications recorded in the open source software vulnerability information to obtain system vulnerability open source software; the system vulnerability open source software refers to system open source software with vulnerabilities;
acquiring a software acquisition mode of repair software corresponding to system vulnerability open source software from open source software vulnerability information, and downloading the software acquisition mode to acquire target repair software corresponding to the system vulnerability open source software;
and updating the system vulnerability open source software of the target application system according to the target repair software corresponding to the system vulnerability open source software.
It should be noted that, the information (including but not limited to open source software bug information, download information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims (10)

1. An application system updating method, the method comprising:
determining open source software vulnerability information; the vulnerability information of the open source software records the software identifications of a plurality of vulnerability open source software and the software acquisition modes of the repair software corresponding to the plurality of vulnerability open source software; the vulnerability open source software refers to open source software with vulnerabilities; repairing software corresponding to the vulnerability open source software has repaired the vulnerability in the system vulnerability open source software;
Comparing software identifications of all system open source software included in a target application system with all software identifications recorded in the open source software vulnerability information to obtain system vulnerability open source software; the system vulnerability open source software refers to system open source software with vulnerabilities;
acquiring a software acquisition mode of repair software corresponding to the system vulnerability open source software from the open source software vulnerability information, and downloading the target repair software corresponding to the system vulnerability open source software based on the software acquisition mode;
and updating the system vulnerability open source software of the target application system according to the target repair software corresponding to the system vulnerability open source software.
2. The method of claim 1, wherein the downloading, based on the software obtaining manner, obtains target repair software corresponding to the system vulnerability open source software, includes:
determining a plurality of pieces of repair software corresponding to the system vulnerability open source software based on the software acquisition mode;
and selecting target repair software corresponding to the system vulnerability open source software from the plurality of repair software according to the downloaded information.
3. The method of claim 2, wherein selecting the target repair software corresponding to the system vulnerability open source software from the plurality of repair software according to the download information comprises:
Determining respective vulnerability repair records of the plurality of repair software;
and selecting target repair software corresponding to the system vulnerability open source software from the plurality of repair software according to the downloaded information and the vulnerability repair record.
4. The method of claim 1, wherein comparing the software identifier of each system open source software included in the target application system with each software identifier recorded in the open source software vulnerability information to obtain the system vulnerability open source software includes:
comparing the software identification of the system open source software with the software identification recorded in the open source software vulnerability information aiming at each system open source software included in the target application system;
and under the condition of consistent comparison, determining the system open source software as the system vulnerability open source software.
5. The method according to any one of claims 1-4, further comprising:
generating update information of the system vulnerability open source software based on the software identification of the system vulnerability open source software and the software identification of the target repair software corresponding to the system vulnerability open source software;
and storing the update information of the system vulnerability open source software into a blockchain.
6. The method of claim 2, wherein the system vulnerability open source software is a plurality of; the storing the update information of the system vulnerability open source software into a blockchain includes:
generating system update information of the target application system based on the respective update information of the system vulnerability open source software;
and storing the system update information of the target application system into a blockchain.
7. An application system updating apparatus, the apparatus comprising:
the vulnerability information determining module is used for determining vulnerability information of open source software; the vulnerability information of the open source software records the software identifications of a plurality of vulnerability open source software and the software acquisition modes of the repair software corresponding to the plurality of vulnerability open source software; the vulnerability open source software refers to open source software with vulnerabilities; repairing software corresponding to the vulnerability open source software has repaired the vulnerability in the system vulnerability open source software;
the software identification comparison module is used for comparing the software identification of each system open source software included in the target application system with each software identification recorded in the open source software vulnerability information to obtain system vulnerability open source software; the system vulnerability open source software refers to system open source software with vulnerabilities;
The repair software acquisition module is used for acquiring a software acquisition mode of repair software corresponding to the system vulnerability open source software from the open source software vulnerability information, and downloading the repair software based on the software acquisition mode to acquire target repair software corresponding to the system vulnerability open source software;
and the open source software updating module is used for updating the system vulnerability open source software of the target application system according to the target repair software corresponding to the system vulnerability open source software.
8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
10. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
CN202310659829.1A 2023-06-06 2023-06-06 Application system updating method, device, equipment, storage medium and program product Pending CN116893830A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310659829.1A CN116893830A (en) 2023-06-06 2023-06-06 Application system updating method, device, equipment, storage medium and program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310659829.1A CN116893830A (en) 2023-06-06 2023-06-06 Application system updating method, device, equipment, storage medium and program product

Publications (1)

Publication Number Publication Date
CN116893830A true CN116893830A (en) 2023-10-17

Family

ID=88310005

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310659829.1A Pending CN116893830A (en) 2023-06-06 2023-06-06 Application system updating method, device, equipment, storage medium and program product

Country Status (1)

Country Link
CN (1) CN116893830A (en)

Similar Documents

Publication Publication Date Title
US9773010B1 (en) Information-driven file system navigation
CA2957674C (en) Testing insecure computing environments using random data sets generated from characterizations of real data sets
US11562078B2 (en) Assessing and managing computational risk involved with integrating third party computing functionality within a computing system
US11386067B2 (en) Data integrity checking in a distributed filesystem using object versioning
US20240171603A1 (en) Risk-Based Vulnerability Remediation Timeframe Recommendations
CN116610583A (en) SCA tool maturity evaluation method, SCA tool maturity evaluation device, SCA tool maturity evaluation equipment, SCA tool maturity evaluation medium and SCA tool maturity evaluation product
CN116893830A (en) Application system updating method, device, equipment, storage medium and program product
CN112465612A (en) Receipt information processing method and device, computer equipment and storage medium
CN116467187A (en) Gray scale test method and device
CN114817065A (en) Interface automation test method and device and computer equipment
CN115687074A (en) Business system testing method and device, computer equipment and storage medium
CN117009216A (en) Application program testing method, device, equipment and storage medium
CN115729790A (en) Flow observation method and device, computer equipment and storage medium
CN117648336A (en) Data query method, device, computer equipment and storage medium
CN117435651A (en) Test data processing method, device, computer equipment and storage medium
CN114138196A (en) Power system data storage method and device, computer equipment and storage medium
CN117455386A (en) Resource auditing method and device, computer equipment and storage medium thereof
CN117827978A (en) Data conflict processing method, device, computer equipment and storage medium
CN114896590A (en) Application program detection method, system, device and computer equipment
CN115718701A (en) Program testing method, program testing device, computer equipment and storage medium
CN118778975A (en) Application processing method, apparatus, computer device, storage medium, and program product
CN116738000A (en) Data storage relationship processing method and device, electronic equipment and storage medium
CN116932139A (en) Container mirror image detection method, system and computer equipment
CN116204865A (en) Device binding method, device, computer device and storage medium
CN117376114A (en) Parameter configuration method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination