CN117473491A - Interface risk detection method, device, equipment and storage medium - Google Patents
Interface risk detection method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN117473491A CN117473491A CN202311478051.0A CN202311478051A CN117473491A CN 117473491 A CN117473491 A CN 117473491A CN 202311478051 A CN202311478051 A CN 202311478051A CN 117473491 A CN117473491 A CN 117473491A
- Authority
- CN
- China
- Prior art keywords
- field
- target
- risk
- interface
- response data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 68
- 230000004044 response Effects 0.000 claims abstract description 153
- 238000012545 processing Methods 0.000 claims abstract description 23
- 238000000034 method Methods 0.000 claims description 34
- 231100000279 safety data Toxicity 0.000 claims description 6
- 238000012163 sequencing technique Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 description 13
- 238000004891 communication Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a risk detection method, a risk detection device, risk detection equipment and a risk detection storage medium of an interface, wherein a preset interface response request is sent to a target interface in response to a request instruction for risk detection of the target interface so as to receive response data sent by the target interface; analyzing the response data to obtain each parameter field in the response data; comparing each parameter field with each target element in the target comparison list; marking each successfully-compared parameter field as each risk field; and performing risk processing on the target interface based on each risk field. According to the scheme, interface response is simulated, the interface response request is sent to the target interface, the target interface can send response data of the interface response request, and risk detection is carried out on the target interface according to the response data, so that the target interface can avoid risks in subsequent work, safety is guaranteed, and meanwhile confidentiality of private data is improved.
Description
Technical Field
The present disclosure relates to the field of interface risk detection, and in particular, to a risk detection method, apparatus, device, and storage medium for an interface.
Background
In the development process of the application program, the application program involves a large number of interfaces, and each interface returns a lot of data when responding to a connection request or responding to a data transmission request, wherein the data contains a plurality of parameter fields, and some potential security risks, such as dangerous fields, can exist, influence the normal operation of the interface, or sensitive and private fields, and if the data is leaked, the confidentiality of the data can be influenced.
Based on the above, it can be known that the risk detection of the interface is critical, so there is a great need in the industry for a method for risk detection of the interface, so as to ensure the security of the interface and also ensure that the private data is not revealed.
Disclosure of Invention
In view of this, the present application provides a risk detection method, apparatus, device and storage medium for an interface, which are used to solve the problem that there may be a problem in data sent by the interface or a problem that a privacy field is revealed.
In order to achieve the above object, the following schemes are proposed:
in a first aspect, a risk detection method for an interface includes:
responding to a request instruction for risk detection of a target interface, and sending a preset interface response request to the target interface so as to receive response data sent by the target interface;
analyzing the response data to obtain each parameter field in the response data;
creating a target comparison list, and comparing each parameter field with each target element in the target comparison list;
marking each successfully-compared parameter field as each risk field;
and performing risk processing on the target interface based on each risk field.
Preferably, the parsing the response data to obtain each parameter field in the response data includes:
acquiring format content of the response data;
determining the data format of the response data according to the format content of the response data;
selecting an analysis mode corresponding to the data format from a pre-established format analysis corresponding table;
and analyzing the response data according to the analysis mode to obtain each parameter field in the response data.
Preferably, the creating process of the target control list includes:
acquiring all historical response data of the target interface;
extracting each piece of risk data from the historical response data;
determining each historical risk field in each piece of risk data;
determining the occurrence times of each historical risk field respectively;
and sequencing each historical risk field according to the magnitude of the occurrence times, and summarizing each historical risk field into a target comparison list according to the sequencing order.
Preferably, the summarizing the historical risk fields into the target control list according to the order of the sorting includes:
establishing a blank table, and filling each historical risk field into a first column in the blank table according to the sorting order;
determining each field value corresponding to each historical risk field;
for each historical risk field, filling a field value corresponding to the historical risk field into a right table of the historical risk field;
and summarizing after filling all the historical risk fields and field values to obtain a target comparison list.
Preferably, the target element includes a plurality of target fields and a target value corresponding to each target field;
the comparing each parameter field with each target element in the target comparison list respectively includes:
comparing each parameter field with each target field in the target comparison list;
if the parameter field is the same as a certain target field in the target comparison list, determining that the parameter field is successfully compared;
if the parameter field is different from each target field in the target comparison list, determining the parameter field as a field to be verified;
and matching each field to be verified with a target value corresponding to each target field to determine whether the fields to be verified are successfully compared.
Preferably, the matching the to-be-verified fields with the target values corresponding to each target field to determine whether the to-be-verified fields are successfully aligned, includes:
acquiring a field value corresponding to each field to be verified;
for each field to be verified, matching the field value of the field to be verified with the target value corresponding to each target field;
if the matching is successful, determining that the field to be verified is successfully compared;
if the matching fails, determining that the field to be verified fails to be compared.
Preferably, the risk processing for the target interface based on each risk field includes:
setting each of the risk fields as a warning trigger flag;
when the target interface receives an interface response request, acquiring response data to be sent;
judging whether the response data to be sent contains each risk field or not;
if yes, deleting the response data to be sent according to each risk field to obtain safety data, so that the target interface can send the safety data as response data when receiving an interface response request.
In a second aspect, a risk detection apparatus for an interface includes:
the response data receiving module is used for responding to a request instruction for risk detection of a target interface, sending a preset interface response request to the target interface and receiving response data sent by the target interface;
the analysis module is used for analyzing the response data to obtain each parameter field in the response data;
the comparison module is used for creating a target comparison list and respectively comparing each parameter field with each target element in the target comparison list;
the marking module is used for marking each successfully-compared parameter field as each risk field;
and the risk processing module is used for performing risk processing on the target interface based on each risk field.
In a third aspect, an interface risk detection apparatus includes a memory and a processor;
the memory is used for storing programs;
the processor is configured to execute the program to implement the steps of the risk detection method of the interface according to the first aspect.
In a fourth aspect, a storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the risk detection method of an interface as described in the first aspect.
According to the technical scheme, the preset interface response request is sent to the target interface by responding to the request instruction for risk detection of the target interface, so that response data sent by the target interface are received; analyzing the response data to obtain each parameter field in the response data; creating a target comparison list, and comparing each parameter field with each target element in the target comparison list; marking each successfully-compared parameter field as each risk field; and performing risk processing on the target interface based on each risk field. According to the scheme, interface response is simulated, a preset interface response request is sent to the target interface, the target interface can send response data of the interface response request, risk detection is carried out on the target interface according to the response data, the response data comprises a plurality of parameter fields, and the parameter fields possibly comprise risk fields, so that each parameter field is detected to determine the risk field in the response data, detection can be carried out in the form of the parameter field, the detection precision can be improved, and finally risk processing is carried out on the target interface, so that the target interface can avoid risks in subsequent work, the safety of the target interface is guaranteed, and meanwhile the confidentiality of privacy data is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
Fig. 1 is an optional flowchart of a risk detection method of an interface provided in an embodiment of the present application;
FIG. 2 is an alternative flow chart of a risk detection method for another interface provided in an embodiment of the present application;
fig. 3 is a schematic structural diagram of a risk detection device of an interface according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an interface risk detection device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
In the development process of the application program, the application program involves a large number of interfaces, and each interface returns a lot of data when responding to a connection request or responding to a data transmission request, wherein the data contains a plurality of parameter fields, and some potential security risks, such as dangerous fields, can exist, influence the normal operation of the interface, or sensitive and private fields, and if the data is leaked, the confidentiality of the data can be influenced.
Based on the above, it can be known that the risk detection of the interface is critical, so there is a great need in the industry for a method for risk detection of the interface, so as to ensure the security of the interface and also ensure that the private data is not revealed.
The embodiment of the invention provides a risk detection method of an interface, which can be applied to various computer terminals or intelligent terminals, wherein an execution subject of the method can be a processor or a server of the computer terminal or the intelligent terminal, and a flow chart of the method is shown in fig. 1, and specifically comprises the following steps:
s1: and responding to a request instruction for risk detection of a target interface, and sending a preset interface response request to the target interface so as to receive response data sent by the target interface.
The method comprises the steps of simulating a process of communication connection with an interface, connecting a computer terminal, an intelligent terminal processor or a server with the interface to be detected, namely a target interface, and sending a preset interface response request to the target interface, so that the target interface sends response data of the interface to the terminal.
After receiving the response data sent by the target interface, the risk detection can be carried out on the response data, and the risk detection on the response data is the risk detection on the target interface.
S2: and analyzing the response data to obtain each parameter field in the response data.
Since the response data contains a plurality of pieces of data, and each piece of data contains a plurality of parameter fields, some of the parameter fields are public, secure, and some of the parameter fields are private, sensitive, the risk detection needs to be separately performed, and thus the response data is parsed, so that each parameter field in the response data is obtained.
S3: and creating a target comparison list, and comparing each parameter field with each target element in the target comparison list.
In order to more accurately judge whether the parameter fields in the response data contain problem fields or not, a target comparison list can be established in advance, the target comparison list contains various target elements, and the target elements belong to possible problem fields or risk fields of the response data of the target interface, so that the established target comparison list is used as a standard, each parameter field in the response data is respectively compared with the target comparison list, and the determination of which parameter fields in the response data belong to the problem fields or the risk fields can be accurately and quickly carried out without judging the parameter fields respectively, and only the comparison is needed.
The target comparison list includes various types of "problem" fields or "risk" fields, which may belong to different data formats, different data types, different risk types and different problem types, and may include various "problem" fields or "risk" fields that may be included in the interface in the application program.
It can be understood that one or more parameter fields may be included in the response data, where the parameter fields belong to a "problem" field or a "risk" field, so that each parameter field needs to be compared with each target element in the target comparison list to ensure the integrity of detection, and thus, a missing checking and leak repairing process can be saved.
S4: and marking each successfully-aligned parameter field as each risk field.
The successful alignment, i.e. the presence of the target element in the response data, may contain one or more, thus marking each parameter field of the successful alignment as each risk field.
S5: and performing risk processing on the target interface based on each risk field.
If the risk fields can be detected in the response data of the target interface, the target interface is indicated to have potential safety hazards, and some sensitive data can be leaked, so that the risk processing can be performed on the target interface by using the detected risk fields, and the target interface is ensured not to leak the sensitive data in subsequent operations.
According to the technical scheme, the preset interface response request is sent to the target interface by responding to the request instruction for risk detection of the target interface, so that response data sent by the target interface are received; analyzing the response data to obtain each parameter field in the response data; creating a target comparison list, and comparing each parameter field with each target element in the target comparison list; marking each successfully-compared parameter field as each risk field; and performing risk processing on the target interface based on each risk field. According to the scheme, interface response is simulated, a preset interface response request is sent to the target interface, the target interface can send response data of the interface response request, risk detection is carried out on the target interface according to the response data, the response data comprises a plurality of parameter fields, and the parameter fields possibly comprise risk fields, so that each parameter field is detected to determine the risk field in the response data, detection can be carried out in the form of the parameter field, the detection precision can be improved, and finally risk processing is carried out on the target interface, so that the target interface can avoid risks in subsequent work, the safety of the target interface is guaranteed, and meanwhile the confidentiality of privacy data is improved.
In the embodiment provided in the present application, the process of parsing the response data to obtain each parameter field in the response data may specifically include:
acquiring format content of the response data;
determining the data format of the response data according to the format content of the response data;
selecting an analysis mode corresponding to the data format from a pre-established format analysis corresponding table;
and analyzing the response data according to the analysis mode to obtain each parameter field in the response data.
Specifically, the response data may be parsed in a plurality of ways, which is not limited in this embodiment, and alternatively, the data may be displayed in a plurality of different formats, so the present application determines to update the response data according to the format of the data.
The format content may indicate a data format of a piece of data or a group of data, so that the data format of the response data may be determined according to the format content first, and then an parsing manner corresponding to the data format may be selected from a pre-established format parsing correspondence table. The pre-established format analysis corresponding table contains different analysis modes corresponding to different data formats, such as a JOSN format data, which corresponds to a JOSN analysis library analysis mode, so that the JOSN format data can be converted into an operable JOSN object, and the XML format data corresponds to a DOM analysis mode, so that the XML format data can be converted into an operable XML object or a DOM tree form data object. The response data can be parsed in a well-defined parsing manner to obtain one or more parameter fields in the response data.
The following describes the process of creating the target control list in the present application in detail, including:
acquiring all historical response data of the target interface;
extracting each piece of risk data from the historical response data;
determining each historical risk field in each piece of risk data;
determining the occurrence times of each historical risk field respectively;
and sequencing each historical risk field according to the magnitude of the occurrence times, and summarizing each historical risk field into a target comparison list according to the sequencing order.
Specifically, the process of parsing the response data according to the parsing mode to obtain each parameter field in the response data specifically includes:
establishing a blank table, and filling each historical risk field into a first column in the blank table according to the sorting order;
determining each field value corresponding to each historical risk field;
for each historical risk field, filling a field value corresponding to the historical risk field into a right table of the historical risk field;
and summarizing after filling all the historical risk fields and field values to obtain a target comparison list.
In the above scheme, the objective comparison list is constructed with the purpose of including all possible risk fields of the objective interface, so that all the "problems" or "risk" fields in the response data sent by the objective interface can be guaranteed to be detected, so that all the historical response data of the objective interface can be obtained, the historical response data of all the interfaces in the application program can be obtained here, so as to ensure that all the data can be obtained, then each piece of risk data is extracted, each historical risk field in the risk data is determined, the occurrence number of each historical risk field is counted, it can be understood that the historical risk field with more occurrence number has a higher probability in the response data of the objective interface, therefore, each historical risk field is ordered according to the occurrence number, and the objective comparison list is made, and it can be understood that each parameter field is preferentially compared with the historical field with more occurrence number when the comparison list is performed, so that the coincidence probability of the historical risk fields with the former history risk field is higher, the comparison time of the risk fields is saved, and the detection efficiency is improved.
In the method provided by the embodiment of the present invention, a flow of comparing each parameter field with each target element in the target comparison list is shown in fig. 2, and specific description is as follows:
s31: and comparing each parameter field with each target field in the target comparison list.
S32: and if the parameter field is the same as a certain target field in the target comparison list, determining that the parameter field is successfully compared.
S33: and if the parameter field is different from each target field in the target comparison list, determining the parameter field as a field to be verified.
S34: and matching each field to be verified with a target value corresponding to each target field to determine whether the fields to be verified are successfully compared.
Specifically, step S34 may include the following process:
acquiring a field value corresponding to each field to be verified;
for each field to be verified, matching the field value of the field to be verified with the target value corresponding to each target field;
if the matching is successful, determining that the field to be verified is successfully compared;
if the matching fails, determining that the field to be verified fails to be compared.
Specifically, the target element includes multiple target fields and target values corresponding to each target field, in each parameter field of the response data, some "problem" or "risk" fields appear in an unusual manner, so that the comparison with the target comparison list fails, but is not represented by the "problem" or "risk" fields, so that double detection is required, field values of the parameter fields failing in comparison can be obtained, and the field values are compared with the target values in the target element, so that all "problem" or "risk" fields in the response data can be screened and determined, and some parameter fields truly belonging to the risk fields are prevented from being successfully determined as risk fields, thereby improving the accuracy of risk detection.
The above embodiment describes a process of comparing each parameter field with each target element in the target comparison list, and details of risk processing for the target interface based on each risk field in the present application are described below.
Setting each of the risk fields as a warning trigger flag;
when the target interface receives an interface response request, acquiring response data to be sent;
judging whether the response data to be sent contains each risk field or not;
if yes, deleting the response data to be sent according to each risk field to obtain safety data, so that the target interface can send the safety data as response data when receiving an interface response request.
In the above scheme, the detected risk fields are set as warning trigger marks, when the target interface transmits the response data with the risk fields again, the transmission can be intercepted, and after the target interface deletes the risk fields, the target interface retransmits the response data, so that the privacy data can be ensured not to be revealed, and the safety, stability and privacy of the application program are improved.
Corresponding to the method described in fig. 1, the embodiment of the present invention further provides an interface risk detection apparatus, which is used for implementing the method in fig. 1, where the interface risk detection apparatus provided in the embodiment of the present invention may be in a computer terminal or various mobile devices, and in conjunction with fig. 3, the interface risk detection apparatus is described, and as shown in fig. 3, the apparatus may include:
a response data receiving module 10, configured to respond to a request instruction for risk detection on a target interface, and send a preset interface response request to the target interface, so as to receive response data sent by the target interface;
the parsing module 20 is configured to parse the response data to obtain each parameter field in the response data;
a comparison module 30, configured to create a target comparison list, and compare each parameter field with each target element in the target comparison list;
a marking module 40, configured to mark each successfully aligned parameter field as each risk field;
and the risk processing module 50 is configured to perform risk processing on the target interface based on each risk field.
According to the technical scheme, the preset interface response request is sent to the target interface by responding to the request instruction for risk detection of the target interface, so that response data sent by the target interface are received; analyzing the response data to obtain each parameter field in the response data; creating a target comparison list, and comparing each parameter field with each target element in the target comparison list; marking each successfully-compared parameter field as each risk field; and performing risk processing on the target interface based on each risk field. According to the scheme, interface response is simulated, a preset interface response request is sent to the target interface, the target interface can send response data of the interface response request, risk detection is carried out on the target interface according to the response data, the response data comprises a plurality of parameter fields, and the parameter fields possibly comprise risk fields, so that each parameter field is detected to determine the risk field in the response data, detection can be carried out in the form of the parameter field, the detection precision can be improved, and finally risk processing is carried out on the target interface, so that the target interface can avoid risks in subsequent work, the safety of the target interface is guaranteed, and meanwhile the confidentiality of privacy data is improved.
In one example, the comparison module 30 may include:
a target field comparison module, configured to compare, for each parameter field, the parameter field with each target field in the target comparison list;
the comparison success determining module is used for determining that the parameter field is successfully compared if the parameter field is the same as a certain target field in the target comparison list;
the field to be verified determining module is used for determining the parameter field as a field to be verified if the parameter field is different from each target field in the target comparison list;
and the matching module is used for matching each field to be verified with the target value corresponding to each target field so as to determine whether the fields to be verified are successfully compared.
Still further, an embodiment of the present application provides a risk detection device of an interface. Optionally, fig. 4 shows a block diagram of a hardware structure of the risk detection device of the interface, and referring to fig. 4, the hardware structure of the risk detection device of the interface may include: at least one processor 01, at least one communication interface 02, at least one memory 03 and at least one communication bus 04.
In the embodiment of the present application, the number of the processor 01, the communication interface 02, the memory 03 and the communication bus 04 is at least one, and the processor 01, the communication interface 02 and the memory 03 complete communication with each other through the communication bus 04.
The processor 01 may be a central processing unit CPU, or a specific integrated circuit ASIC (Application Specific Integrated Circuit), or one or more integrated circuits configured to implement embodiments of the present invention, or the like.
The memory 03 may include a high-speed RAM memory, and may further include a nonvolatile memory (non-volatile memory) or the like, such as at least one magnetic disk memory.
The memory stores a program, and the processor can call the program stored in the memory, and the program is used for executing a risk detection method of the following interfaces, which comprises the following steps:
responding to a request instruction for risk detection of a target interface, and sending a preset interface response request to the target interface so as to receive response data sent by the target interface;
analyzing the response data to obtain each parameter field in the response data;
creating a target comparison list, and comparing each parameter field with each target element in the target comparison list;
marking each successfully-compared parameter field as each risk field;
and performing risk processing on the target interface based on each risk field.
Alternatively, the refinement function and the extension function of the program may refer to the description of the risk detection method of the interface in the method embodiment.
The embodiment of the application also provides a storage medium, which can store a program suitable for being executed by a processor, and when the program runs, the program controls a device where the storage medium is located to execute a risk detection method of the following interface, including:
responding to a request instruction for risk detection of a target interface, and sending a preset interface response request to the target interface so as to receive response data sent by the target interface;
analyzing the response data to obtain each parameter field in the response data;
creating a target comparison list, and comparing each parameter field with each target element in the target comparison list;
marking each successfully-compared parameter field as each risk field;
and performing risk processing on the target interface based on each risk field.
In particular, the storage medium may be a computer-readable storage medium, which may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM.
Alternatively, the refinement function and the extension function of the program may refer to the description of the risk detection method of the interface in the method embodiment.
In addition, functional modules in various embodiments of the present disclosure may be integrated together to form a single portion, or each module may exist alone, or two or more modules may be integrated to form a single portion. The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored on a computer readable storage medium. Based on such understanding, the technical solution of the present disclosure may be embodied in essence or a part contributing to the prior art or a part of the technical solution, or in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a live device, or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present disclosure.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method for risk detection of an interface, comprising:
responding to a request instruction for risk detection of a target interface, and sending a preset interface response request to the target interface so as to receive response data sent by the target interface;
analyzing the response data to obtain each parameter field in the response data;
creating a target comparison list, and comparing each parameter field with each target element in the target comparison list;
marking each successfully-compared parameter field as each risk field;
and performing risk processing on the target interface based on each risk field.
2. The method of claim 1, wherein parsing the response data to obtain the respective parameter fields in the response data comprises:
acquiring format content of the response data;
determining the data format of the response data according to the format content of the response data;
selecting an analysis mode corresponding to the data format from a pre-established format analysis corresponding table;
and analyzing the response data according to the analysis mode to obtain each parameter field in the response data.
3. The method of claim 1, wherein the creating of the target control list comprises:
acquiring all historical response data of the target interface;
extracting each piece of risk data from the historical response data;
determining each historical risk field in each piece of risk data;
determining the occurrence times of each historical risk field respectively;
and sequencing each historical risk field according to the magnitude of the occurrence times, and summarizing each historical risk field into a target comparison list according to the sequencing order.
4. A method according to claim 3, wherein the summarizing the historical risk fields into a target control list in the ordered order comprises:
establishing a blank table, and filling each historical risk field into a first column in the blank table according to the sorting order;
determining each field value corresponding to each historical risk field;
for each historical risk field, filling a field value corresponding to the historical risk field into a right table of the historical risk field;
and summarizing after filling all the historical risk fields and field values to obtain a target comparison list.
5. The method of claim 1, wherein the target element comprises a plurality of target fields and a target value corresponding to each target field;
the comparing each parameter field with each target element in the target comparison list respectively includes:
comparing each parameter field with each target field in the target comparison list;
if the parameter field is the same as a certain target field in the target comparison list, determining that the parameter field is successfully compared;
if the parameter field is different from each target field in the target comparison list, determining the parameter field as a field to be verified;
and matching each field to be verified with a target value corresponding to each target field to determine whether the fields to be verified are successfully compared.
6. The method of claim 5, wherein said matching each of said fields to be verified with a target value corresponding to each of said target fields to determine whether each of said fields to be verified was successfully aligned comprises:
acquiring a field value corresponding to each field to be verified;
for each field to be verified, matching the field value of the field to be verified with the target value corresponding to each target field;
if the matching is successful, determining that the field to be verified is successfully compared;
if the matching fails, determining that the field to be verified fails to be compared.
7. The method of claim 1, wherein said risk processing said target interface based on each of said risk fields comprises:
setting each of the risk fields as a warning trigger flag;
when the target interface receives an interface response request, acquiring response data to be sent;
judging whether the response data to be sent contains each risk field or not;
if yes, deleting the response data to be sent according to each risk field to obtain safety data, so that the target interface can send the safety data as response data when receiving an interface response request.
8. A risk detection apparatus for an interface, comprising:
the response data receiving module is used for responding to a request instruction for risk detection of a target interface, sending a preset interface response request to the target interface and receiving response data sent by the target interface;
the analysis module is used for analyzing the response data to obtain each parameter field in the response data;
the comparison module is used for creating a target comparison list and respectively comparing each parameter field with each target element in the target comparison list;
the marking module is used for marking each successfully-compared parameter field as each risk field;
and the risk processing module is used for performing risk processing on the target interface based on each risk field.
9. An interface risk detection device comprising a memory and a processor;
the memory is used for storing programs;
the processor being configured to execute the program to implement the steps of the risk detection method of the interface of any of claims 1-7.
10. A storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the risk detection method of an interface as claimed in any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311478051.0A CN117473491A (en) | 2023-11-07 | 2023-11-07 | Interface risk detection method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311478051.0A CN117473491A (en) | 2023-11-07 | 2023-11-07 | Interface risk detection method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117473491A true CN117473491A (en) | 2024-01-30 |
Family
ID=89627145
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311478051.0A Pending CN117473491A (en) | 2023-11-07 | 2023-11-07 | Interface risk detection method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117473491A (en) |
-
2023
- 2023-11-07 CN CN202311478051.0A patent/CN117473491A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107656874B (en) | Interface testing method and device, simulation baffle and system | |
| CN111177005B (en) | Service application testing method, device, server and storage medium | |
| CN110730107B (en) | Test data generation method and device, computer equipment and storage medium | |
| CN110990255B (en) | Buried point testing method and server | |
| CN110866258B (en) | Rapid vulnerability positioning method, electronic device and storage medium | |
| CN111290742A (en) | Parameter verification method and device, electronic equipment and readable storage medium | |
| CN108491321B (en) | Method and device for determining test case range and storage medium | |
| CN112039900B (en) | Network security risk detection method, system, computer device and storage medium | |
| CN102123058A (en) | Test equipment and method for testing network protocol decoder | |
| CN111651347A (en) | Jump verification method, device, equipment and storage medium of test system | |
| CN106802898B (en) | Data entry method and device | |
| CN104850971A (en) | Correlation method between order information and logistics information, and device thereof | |
| CN110874475A (en) | Vulnerability mining method, vulnerability mining platform and computer readable storage medium | |
| CN111191087B (en) | Character matching method, terminal device and computer readable storage medium | |
| CN117473491A (en) | Interface risk detection method, device, equipment and storage medium | |
| CN111756594B (en) | Control method of pressure test, computer device and computer readable storage medium | |
| CN113128168A (en) | Pad parameter checking and correcting method and device, computer equipment and storage medium | |
| CN111159048A (en) | Application program testing method and device and computer readable storage medium | |
| CN110659517A (en) | Data verification method and device, computer equipment and storage medium | |
| CN109560964B (en) | Equipment compliance checking method and device | |
| CN114154169A (en) | Jenkins and JMeter-based automatic test method and device | |
| CN114780399A (en) | Verification method, device, equipment and medium for page submitted data | |
| CN114168426A (en) | Automated testing method and related equipment | |
| CN112529462A (en) | Service verification method, device, server and storage medium | |
| CN111582736B (en) | MES system-based data processing method, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |