Bug checking method and device and continuously integrated code bug checking method and device

A detection method and vulnerability technology, applied in the field of information security, can solve the problems of low test efficiency, consumption of software and hardware resources, and high labor costs, and achieve the effect of improving vulnerability detection efficiency, avoiding wasting hardware and software resources, and avoiding large concurrency.

Active Publication Date: 2020-10-16
北京自如信息科技有限公司
View PDF9 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Therefore, the technical problem to be solved by the present invention is to overcome the disadvantages of high hardware and software resource consumption, high labor cost, and low testing efficiency in the prior art vulnerability inspection, thereby providing a method for detecting vulnerabilities and a method for continuously integrating code vulnerabilities and devices

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Bug checking method and device and continuously integrated code bug checking method and device
  • Bug checking method and device and continuously integrated code bug checking method and device
  • Bug checking method and device and continuously integrated code bug checking method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0035] This embodiment provides a vulnerability checking method, which is applied to the vulnerability checking of integrated codes to improve development efficiency, such as figure 1 As shown, the vulnerability checking method includes the following steps:

[0036] S11, when a merge request is received, detect whether the code review switch is turned on.

[0037] Exemplarily, the merge request is a request initiated by the developer to the online master branch code after the developer completes the new function code. When a merge request is received, the code review switch is first detected to determine whether the code review switch has been turned on.

[0038] S12. If the code review switch is turned on, it is judged whether the code to be merged passes the code check.

[0039] Exemplarily, if it is detected that the code review switch is turned on, a code review is performed on the code to be merged. Code review mainly refers to the systematic review of the source code ...

Embodiment 2

[0059] This embodiment provides a vulnerability inspection method for continuous integration code, which is applied to the vulnerability inspection of integrated code to improve development efficiency, such as image 3 As shown, the vulnerability checking method of the continuous integration code includes the following steps:

[0060] S21. Obtain at least one functional branch code information created according to the initial main branch code, and determine whether a merge request is received.

[0061] Exemplarily, the function branch code information is based on the initial main branch code, and the developer creates and develops the function code according to the initial main branch code. After the development of the function branch code is completed, a merge request can be initiated to the current main branch code, and the server can monitor in real time whether the merge request is received.

[0062] S22. When a merge request is received, create merged branch code informa...

Embodiment 3

[0084] This embodiment provides a vulnerability checking device, which is applied to the vulnerability checking of integrated codes to improve development efficiency, such as Figure 10 As shown, the vulnerability checking device includes:

[0085] The detection module 31 is configured to detect whether the code review switch is turned on when a merge request is detected. For details, refer to the relevant description of step S11 in the foregoing embodiment, and details are not repeated here.

[0086] The first judging module 32 is configured to judge whether the code to be merged passes the code inspection if the code inspection switch is turned on. For details, refer to the relevant description of the corresponding step S12 in the foregoing embodiment, and details are not repeated here.

[0087] The second judging module 33 is used for judging whether the vulnerability testing switch is turned on if the code inspection is passed. For details, refer to the relevant descrip...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a vulnerability checking method and device and a vulnerability checking method and device for continuously integrating codes, and the method comprises the steps: detecting whether a code checking switch is turned on or not when a merging request is monitored; if the code review switch is turned on, judging whether the to-be-merged code passes code review or not; if the codecheck is passed, judging whether a vulnerability test switch is turned on; if the vulnerability test switch is turned on, obtaining a vulnerability test result of the to-be-merged code, and judging whether the vulnerability test result exceeds a preset detection threshold value or not; and if the vulnerability test result is smaller than the detection threshold, determining that vulnerability test check succeeds. By implementing the method and the device, the problems of high hardware resource consumption and server jamming caused by centralized triggering of vulnerability scanning due to large task concurrency at the same time are avoided, the situation that hardware and software resources are wasted when a project without code change is executed is avoided, the vulnerability detection efficiency is improved, the code integration efficiency is improved, and the labor cost is reduced.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a loophole checking method, a loophole checking method and a device for continuous integration codes. Background technique [0002] With the increasing scale of online projects, more complex project structures, higher technical requirements, more and more participants, and faster development speed, each project code needs to be submitted frequently. Therefore, it is necessary to check various security issues of online projects from time to time, and push the checked content to the business line personnel in time for repair. However, in most software development projects, time constraints, limited manpower and limited funds have become barriers for development and testing. In the face of the above problems, continuous integration or manual triggering is usually used to analyze and scan vulnerabilities, and then push the analysis results to the server. However, altho...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033
Inventor 张秀丽王宇峰
Owner 北京自如信息科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap