Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for detecting security of Java open source component

A security detection and component technology, applied in the field of network security to achieve the effect of improving security

Inactive Publication Date: 2020-12-22
SICHUAN CHANGHONG ELECTRIC CO LTD
View PDF7 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The purpose of the present invention is to provide a method for security detection of Java open source components, which is used to solve the problem that there is no security detection method for open source components in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting security of Java open source component
  • Method for detecting security of Java open source component

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0028] combined with figure 1 As shown, a method for security detection of Java open source components includes:

[0029] Step S100: use Maven to build a private warehouse, mark the security risk level of the open source components stored in the private warehouse, and store them as the first open source component;

[0030] Step S200: Upload the system project file, and analyze the system project file by configuring the maven dependency package information extraction plug-in in the maven project pom file to obtain a list of second open source components that the project file depends on; the step S200 specifically includes:

[0031] Step S210: the configuration administrator establishes a baseline for the maven code project file to be detected;

[0032] Step S220: The developer extracts the source code corresponding to the baseline version from the source code library on site;

[0033] Step S230: The developer compiles the source code project file, and downloads the dependency...

Embodiment 2

[0059] Furthermore, the security risk level in the step S100 is marked with three dimensions, and the three dimensions are authorization verification, virus Trojan horse detection and security vulnerability detection;

[0060] The method for the authorization (License) verification is: obtain the authorization information of the open source component, and carry out security risk classification according to the authorization information;

[0061] Risks are categorized as follows:

[0062] MIT-Low Risk-The developer of the program retains the original author's license information in the modified source code;

[0063] Apache1.0-medium risk-open source components and open source software adopt the Apache1.0 license, and the developer does not retain the original author's license information in the modified source code;

[0064]Apache2.0-low risk-open source components and open source software adopt the Apache2.0 license, and the developer does not retain the original author's lic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting security of a Java open source component, which comprises the following steps: establishing a private warehouse by using Maven, marking security risk levels for open source components stored in the private warehouse, and storing the open source components as first open source components; uploading a system engineering file, configuring a maven dependency package information extraction plug-in in a maven engineering pom file to analyze the system engineering file, and obtaining a list of second open source components on which the engineering file depends; finding third open source components corresponding to the second open source components from the first open source assemblies, comparing the second open source components with the third open source components, and generating a safety report. According to the method, an open source component library is defined, the open source components are subjected to security labeling through the four security dimensions, the open source components quoted by the uploaded system engineering file are detected, the open source components with security risks are found, and the security of the system engineering file is improved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for security detection of Java open source components. Background technique [0002] With the continuous deepening of social informatization, computer software systems are becoming more and more complex, software functions are becoming more and more complex, and source codes are becoming larger and larger, making it difficult to guarantee the correctness of programs. A large number of defects introduced in the software development process are one of the important reasons for software vulnerabilities. System attackers can easily bypass software security certification with the help of software security holes, attack and invade information systems, obtain illegal system user rights, and perform a series of illegal operations and malicious attacks. [0003] In the tide of the Internet, more and more Internet companies are gradually increasing their efforts in softw...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F21/57
CPCG06F21/561G06F21/565G06F21/577
Inventor 廖雷李书红林正勇龙长春
Owner SICHUAN CHANGHONG ELECTRIC CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com