Method for detecting security of Java open source component
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A security detection and component technology, applied in the field of network security to achieve the effect of improving security
Inactive Publication Date: 2020-12-22
SICHUAN CHANGHONG ELECTRIC CO LTD
View PDF7 Cites 3 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0004] The purpose of the present invention is to provide a method for security detection of Java open source componen...
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment
[0028] combined with figure 1 As shown, a method for security detection of Java open source components includes:
[0029] Step S100: use Maven to build a private warehouse, mark the security risk level of the open source components stored in the private warehouse, and store them as the first open source component;
[0030] Step S200: Upload the system project file, and analyze the system project file by configuring the maven dependency package information extraction plug-in in the maven project pom file to obtain a list of second open source components that the project file depends on; the step S200 specifically includes:
[0031] Step S210: the configuration administrator establishes a baseline for the maven code project file to be detected;
[0032] Step S220: The developer extracts the source code corresponding to the baseline version from the source code library on site;
[0033] Step S230: The developer compiles the source code project file, and downloads the dependency...
Embodiment 2
[0059] Furthermore, the security risk level in the step S100 is marked with three dimensions, and the three dimensions are authorization verification, virus Trojan horse detection and security vulnerability detection;
[0060] The method for the authorization (License) verification is: obtain the authorization information of the open source component, and carry out security risk classification according to the authorization information;
[0061] Risks are categorized as follows:
[0062] MIT-Low Risk-The developer of the program retains the original author's license information in the modified source code;
[0063] Apache1.0-medium risk-open source components and open source software adopt the Apache1.0 license, and the developer does not retain the original author's license information in the modified source code;
[0064]Apache2.0-low risk-open source components and open source software adopt the Apache2.0 license, and the developer does not retain the original author's lic...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention discloses a method for detecting security of a Java open source component, which comprises the following steps: establishing a private warehouse by using Maven, marking security risk levels for open source components stored in the private warehouse, and storing the open source components as first open source components; uploading a system engineering file, configuring a maven dependency package information extraction plug-in in a maven engineering pom file to analyze the system engineering file, and obtaining a list of second open source components on which the engineering file depends; finding third open source components corresponding to the second open source components from the first open source assemblies, comparing the second open source components with the third open source components, and generating a safety report. According to the method, an open source component library is defined, the open source components are subjected to security labeling through the four security dimensions, the open source components quoted by the uploaded system engineering file are detected, the open source components with security risks are found, and the security of the system engineering file is improved.
Description
technical field [0001] The invention relates to the technical field of network security, in particular to a method for security detection of Java open source components. Background technique [0002] With the continuous deepening of social informatization, computer software systems are becoming more and more complex, software functions are becoming more and more complex, and source codes are becoming larger and larger, making it difficult to guarantee the correctness of programs. A large number of defects introduced in the software development process are one of the important reasons for software vulnerabilities. System attackers can easily bypass software security certification with the help of software security holes, attack and invade information systems, obtain illegal system user rights, and perform a series of illegal operations and malicious attacks. [0003] In the tide of the Internet, more and more Internet companies are gradually increasing their efforts in softw...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.