Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for detecting and repairing security vulnerability blocking point of npm ecosystem

An ecosystem and repair method technology, applied in computer security devices, software deployment, version control, etc., can solve problems such as inability to transmit downstream projects, patch version blocking, unreasonable version constraints, etc., to save inspection and locating blocking points. time, risk reduction of vulnerability issues, effectiveness of risk avoidance

Pending Publication Date: 2022-03-11
NORTHEASTERN UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] According to research, a large number of vulnerabilities introduced in current open source projects are caused by complex dependencies between upstream and downstream projects. In a dependency link, the version constraints of upstream and downstream dependencies are unreasonable, which will lead to the release of vulnerabilities. The patch version is blocked on some nodes and cannot be propagated to downstream projects

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting and repairing security vulnerability blocking point of npm ecosystem
  • Method for detecting and repairing security vulnerability blocking point of npm ecosystem

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] The specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. The following examples are used to illustrate the present invention, but are not intended to limit the scope of the present invention.

[0038] A method for detecting and repairing an npm ecosystem security vulnerability choke point, comprising the following steps:

[0039] Step 1: Obtain the information of all open source projects in the npm ecosystem by accessing the api interface of npm, read the information such as package name, version, and dependencies of each version, and write it into the npm dependency database; continuously detect and update the dependency database ;

[0040] Step 1 in this embodiment specifically includes the following steps:

[0041] Step 1.1: Traverse all npm open source project names, obtain all versions and dependency information of each project; obtain the current version ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for detecting and repairing security vulnerability blocking points of an npm ecosystem, and relates to the technical field of software security. According to the method, the blocking nodes in the vulnerability patch transmission path are found out by analyzing the dependency constraint range of each version between the packets in the dependency path, the corresponding security version range is calculated, and a reasonable and effective repair suggestion is provided. Software developers use the method to find out blocking nodes which are wide in influence range, high in vulnerability security level and low in repair cost, a large number of vulnerability blocking nodes which threaten the security of an ecological system can be solved with low repair cost, a patch version of vulnerabilities is automatically introduced under the condition that a large number of downstream projects do not need to be changed, and the security of the vulnerabilities is improved. And the risk of introducing vulnerabilities is reduced.

Description

technical field [0001] The invention relates to the technical field of software security, in particular to a method for detecting and repairing a security loophole blocking point of an npm ecosystem. Background technique [0002] In the process of software development, third-party open source projects are often used for software reuse to reduce development costs. Npm is a package management tool for JavaScript. Using npm, you can import and automatically maintain dependencies during project development. The central warehouse of npm maintains a huge number of open source projects, and many developers publish third-party software packages on npm that can be used by others. As of September 2021, npm has more than 1.7 million third-party libraries, more than 21 million versions, and more than 1.1 trillion annual downloads. However, the widespread use of npm often brings security risks, because third-party libraries often do not run independently, and they often need to directl...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06F8/65G06F8/71
CPCG06F21/577G06F8/65G06F8/71G06F2221/034
Inventor 裴林王莹于海朱志良
Owner NORTHEASTERN UNIV