CN111753296B - Method and device for repairing system component bugs - Google Patents
Method and device for repairing system component bugs Download PDFInfo
- Publication number
- CN111753296B CN111753296B CN202010469992.8A CN202010469992A CN111753296B CN 111753296 B CN111753296 B CN 111753296B CN 202010469992 A CN202010469992 A CN 202010469992A CN 111753296 B CN111753296 B CN 111753296B
- Authority
- CN
- China
- Prior art keywords
- repairing
- tested
- vulnerability
- self
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 230000008439 repair process Effects 0.000 claims abstract description 33
- 230000008676 import Effects 0.000 claims description 5
- 238000009434 installation Methods 0.000 claims description 4
- 238000012550 audit Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 238000012423 maintenance Methods 0.000 description 3
- 238000012827 research and development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Virology (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a method for repairing system component bugs, which comprises the following steps: importing all the leak libraries corresponding to the types of the machines to be tested into a system leak self-repairing plug-in SVRP, and determining the leak library corresponding to the type of the machine to be tested according to the type information of the machine to be tested and the corresponding relation between the leak library and the type of the machine to be tested; an analysis module in the system vulnerability self-repairing plug-in SVRP analyzes all components of the machine to be tested in the version file according to the version file and a vulnerability library corresponding to the type of the machine to be tested; the invention also provides a device for repairing the system component bug, which effectively improves the efficiency of repairing the system component bug, reduces the online time of a product, and can match a corresponding leak library to analyze, analyze and repair more accurately according to the type information of a machine to be tested.
Description
Technical Field
The invention relates to the field of bug fixing, in particular to a method and a device for fixing system component bugs.
Background
Before products are on-line, a safety audit department is usually required to test the safety of the products, the safety audit department uses various safety audit tools to scan the product loopholes, and after the scanning is finished, a safety audit report is output.
The working process of the safety audit tool is specifically that the safety audit tool is used as a client to remotely connect a to-be-audited product, after the connection is successful, a port opened by a system and a service corresponding to the port are scanned, and a system component and a component version number installed by the product are inquired. After the information is obtained, the auditing tool compares the rule base, compares and analyzes the loopholes existing in the system components, records a loophole report and corresponding repair suggestions into the auditing report, and generates a safety auditing report after the analysis is finished.
In the prior art, a security audit tool needs to update a vulnerability library regularly, and when a research and development worker repairs vulnerabilities according to an audit report, the research and development worker needs to appoint a website to download patch packages, install the vulnerability patch packages on a system after all vulnerability patch packages are downloaded, and verify whether vulnerabilities are repaired by using the security audit tool again. The bug fixing process comprises downloading patch packages, installing and checking, the process is long in time use, manual operation is needed, the efficiency is low, the online time of products can be prolonged, the improvement of the fixing efficiency of system component bugs is not facilitated, in addition, the scheme that a corresponding bug base is determined according to the type of a machine to be detected, bug analysis and fixing are carried out is not provided in the prior art, and the accuracy and pertinence are not high enough.
Disclosure of Invention
The invention provides a system component bug repairing method and device in order to solve the problems in the prior art, effectively solves the problem of low bug repairing efficiency caused by long bug repairing process period, effectively improves the system component bug repairing efficiency, reduces the product on-line time, and can match the corresponding bug base for analysis, analysis and repair more accurately according to the type information of a machine to be tested.
The invention provides a method for repairing system component bugs in a first aspect, which comprises the following steps:
importing all the leak libraries corresponding to the types of the machines to be tested into a system leak self-repairing plug-in SVRP, establishing remote connection between the system leak self-repairing plug-in SVRP and the machines to be tested, acquiring information of the machines to be tested, generating a version file according to the information of the machines to be tested, and determining the leak libraries corresponding to the types of the machines to be tested according to the type information of the machines to be tested in the version file and the corresponding relation between the leak libraries and the types of the machines to be tested in a leak library storage file;
analyzing all components of a machine to be detected in the version file by an analyzing module in the system vulnerability self-repairing plug-in SVRP according to the version file and a vulnerability library corresponding to the type of the machine to be detected, generating an analysis result file according to an analysis result, and pushing the analysis result file to a self-repairing module in the system vulnerability self-repairing plug-in SVRP;
and a self-repairing module in the system bug self-repairing plug-in SVRP reads the version of the operating system in the version file, traverses each bug website in the analysis result file, downloads and installs a patch package corresponding to the version of the operating system, and generates a repairing result file.
Optionally, before importing the vulnerability library of the machine type to be tested into the system vulnerability self-repair plugin SVRP, the method further includes: and installing the system vulnerability self-repairing plug-in SVRP.
Optionally, the method further comprises: and the self-repairing module in the system vulnerability self-repairing plug-in SVRP pushes the analysis result file and the repairing result file to the report generating module in the system vulnerability self-repairing plug-in SVRP, and the report generating module in the system vulnerability self-repairing plug-in SVRP generates a report file according to the analysis result file and the repairing result file.
Optionally, the information of the machine to be tested includes type information of the machine to be tested, a port number of the machine to be tested, service information corresponding to the port number, component information installed on the machine to be tested, and component version information.
Optionally, the analysis result file includes a vulnerability ID, a vulnerability repair suggestion, and website information corresponding to the vulnerability.
Optionally, the leak library is updated according to the corresponding type of the machine to be tested, and the corresponding relation between the leak library and the type of the machine to be tested in the leak library storage file is updated synchronously after the leak library is updated.
The second aspect of the invention provides a device for repairing the system component bug, which comprises:
the importing and acquiring unit is used for importing all the leak libraries corresponding to the types of the machines to be tested into the system leak self-repairing plug-in SVRP, the system leak self-repairing plug-in SVRP is remotely connected with the machines to be tested to acquire information of the machines to be tested, a version file is generated according to the information of the machines to be tested, and the leak libraries corresponding to the types of the machines to be tested are determined according to the type information of the machines to be tested in the version file and the corresponding relation between the leak libraries and the types of the machines to be tested in a leak library storage file;
the analysis unit is used for analyzing all components of the machine to be detected in the version file by an analysis module in the system vulnerability self-repairing plug-in SVRP according to the version file and a vulnerability library corresponding to the type of the machine to be detected, generating an analysis result file according to an analysis result, and pushing the analysis result file to a self-repairing module in the system vulnerability self-repairing plug-in SVRP;
and the repairing unit is used for reading the operating system version in the version file by a self-repairing module in the system bug self-repairing plug-in SVRP, traversing each bug website in the analysis result file, downloading and installing a patch package corresponding to the operating system version, and generating a repairing result file.
Optionally, the method further comprises: and the installation unit is used for installing the system vulnerability self-repairing plug-in SVRP.
Optionally, the method further comprises: and the report generation module in the system vulnerability self-repairing plug-in SVRP generates a report file according to the analysis result file and the repairing result file.
Optionally, the leak library in the import and acquisition unit is updated according to the corresponding type of the machine to be tested, and the corresponding relation between the leak library and the type of the machine to be tested in the leak library storage file is updated synchronously after the leak library is updated.
The technical scheme adopted by the invention comprises the following technical effects:
1. the method effectively solves the problem of low vulnerability repair efficiency caused by long vulnerability repair process period, effectively improves the vulnerability repair efficiency of the system component, reduces the online time of the product, and can match the corresponding vulnerability library for analysis and more accurate analysis and repair according to the type information of the machine to be tested.
2. According to the technical scheme, the report generation module in the system vulnerability self-repairing plug-in SVRP generates the report file according to the analysis result file and the repairing result file, so that maintenance personnel can conveniently check and know the system vulnerability condition and the repairing condition.
3. According to the technical scheme, the analysis result file comprises the bug ID, the bug repair suggestion and the website information corresponding to the bug, so that a self-repair module in the system bug self-repair plug-in SVRP can repair each bug effectively according to the analysis result file.
4. According to the technical scheme, the vulnerability database is updated according to the corresponding type of the machine to be tested, the corresponding relation between the vulnerability database and the type of the machine to be tested in the storage file of the vulnerability database is synchronously updated after the vulnerability database is updated, the timeliness of updating the vulnerability database and the corresponding relation between the vulnerability database and the type of the machine to be tested is ensured, and the vulnerability is analyzed and repaired more accurately and more pertinently.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present invention, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without any creative effort.
FIG. 1 is a schematic flow diagram of a process according to an embodiment of the present invention;
FIG. 2 is a schematic flow diagram of a second method embodiment of the present invention;
FIG. 3 is a schematic flow diagram of a third embodiment of a method according to aspects of the present invention;
FIG. 4 is a schematic structural diagram of a fourth apparatus according to an embodiment of the present invention;
FIG. 5 is a schematic structural diagram of a fifth embodiment of the apparatus according to the present invention;
fig. 6 is a schematic structural diagram of a fifth embodiment of the apparatus according to the present invention.
Detailed Description
In order to clearly explain the technical features of the present invention, the following detailed description of the present invention is provided with reference to the accompanying drawings. The following disclosure provides many different embodiments, or examples, for implementing different features of the invention. To simplify the disclosure of the present invention, the components and arrangements of specific examples are described below. Furthermore, the present invention may repeat reference numerals and/or letters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed. It should be noted that the components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and procedures are omitted so as to not unnecessarily limit the invention.
Example one
As shown in fig. 1, the present invention provides a method for repairing a system component vulnerability, including:
s1, importing all the leak libraries corresponding to the types of the machines to be tested into a system leak self-repairing plug-in SVRP, establishing remote connection between the system leak self-repairing plug-in SVRP and the machines to be tested, acquiring information of the machines to be tested, generating a version file according to the information of the machines to be tested, and determining the leak libraries corresponding to the types of the machines to be tested according to the type information of the machines to be tested in the version file and the corresponding relation between the leak libraries and the types of the machines to be tested in the leak library storage file;
s2, analyzing all components of the machine to be detected in the version file by an analyzing module in the system vulnerability self-repairing plug-in SVRP according to the version file and a vulnerability library corresponding to the type of the machine to be detected, generating an analysis result file according to the analysis result, and pushing the analysis result file to a self-repairing module in the system vulnerability self-repairing plug-in SVRP;
and S3, reading the operating system version in the version file by a self-repairing module in the system vulnerability self-repairing plug-in SVRP, traversing each vulnerability website in the analysis result file, downloading and installing a patch package corresponding to the operating system version, and generating a repairing result file.
In step S1, all the leak libraries corresponding to all the types of machines to be tested are imported into a System vulnerability self-repair plug-in SVRP (System virtualization self repair patch plug-in), and the specific implementation manner may be implemented by a first command, where the first command specifically is: a srp import vulneravailability-library-name; the system vulnerability self-repairing plug-in SVRP and the machine to be tested can establish remote connection through IP addresses, and the specific implementation mode can be that a second command (SVRP IP run) is input at a terminal for installing the system vulnerability self-repairing plug-in SVRP; the information of the machine to be tested comprises the type information of the machine to be tested, the port number of the machine to be tested, service information corresponding to the port number, component information installed on the machine to be tested and component version information. And updating the leakage library according to the corresponding type of the machine to be tested, and synchronously updating the corresponding relation between the leakage library and the type of the machine to be tested in the storage file of the leakage library after updating the leakage library.
In step S2, an analysis Module (System virtualization self repair matching Module) in the System vulnerability self-repair plug-in SVRP analyzes all components of the machine to be tested in the version file according to the version file (ip _ system.info file) and the vulnerability library corresponding to the type of the machine to be tested, generates an analysis result file (all _ ul _ detail _ ip.srp) according to the analysis result, and pushes the analysis result file to a self-repair Module (System virtualization self repair Module) in the System vulnerability self-repair plug-in SVRP, wherein the analysis result file includes a vulnerability ID, a vulnerability repair suggestion, and website information corresponding to the vulnerability.
In step S3, a self-repair module in the SVRP reads the version of the operating system in the version file, traverses each vulnerability website in the analysis result file, downloads a patch package corresponding to the version of the operating system, installs the patch package after the downloading is completed, and generates a repair result file (repair _ detail _ ip.
It should be noted that the analysis module in the system vulnerability self-repairing plug-in SVRP, the self-repairing module in the system vulnerability self-repairing plug-in SVRP, and the like in the present invention can be implemented by software programs, and the implemented idea corresponds to the steps in this embodiment.
The method effectively solves the problem of low vulnerability repair efficiency caused by long vulnerability repair process period, effectively improves the vulnerability repair efficiency of the system component, reduces the online time of the product, and can match the corresponding vulnerability library for analysis and more accurate analysis and repair according to the type information of the machine to be tested.
According to the technical scheme, the analysis result file comprises the bug ID, the bug repair suggestion and the website information corresponding to the bug, so that the self-repair module in the system bug self-repair plug-in SVRP can repair each bug effectively according to the analysis result file.
According to the technical scheme, the vulnerability database is updated according to the corresponding type of the machine to be tested, the corresponding relation between the vulnerability database and the type of the machine to be tested in the storage file of the vulnerability database is synchronously updated after the vulnerability database is updated, the timeliness of updating the vulnerability database and the corresponding relation between the vulnerability database and the type of the machine to be tested is ensured, and the vulnerability is analyzed and repaired more accurately and more pertinently.
Example two
As shown in fig. 2, the technical solution of the present invention further provides a method for repairing a system component vulnerability, including:
s1, installing a system vulnerability self-repairing plug-in SVRP;
s2, importing all the leak libraries corresponding to the types of the machines to be tested into a system leak self-repairing plug-in SVRP, establishing remote connection between the system leak self-repairing plug-in SVRP and the machines to be tested, acquiring information of the machines to be tested, generating a version file according to the information of the machines to be tested, and determining the leak libraries corresponding to the types of the machines to be tested according to the type information of the machines to be tested in the version file and the corresponding relation between the leak libraries and the types of the machines to be tested in the leak library storage file;
s3, analyzing all components of the machine to be detected in the version file by an analyzing module in the system vulnerability self-repairing plug-in SVRP according to the version file and a vulnerability library corresponding to the type of the machine to be detected, generating an analysis result file according to the analysis result, and pushing the analysis result file to a self-repairing module in the system vulnerability self-repairing plug-in SVRP;
and S4, reading the operating system version in the version file by a self-repairing module in the system vulnerability self-repairing plug-in SVRP, traversing each vulnerability website in the analysis result file, downloading and installing a patch package corresponding to the operating system version, and generating a repairing result file.
In step S1, the system vulnerability self-repair plug-in SVRP is installed in a terminal and is run. The terminal may be a server or a PC, and the present invention is not limited herein.
EXAMPLE III
As shown in fig. 3, the technical solution of the present invention further provides a method for repairing a system component vulnerability, including:
s1, installing a system vulnerability self-repairing plug-in SVRP;
s2, importing all the leak libraries corresponding to the types of the machines to be tested into a system leak self-repairing plug-in SVRP, establishing remote connection between the system leak self-repairing plug-in SVRP and the machines to be tested, acquiring information of the machines to be tested, generating a version file according to the information of the machines to be tested, and determining the leak libraries corresponding to the types of the machines to be tested according to the type information of the machines to be tested in the version file and the corresponding relation between the leak libraries and the types of the machines to be tested in a leak library storage file;
s3, analyzing all components of the machine to be detected in the version file by an analyzing module in the system vulnerability self-repairing plug-in SVRP according to the version file and a vulnerability library corresponding to the type of the machine to be detected, generating an analysis result file according to the analysis result, and pushing the analysis result file to a self-repairing module in the system vulnerability self-repairing plug-in SVRP;
s4, reading the operating system version in the version file by a self-repairing module in the system bug self-repairing plug-in SVRP, traversing each bug website in the analysis result file, downloading and installing a patch package corresponding to the operating system version, and generating a repairing result file;
and S5, the self-repairing module in the system vulnerability self-repairing plug-in SVRP pushes the analysis result file and the repairing result file to the report generating module in the system vulnerability self-repairing plug-in SVRP, and the report generating module in the system vulnerability self-repairing plug-in SVRP generates a report file according to the analysis result file and the repairing result file.
In step S5, a report file generated by a report generation module (System virtualization self report) in the System vulnerability self-repair plug-in SVRP is composed of a vulnerability report and a repaired legacy report, and a report result is organized according to a specified format.
It should be noted that, in the present invention, all report generation modules and the like in the system vulnerability self-repair plug-in SVRP can be implemented by software programs, and the implementation concept corresponds to the steps in this embodiment.
According to the technical scheme, the report generation module in the system vulnerability self-repairing plug-in SVRP generates the report file according to the analysis result file and the repairing result file, so that maintenance personnel can conveniently check and know the system vulnerability condition and the repairing condition.
Example four
As shown in fig. 4, the present invention further provides a device for repairing a system component vulnerability, including:
the importing and acquiring unit 101 imports the leak libraries corresponding to all types of the machines to be tested into the system leak self-repairing plug-in SVRP, the system leak self-repairing plug-in SVRP establishes remote connection with the machines to be tested, acquires information of the machines to be tested, generates a version file according to the information of the machines to be tested, and determines the leak library corresponding to the types of the machines to be tested according to the type information of the machines to be tested in the version file and the corresponding relation between the leak libraries and the types of the machines to be tested in the leak library storage file;
the analysis unit 102 is used for analyzing all components of the machine to be detected in the version file by an analysis module in the system vulnerability self-repairing plug-in SVRP according to the version file and a vulnerability library corresponding to the type of the machine to be detected, generating an analysis result file according to an analysis result, and pushing the analysis result file to a self-repairing module in the system vulnerability self-repairing plug-in SVRP;
and the repairing unit 103 is used for reading the operating system version in the version file by a self-repairing module in the system bug self-repairing plug-in SVRP, traversing each bug website in the analysis result file, downloading and installing a patch package corresponding to the operating system version, and generating a repairing result file.
The information of the machine to be tested comprises the port number of the machine to be tested, service information corresponding to the port number, component information installed on the machine to be tested and component version information.
The analysis result file comprises a bug ID, a bug fixing suggestion and website information corresponding to the bug.
And updating the leakage library according to the corresponding type of the machine to be tested, and synchronously updating the corresponding relation between the leakage library and the type of the machine to be tested in the storage file of the leakage library after updating the leakage library.
The method effectively solves the problem of low vulnerability repair efficiency caused by long vulnerability repair process period, effectively improves the vulnerability repair efficiency of the system component, reduces the online time of the product, and can match the corresponding vulnerability library for analysis and more accurate analysis and repair according to the type information of the machine to be tested.
According to the technical scheme, the analysis result file comprises the bug ID, the bug repair suggestion and the website information corresponding to the bug, so that the self-repair module in the system bug self-repair plug-in SVRP can repair each bug effectively according to the analysis result file.
According to the technical scheme, the vulnerability library is updated according to the corresponding type of the machine to be tested, the corresponding relation between the vulnerability library and the type of the machine to be tested in the storage file of the vulnerability library is synchronously updated after the vulnerability library is updated, the timeliness of updating the vulnerability library and the corresponding relation between the vulnerability library and the type of the machine to be tested is ensured, and the vulnerability is analyzed and repaired more accurately and more pertinently.
EXAMPLE five
As shown in fig. 5, the present invention further provides a device for repairing a system component vulnerability, including:
the installation unit 101 is used for installing a system vulnerability self-repairing plug-in SVRP;
the importing and acquiring unit 102 imports the leak libraries corresponding to all types of the machines to be tested into the system leak self-repairing plug-in SVRP, establishes remote connection between the system leak self-repairing plug-in SVRP and the machines to be tested, acquires information of the machines to be tested, generates a version file according to the information of the machines to be tested, and determines the leak library corresponding to the types of the machines to be tested according to the type information of the machines to be tested in the version file and the corresponding relationship between the leak libraries and the types of the machines to be tested in the leak library storage file;
the analysis unit 103 is used for analyzing all components of the machine to be detected in the version file by an analysis module in the system vulnerability self-repairing plug-in SVRP according to the version file and a vulnerability library corresponding to the type of the machine to be detected, generating an analysis result file according to an analysis result, and pushing the analysis result file to a self-repairing module in the system vulnerability self-repairing plug-in SVRP;
and the repairing unit 104 reads the operating system version in the version file by a self-repairing module in the system bug self-repairing plug-in SVRP, traverses each bug website in the analysis result file, downloads and installs a patch package corresponding to the operating system version, and generates a repairing result file.
EXAMPLE six
As shown in fig. 6, the present invention further provides a device for repairing a system component vulnerability, including:
the installation unit 101 is used for installing a system vulnerability self-repairing plug-in SVRP;
the importing and acquiring unit 102 is used for importing all the leak libraries corresponding to the types of the machines to be tested into the system leak self-repairing plug-in SVRP, the system leak self-repairing plug-in SVRP is remotely connected with the machines to be tested, information of the machines to be tested is acquired, a version file is generated according to the information of the machines to be tested, and the leak libraries corresponding to the types of the machines to be tested are determined according to the type information of the machines to be tested in the version file and the corresponding relation between the leak libraries and the types of the machines to be tested in the leak library storage file;
the analysis unit 103 is used for analyzing all components of the machine to be detected in the version file by an analysis module in the system vulnerability self-repairing plug-in SVRP according to the version file and a vulnerability library corresponding to the type of the machine to be detected, generating an analysis result file according to an analysis result, and pushing the analysis result file to a self-repairing module in the system vulnerability self-repairing plug-in SVRP;
the repairing unit 104 is used for reading the operating system version in the version file by a self-repairing module in the system bug self-repairing plug-in SVRP, traversing each bug website in the analysis result file, downloading and installing a patch package corresponding to the operating system version, and generating a repairing result file;
the reporting unit 105 is configured to push the analysis result file and the repair result file to a report generation module in the system vulnerability self-repair plug-in SVRP by a self-repair module in the system vulnerability self-repair plug-in SVRP, and generate a report file by the report generation module in the system vulnerability self-repair plug-in SVRP according to the analysis result file and the repair result file.
According to the technical scheme, the report generation module in the system vulnerability self-repairing plug-in SVRP generates the report file according to the analysis result file and the repairing result file, so that maintenance personnel can conveniently check and know the system vulnerability condition and the repairing condition.
It should be noted that the system vulnerability self-repairing plugin SVRP, the parsing module in the system vulnerability self-repairing plugin SVRP, the self-repairing module in the system vulnerability self-repairing plugin SVRP, and the report generating module in the system vulnerability self-repairing plugin SVRP and the like in the present invention can all be implemented by software programs, and the implemented idea corresponds to the steps in the first to third embodiments of the present invention.
Although the embodiments of the present invention have been described with reference to the accompanying drawings, it is not intended to limit the scope of the present invention, and it should be understood by those skilled in the art that various modifications and variations can be made without inventive efforts by those skilled in the art based on the technical solution of the present invention.
Claims (8)
1. A method for repairing system component bugs is characterized by comprising the following steps:
importing all the leak libraries corresponding to the types of the machines to be tested into a system leak self-repairing plug-in SVRP, establishing remote connection between the system leak self-repairing plug-in SVRP and the machines to be tested, acquiring information of the machines to be tested, generating a version file according to the information of the machines to be tested, and determining the leak libraries corresponding to the types of the machines to be tested according to the type information of the machines to be tested in the version file and the corresponding relation between the leak libraries and the types of the machines to be tested in a leak library storage file; the information of the machine to be tested comprises the type information of the machine to be tested, the port number of the machine to be tested, service information corresponding to the port number, component information installed on the machine to be tested and component version information;
analyzing all components of a machine to be detected in the version file by an analyzing module in the system vulnerability self-repairing plug-in SVRP according to the version file and a vulnerability library corresponding to the type of the machine to be detected, generating an analysis result file according to an analysis result, and pushing the analysis result file to a self-repairing module in the system vulnerability self-repairing plug-in SVRP; the analysis result file comprises a vulnerability ID, a vulnerability repair suggestion and website information corresponding to the vulnerability;
and a self-repairing module in the system bug self-repairing plug-in SVRP reads the version of the operating system in the version file, traverses each bug website in the analysis result file, downloads and installs a patch package corresponding to the version of the operating system, and generates a repairing result file.
2. The method for repairing the system component vulnerability according to claim 1, wherein before importing the vulnerability library of the machine type to be tested into the system vulnerability self-repairing plug-in SVRP, the method further comprises:
and installing the system vulnerability self-repairing plug-in SVRP.
3. The method for repairing the vulnerability of system components according to claim 1, further comprising:
and the self-repairing module in the system vulnerability self-repairing plug-in SVRP pushes the analysis result file and the repairing result file to the report generating module in the system vulnerability self-repairing plug-in SVRP, and the report generating module in the system vulnerability self-repairing plug-in SVRP generates a report file according to the analysis result file and the repairing result file.
4. The method according to claim 1, wherein the vulnerability database is updated according to the corresponding type of the machine to be tested, and the correspondence between the vulnerability database and the type of the machine to be tested in the storage file of the vulnerability database is updated synchronously after the vulnerability database is updated.
5. A system component vulnerability repairing device is characterized by comprising:
the importing and acquiring unit is used for importing all the leak libraries corresponding to the types of the machines to be tested into the system leak self-repairing plug-in SVRP, the system leak self-repairing plug-in SVRP is remotely connected with the machines to be tested to acquire information of the machines to be tested, a version file is generated according to the information of the machines to be tested, and the leak libraries corresponding to the types of the machines to be tested are determined according to the type information of the machines to be tested in the version file and the corresponding relation between the leak libraries and the types of the machines to be tested in a leak library storage file; the information of the machine to be tested comprises the type information of the machine to be tested, the port number of the machine to be tested, service information corresponding to the port number, component information installed on the machine to be tested and component version information;
the analysis module in the system vulnerability self-repairing plug-in SVRP analyzes all components of the machine to be tested in the version file according to the version file and the vulnerability library corresponding to the type of the machine to be tested, generates an analysis result file according to the analysis result, and pushes the analysis result file to the self-repairing module in the system vulnerability self-repairing plug-in SVRP; the analysis result file comprises a vulnerability ID, a vulnerability repair suggestion and website information corresponding to the vulnerability;
and the repairing unit is used for reading the operating system version in the version file by a self-repairing module in the system bug self-repairing plug-in SVRP, traversing each bug website in the analysis result file, downloading and installing a patch package corresponding to the operating system version, and generating a repairing result file.
6. The apparatus for repairing a vulnerability of system components according to claim 5, further comprising: and the installation unit is used for installing the system vulnerability self-repairing plug-in SVRP.
7. The apparatus for repairing a vulnerability of system components according to claim 5, further comprising:
and the report generation module in the system vulnerability self-repairing plug-in SVRP generates a report file according to the analysis result file and the repairing result file.
8. The apparatus according to claim 5, wherein the vulnerability database in the import and retrieval unit is updated according to the corresponding machine type to be tested, and the correspondence between the vulnerability database and the machine type to be tested in the repository file is updated synchronously after the vulnerability database is updated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010469992.8A CN111753296B (en) | 2020-05-28 | 2020-05-28 | Method and device for repairing system component bugs |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010469992.8A CN111753296B (en) | 2020-05-28 | 2020-05-28 | Method and device for repairing system component bugs |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111753296A CN111753296A (en) | 2020-10-09 |
| CN111753296B true CN111753296B (en) | 2022-06-17 |
Family
ID=72673988
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010469992.8A Active CN111753296B (en) | 2020-05-28 | 2020-05-28 | Method and device for repairing system component bugs |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111753296B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112580060B (en) * | 2021-01-21 | 2024-06-21 | 国网新疆电力有限公司信息通信公司 | Application system data interface vulnerability hidden trouble investigation system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102710642A (en) * | 2012-06-01 | 2012-10-03 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for scanning system bug |
| CN103745158A (en) * | 2014-01-26 | 2014-04-23 | 北京奇虎科技有限公司 | Method and device for repairing system bugs |
| CN107437029A (en) * | 2017-08-23 | 2017-12-05 | 北京奇虎科技有限公司 | Leak restorative procedure, leak prosthetic device and server |
-
2020
- 2020-05-28 CN CN202010469992.8A patent/CN111753296B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102710642A (en) * | 2012-06-01 | 2012-10-03 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for scanning system bug |
| CN103745158A (en) * | 2014-01-26 | 2014-04-23 | 北京奇虎科技有限公司 | Method and device for repairing system bugs |
| CN107437029A (en) * | 2017-08-23 | 2017-12-05 | 北京奇虎科技有限公司 | Leak restorative procedure, leak prosthetic device and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111753296A (en) | 2020-10-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109977670B (en) | Android application security monitoring method based on plug-in loading and storage medium | |
| CN112241360A (en) | Test case generation method, device, equipment and storage medium | |
| CN108132876B (en) | Embedded software object code unit testing method based on injection mode | |
| CN112540924A (en) | Interface automation test method, device, equipment and storage medium | |
| CN113568839A (en) | Method, device, equipment and medium for software testing and statistical test coverage rate | |
| CN110119348B (en) | Software upgrading test method and terminal | |
| CN111753296B (en) | Method and device for repairing system component bugs | |
| CN109508204B (en) | Front-end code quality detection method and device | |
| CN114661615B (en) | FPGA software testing method and device | |
| CN113050925B (en) | Block chain intelligent contract repairing method and device | |
| CN114020645A (en) | Test method, device, equipment, readable storage medium and computer program product | |
| CN112256554B (en) | Method and equipment for testing based on scene test cases | |
| CN114036008A (en) | Equipment information detection method and device, computer equipment and storage medium | |
| CN112433947A (en) | Chaos engineering method and system based on network data | |
| CN111752823A (en) | Method, device and equipment for testing vehicle-mounted power supply application software | |
| CN111966589A (en) | Bug processing method, device and equipment based on function test | |
| CN109688013B (en) | Method and system for detecting matching between host name and SN of multi-stage cascade BOX | |
| CN113094281B (en) | Test method and device for hybrid App | |
| CN111143262A (en) | Switching device, instrument control system and instrument control method | |
| CN111078572B (en) | Automatic interaction testing method and system | |
| CN112052175A (en) | Method and device for automatically testing application program and electronic equipment | |
| CN111722996B (en) | Interactive standard compliance testing method and device | |
| US20240241810A1 (en) | System and method to measure and verify data and control coupling between software components without code instrumentation | |
| CN115277664A (en) | System for automatically distributing software | |
| US10073768B1 (en) | Smart migration/remediation engine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |