CN113392001A - Automatic code checking system and method - Google Patents
Automatic code checking system and method Download PDFInfo
- Publication number
- CN113392001A CN113392001A CN202110655054.1A CN202110655054A CN113392001A CN 113392001 A CN113392001 A CN 113392001A CN 202110655054 A CN202110655054 A CN 202110655054A CN 113392001 A CN113392001 A CN 113392001A
- Authority
- CN
- China
- Prior art keywords
- script
- receiving
- developer
- module
- program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention provides a code automatic examination system and a method, wherein the system comprises: the script uploading module is used for receiving a script newly uploaded by a developer after receiving the uploading request; running the newly uploaded script; the parameter setting module is used for setting a file type and a problem type corresponding to the newly uploaded script; the same-problem type script screening module is used for screening out scripts with the same problem types as the newly uploaded scripts; the same-problem type script execution module is used for executing the screened scripts with the same problem type and generating an operation evaluation result; the same-problem type script execution result analysis module is used for setting the state of the newly uploaded script as normal when the running evaluation result shows that the newly uploaded script is not found to have problems, and otherwise, setting the newly uploaded script as repeated; and the script running subsystem is used for executing the program related to the newly uploaded script. The invention can automatically check the code based on the visual angle of the developer, and has high accuracy and efficiency.
Description
Technical Field
The invention relates to the technical field of computer code automatic examination, in particular to a code automatic examination system and a code automatic examination method.
Background
The current common static code analysis tool in the market mainly focuses on the technical safety problem or part of function parameters which are easy to use wrongly. The bank system has strict requirements on production problems because accounting is involved, and the workload of daily manual code checking work is very heavy. There is a need for a static code analysis system that is as helpful to developers as possible.
Currently, more products are concentrated on:
the first, for example, Fortify by MicroFocus, addresses security holes in codebases, easily integrated with popular CI/CD tools. They focus on known security vulnerabilities and the presence of malware or compromised files that may be problematic. The tool has the most threatening unauthorized security hole for banks, and the current discovery capability is insufficient. And meanwhile, the static code analysis capability of the business production problem is not provided.
Second, some code analysis tools can configure code audit rules by themselves, and although users can configure code audit rules by themselves, they can rely only on administrator's mode, and as a result, developers who are most familiar with code rules and rules have insufficient participation. The common situation is that the analysis time of developers is wasted and complaints of the developers are caused because the false alarm rate is high.
Third, there are some techniques for code analysis by artificial intelligence technology, which cannot achieve the same effect as artificial code inspection due to the limitations of the artificial intelligence technology.
The contradiction between the above products and the requirements of bank applications is concentrated on: the analysis capability of business production problems cannot be met, the analysis and discovery capability of safety problems under a specific scene cannot be met, and the capability of various business problem discovery is simplified by not fully utilizing the characteristic that developers are most familiar with the application.
Disclosure of Invention
The embodiment of the invention provides an automatic code examination system, which is used for automatically examining codes based on the visual angle of developers, and has high accuracy and high efficiency, and the system comprises:
a user login platform subsystem, a script evaluation subsystem and a script running subsystem, wherein,
the user login platform subsystem comprises a script uploading module and a parameter setting module, wherein,
the script uploading module is used for receiving a script newly uploaded by a developer and storing the script in a database after receiving the uploading request; running the newly uploaded script, and sending a script updating notice to the script evaluation subsystem when the running result is that the script is normal;
the parameter setting module is used for setting a file type and a problem type corresponding to the newly uploaded script;
the script evaluation subsystem comprises a same-problem type script screening module, a same-problem type script execution module and a same-problem type script execution result analysis module, wherein,
the same-problem type script screening module is used for searching the database when receiving a script updating notice and screening out scripts with the same problem types as the newly uploaded scripts;
the same-problem type script execution module is used for executing the screened scripts with the same problem type, generating an operation evaluation result and storing the operation evaluation result in a database;
the same-problem script execution result analysis module is used for setting the state of the newly uploaded script to be normal when the running evaluation result shows that the newly uploaded script is not found to have problems, and otherwise, setting the state of the newly uploaded script to be repeated; sending a normal script updating notice to the script running subsystem;
and the script running subsystem is used for executing the program related to the newly uploaded script after receiving the normal script updating notification.
The embodiment of the invention provides an automatic code examination method, which is used for automatically examining codes based on the visual angle of developers, and has high accuracy and high efficiency, and the method comprises the following steps:
after receiving an uploading request, receiving a script newly uploaded by a developer and storing the script into a database;
setting a file type and a problem type corresponding to the newly uploaded script;
running the newly uploaded script, searching the database when the running result is that the script is normal, and screening out the script with the same problem type as the newly uploaded script;
executing the screened scripts with the same problem types, generating an operation evaluation result and storing the operation evaluation result in a database;
setting the state of the newly uploaded script as normal when the running evaluation result shows that the newly uploaded script is not found to have problems, otherwise, setting the state of the newly uploaded script as repeated;
and executing the program related to the newly uploaded script.
The embodiment of the invention also provides computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the code automatic examination method when executing the computer program.
The embodiment of the invention also provides a computer readable storage medium, and the computer readable storage medium stores a computer program for executing the code automatic examination method.
In the embodiment of the invention, the user login platform subsystem, the script evaluation subsystem and the script operation subsystem, wherein the user login platform subsystem comprises a script uploading module and a parameter setting module, and the script uploading module is used for receiving a script newly uploaded by a developer and storing the script in a database after receiving an uploading request; running the newly uploaded script, and sending a script updating notice to the script evaluation subsystem when the running result is that the script is normal; the parameter setting module is used for setting a file type and a problem type corresponding to the newly uploaded script; the script evaluation subsystem comprises a same-problem type script screening module, a same-problem type script execution module and a same-problem type script execution result analysis module, wherein the same-problem type script screening module is used for searching a database and screening out scripts with the same problem types as the newly uploaded scripts when receiving a script updating notification; the same-problem type script execution module is used for executing the screened scripts with the same problem type, generating an operation evaluation result and storing the operation evaluation result in a database; the same-problem script execution result analysis module is used for setting the state of the newly uploaded script to be normal when the running evaluation result shows that the newly uploaded script is not found to have problems, and otherwise, setting the state of the newly uploaded script to be repeated; sending a normal script updating notice to the script running subsystem; and the script running subsystem is used for executing the program related to the newly uploaded script after receiving the normal script updating notification. In the process, the functions of the same-problem type script screening module, the same-problem type script executing module and the same-problem type script executing result analyzing module can solve the problem finding capability deficiency of the current static code auditing tool for the production problem of complex logic; in addition, the automatic examination step is adopted, the efficiency is high, the errors caused by manual operation are reduced, and the accuracy is high.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. In the drawings:
FIG. 1 is a schematic diagram of an automated code audit system in accordance with an embodiment of the present invention;
FIG. 2 is a diagram illustrating an internal structure of an automatic code audit system according to an embodiment of the present invention;
FIG. 3 is an internal structural diagram of a user login platform subsystem in an embodiment of the present invention;
FIG. 4 is an internal structural diagram of a system background management subsystem according to an embodiment of the present invention;
FIG. 5 is an internal block diagram of a script execution subsystem in an embodiment of the present invention;
FIG. 6 is an internal block diagram of a script execution subsystem in an embodiment of the present invention;
FIG. 7 is a detailed flowchart of automatic code review based on developer perspective in an embodiment of the present invention;
FIG. 8 is a flowchart of an automatic code review method according to an embodiment of the present invention;
FIG. 9 is a diagram of a computer device in an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
In the description of the present specification, the terms "comprising," "including," "having," "containing," and the like are used in an open-ended fashion, i.e., to mean including, but not limited to. Reference to the description of the terms "one embodiment," "a particular embodiment," "some embodiments," "for example," etc., means that a particular feature, structure, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. The sequence of steps involved in the embodiments is for illustrative purposes to illustrate the implementation of the present application, and the sequence of steps is not limited and can be adjusted as needed.
Fig. 1 is a schematic diagram of an automatic code review system according to an embodiment of the present invention, and as shown in fig. 1, the system includes: a user login platform subsystem 1, a script evaluation subsystem 4 and a script running subsystem 3, wherein,
the user login platform subsystem 1 comprises a script uploading module 16 and a parameter setting module 15, wherein,
the script uploading module 16 is used for receiving a script newly uploaded by a developer and storing the script into a database after receiving the uploading request; running the newly uploaded script, and sending a script updating notice to the script evaluation subsystem when the running result is that the script is normal;
the parameter setting module 15 is used for setting a file type and a problem type corresponding to the newly uploaded script;
the script evaluation subsystem 4 includes a same-question type script screening module 41, a same-question type script execution module 42, and a same-question type script execution result analysis module 43, wherein,
the same-problem type script screening module 41 is used for searching the database when receiving a script updating notification, and screening out scripts having the same problem type as the newly uploaded scripts;
the same-problem type script execution module 42 is used for executing the screened scripts with the same problem type, generating an operation evaluation result and storing the operation evaluation result in a database;
the same-problem script execution result analysis module 43 is configured to set the state of the newly uploaded script to be normal when the running evaluation result shows that no problem exists in the newly uploaded script, and otherwise, set the state of the newly uploaded script to be repeated; sending a normal script updating notice to the script running subsystem;
and the script running subsystem 3 is used for executing the program related to the newly uploaded script after receiving the normal script updating notification.
In the embodiment of the invention, the functions of the same-problem type script screening module, the same-problem type script executing module and the same-problem type script executing result analyzing module can solve the problem finding capability deficiency of the current static code auditing tool for the production problem of complex logic; in addition, the automatic examination step is adopted, the efficiency is high, the errors caused by manual operation are reduced, and the accuracy is high.
Fig. 2 is an internal structural diagram of an automatic code review system according to an embodiment of the present invention, which interacts with a database based on a developer's perspective.
Fig. 3 is an internal structure diagram of a user login platform subsystem in an embodiment of the present invention, and in an embodiment, the user login platform subsystem further includes:
a first display module 12 for: after receiving a code display instruction, reading and displaying codes submitted by developers from a database; after a problem list display instruction is received, reading a problem list corresponding to a code submitted by a developer from a database and displaying the problem list; receiving confirmation information or false alarm information of the problems in the problem list, which is input by a developer;
a second display module 13 for: after receiving a script display instruction, reading the state of a script corresponding to a code submitted by a user, the number of problems, the number of confirmed problems of a developer and the number of false-positive problems fed back by the developer from a database and displaying the states and the number of the problems; after receiving a script optimization instruction, receiving an optimized script submitted by a developer; receiving a complaint request submitted by a developer, and forwarding the complaint request to a system background management subsystem, wherein the complaint request is submitted by the developer for a script with a repeated script state.
In the above embodiment, the state of the script is provided by the last execution result of the script execution subsystem 3. Each code file corresponds to a record, and a user can click to see a question list related to the code file. A get button is arranged behind each question, and after clicking, a selection box can pop up, and confirmation or false alarm can be selected.
The script state specifically comprises normal, repeated and operation failure, wherein in the examination and the complaint, the complaint is successful and the complaint is failed, and for the script with the normal state, the script is in the normal state. And after each script, an optimization button can be clicked, and the system is subjected to a script optimization instruction.
Fig. 4 is an internal structure diagram of a system background management subsystem in an embodiment of the present invention, and in an embodiment, the system further includes a system background management subsystem 2, where the system background management subsystem 2 includes:
a file type definition maintenance module 22 for receiving the file type defined by the administrator according to the description of the developer;
a problem type definition maintenance module 23, configured to receive a problem type defined by an administrator according to the description of the developer;
and the complaint script processing module 24 is configured to receive, according to the complaint request submitted by the developer, an update of a state of a script corresponding to the complaint request by the administrator.
In the above embodiment, when the parameter setting module of the user login platform subsystem sets the file type, if the selected file type is "other", the developer is required to fill in the five-dimensional attribute of the file type, a record is displayed in the module, and the administrator can see the record by clicking, and then the administrator can define the file type in the file type definition maintenance module 22 according to the five-dimensional attribute of the file type filled in by the developer, i.e., select and name a new named file type (which is convenient for the subsequent scripts to be uniformly classified), and set the script to belong to the type, or classify the script into a known type. The five-dimensional attributes include a frame, a file name, a file role, a position, remarks and the like according to the file, for example, a mybase frame is a file which is easy to have SQL injection vulnerability problem, and the specific attribute is (mybase —. mapper.
When the parameter setting module of the user login platform subsystem sets the problem type, if the selected problem type is 'other', a developer is required to fill in specific description information, a record is displayed on the module and can be seen by clicking, and an administrator can define the problem type in the problem type definition maintenance module 23 or set the problem type as the existing problem type.
The developer generally submits the complaint request aiming at the script with the repeated state, at this time, the complaint script processing module can see that the manager can check the reason, the script and the like in the complaint request, and the manager updates the state of the script corresponding to the complaint request, including the success of complaint or the failure of complaint.
In one embodiment, the user login platform subsystem further comprises: the user login module 11 is used for verifying the identity of the user after receiving a user login request;
the system background management subsystem further comprises: and the administrator login module 22 is used for verifying the identity of the administrator after receiving the administrator login request.
The identity authentication requires user names and passwords, and the user names and the passwords of developers and administrators can be stored in a database.
In one embodiment, the user login platform subsystem further comprises: the script auxiliary jar package downloading module 14 is configured to send a downloaded script auxiliary jar package to a developer after receiving a script downloading request, where the script auxiliary jar package is used to assist the developer in writing a script;
the system background management subsystem further comprises: and the maintenance script auxiliary jar package module 25 is used for receiving the uploaded script auxiliary jar package.
In conclusion, the user login platform subsystem is mainly responsible for interaction with developers and provides functions of uploading and displaying scripts, and the system background management subsystem 2 is mainly used for classifying the scripts; the script running subsystem 3 mainly implements the execution of the script and counts the problems found by the execution; the script evaluation subsystem 4 is mainly responsible for evaluating the running effect of the script and recording the evaluation result into the database.
Fig. 5 is an internal structure diagram of a script execution subsystem in an embodiment of the present invention, and fig. 6 is an internal structure diagram of a script execution subsystem in an embodiment of the present invention, where the script execution subsystem includes a filter module 31, a filter script module 32, a script execution module 33, and a script execution result 34 analysis module, where,
the screening program module 31 is used for screening out program lists related to the full amount of program libraries according to the file types of the newly uploaded scripts after receiving the normal script updating notification, and storing the program lists in the database;
a screening script module 32, configured to store a script associated with a file type in a script list according to the file type of the script related in the screened program list;
the script execution module 33 is configured to read a script list in the database, and transmit a script in the script list to a script execution program deployed on the program code library server; executing the script execution program;
and the script execution result analysis module 34 is used for collecting the operation result of the script execution program on the program code library server and storing the operation result in the database.
In one embodiment, the script execution module 33 is further configured to: before executing the script execution program, when the script file needs to compare the interface change of the application, the interface information related to the interface change of the application is read from the application database.
In the embodiment, the BS mode is adopted, so that after a developer logs in the system, the execution result of the script corresponding to the code submitted by the developer and the report missing rate and the report false situation of the script submitted by the developer can be visually seen on the home page. Meanwhile, in the system, an auxiliary jar package for writing a script by a user can be downloaded. And the writing work of the script can be simplified by using some functions in the jar packet.
Fig. 7 is a detailed flowchart of automatic code review based on the developer's perspective in the embodiment of the present invention, as shown in fig. 7, including:
step 701: the developer logs in.
Step 702: the developer downloads the auxiliary jar package for scripting.
Step 703: and acquiring a script newly uploaded by a developer.
Step 704: and setting the file type and the problem type of the newly uploaded script.
Step 705: and running the newly uploaded script, searching the database when the running result is that the script is normal, and screening out the script with the same problem type as the newly uploaded script.
Step 706: and executing the screened scripts with the same problem types, generating an operation evaluation result and storing the operation evaluation result into a database.
Step 707: and when the running evaluation result shows that the newly uploaded script has no problem, setting the state of the newly uploaded script as normal, otherwise, setting the state of the newly uploaded script as repeated.
Step 708: and screening out a program list related in the full amount of program library according to the file type of the newly uploaded script, and storing the program list in the database.
Step 709: and storing the script related to the file type into a script list according to the file type of the script related to the screened program list.
Step 710: reading a script list in a database, and transmitting a script in the script list to a script execution program deployed on a program code library server; and executing the script execution program.
Step 711: and collecting the running result of the script execution program on the program code library server and storing the running result in the database.
Step 712: the status of the script is displayed at the developer interface.
Step 713: and checking the submitted codes and the problem list, clicking the problem acquisition, and selecting the misinformation information or the confirmation information.
Step 714: reading the state of a script corresponding to a code submitted by a user, the number of problems, the number of confirmed problems of a developer and the number of false-reported problems fed back by the developer from a database and displaying the states and the number of the problems; and a complaint request is made for the script with the repeated script state, and the script complaint can be processed by an administrator and can be set to be normal.
The above is explained from the perspective of the developer, and there may be other more detailed steps, and in addition, the steps may be arranged from the perspective of the administrator, which is not described herein again.
In summary, the system provided by the embodiment of the present invention has the following beneficial effects:
1. the problem of insufficient capability of the conventional static code auditing tool for finding problems in the production problem of complex logic can be solved; in addition, the automatic examination step is adopted, the efficiency is high, the errors caused by manual operation are reduced, and the accuracy is high.
2. The problem finding by one person is automatically realized, all development teams have the capability of finding the problem, and the possibility of repeatedly making mistakes only by relying on the specifications because other developers are not familiar with the specifications is avoided.
3. The familiarity of each team, everyone, with various architectures is reflected to a certain extent. Embodies the value of a senior programmer and extends this value.
4. The ability of the system to discover production problems grows as the developer grows in his or her own abilities.
The embodiment of the invention also provides an automatic code checking method, the principle of which is similar to that of an automatic code checking system, and the details are not repeated here.
Fig. 8 is a flowchart of an automatic code review method in an embodiment of the present invention, and as shown in fig. 8, the method includes:
In an embodiment, the method further comprises:
after receiving a code display instruction, reading and displaying codes submitted by developers from a database;
after a problem list display instruction is received, reading a problem list corresponding to a code submitted by a developer from a database and displaying the problem list;
receiving confirmation information or false alarm information of the problems in the problem list, which is input by a developer;
after receiving a script display instruction, reading the state of a script corresponding to a code submitted by a user, the number of problems, the number of confirmed problems of a developer and the number of false-alarm problems fed back by the developer from a database; after receiving a script optimization instruction, receiving an optimized script submitted by a developer;
and receiving a complaint request submitted by a developer, wherein the complaint request is submitted by the developer to a script with a repeated script state.
In an embodiment, the method further comprises:
receiving a file type defined by an administrator according to the description of the developer;
receiving a problem type defined by an administrator according to the description of the developer;
and receiving the update of the state of the script corresponding to the complaint request by the administrator according to the complaint request submitted by the developer.
In one embodiment, before executing the script execution program, the method further includes:
after receiving a user login request, verifying the identity of the user;
and after receiving the administrator login request, verifying the identity of the administrator.
In an embodiment, the method further comprises:
after receiving a script downloading request, sending a downloaded script auxiliary jar package to a developer, wherein the script auxiliary jar package is used for assisting the developer to write a script;
and receiving the uploaded script assisted jar package.
In one embodiment, executing the program to which the newly uploaded script relates includes:
after receiving a normal script updating notice, screening out a program list related in a full program library according to the file type of a newly uploaded script, and storing the program list in a database;
storing the script related to the file type into a script list according to the file type of the script related to the screened program list;
reading a script list in a database, and transmitting a script in the script list to a script execution program deployed on a program code library server; executing the script execution program;
and collecting the running result of the script execution program on the program code library server and storing the running result in the database.
In one embodiment, before executing the script execution program, the method further includes:
when the script file needs to compare the interface change of the application, the interface information related to the interface change of the application is read from the application database.
In summary, the method provided by the embodiment of the invention has the following beneficial effects:
1. the problem of insufficient capability of the conventional static code auditing tool for finding problems in the production problem of complex logic can be solved; in addition, the automatic examination step is adopted, the efficiency is high, the errors caused by manual operation are reduced, and the accuracy is high.
2. The problem finding by one person is automatically realized, all development teams have the capability of finding the problem, and the possibility of repeatedly making mistakes only by relying on the specifications because other developers are not familiar with the specifications is avoided.
3. The familiarity of each team, everyone, with various architectures is reflected to a certain extent. Embodies the value of a senior programmer and extends this value.
4. The ability of the system to discover production problems grows as the developer grows in his or her own abilities.
An embodiment of the present application further provides a computer device, and fig. 9 is a schematic diagram of a computer device in an embodiment of the present invention, where the computer device is capable of implementing all steps in the automatic code review in the foregoing embodiment, and the computer device specifically includes the following contents:
a processor (processor)901, a memory (memory)902, a communication Interface (Communications Interface)903, and a communication bus 904;
the processor 901, the memory 902 and the communication interface 903 complete mutual communication through the communication bus 904; the communication interface 903 is used for realizing information transmission among related devices such as server-side devices, detection devices, user-side devices and the like;
the processor 901 is configured to call the computer program in the memory 902, and when the processor executes the computer program, the processor implements all the steps in the automatic code review in the above embodiments.
Embodiments of the present application also provide a computer-readable storage medium, which can implement all steps in the automatic code review in the above embodiments, and the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the computer program implements all steps in the automatic code review in the above embodiments.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (16)
1. An automatic code examination system is characterized by comprising a user login platform subsystem, a script evaluation subsystem and a script running subsystem, wherein,
the user login platform subsystem comprises a script uploading module and a parameter setting module, wherein,
the script uploading module is used for receiving a script newly uploaded by a developer and storing the script in a database after receiving the uploading request; running the newly uploaded script, and sending a script updating notice to the script evaluation subsystem when the running result is that the script is normal;
the parameter setting module is used for setting a file type and a problem type corresponding to the newly uploaded script;
the script evaluation subsystem comprises a same-problem type script screening module, a same-problem type script execution module and a same-problem type script execution result analysis module, wherein,
the same-problem type script screening module is used for searching the database when receiving a script updating notice and screening out scripts with the same problem types as the newly uploaded scripts;
the same-problem type script execution module is used for executing the screened scripts with the same problem type, generating an operation evaluation result and storing the operation evaluation result in a database;
the same-problem script execution result analysis module is used for setting the state of the newly uploaded script to be normal when the running evaluation result shows that the newly uploaded script is not found to have problems, and otherwise, setting the state of the newly uploaded script to be repeated; sending a normal script updating notice to the script running subsystem;
and the script running subsystem is used for executing the program related to the newly uploaded script after receiving the normal script updating notification.
2. The code automated audit system according to claim 1 wherein the user login platform subsystem further includes:
a first display module to: after receiving a code display instruction, reading and displaying codes submitted by developers from a database; after a problem list display instruction is received, reading a problem list corresponding to a code submitted by a developer from a database and displaying the problem list; receiving confirmation information or false alarm information of the problems in the problem list, which is input by a developer;
a second display module to: after receiving a script display instruction, reading the state of a script corresponding to a code submitted by a user, the number of problems, the number of confirmed problems of a developer and the number of false-positive problems fed back by the developer from a database and displaying the states and the number of the problems; after receiving a script optimization instruction, receiving an optimized script submitted by a developer; receiving a complaint request submitted by a developer, and forwarding the complaint request to a system background management subsystem, wherein the complaint request is submitted by the developer for a script with a repeated script state.
3. The code automated audit system according to claim 2 further including a system back-office management subsystem including:
the file type definition maintenance module is used for receiving the file type defined by the administrator according to the description of the developer;
the problem type definition maintenance module is used for receiving the problem type defined by the administrator according to the description of the developer;
and the complaint script processing module is used for receiving the update of the state of the script corresponding to the complaint request by the administrator according to the complaint request submitted by the developer.
4. The code automated audit system according to claim 3 wherein the user login platform subsystem further includes: the user login module is used for verifying the identity of the user after receiving a user login request;
the system background management subsystem further comprises: and the administrator login module is used for verifying the identity of the administrator after receiving the administrator login request.
5. The code automated audit system according to claim 3 wherein the user login platform subsystem further includes: the script auxiliary jar package downloading module is used for sending a downloaded script auxiliary jar package to a developer after receiving a script downloading request, and the script auxiliary jar package is used for assisting the developer in compiling scripts;
the system background management subsystem further comprises: and the maintenance script auxiliary jar package module is used for receiving the uploaded script auxiliary jar package.
6. The code auto-audit system according to claim 1 wherein the script execution subsystem includes a filter module, a filter script module, a script execution module, and a script execution result analysis module, wherein,
the screening program module is used for screening out program lists related to the full amount of program libraries according to the file types of the newly uploaded scripts after receiving the normal script updating notification and storing the program lists in the database;
the screening script module is used for storing the script related to the file type into a script list according to the file type of the script related to the screened program list;
the script execution module is used for reading a script list in the database and transmitting the script in the script list to a script execution program deployed on the program code library server; executing the script execution program;
and the script execution result analysis module is used for acquiring the operation result of the script execution program on the program code library server and storing the operation result into the database.
7. The code automated review system of claim 6, wherein the script execution module is further to: before executing the script execution program, when the script file needs to compare the interface change of the application, the interface information related to the interface change of the application is read from the application database.
8. An automatic code review method, comprising:
after receiving an uploading request, receiving a script newly uploaded by a developer and storing the script into a database;
setting a file type and a problem type corresponding to the newly uploaded script;
running the newly uploaded script, searching the database when the running result is that the script is normal, and screening out the script with the same problem type as the newly uploaded script;
executing the screened scripts with the same problem types, generating an operation evaluation result and storing the operation evaluation result in a database;
setting the state of the newly uploaded script as normal when the running evaluation result shows that the newly uploaded script is not found to have problems, otherwise, setting the state of the newly uploaded script as repeated;
and executing the program related to the newly uploaded script.
9. The code automated review method of claim 8, further comprising:
after receiving a code display instruction, reading and displaying codes submitted by developers from a database;
after a problem list display instruction is received, reading a problem list corresponding to a code submitted by a developer from a database and displaying the problem list;
receiving confirmation information or false alarm information of the problems in the problem list, which is input by a developer;
after receiving a script display instruction, reading the state of a script corresponding to a code submitted by a user, the number of problems, the number of confirmed problems of a developer and the number of false-alarm problems fed back by the developer from a database; after receiving a script optimization instruction, receiving an optimized script submitted by a developer;
and receiving a complaint request submitted by a developer, wherein the complaint request is submitted by the developer to a script with a repeated script state.
10. The code automated review method of claim 9, further comprising:
receiving a file type defined by an administrator according to the description of the developer;
receiving a problem type defined by an administrator according to the description of the developer;
and receiving the update of the state of the script corresponding to the complaint request by the administrator according to the complaint request submitted by the developer.
11. The code auto-audit method according to claim 10 wherein prior to executing the script execution program, further comprising:
after receiving a user login request, verifying the identity of the user;
and after receiving the administrator login request, verifying the identity of the administrator.
12. The code automated review method of claim 11, further comprising:
after receiving a script downloading request, sending a downloaded script auxiliary jar package to a developer, wherein the script auxiliary jar package is used for assisting the developer to write a script;
and receiving the uploaded script assisted jar package.
13. The code automated review method of claim 8, wherein executing the program to which the newly uploaded script relates comprises:
after receiving a normal script updating notice, screening out a program list related in a full program library according to the file type of a newly uploaded script, and storing the program list in a database;
storing the script related to the file type into a script list according to the file type of the script related to the screened program list;
reading a script list in a database, and transmitting a script in the script list to a script execution program deployed on a program code library server; executing the script execution program;
and collecting the running result of the script execution program on the program code library server and storing the running result in the database.
14. The code auto-audit method according to claim 11 wherein prior to executing the script execution program, further comprising:
when the script file needs to compare the interface change of the application, the interface information related to the interface change of the application is read from the application database.
15. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 8 to 14 when executing the computer program.
16. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program for executing the method of any one of claims 8 to 14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110655054.1A CN113392001A (en) | 2021-06-11 | 2021-06-11 | Automatic code checking system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110655054.1A CN113392001A (en) | 2021-06-11 | 2021-06-11 | Automatic code checking system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113392001A true CN113392001A (en) | 2021-09-14 |
Family
ID=77620691
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110655054.1A Pending CN113392001A (en) | 2021-06-11 | 2021-06-11 | Automatic code checking system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113392001A (en) |
-
2021
- 2021-06-11 CN CN202110655054.1A patent/CN113392001A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11785104B2 (en) | Learning from similar cloud deployments | |
| US20220004546A1 (en) | System for automatically discovering, enriching and remediating entities interacting in a computer network | |
| US20220329616A1 (en) | Using static analysis for vulnerability detection | |
| US11849000B2 (en) | Using real-time monitoring to inform static analysis | |
| US11741238B2 (en) | Dynamically generating monitoring tools for software applications | |
| US9727407B2 (en) | Log analytics for problem diagnosis | |
| US9350749B2 (en) | Application attack monitoring | |
| US9189357B2 (en) | Generating machine state verification using number of installed package objects | |
| US11894984B2 (en) | Configuring cloud deployments based on learnings obtained by monitoring other cloud deployments | |
| US8832658B2 (en) | Verification framework for business objects | |
| US20160283346A1 (en) | Methods and systems for providing feedback and suggested programming methods | |
| US11770398B1 (en) | Guided anomaly detection framework | |
| US11765249B2 (en) | Facilitating developer efficiency and application quality | |
| US20230075355A1 (en) | Monitoring a Cloud Environment | |
| US11792284B1 (en) | Using data transformations for monitoring a cloud compute environment | |
| US20220303295A1 (en) | Annotating changes in software across computing environments | |
| US20220294816A1 (en) | Ingesting event data into a data warehouse | |
| US20230319092A1 (en) | Offline Workflows In An Edge-Based Data Platform | |
| CN116155771A (en) | Network anomaly test method, device, equipment, storage medium and program | |
| CN112738138A (en) | Cloud security hosting method, device, equipment and storage medium | |
| CN112015826A (en) | Intelligent contract security detection method based on block chain and related equipment | |
| US11818156B1 (en) | Data lake-enabled security platform | |
| Belhadi et al. | White-box and black-box fuzzing for graphql apis | |
| CN113392001A (en) | Automatic code checking system and method | |
| Uytterhoeven et al. | Zabbix 4 Network Monitoring: Monitor the performance of your network devices and applications using the all-new Zabbix 4.0 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |