CN112926061B - Plug-in processing method and device - Google Patents
Plug-in processing method and device Download PDFInfo
- Publication number
- CN112926061B CN112926061B CN202110511727.6A CN202110511727A CN112926061B CN 112926061 B CN112926061 B CN 112926061B CN 202110511727 A CN202110511727 A CN 202110511727A CN 112926061 B CN112926061 B CN 112926061B
- Authority
- CN
- China
- Prior art keywords
- plug
- configuration
- data
- target
- scanning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/31—Programming languages or programming paradigms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/73—Program documentation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Library & Information Science (AREA)
- Stored Programmes (AREA)
Abstract
A plug-in processing method and device relate to the technical field of computers, and the method comprises the following steps: acquiring configuration data of a target plug-in; packaging the configuration data by using a multilayer structure representation language to obtain a plug-in description file corresponding to the target plug-in, wherein the plug-in description file is used for describing vulnerability scanning logic of the target plug-in; and sending the plug-in description file to a scanning server so that the scanning server scans vulnerabilities of a scanning object according to the plug-in description file, and generating the plug-in description file with rich description capacity by using a multilayer structure representation language so as to support a complex vulnerability scanning scene.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for processing a plug-in.
Background
A vulnerability is a flaw in the hardware, software, protocol implementation, or system security policy that may allow an attacker to access or destroy the system without authorization. Is an inadvertently left unprotected entry point to a restricted computer, component, application, or other online resource. Vulnerability scanning refers to a security detection behavior that a scanner detects the security vulnerability of a specified remote or local computer system by means of scanning and the like based on a vulnerability database and discovers an available vulnerability.
At present, when a scanner scans vulnerabilities based on a vulnerability database, the content of vulnerabilities cannot be accurately described by vulnerability detection plug-ins in the vulnerability database, so that the scanner cannot adapt to a relatively complex vulnerability scanning scene, and meanwhile, if the scanner cannot be compatible with vulnerability detection plug-ins in the vulnerability database, the scanner cannot acquire vulnerability scanning logic described by the vulnerability detection plug-ins.
Disclosure of Invention
The embodiment of the application provides a plug-in processing method and device, which can generate a plug-in description file with rich description capability by using a multilayer structure representation language to support a complex vulnerability scanning scene, and have strong compatibility.
In one aspect, an embodiment of the present application provides a plug-in processing method, where the method includes:
acquiring configuration data of a target plug-in;
packaging the configuration data by using a multilayer structure representation language to obtain a plug-in description file corresponding to the target plug-in, wherein the plug-in description file is used for describing vulnerability scanning logic of the target plug-in;
and sending the plug-in description file to a scanning server so that the scanning server performs vulnerability scanning on a scanning object according to the plug-in description file.
In another aspect, an embodiment of the present application provides a plug-in processing method, where the method includes:
acquiring an insert description file, wherein the insert description file is obtained by packaging configuration data of a target insert by using a multilayer structure representation language;
processing the plug-in description file based on a target language corresponding to a scanner to obtain an executable file of the target plug-in;
and when a scanning trigger instruction is received, calling the scanner to execute the vulnerability scanning logic indicated by the executable file on a scanning object.
In another aspect, an embodiment of the present application provides a plug-in processing apparatus, where the apparatus includes:
the acquisition module is used for acquiring the configuration data of the target plug-in;
the processing module is used for packaging the configuration data by using a multilayer structure representation language to obtain a plug-in description file corresponding to the target plug-in, and the plug-in description file is used for describing vulnerability scanning logic of the target plug-in;
and the acquisition module is used for sending the plug-in description file to a scanning server so that the scanning server performs vulnerability scanning on a scanning object according to the plug-in description file.
In another aspect, an embodiment of the present application provides a plug-in processing apparatus, where the apparatus includes:
the system comprises an acquisition module, a storage module and a display module, wherein the acquisition module is used for acquiring an insert description file, and the insert description file is obtained by packaging configuration data of a target insert by using a multilayer structure representation language;
the processing module is used for processing the plug-in description file based on a target language corresponding to the scanner to obtain an executable file of the target plug-in;
the processing module is further configured to call the scanner to execute the vulnerability scanning logic indicated by the executable file on the scanning object when the scanning trigger instruction is received.
In another aspect, an embodiment of the present application provides a computer device, where the computer device includes a processor, a communication interface, and a memory, where the processor, the communication interface, and the memory are connected to each other, where the memory stores an executable program code, and the processor is configured to call the executable program code to execute the plug-in processing method according to any one of the foregoing possible implementation manners.
In another aspect, an embodiment of the present application provides a computer-readable storage medium, which stores a computer program, where the processor executes a program related to the plug-in processing method described in any one of the foregoing possible implementation manners.
In another aspect, embodiments of the present application provide a computer program product or a computer program, which includes computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and the processor executes the computer instructions to enable the computer device to execute the plug-in processing method in any one of the possible implementation manners.
In the embodiment of the application, configuration data, input by a user at a user terminal, for a target plug-in is obtained first, then the configuration data is packaged by using a multilayer structure representation language to obtain a plug-in description file corresponding to the target plug-in, vulnerability scanning logic of the target plug-in is described by using the plug-in description file, and finally the plug-in description file is sent to a scanning server, so that the scanning server performs vulnerability scanning on a scanning object according to the plug-in description file.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic architecture diagram of a plug-in processing system according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of a plug-in processing method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of another plug-in processing method according to an embodiment of the present application;
fig. 4 is an interface schematic diagram of a basic information configuration area provided in an embodiment of the present application;
fig. 5 is a schematic interface diagram of a matching rule configuration area according to an embodiment of the present application;
fig. 6 is a schematic interface diagram of a matching rule configuration area according to an embodiment of the present application;
fig. 7 is a schematic interface diagram of a detection rule configuration area according to an embodiment of the present application;
FIG. 8 is a diagram illustrating plug-in attribute data provided in an embodiment of the present application;
fig. 9 is a schematic flowchart of another plug-in processing method according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of a card processing apparatus according to an embodiment of the present application;
FIG. 11 is a schematic structural diagram of another card processing device provided in the embodiments of the present application;
fig. 12 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Cloud technology (Cloud technology) is a generic term of network technology, information technology, integration technology, management platform technology, application technology and the like based on Cloud computing business model application, can form a resource pool, is used as required, and is flexible and convenient. Cloud computing technology will become an important support. Background services of the technical network system require a large amount of computing and storage resources, such as video websites, picture-like websites and more web portals. With the high development and application of the internet industry, each article may have its own identification mark and needs to be transmitted to a background system for logic processing, data in different levels are processed separately, and various industrial data need strong system background support and can only be realized through cloud computing.
Cloud Security (Cloud Security) refers to a generic term for Security software, hardware, users, organizations, secure Cloud platforms for Cloud-based business model applications. The cloud security integrates emerging technologies and concepts such as parallel processing, grid computing and unknown virus behavior judgment, abnormal monitoring of software behaviors in the network is achieved through a large number of meshed clients, the latest information of trojans and malicious programs in the internet is obtained and sent to the server for automatic analysis and processing, and then the virus and trojan solution is distributed to each client.
A distributed cloud storage system (hereinafter, referred to as a storage system) refers to a storage system that integrates a large number of storage devices (storage devices are also referred to as storage nodes) of different types in a network through application software or application interfaces to cooperatively work by using functions such as cluster application, grid technology, and a distributed storage file system, and provides a data storage function and a service access function to the outside.
With research and progress of cloud technology, research and application of the cloud technology are developed in multiple fields, and the plug-in processing method in the embodiment of the application relates to technologies such as cloud security and cloud storage in the cloud technology, and is specifically described by the following embodiments.
In order to better understand the plug-in processing method and device provided in the embodiment of the present application, a framework of a plug-in processing system applicable to the embodiment of the present application is described below. Referring to fig. 1, fig. 1 is a schematic diagram illustrating an architecture of a plug-in processing system according to an embodiment of the present disclosure. As shown in fig. 1, the plug-in processing system may include a user terminal 101, a configuration server 102, a scan server 103, and a scan object 104, and the user terminal 101, the configuration server 102, the scan server 103, and the scan object 104 may be connected to each other through a network, such as a wireless network. The number of the user terminal 101, the configuration server 102, the scan server 103, and the scan object 104 may be one or more, which is not limited in this application. Wherein the scanner may be in the form of a program installed on the scanning server 103 to provide vulnerability scanning.
The user terminal 101 may be a smart tv, a handheld device (e.g., a smartphone, a tablet computer) with a wireless communication function, a computing device (e.g., a Personal Computer (PC), an in-vehicle device, a wearable device, or other smart device), and the like, but is not limited thereto.
The configuration server 102 and the scan server 103 may be independent physical servers, may also be a server cluster or a distributed system formed by a plurality of physical servers, and may also be cloud servers providing basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, Network services, cloud communication, middleware services, domain name services, security services, Content Delivery Networks (CDNs), big data and artificial intelligence platforms, and the like.
The scan object 104 may be a web service, an operating system, and an application running on the operating system (e.g., Apache, Nginx, MySQL), or a web service, among others.
In one embodiment, the scanner may also run on a user terminal or other computer device. In other words, the scanning server 103 may also be a user terminal or other computer device in which the scanner is installed, and the user terminal or other computer device in which the scanner is installed may be used as the scanning server 103 to provide vulnerability scanning.
In an embodiment, after a user inputs configuration data of a target plugin on a plugin configuration interface on a user terminal 101, the configuration data may be sent to a configuration server 102, the configuration server 102 encapsulates the configuration data using a multi-layer structure representation language to obtain a plugin description file corresponding to the target plugin, further, the configuration server 102 may send the plugin description file to a scanning server 103, a scanner is installed on the scanning server 103, the scanner may perform vulnerability scanning on a scanned Object 104 using vulnerability scanning logic indicated by the plugin description file, and compared with a method of writing vulnerability detection plugins using a JS Object profile (JSON) language or a programming language identical to a scanner framework itself, the vulnerability detection plugins may be unable to accurately describe vulnerability content and have poor compatibility, and the present application may have a powerful expression capability based on the multi-layer structure representation language, the configuration data is packaged by utilizing the multilayer structure representation language to generate the plug-in description file with rich description capability, so that vulnerability scanning logic is more accurately described, a complex vulnerability scanning scene is supported, and meanwhile, because the multilayer structure representation language is a general language, the plug-in description file generated based on the multilayer structure representation language is a file which can be analyzed by a scanner, the problem of language compatibility of the scanner can be solved, and the universality is high.
In one embodiment, the configuration server 102 and the scan server 103 may be nodes on a blockchain, and the configuration data and the plug-in description file may be stored on the blockchain.
It should be understood that the architecture diagram of the system described in the embodiment of the present application is for more clearly illustrating the technical solution of the embodiment of the present application, and does not constitute a limitation to the technical solution provided in the embodiment of the present application, and as a person having ordinary skill in the art knows that along with the evolution of the system architecture and the appearance of a new service scenario, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.
Referring to fig. 2, fig. 2 provides a flowchart of a plug-in processing method, which is described by taking the method as an example applied to the configuration server 102 in fig. 1, and includes the following steps:
s201, obtaining configuration data of the target plug-in.
The target plug-in is a vulnerability detection plug-in used by the scanner for vulnerability detection. The configuration data is obtained by inputting the vulnerability described by the target plug-in on a plug-in configuration interface of the user terminal by a user, and comprises one or more of basic information, matching rules and detection rules of the plug-in.
In one embodiment, the basic information includes: one or more of a plug-in number, a plug-in name, a plug-in principal, a plug-in description, a risk level, a plug-in repair document, and a plug-in status; the matching rules include: one or more of the object to be detected, the matching content corresponding to the object to be detected and the matching mode; the detection rule comprises the following steps: the method comprises one or more of rule numbering, attack vectors to be added, regular expressions for vulnerability matching, detection path depth, the number of Uniform Resource Locator (URL) encoding times of the attack vectors to be added, the relationship between the attack vectors to be added and parameters in a user request, and positions to be detected.
S202, packaging the configuration data by using a multilayer structure representation language to obtain an plugin description file corresponding to the target plugin, wherein the plugin description file is used for describing vulnerability scanning logic of the target plugin.
The plug-in data structure is created according to a plurality of configuration fields included in plug-in attribute data, and the plug-in attribute data is data which is determined based on characteristics of a plurality of types of vulnerabilities and can describe general characteristics during vulnerability scanning.
Specifically, after the configuration server obtains the configuration data, the field data included in the configuration data is encapsulated by using a plug-in data structure established by a multilayer structure representation language, so that a plug-in description file corresponding to the target plug-in is obtained.
The multi-layer structure representation language may be a data serialization representation (YAML ain't markup language, YAML) language. YAML is a markup language with powerful expression capability, which has the following advantages: may represent a hierarchical relationship of the configuration; comments can be added, and development and use of the target plug-in are facilitated; double quotation marks are not needed for input configuration data, so that special characters do not need to be transferred; rich data structures, such as arrays, objects, etc., can be represented; and the indentation is used for replacing redundant symbols, so that better readability is realized, and the cooperative expansion is facilitated.
S203, sending the plug-in description file to a scanning server so that the scanning server can perform vulnerability scanning on a scanning object according to the plug-in description file.
Specifically, the plug-in description file describes vulnerability scanning logic of the target plug-in, the configuration server sends the plug-in description file to the scanning server, the scanning server can construct a test request according to the vulnerability scanning logic described by the plug-in description file, and response information aiming at the test request is obtained by sending the test request to the scanning object, so that whether a vulnerability exists in the scanning object can be judged by using the response information. For example, when a code corresponding to a Cross Site Scripting (XSS) attack exists in the constructed test request, the returned response information also contains the code corresponding to the XSS attack, and when it is detected that the response information contains the code corresponding to the XSS attack, it can be determined that an XSS vulnerability exists in the scanned object.
The XSS attack is to inject malicious instruction codes into a webpage by using a vulnerability left during webpage development and by a smart method, so that a user loads and executes a webpage program maliciously manufactured by an attacker.
According to the method, the configuration data, input by a user at a user terminal, for the target plug-in are obtained, the configuration data are packaged by the aid of the multilayer structure representation language to obtain the plug-in description file corresponding to the target plug-in, vulnerability scanning logic of the target plug-in is described by the aid of the plug-in description file, the plug-in description file is sent to the scanning server, and accordingly the scanning server scans vulnerabilities of a scanning object according to the plug-in description file.
Referring to fig. 3, fig. 3 provides a flowchart of another plug-in processing method, which is described by taking the method as an example applied to the configuration server 102 in fig. 1, and includes the following steps:
s301, responding to a plug-in creating instruction sent by a user terminal, and sending page data of a plug-in configuration interface to the user terminal so that the user terminal can display the plug-in configuration interface according to the page data.
The plug-in configuration interface comprises one or more of a basic information configuration area, a matching rule configuration area and a detection rule configuration area. The page data is data which is generated by abstracting the characteristics of various types of bugs, extracting the attribute data of the plug-in and then utilizing the attribute data of the plug-in and is used for displaying the configuration interface of the plug-in. The plug-in attribute data comprises one or more of basic information, matching rules and detection rules.
In an embodiment, a plug-in configuration interface may be generated based on one or more of the basic information, the matching rule, and the detection rule, for example, a basic information configuration area, a matching rule configuration area, and a detection rule configuration area are respectively created by using the basic information, the matching rule, and the detection rule, and when the plug-in configuration interface includes multiple ones of the basic information configuration area, the matching rule configuration area, and the detection rule configuration area, the multiple ones of the basic information configuration area, the matching rule configuration area, and the detection rule configuration area may be on the same main display interface or different sub-display interfaces, which is not limited in this application.
In one embodiment, the basic information configuration field in the basic information includes: the plug-in management system comprises one or more of a plug-in number, a plug-in name, a plug-in person responsible, a plug-in description, a risk level, a plug-in repair document and a plug-in state, wherein the plug-in name comprises a plug-in English name and a plug-in Chinese name. The basic information arrangement area generated based on the basic information is shown in fig. 4. The format and function of the basic information configuration field are shown in table 1 below:
TABLE 1
Basic information configuration field | Configuration format&Function of |
Plug-in numbering | Proposed as 6-digit, unique identification of plug-ins |
English name of plug-in | The suggestion is composed of English + number + underline |
Plug-in Chinese name | Without special format requirements |
Plug-in person in charge | Person writing plug-ins |
Plug-in description | Describing the vulnerability name, type, etc. that the plug-in is responsible for detecting |
Risk rating | High risk, medium risk and low risk, risk grade of loophole corresponding to target plug-in |
Repairing document links | Fixing document linking relating to bug fixes |
Plug-in status | The status of the current target card, here classified into three levels, TEST (TEST), RUNNING, StopPED |
In one embodiment, the matching rule configuration field in the matching rule includes one or more sub-configuration fields. The sub-configuration fields of the matching rule include: the object to be detected, the matching content corresponding to the object to be detected and the matching mode. The number of the objects to be detected may be one or more, which is not limited in the present application. As shown in fig. 5, a matching rule configuration area generated based on a matching rule is displayed. The format and role of this sub-configuration field is shown in table 2 below:
TABLE 2
Sub-configuration fields of matching rules | Configuration format&Function of |
Object to be detected | A string of characters, e.g. defining a web server type |
Matching content corresponding to object to be detected | Determining content to be matched when detecting an object |
Matching mode | Equality, prefix match, suffix match and regular expression |
In one possible embodiment, two matching rules may be established for the matching rule configuration area, one is an allowed rule: when the matching content corresponding to the object to be detected is matched, detecting the object to be detected; the other is a rejection rule: and when the matching content corresponding to the object to be detected is not matched, not detecting the object to be detected. For these two matching rules, a matching rule configuration area as shown in fig. 6 may be established.
In one embodiment, the detection rule configuration field in the detection rule includes one or more sub-configuration fields, the sub-configuration fields of the detection rule including: the method comprises the steps of rule numbering, attack vectors to be added, a regular expression for vulnerability matching, detection path depth, URL (uniform resource locator) encoding times of the attack vectors to be added, the relation between the attack vectors to be added and parameters in a user request and the position to be detected. The detection rule configuration area created based on the detection rule is shown in fig. 7. The format and role of this sub-configuration field is shown in table 3 below:
TABLE 3
Detecting a sub-configuration field of a rule | Configuration format&Function of |
Rule numbering | 4 digit as unique number of plug-in rule information |
Attack vector to be added | The attack vector is a code expression of the vulnerability and is used for generating the test request |
Regular expression for vulnerability matching | Matching with the response information to detect whether the loophole exists or not |
Probing path depth | 1 number indicating the depth of the path to be detected, ranging from 1 to 15 |
URL encoding of attack vectors to be added Number of times | Uncoded, once coded and twice coded |
Attack vector and user request to be added Relation of parameters in | The attack vector to be added is before, after or replacing a parameter in the user request |
Position to be detected | GET parameter, POST parameter, URI truncation detection, Cookie parameter, refer parameter, URI insertion detection, Host parameter, User-Agent parameter, X- Forwarded-For parameter, file name, and file name in from-data form |
The browser cache (Cookie) parameter refers to an identifier which is allocated by the server and used for identifying the user identity, and includes a SessionID and the like. User-Agent (User-Agent) parameters are parameters of a User Agent, a client browser, an operating system and the like. Uniform Resource Identifier (URI) parameters may include, but are not limited to: 1) a module ID; 2) a formal domain name; 3) testing the domain name; 4) the URI corresponds to a file name and a path; 5) container name/node name; 6) a request mode; 7) -obtaining (GET) parameters; 8) sending (POST) parameters; 9) other parameters; 10) URI to file message digest algorithm; 11) and (4) collecting time. The URI truncation detection refers to a parameter at the truncation, and the URI insertion detection refers to a parameter at the insertion. The Host (Host) parameter is a parameter corresponding to the Host and the port. A reference (Referer) parameter is used to indicate the source of the client requesting the current resource. The X-Forwarded-For parameter is used to identify the HTTP request header field of the most primitive Internet Protocol (IP) address of a client connected to a World Wide Web (Web) server through a Hypertext Transfer Protocol (HTTP) proxy or load balancing.
In one embodiment, before sending the page data to the user terminal, the method further comprises the following steps:
(1) determining plug-in attribute data based on the characteristics of the multiple types of vulnerabilities, wherein the plug-in attribute data comprises one or more of basic information, matching rules and detection rules.
Specifically, by analyzing the Common vulnerability and Common Vulnerabilities and Exposure (CVE) Vulnerabilities of the OWASP TOP10, a feature Common to vulnerability scanning may be determined, as shown in fig. 8, based on which the plug-in attribute data may include the following information: one or more of a plug-in number, matching rules, plug-in english name, plug-in chinese name, plug-in description, plug-in principal, plug-in status, risk level, repair link, and detection rules. By further analyzing the plug-in attribute data, the plug-in attribute data can be divided into three major categories: basic information, matching rules and detection rules. Determining the basic information described in the plug-in attribute information as follows: the method comprises the following steps of (1) plug-in number, plug-in English name, plug-in Chinese name, plug-in responsible person, plug-in description, risk level, plug-in repair document and plug-in state; there are two types of matching rules: the permission rule and the rejection rule are used for describing the matching rule and comprise the following components: the object to be detected, the matching content corresponding to the object to be detected and the matching mode; for describing the detection rules are: rule number, attack vector to be added, regular expression for vulnerability matching, detection path depth, and other custom fields (URL encoding times of the attack vector to be added, relationship between the attack vector to be added and parameters in the user request, and position to be detected).
In one embodiment, basic information, matching rules and detection rules can be simultaneously included in the plug-in attribute data, so that the target plug-in can contain more vulnerability characteristics and has richer vulnerability scanning logic.
(2) And generating page data of a plug-in configuration interface by using the plug-in attribute data, wherein the plug-in configuration interface is used for inputting configuration data.
Specifically, information included in the plug-in attribute data is taken as an attribute tag, and an input box is created for the attribute tag so that the user can input configuration data of the target plug-in the input box.
In one embodiment, generating page data of the plugin configuration interface by utilizing the plugin attribute data comprises the following steps:
(1) and respectively taking one or more of basic information, matching rules and detection rules included in the plug-in attribute data as plug-in attribute tags of the webpage.
(2) And correspondingly adding an input box label according to the position of each plug-in attribute label.
(3) And generating page data of the plug-in configuration interface according to the plug-in attribute tags of the webpage and the corresponding input box tags.
Specifically, the page data of the plug-in configuration interface is generated by taking one or more of the basic information, the matching rule and the detection rule as a plug-in attribute tag of the webpage and establishing a corresponding input box tag after the plug-in attribute tag. The creating of the plug-in attribute tag and the input box tag may be described through an HTML language, taking the creating of the plug-in number as an example, defining the plug-in number (leak _ id) as label, and then defining a corresponding input box tag for the plug-in number, for example, as input type, where the specific implementation code is as follows:
<label for ="leak_id" class = "el-form-item_label" style ="width: 150px">
::before
"plug-in numbering"
</label>
<div class = "el-form-item_label" style ="margin-left: 150px">
::before
<div data-v-496e5610 class="el_input">
< input type = "text" automatic = "off" placement = "please input card number, 6 digit number" class = "el _ input __ inner" > = = = = $0
S302, receiving configuration data of the target plug-in sent by the user terminal, wherein the configuration data is input in the plug-in configuration interface by a user.
In an embodiment, after the user completes the configuration of the target plug-in on the plug-in configuration interface of the user terminal, the plug-in creation completion instruction may be sent to the configuration server, and the configuration server obtains the configuration data of the target plug-in, or the configuration server starts to obtain the configuration data when the user inputs on the plug-in configuration interface of the user terminal, which is not limited in the present application.
S303, generating a plug-in data structure by using the multilayer structure representation language and the plug-in attribute data, wherein the plug-in data structure comprises a plurality of configuration fields.
The plurality of configuration fields included in the plug-in data structure may be one or more of a basic information configuration field, a matching rule configuration field, and a detection rule configuration field.
Specifically, the plug-in attribute data includes one or more of a basic information configuration field, a matching rule configuration field, and a detection rule configuration field, and the plug-in data structure can be generated by representing the plug-in attribute data by using a multi-layer structure representation language.
The english names corresponding to the basic information configuration field, the matching rule configuration field and the detection rule configuration field are shown in the following table 4:
TABLE 4
Configuration field | Name of English | Configuration field | Name of English |
Plug-in numbering | leak_id | Matching content corresponding to object to be detected | match_content |
English name of plug-in | leak_name | Matching mode | match_type |
Plug-in Chinese name | leak_name_cn | Rule numbering | case_id |
Plug-in person in charge | user | Attack vector to be added | input |
Plug-in description | leak_desc | Regular expression for vulnerability matching | target |
Risk rating | risk_level | Probing path depth | depth |
Plug-in status | status | Number of URL encoding of attack vector to be added | arg_encode |
Repairing links | fix_link | Relationship of attack vector to be added and parameter in user request | arg_operate |
Object to be detected | match_target | Detecting a position | dect_pos |
Taking the example that the plug-in attribute data includes the basic information configuration field, the matching rule configuration field, and the detection rule configuration field, the plug-in data structure of the plug-in attribute data is generated by using a multi-layer structure representation language, for example, a data serialization representation YAML language, as follows:
leak_id:
leak_name:
leak_name_cn:
user:
leak_desc:
risk_level:
status:
fix_link:
attritute:
allow:
-match_target:
match_content:
match_type:
deny:{}
test_cases:
-case_id:
input:
target:
depth:
arg_encode:
arg_operate:
dect_pos:
wherein, attritute corresponds to the matching rule, test _ cases corresponds to the detection rule, and allow and deny rules related in S301 correspond to all and deny.
S304, field data corresponding to the plurality of configuration fields are obtained from the configuration data.
Specifically, after the user inputs field data at the input box tag corresponding to the plug-in attribute tag of the plug-in configuration interface, the field data input by the user may be obtained, as shown in table 5 below as an example:
TABLE 5
Configuration field | Field data | Field(s) | Field data |
Plug-in numbering | 178608 | Corresponding to the object to be detected Matching content | Resp_ header#Set- Cookie |
English name of plug-in | structs2_057_detect | Matching mode | Canonical matching |
Plug-in Chinese name | structs2_057 vulnerability | Rule numbering | 12086484455 4 |
Plug-in person in charge | Xiao Li | Attack vector to be added | $%7B23333* 23333%7D |
Plug-in description | In Struts 2.3-2.3.34 Struts 2.5-2.5.16 version, if namespace configuration in the configuration file is not available When the access action type is redirect (chain, postback), the access action type is generated according to url namespace generates a jump address location, which will perform the ognl calculation, resulting in the injection of the ognl. | Positive for vulnerability matching Then the expression | ‘$44428889’ |
Risk rating | High risk | Probing path depth | 8 |
Plug-in status | Has come online | Attack vector to be added Number of URL encoding | Once coding |
Repairing links | Updating structs to latest version | Attack vector to be added With references in user requests Relation of numbers | Before that |
Object to be detected | JSESSIONID | Detecting a position | HOST parameters |
S305, adding the field data to the corresponding position in the plug-in data structure to obtain a plug-in description file corresponding to the target plug-in.
Specifically, after field data is obtained from the plug-in configuration data, the field data corresponding to some specific configuration fields needs to be converted into english, such as risk level conversion to high _ risk, mid _ risk, low _ risk, plug-in state conversion to TEST, RUNNING, and STOPPED; and for other specific configuration fields, binary coding or decimal coding and the like are required to be converted into machine language, such as matching mode, URL (uniform resource locator) coding times of the attack vector to be added, and the relation between the attack vector to be added and parameters in the user request. Taking a matching manner as an example, for example, the matching manner includes equality, prefix matching, suffix matching and regular matching formula, the binary codes of the four matching manners are respectively 0001, 0010, 0100 and 1000, and the decimal codes corresponding to the binary codes are respectively 1, 2, 4 and 8. The specific implementation of the scanner is that the binary codes sequentially correspond to the 4 matching modes from right to left, matching is performed in the corresponding matching mode as long as 1 is set, matching is performed without using the matching mode if 0 is set, and matching is performed by using a plurality of matching modes if a plurality of 1 exist until matching is successful, for example, when the binary codes are 0011, matching is performed by using equality first, and if matching is unsuccessful, matching is performed by using prefix matching. The converted field data is shown in the following table 6, based on table 5:
TABLE 6
Configuration field | Field data | Configuration field | Field data |
Plug-in numbering | 178608 | Corresponding to the object to be detected Matching content | Resp_header# Set-Cookie |
English name of plug-in | structs2_057_detect | Matching mode | 8 |
Plug-in Chinese name | structs2_057 vulnerability | Rule numbering | 120864844554 |
Plug-in person in charge | Xiao Li | Attack vector to be added | $%7B23333* 23333%7D |
Plug-in description | In Struts 2.3-2.3.34 Struts 2.5-2.5.16 version, if namespace configuration in the configuration file is not available When the access action type is redirect (chain, postback), the access action type is generated according to url namespace generates a jump address location, which will perform the ognl calculation, resulting in the injection of the ognl. | Positive for vulnerability matching Then the expression | ‘$44428889’ |
Risk rating | high_risk | Probing path depth | 8 |
Plug-in status | RUNNING | Attacks to be added(Vector) Number of URL encoding | 2 |
Repairing links | Updating structs to latest version | Attack vector to be added With references in user requests Relation of numbers | 1 |
Object to be detected | JSESSIONID | Detecting a position | 64 |
Further, field data of a plurality of configuration fields included in table 6 are input to corresponding positions of the plug-in data structure, so as to obtain a plug-in description file corresponding to the target plug-in. The finally generated plug-in description file is as follows:
leak_id:178608
leak_name:structs2_057_detect
leak _ name _ cn structs2_057 vulnerability
user:Xiao Li
In the versions of Struts 2.3-2.3.34 Struts 2.5-2.5.16, if the namespace in the configuration file is not properly configured, when the access action type is redirection (chain, postback), a jump address location is generated according to the namespace generated by url, and the location can perform the ognl calculation, so that the ognl injection is caused.
risk_level:high_risk
status:running
Fix _ link for updating structs to latest version
attritute:
allow:
-match_target:JSESSIONID
match_content:Resp_header#Set-Cookie
match_type:8
deny:{}
test_cases:
-case_id:120864844554
input:$%7B23333*23333%7D
target:‘$44428889’
depth:8
arg_encode:2
arg_operate:1
dect_pos:64
S306, sending the plug-in description file to a scanning server so that the scanning server can perform vulnerability scanning on a scanning object according to the plug-in description file.
For specific implementation of S306, reference may be made to the related description of S203 in the foregoing embodiment, and details are not described here.
In the embodiment of the application, the method can abstract and describe multiple types of vulnerabilities to obtain plug-in attribute data, display a plug-in configuration page according to the plug-in attribute data, obtain configuration data which is input by a user on the plug-in configuration page and aims at a target plug-in, package the configuration data by using a multilayer structure representation language such as YAML language to obtain a plug-in description file corresponding to the target plug-in, and send the plug-in description file to a scanning server so that the scanning server scans vulnerabilities of a scanned object according to vulnerability scanning logic of the target plug-in described by the plug-in description file, can package the configuration data by using the multilayer structure representation language to generate a plug-in description file with rich description capacity, thereby more accurately describing vulnerability scanning logic, supporting a complex vulnerability scanning scene, and solving the problem of language compatibility of a scanner, the universality is strong.
Referring to fig. 9, fig. 9 provides a flowchart of a plug-in processing method, which is described by applying the method to the scan server 103 in fig. 1, and includes the following steps:
s901, obtaining an plugin description file, wherein the plugin description file is obtained by packaging configuration data of a target plugin by using a multilayer structure representation language.
S902, processing the plug-in description file based on a target language corresponding to the scanner to obtain an executable file of the target plug-in.
In one embodiment, after the plug-in description file generated based on the multi-layer structure representation language is obtained, the plug-in description file can be used as a general vulnerability detection plug-in to be used for vulnerability scanning of a scanner.
Specifically, for a scanner installed on the scan server, the scan server may parse a plugin scan file based on a target language of the scanner to obtain an executable file of a target plugin.
In one embodiment, the plug-in description file is analyzed to obtain configuration data of the target plug-in, and then the configuration data of the target plug-in is encapsulated by using a data structure of a target language corresponding to the scanner to obtain an executable file of the target plug-in.
Specifically, a language or a compatible language used by the scanner is used as a target language, a data structure corresponding to the target language is established based on the target language, and a plurality of field data included in the plug-in description file are input to corresponding positions of the data structure corresponding to the target language. Taking the target language corresponding to the scanner as Lua language as an example, the obtained executable file is as follows:
M.g_plugin_test_cases={
normal_scan={
{
allow={
{
match_target:JSESSIONID
match_content:Resp_header#Set-Cookie
match_type:8
}
}
leak_name:structs2_057_detect
test_cases:{
{
case_id:120864844554
input:$%7B23333*23333%7D
target:‘$44428889’
depth:8
arg_encode:2
arg_operate:1
detect_pose:64
}
}
deny={
}
plugin_id=178608
}
}
}
the plug-in data structure corresponding to the target language defines the plug-in number as plugin _ id.
In one embodiment, a plug-in description file generated based on a multi-layer structure representation language can also be used as a template file of the vulnerability for a developer of the plug-in, and the developer can develop more general plug-ins according to the content of the vulnerability described in the plug-in description file without paying attention to the development language.
And S903, when receiving a scanning trigger instruction, calling the scanner to execute the vulnerability scanning logic indicated by the executable file on a scanning object.
Specifically, the vulnerability scanner may obtain a user request sent to the scan object, process the user request through a vulnerability scan logic indicated by the executable file to obtain a test request, for example, when the vulnerability scan logic indicates that the user request is determined according to the attack vector to be added configured in the detection rule and the relationship between the attack vector to be added and the parameter in the user request, the attack vector to be added may be added to the response position in the user request to obtain the test request, and send the test request to the scan object, obtain the response information of the scan object for the test request, and then determine whether the vulnerability exists in the scan object by using the response information, if the vulnerability scan logic indicates that the vulnerability corresponding to the attack vector to be added is matched by using the expression and the response information, when the regular expression is matched with the response information, the vulnerability corresponding to the attack vector to be added in the scan object is considered to exist in the scan object, vulnerability scanning results can be generated and returned to the user terminal sending the scanning triggering instruction. If the vulnerability scanning logic indicates to perform URL coding, URL coding processing can also be performed on the attack vector to be added.
According to the method and the device, the scanning server can process the plug-in description file based on the target language corresponding to the scanner to obtain the executable file of the target plug-in, and when the scanning trigger instruction is received, the scanner is called to execute the vulnerability scanning logic indicated by the executable file on the scanning object.
As shown in fig. 10, fig. 10 is a card processing apparatus provided in an embodiment of the present application, where the apparatus 10 includes:
an obtaining module 1001, configured to obtain configuration data of a target plug-in;
a processing module 1002, configured to package the configuration data by using a multilayer structure representation language to obtain an add-in description file corresponding to the target add-in, where the add-in description file is used to describe vulnerability scanning logic of the target add-in;
a sending module 1003, configured to send the plug-in description file to a scanning server, so that the scanning server performs vulnerability scanning on a scanning object according to the plug-in description file.
In an embodiment, the obtaining module 1001 is specifically configured to:
determining plug-in attribute data based on the characteristics of multiple types of vulnerabilities, wherein the plug-in attribute data comprises one or more of basic information, matching rules and detection rules;
and generating page data of a plug-in configuration interface by using the plug-in attribute data, wherein the plug-in configuration interface is used for inputting the configuration data.
In an embodiment, the obtaining module 1001 is specifically configured to:
responding to a plug-in creating instruction sent by a user terminal, sending page data of a plug-in configuration interface to the user terminal so that the user terminal can display the plug-in configuration interface according to the page data, wherein the plug-in configuration interface comprises one or more of a basic information configuration area, a matching rule configuration area and a detection rule configuration area;
and receiving configuration data of the target plug-in sent by the user terminal, wherein the configuration data is input in the plug-in configuration interface by a user.
In an embodiment, the processing module 1002 is specifically configured to:
generating a plug-in data structure using a multi-layer structured representation language and the plug-in attribute data, the plug-in data structure comprising a plurality of configuration fields, the plurality of configuration fields comprising one or more of a basic information configuration field, a matching rule configuration field, and a detection rule configuration field;
acquiring field data corresponding to the plurality of configuration fields from the configuration data;
and adding the field data to the corresponding position in the plug-in data structure to obtain a plug-in description file corresponding to the target plug-in.
In an embodiment, the processing module 1002 is specifically configured to:
one or more of basic information, matching rules and detection rules included in the plug-in attribute data are respectively used as plug-in attribute tags of the webpage;
correspondingly adding an input box label according to the position of each plug-in attribute label;
and generating page data of the plug-in configuration interface according to the plug-in attribute tags of the webpage and the corresponding input box tags.
According to the method and the device, the configuration data, input by a user at a user terminal, for the target plug-in are obtained, the configuration data are packaged by using the multilayer structure representation language to obtain the plug-in description file corresponding to the target plug-in, the vulnerability scanning logic of the target plug-in is described by using the plug-in description file, the plug-in description file is sent to the scanning server, so that the scanning server can carry out vulnerability scanning on a scanning object according to the plug-in description file, the plug-in description file with rich description capability can be generated by using the multilayer structure representation language, therefore, the vulnerability scanning logic can be described more accurately, a complex vulnerability scanning scene is supported, the problem of language compatibility of a scanner can be solved, and the universality is strong.
As shown in fig. 11, fig. 11 is another plug-in processing device provided in the embodiment of the present application, where the device 11 includes:
an obtaining module 1101, configured to obtain a plug-in description file, where the plug-in description file is obtained by encapsulating configuration data of a target plug-in by using a multilayer structure representation language;
a processing module 1102, configured to process the plug-in description file based on a target language corresponding to the scanner, so as to obtain an executable file of the target plug-in;
the processing module 1102 is further configured to invoke the scanner to execute, on a scan object, the vulnerability scanning logic indicated by the executable file when the scan trigger instruction is received.
In an embodiment, the processing module 1102 is specifically configured to:
analyzing the plug-in description file to obtain configuration data of the target plug-in;
and packaging the configuration data of the target plug-in by using a data structure of a target language corresponding to the scanner to obtain an executable file of the target plug-in.
According to the method and the device, the scanning server can process the plug-in description file based on the target language corresponding to the scanner to obtain the executable file of the target plug-in, and when the scanning trigger instruction is received, the scanner is called to execute the vulnerability scanning logic indicated by the executable file on the scanning object.
As shown in fig. 12, fig. 12 is a schematic structural diagram of a computer device provided in an embodiment of the present application, where the computer device 12 may correspond to the configuration server 102 in fig. 1, and the computer device 12 includes: one or more processors 1201, memory 1202, and a communication interface 1203. The processor 1201, the memory 1202, and the communication interface 1203 may be connected by a bus 1204 or other means, and the embodiment of the present application is exemplified by being connected by the bus 1204.
The processor 1201 (or CPU) is a computing core and a control core of the computer device 12, and can analyze various instructions in the computer device 12 and process various data of the computer device 12, for example: the CPU may be configured to analyze a power on/off instruction sent by the user to the computer device 12, and control the computer device 12 to perform a power on/off operation; the following steps are repeated: the CPU may transmit various types of interactive data between internal structures of the computer device 12, and so on. The communication interface 1203 may optionally include a standard wired interface, a wireless interface (e.g., Wi-Fi, mobile communication interface, etc.), controlled by the processor 1201 for transceiving data. Memory 1202 (Memory) is a Memory device in computer device 12 for storing programs and data. It is understood that the memory 1202 may comprise both the built-in memory of the computer device 12 and, of course, the expansion memory supported by the computer device 12. Memory 1202 provides storage space that stores an operating system for computer device 12, which may include, but is not limited to: windows system, Linux system, etc., which are not limited in this application.
In an embodiment, the processor 1201 is specifically configured to:
acquiring configuration data of a target plug-in;
packaging the configuration data by using a multilayer structure representation language to obtain a plug-in description file corresponding to the target plug-in, wherein the plug-in description file is used for describing vulnerability scanning logic of the target plug-in;
and sending the plug-in description file to a scanning server so that the scanning server performs vulnerability scanning on a scanning object according to the plug-in description file.
In an embodiment, the processor 1201 is specifically configured to:
responding to a plug-in creating instruction sent by a user terminal, sending page data of a plug-in configuration interface to the user terminal so that the user terminal can display the plug-in configuration interface according to the page data, wherein the plug-in configuration interface comprises one or more of a basic information configuration area, a matching rule configuration area and a detection rule configuration area;
and receiving configuration data of the target plug-in sent by the user terminal, wherein the configuration data is input in the plug-in configuration interface by a user.
In an embodiment, the processor 1201 is specifically configured to:
determining plug-in attribute data based on the characteristics of multiple types of vulnerabilities, wherein the plug-in attribute data comprises one or more of basic information, matching rules and detection rules;
and generating page data of a plug-in configuration interface by using the plug-in attribute data, wherein the plug-in configuration interface is used for inputting the configuration data.
In an embodiment, the processor 1201 is specifically configured to:
generating a plug-in data structure using a multi-layer structured representation language and the plug-in attribute data, the plug-in data structure comprising a plurality of configuration fields, the plurality of configuration fields comprising one or more of a basic information configuration field, a matching rule configuration field, and a detection rule configuration field;
acquiring field data corresponding to the plurality of configuration fields from the configuration data;
and adding the field data to the corresponding position in the plug-in data structure to obtain a plug-in description file corresponding to the target plug-in.
In an embodiment, the processor 1201 is specifically configured to:
respectively taking the basic information, the matching rule and the detection rule included in the plug-in attribute data as one or more kinds of plug-in attribute tags of the webpage;
correspondingly adding an input box label according to the position of each plug-in attribute label;
and generating page data of the plug-in configuration interface according to the plug-in attribute tags of the webpage and the corresponding input box tags.
According to the method and the device, the configuration data, input by a user at a user terminal, for the target plug-in are obtained, the configuration data are packaged by using the multilayer structure representation language to obtain the plug-in description file corresponding to the target plug-in, the vulnerability scanning logic of the target plug-in is described by using the plug-in description file, the plug-in description file is sent to the scanning server, so that the scanning server can carry out vulnerability scanning on a scanning object according to the plug-in description file, the plug-in description file with rich description capability can be generated by using the multilayer structure representation language, therefore, the vulnerability scanning logic can be described more accurately, a complex vulnerability scanning scene is supported, the problem of language compatibility of a scanner can be solved, and the universality is strong.
In a possible embodiment, the computer device 12 described in this embodiment of the present application may correspond to the scanning server 103 in fig. 1, and the processor 1201, the memory 1202, and the communication interface 1203 included in the computer device 12 may be configured to implement the plug-in processing method in the foregoing method embodiment.
In an embodiment, the processor 1201 is specifically configured to:
acquiring an insert description file, wherein the insert description file is obtained by packaging configuration data of a target insert by using a multilayer structure representation language;
processing the plug-in description file based on a target language corresponding to a scanner to obtain an executable file of the target plug-in;
and when a scanning trigger instruction is received, calling the scanner to execute the vulnerability scanning logic indicated by the executable file on a scanning object.
In an embodiment, the processor 1201 is specifically configured to:
analyzing the plug-in description file to obtain configuration data of the target plug-in;
and packaging the configuration data of the target plug-in by using a data structure of a target language corresponding to the scanner to obtain an executable file of the target plug-in.
According to the method and the device, the scanning server can process the plug-in description file based on the target language corresponding to the scanner to obtain the executable file of the target plug-in, and when the scanning trigger instruction is received, the scanner is called to execute the vulnerability scanning logic indicated by the executable file on the scanning object.
It will be understood by those skilled in the art that all or part of the processes in the methods of the above embodiments may be implemented by a computer program, which may be stored in a computer readable storage medium, and when executed, may include the processes of the above embodiments of the plug-in processing method. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like. One or more embodiments of the present application also provide a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The computer instructions are read by a processor of a computer device from a computer-readable storage medium, and the computer instructions are executed by the processor to cause the computer device to perform the steps performed in the embodiments of the methods described above.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the claims. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (8)
1. A method for plug-in processing, the method comprising:
determining general characteristics during vulnerability scanning based on multiple types of vulnerabilities, and determining plugin attribute data corresponding to the multiple types of vulnerabilities based on the general characteristics, wherein the plugin attribute data comprises basic information, matching rules and detection rules, and the matching rules comprise an object to be detected, matching contents corresponding to the object to be detected and a matching mode;
respectively taking the basic information, the matching rules and the detection rules included in the plugin attribute data as plugin attribute tags of a webpage, correspondingly adding an input frame tag according to the position of each plugin attribute tag, and generating page data of a plugin configuration interface according to the plugin attribute tags of the webpage and the corresponding input frame tags, wherein the page data is used for displaying the plugin configuration interface, and the plugin configuration interface comprises a basic information configuration area, a matching rule configuration area and a detection rule configuration area;
acquiring configuration data of a target plug-in input through the plug-in configuration interface;
packaging the configuration data by using a multilayer structure representation language to obtain a plug-in description file corresponding to the target plug-in, wherein the plug-in description file is used for describing vulnerability scanning logic of the target plug-in;
and sending the plug-in description file to a scanning server so that the scanning server performs vulnerability scanning on a scanning object according to the plug-in description file.
2. The method of claim 1, wherein obtaining configuration data for a target plug-in comprises:
responding to a plug-in creating instruction sent by a user terminal, and sending page data of a plug-in configuration interface to the user terminal so that the user terminal can display the plug-in configuration interface according to the page data;
and receiving configuration data of the target plug-in sent by the user terminal, wherein the configuration data is input in the plug-in configuration interface by a user.
3. The method according to claim 1 or 2, wherein the encapsulating the configuration data by using a multi-layer structure representation language to obtain an add-in description file corresponding to the target add-in comprises:
generating a plug-in data structure using a multi-layer structured representation language and the plug-in attribute data, the plug-in data structure comprising a plurality of configuration fields, the plurality of configuration fields comprising one or more of a basic information configuration field, a matching rule configuration field, and a detection rule configuration field;
acquiring field data corresponding to the plurality of configuration fields from the configuration data;
and adding the field data to the corresponding position in the plug-in data structure to obtain a plug-in description file corresponding to the target plug-in.
4. The method of claim 3, wherein the matching rule configuration field comprises one or more sub-configuration fields, and wherein the detection rule configuration field comprises one or more sub-configuration fields.
5. A method for plug-in processing, the method comprising:
obtaining a plug-in description file, wherein the plug-in description file is obtained by packaging configuration data of a target plug-in by using a multilayer structure representation language, the configuration data of the target plug-in is input through a plug-in configuration interface generated based on plug-in attribute data, and the plug-in attribute data is determined based on general characteristics of various types of vulnerabilities during vulnerability scanning;
analyzing the plug-in description file to obtain configuration data of the target plug-in;
inputting a plurality of field data included in the configuration data of the target plug-in into corresponding positions of a data structure corresponding to a target language by using the data structure of the target language corresponding to a scanner to obtain an executable file of the target plug-in;
when a scanning trigger instruction is received, calling the scanner to process a user request through the vulnerability scanning logic indicated by the executable file to obtain a test request, and sending the test request to a scanning object;
and acquiring response information of the scanning object to the test request, and determining whether the scanning object has a bug or not by using the response information.
6. A card handling apparatus, the apparatus comprising:
the system comprises an acquisition module, a detection module and a processing module, wherein the acquisition module is used for determining universal characteristics during vulnerability scanning based on various types of vulnerabilities and determining plugin attribute data corresponding to the various types of vulnerabilities based on the universal characteristics, the plugin attribute data comprises basic information, matching rules and detection rules, and the matching rules comprise an object to be detected, matching contents corresponding to the object to be detected and a matching mode;
the acquisition module is further used for respectively taking the basic information, the matching rules and the detection rules which are included in the plug-in attribute data as plug-in attribute tags of a webpage, correspondingly adding an input frame tag according to the position of each plug-in attribute tag, and generating page data of a plug-in configuration interface according to the plug-in attribute tags of the webpage and the corresponding input frame tags, wherein the page data is used for displaying the plug-in configuration interface, and the plug-in configuration interface comprises a basic information configuration area, a matching rule configuration area and a detection rule configuration area;
the acquisition module is also used for acquiring the configuration data of the target plug-in input through the plug-in configuration interface;
the processing module is used for packaging the configuration data by using a multilayer structure representation language to obtain a plug-in description file corresponding to the target plug-in, and the plug-in description file is used for describing vulnerability scanning logic of the target plug-in;
and the sending module is used for sending the plug-in description file to a scanning server so that the scanning server performs vulnerability scanning on a scanning object according to the plug-in description file.
7. A card handling apparatus, the apparatus comprising:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a plug-in description file, the plug-in description file is obtained by packaging configuration data of a target plug-in by using a multilayer structure representation language, the configuration data of the target plug-in is input through a plug-in configuration interface generated based on plug-in attribute data, and the plug-in attribute data is determined based on the general characteristics of various types of vulnerabilities during vulnerability scanning;
the processing module is also used for analyzing the plug-in description file to obtain the configuration data of the target plug-in;
the processing module is further configured to input, by using a data structure of a target language corresponding to the scanner, a plurality of field data included in the configuration data of the target plug-in to corresponding positions of the data structure corresponding to the target language, so as to obtain an executable file of the target plug-in;
the processing module is further used for calling the scanner to process a user request through the vulnerability scanning logic indicated by the executable file to obtain a test request and sending the test request to a scanning object when a scanning trigger instruction is received;
and acquiring response information of the scanning object to the test request, and determining whether the scanning object has a bug or not by using the response information.
8. A computer-readable storage medium, in which a computer program is stored, which, when executed by a processor, implements the plug-in processing method according to any one of claims 1 to 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110511727.6A CN112926061B (en) | 2021-05-11 | 2021-05-11 | Plug-in processing method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110511727.6A CN112926061B (en) | 2021-05-11 | 2021-05-11 | Plug-in processing method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112926061A CN112926061A (en) | 2021-06-08 |
CN112926061B true CN112926061B (en) | 2021-08-06 |
Family
ID=76174831
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110511727.6A Active CN112926061B (en) | 2021-05-11 | 2021-05-11 | Plug-in processing method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112926061B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113312631A (en) * | 2021-06-11 | 2021-08-27 | 杭州安恒信息安全技术有限公司 | Vulnerability detection method and related device |
CN115529146B (en) * | 2021-06-25 | 2024-10-29 | 中国移动通信集团设计院有限公司 | Network security vulnerability processing system and method |
CN113672934A (en) * | 2021-08-09 | 2021-11-19 | 中汽创智科技有限公司 | Security vulnerability scanning system and method, terminal and storage medium |
CN116611077A (en) * | 2023-07-20 | 2023-08-18 | 北京升鑫网络科技有限公司 | Virtual patch protection method and system based on host network packet capturing and analyzing |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106657159A (en) * | 2017-02-27 | 2017-05-10 | 杭州迪普科技股份有限公司 | Security strategy generating method and device |
CN107273748B (en) * | 2017-05-23 | 2020-12-11 | 成都联宇云安科技有限公司 | Method for realizing android system vulnerability detection based on vulnerability poc |
CN109428878B (en) * | 2017-09-01 | 2021-11-23 | 阿里巴巴集团控股有限公司 | Vulnerability detection method, detection device and detection system |
CN108537042A (en) * | 2018-04-04 | 2018-09-14 | 上海有云信息技术有限公司 | Self-defined plug-in unit generation method, device, equipment and storage medium |
CN110263542A (en) * | 2019-05-10 | 2019-09-20 | 西安交大捷普网络科技有限公司 | A kind of vulnerability scanning method and system based on plug-in part technology |
CN111291384B (en) * | 2020-04-28 | 2020-09-08 | 杭州海康威视数字技术股份有限公司 | Vulnerability scanning method and device and electronic equipment |
-
2021
- 2021-05-11 CN CN202110511727.6A patent/CN112926061B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN112926061A (en) | 2021-06-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112926061B (en) | Plug-in processing method and device | |
US11050778B2 (en) | Complex application attack quantification, testing, detection and prevention | |
US9544318B2 (en) | HTML security gateway | |
CN111400722B (en) | Method, apparatus, computer device and storage medium for scanning small program | |
US10325097B2 (en) | Static detection of context-sensitive cross-site scripting vulnerabilities | |
CN102833258B (en) | Network address access method and system | |
CN108494762A (en) | Web access method, device and computer readable storage medium, terminal | |
CN110704816B (en) | Interface cracking recognition method, device, equipment and storage medium | |
CN111625837B (en) | Method, device and server for identifying system loopholes | |
CN113660250B (en) | Defense method, device and system based on WEB application firewall and electronic device | |
CN107547524A (en) | A kind of page detection method, device and equipment | |
CN111835777A (en) | Abnormal flow detection method, device, equipment and medium | |
JP2018041442A (en) | System and method for detecting web page abnormal element | |
CN114091031A (en) | Class loading protection method and device based on white rule | |
CN110598419B (en) | Block chain client vulnerability mining method, device, equipment and storage medium | |
CN114282204A (en) | Method, device, equipment and medium for determining user access micro application authority | |
US11568130B1 (en) | Discovering contextualized placeholder variables in template code | |
CN113312633A (en) | Website vulnerability scanning method, device, equipment and storage medium | |
CN115221525A (en) | Vulnerability scanning method, device, equipment and storage medium | |
CN116361793A (en) | Code detection method, device, electronic equipment and storage medium | |
CN117675238A (en) | Data access method, device, electronic equipment and storage medium | |
CN115913589A (en) | WAF detection method, device and storage medium | |
Gupta et al. | POND: polishing the execution of nested context-familiar runtime dynamic parsing and sanitisation of XSS worms on online edge servers of fog computing | |
CN113300915A (en) | Device identification method, system, electronic apparatus, and storage medium | |
CN110209959B (en) | Information processing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40047321 Country of ref document: HK |