Source tracing method of same source code

A technology of source code and open source code, applied in the direction of instrument, program/content distribution protection, platform integrity maintenance, etc., can solve problems such as long retrieval time and inability to solve project inclusion relationship, so as to improve detection speed and accurately open source projects Accurate effect with version and vulnerability detection

Pending Publication Date: 2022-01-28
苏州棱镜七彩信息科技有限公司
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, because the existing technology is a full-scale fingerprint database, every time a file is matched, the bottom layer must perform a full-text search. If the project is large, the search time will be too long
At the same time, this technology has no way to solve the problem of project inclusion relationship (for example: there are multiple modules in the spark program, through the above file detection, multiple projects such as spark-core, sparkStreaming, spark, etc. will be obtained, but the real detection result should be only spark)

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Source tracing method of same source code

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] The specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. The following examples are used to illustrate the present invention, but are not intended to limit the scope of the present invention.

[0035] Such as figure 1 The traceability method of homologous code, is characterized in that comprising the following steps:

[0036] Step 1: Establish a standardized vulnerability knowledge base through crawlers, obtain open source codes that meet the specifications, and store the open source code results after preprocessing. Specifically, the process employed includes the following steps:

[0037] a. Crawl open source codes that meet specifications in source code hosting platforms and communities through web crawlers. The source code hosting platforms and communities include github, gitee, and linux, and the specifications include determining star ratings and branch nu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a source tracing method of a same source code, which comprises the following steps of: establishing a standardized vulnerability knowledge base in a crawler mode, obtaining open source codes meeting specifications, preprocessing open source code results, and storing the preprocessed open source code results; constructing a Neo4j graph database; and carrying out business processing. Therefore, the detection speed can be improved based on the graph library association relationship between the content hash value of the source code and the directory hash value. The problem of full detection of collision between binary files and files is solved, and the speed is increased by more than 10 times, so that engine support is further provided for open source software supply chain security detection. Through multi-dimensional clustering, whether a certain module or a subclass of the module is adopted can be distinguished according to a calculated result score, and the problem that a detection result of a supply chain is inaccurate due to an inclusion relation between open source project modules is solved. More accurate open source items and versions can be provided, so that vulnerability detection in the security industry of the software industry is more accurate.

Description

technical field [0001] The present invention relates to a source tracing method, in particular to a source tracing method of homologous codes. Background technique [0002] With the popularization of the Internet and the rapid development of software, security vulnerabilities are also constantly emerging, resulting in vulnerability information and intelligence agencies, such as Snyk, NVD, CNVD, WhiteSource, blackDuck and other authoritative vulnerability agencies and security vendors. If there are software vulnerabilities, then for the use of the software security supply chain, we usually introduce external dependencies (such as jar packages or certain modules) when we write programs, and other people’s jar packages or modules have a lot of content, and most of them are indirect references, or even There is also a direct use of a part of an open source project for packaging. How to confirm the specific open source software we use is a difficult problem. If we can confirm the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/16G06F21/57
CPCG06F21/16G06F21/577
Inventor 石澳种衍斌易焕腾但吉兵罗峋梁大功
Owner 苏州棱镜七彩信息科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap