[go: up one dir, main page]

CN110737464A - A method and device for static analysis of code - Google Patents

A method and device for static analysis of code Download PDF

Info

Publication number
CN110737464A
CN110737464A CN201810792456.4A CN201810792456A CN110737464A CN 110737464 A CN110737464 A CN 110737464A CN 201810792456 A CN201810792456 A CN 201810792456A CN 110737464 A CN110737464 A CN 110737464A
Authority
CN
China
Prior art keywords
code
static analysis
user
data
result data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810792456.4A
Other languages
Chinese (zh)
Inventor
袁伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201810792456.4A priority Critical patent/CN110737464A/en
Publication of CN110737464A publication Critical patent/CN110737464A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/75Structural analysis for program understanding
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • G06F8/44Encoding
    • G06F8/443Optimisation

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种代码静态分析方法、装置、电子设备、计算机可读存储介质。该方法包括:接收用户提交的代码静态分析结果数据,并进行验证分析;通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中;以及,通过区块链技术,向验证通过的用户的账户分发与其提交的代码静态分析结果数据对应的一定数量的虚拟货币。通过本技术方案,提高用户提交代码静态分析结果数据的兴趣,另外,根据用户提交的代码静态分析结果数据,得到用户对代码静态分析工具的分析反馈,有利于提供方掌握代码静态分析工具的运行情况以及分析规则的缺陷,进而有利于对代码静态分析工具的优化,通过用户对代码静态分析工具的使用体验。

The invention discloses a code static analysis method, device, electronic device and computer-readable storage medium. The method includes: receiving code static analysis result data submitted by a user, and performing verification analysis; using blockchain technology, saving the verified code static analysis result data in a designated block of the blockchain; The chain technology distributes a certain amount of virtual currency corresponding to the code static analysis result data submitted to the account of the verified user. Through the technical solution, the user's interest in submitting code static analysis result data is improved. In addition, according to the code static analysis result data submitted by the user, the user's analysis feedback on the code static analysis tool is obtained, which is beneficial for the provider to grasp the operation of the code static analysis tool. The situation and the defects of the analysis rules are beneficial to the optimization of the code static analysis tool, through the user's experience of the code static analysis tool.

Description

一种代码静态分析方法和装置A method and device for static analysis of code

技术领域technical field

本发明涉及计算机技术领域,具体涉及一种代码静态分析方法、装置、电子设备和计算机可读存储介质。The present invention relates to the field of computer technology, and in particular, to a code static analysis method, apparatus, electronic device and computer-readable storage medium.

背景技术Background technique

目前的计算机技术中,特别计算机软件的实现上,都离不开程序代码。在程序代码完成后,可以采用代码静态分析的方法,来查找代码中存在的结构性错误、安全漏洞等问题,从而保证软件的整体质量。一般情况下,用户是通过代码静态分析工具进行代码静态分析,对于代码静态分析工具提供方来说,用户使用结束后,一般不会对代码静态分析的结果以及使用该代码静态分析的情况进行反馈,这样提供方就无法掌握代码静态分析工具的运行情况以及分析规则的缺陷,不利于代码静态分析工具的优化。In the current computer technology, the realization of special computer software is inseparable from the program code. After the program code is completed, the method of static code analysis can be used to find structural errors, security loopholes and other problems in the code, so as to ensure the overall quality of the software. Under normal circumstances, users perform code static analysis through code static analysis tools. For code static analysis tool providers, after users use it, they generally do not provide feedback on the results of code static analysis and the situation of using the code static analysis. , so that the provider cannot grasp the operation of the code static analysis tool and the defects of the analysis rules, which is not conducive to the optimization of the code static analysis tool.

发明内容SUMMARY OF THE INVENTION

鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的代码静态分析方法、装置、电子设备和计算机可读存储介质。In view of the above problems, the present invention is proposed to provide a code static analysis method, apparatus, electronic device and computer readable storage medium that overcome the above problems or at least partially solve the above problems.

根据本发明的一个方面,提供了一种代码静态分析方法,其中,该方法包括:According to one aspect of the present invention, a method for static analysis of code is provided, wherein the method includes:

接收用户提交的代码静态分析结果数据,并进行验证分析;Receive the code static analysis result data submitted by the user, and perform verification analysis;

通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中;Through the blockchain technology, the data of the static analysis result of the code that has passed the verification is saved in the designated block of the blockchain;

以及,通过区块链技术,向验证通过的用户的账户分发与其提交的代码静态分析结果数据对应的一定数量的虚拟货币。And, through the blockchain technology, a certain amount of virtual currency corresponding to the code static analysis result data submitted by the verified user is distributed to the account of the verified user.

可选地,该方法进一步包括:Optionally, the method further includes:

当接收到用户的权限兑换请求时,根据接收到的权限兑换请求中的虚拟货币的指定数量,设定该用户的代码静态分析的使用权限;When receiving the user's permission exchange request, set the usage permission of the user's code static analysis according to the specified amount of virtual currency in the received permission exchange request;

或者,当接收到用户的指定货币兑换请求时,将用户的账户中的指定数量的虚拟货币,兑换成与指定数量的虚拟货币对应的一定数量的指定货币,将兑换的一定数量的指定货币记录在该用户的账户中。Or, when receiving the user's designated currency exchange request, exchange the designated amount of virtual currency in the user's account into a certain amount of designated currency corresponding to the designated amount of virtual currency, and record the exchanged certain amount of designated currency. in the user's account.

可选地,所述用户提交的代码静态分析结果数据包括如下的一种或多种:Optionally, the code static analysis result data submitted by the user includes one or more of the following:

代码样本的分析结果数据;Analysis result data of code samples;

已分析的代码样本数据;Analyzed code sample data;

用于代码静态分析的分析规则代码数据。Analysis rules code data for static analysis of code.

可选地,所述区块链的指定区块包括保存用于代码静态分析的分析规则代码的区块、保存代码样本的区块;Optionally, the designated block of the blockchain includes a block for saving analysis rule codes for static analysis of codes, and a block for saving code samples;

所述将验证通过的代码静态分析结果数据保存至区块链的指定区块中包括:The step of saving the verified code static analysis result data to the specified block of the blockchain includes:

当验证通过的代码静态分析结果数据是已分析的代码样本数据时,将该已分析的代码样本数据作为一条新的数据写入区块链的保存有代码样本的区块中;和/或,When the verified code static analysis result data is the analyzed code sample data, write the analyzed code sample data as a new piece of data into the block where the code sample is stored in the blockchain; and/or,

当验证通过的代码静态分析结果数据是用于代码静态分析的分析规则代码数据,将该用于代码静态分析的分析规则代码数据作为一条新的数据写入区块链的保存用于代码静态分析的分析规则代码的区块中。When the verified code static analysis result data is the analysis rule code data used for code static analysis, the analysis rule code data used for code static analysis is written into the blockchain as a new piece of data and saved for code static analysis in the block of the analysis rule code.

可选地,所述区块链的指定区块还包括保存当前代码静态分析的误报率和漏测率;该方法进一步包括:Optionally, the designated block of the blockchain further includes saving the false positive rate and missed detection rate of the static analysis of the current code; the method further includes:

获取所述区块链的指定区块中的代码样本增加后的新的代码静态分析的误报率和漏测率,和/或,获取使用新写入的用于代码静态分析的分析规则代码进行代码静态分析后的新的代码静态分析的误报率和漏测率;Obtain the false positive rate and missed detection rate of the new code static analysis after the code samples in the specified block of the blockchain are added, and/or obtain the newly written analysis rule code for code static analysis The false positive rate and missed detection rate of the new code static analysis after code static analysis;

将获取的新的代码静态分析的误报率和漏测率作为一条新的数据写入所述区块链的保存代码静态分析的误报率和漏测率的区块中。The acquired false positive rate and missed detection rate of the new code static analysis are written as a new piece of data into the block of the blockchain that stores the false positive rate and missed detection rate of the static code analysis.

可选地,所述接收用户提交的代码静态分析结果数据,并进行验证分析包括:Optionally, receiving the code static analysis result data submitted by the user and performing the verification analysis includes:

将用户提交的代码静态分析结果数据发送至验证人员处,以便所述验证人员验证用户提交的代码静态分析结果数据是否有效;Send the code static analysis result data submitted by the user to the verifier, so that the verifier can verify whether the code static analysis result data submitted by the user is valid;

接收所述验证人员返回的验证结果;receiving the verification result returned by the verification personnel;

当接收到的验证结果是验证通过时,再执行通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中的步骤。When the received verification result is verified, the block chain technology is used to save the static analysis result data of the verified code to the designated block of the block chain.

可选地,所述验证结果中还包括所述验证人员的权限信息;该方法进一步包括:Optionally, the verification result also includes the authority information of the verification personnel; the method further includes:

根据所述验证人员的权限信息,判断所述验证人员是否有向所述区块链的指定区块中写入数据的权限;According to the authority information of the verifier, determine whether the verifier has the authority to write data into the designated block of the blockchain;

若判断为是,且当接收到的验证结果是验证通过时,再执行通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中的步骤。If it is judged to be yes, and when the received verification result is verified, the block chain technology is used to save the static analysis result data of the verified code to the designated block of the block chain.

可选地,所述根据所述验证人员的权限信息,判断所述验证人员是否有向所述区块链的指定区块中写入数据的权限包括:Optionally, according to the authority information of the verifier, judging whether the verifier has the authority to write data to the specified block of the blockchain includes:

利用托管平台github的权限管理技术,设定验证人员的权限。Use the authority management technology of the hosting platform github to set the authority of the verifier.

根据本发明的另一方面,提供了一种代码静态分析装置,其中,该装置包括:According to another aspect of the present invention, a code static analysis device is provided, wherein the device includes:

接收单元,适于接收用户提交的代码静态分析结果数据,并进行验证分析;A receiving unit, adapted to receive the code static analysis result data submitted by the user, and perform verification analysis;

保存单元,适于通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中;The storage unit is suitable for saving the data of the static analysis result of the code that has passed the verification to the designated block of the blockchain through the blockchain technology;

分发单元,适于通过区块链技术,向验证通过的用户的账户分发与其提交的代码静态分析结果数据对应的一定数量的虚拟货币。The distribution unit is suitable for distributing a certain amount of virtual currency corresponding to the code static analysis result data submitted by the verified user's account through the blockchain technology.

可选地,该装置进一步包括:Optionally, the device further includes:

兑换单元,适于当接收到用户的权限兑换请求时,根据接收到的权限兑换请求中的虚拟货币的指定数量,设定该用户的代码静态分析的使用权限;或者,当接收到用户的指定货币兑换请求时,将用户的账户中的指定数量的虚拟货币,兑换成与指定数量的虚拟货币对应的一定数量的指定货币,将兑换的一定数量的指定货币记录在该用户的账户中。The exchange unit is adapted to, when receiving the authorization exchange request from the user, set the usage authority of the static analysis of the code of the user according to the specified amount of virtual currency in the received authorization exchange request; or, when receiving the user's specification When a currency exchange request is made, the specified amount of virtual currency in the user's account is exchanged into a certain amount of specified currency corresponding to the specified amount of virtual currency, and the exchanged specified amount of specified currency is recorded in the user's account.

可选地,所述用户提交的代码静态分析结果数据包括如下的一种或多种:Optionally, the code static analysis result data submitted by the user includes one or more of the following:

代码样本的分析结果数据;Analysis result data of code samples;

已分析的代码样本数据;Analyzed code sample data;

用于代码静态分析的分析规则代码数据。Analysis rules code data for static analysis of code.

可选地,所述区块链的指定区块包括保存用于代码静态分析的分析规则代码的区块、保存代码样本的区块;Optionally, the designated block of the blockchain includes a block for saving analysis rule codes for static analysis of codes, and a block for saving code samples;

所述保存单元,适于当验证通过的代码静态分析结果数据是已分析的代码样本数据时,将该已分析的代码样本数据作为一条新的数据写入区块链的保存有代码样本的区块中;和/或,当验证通过的代码静态分析结果数据是用于代码静态分析的分析规则代码数据,将该用于代码静态分析的分析规则代码数据作为一条新的数据写入区块链的保存用于代码静态分析的分析规则代码的区块中。The storage unit is adapted to write the analyzed code sample data as a new piece of data into the area of the blockchain where the code samples are stored when the code static analysis result data that has passed the verification is the analyzed code sample data. and/or, when the code static analysis result data that has passed the verification is the analysis rule code data used for code static analysis, the analysis rule code data used for code static analysis is written into the blockchain as a new piece of data The block that holds the analysis rule code for static analysis of the code.

可选地,所述区块链的指定区块还包括保存当前代码静态分析的误报率和漏测率;Optionally, the designated block of the blockchain also includes saving the false positive rate and missed detection rate of the static analysis of the current code;

所述保存单元,还适于获取所述区块链的指定区块中的代码样本增加后的新的代码静态分析的误报率和漏测率,和/或,获取使用新写入的用于代码静态分析的分析规则代码进行代码静态分析后的新的代码静态分析的误报率和漏测率;将获取的新的代码静态分析的误报率和漏测率作为一条新的数据写入所述区块链的保存代码静态分析的误报率和漏测率的区块中。The storage unit is further adapted to obtain the false positive rate and the missed detection rate of the new code static analysis after the code samples in the designated block of the blockchain are added, and/or obtain the newly written code. Based on the analysis rules of code static analysis, the false positive rate and missed detection rate of the new code static analysis after the code static analysis is performed; the obtained new code static analysis false positive rate and missed detection rate are written as a new piece of data into the block of the blockchain that saves the false positive rate and missed detection rate of the static analysis of the code.

可选地,Optionally,

所述接收单元,适于将用户提交的代码静态分析结果数据发送至验证人员处,以便所述验证人员验证用户提交的代码静态分析结果数据是否有效;接收所述验证人员返回的验证结果;The receiving unit is adapted to send the code static analysis result data submitted by the user to the verifier, so that the verifier can verify whether the code static analysis result data submitted by the user is valid; and receive the verification result returned by the verifier;

所述保存单元,适于当接收到的验证结果是验证通过时,再执行通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中的步骤。The storage unit is adapted to, when the received verification result is verified, and then execute the step of using the blockchain technology to save the verified code static analysis result data in the designated block of the blockchain.

可选地,所述验证结果中还包括所述验证人员的权限信息;Optionally, the verification result also includes authority information of the verification personnel;

所述保存单元,适于根据所述验证人员的权限信息,判断所述验证人员是否有向所述区块链的指定区块中写入数据的权限;若判断为是,且当接收到的验证结果是验证通过时,再执行通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中的步骤。The storage unit is adapted to judge whether the verifier has the authority to write data into the designated block of the blockchain according to the authority information of the verifier; The verification result is that when the verification is passed, the block chain technology is used to save the static analysis result data of the code that passed the verification to the designated block of the block chain.

可选地,Optionally,

所述保存单元,适于利用托管平台github的权限管理技术,设定验证人员的权限。The storage unit is suitable for setting the authority of the verification personnel by using the authority management technology of the hosting platform github.

根据本发明的又一方面,提供了一种电子设备,其中,该电子设备包括:According to yet another aspect of the present invention, an electronic device is provided, wherein the electronic device includes:

处理器;以及,processor; and,

被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行根据前述的方法。A memory arranged to store computer-executable instructions which, when executed, cause the processor to perform a method according to the foregoing.

根据本发明的再一方面,提供了一种计算机可读存储介质,其中,所述计算机可读存储介质存储一个或多个程序,所述一个或多个程序当被处理器执行时,实现前述的方法。According to yet another aspect of the present invention, there is provided a computer-readable storage medium, wherein the computer-readable storage medium stores one or more programs that, when executed by a processor, implement the foregoing Methods.

根据本发明的技术方案,接收用户提交的代码静态分析结果数据,并进行验证分析;通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中;以及,通过区块链技术,向验证通过的用户的账户分发与其提交的代码静态分析结果数据对应的一定数量的虚拟货币。通过本技术方案,因为可以获得一定数量的虚拟货币,会提高用户提交代码静态分析结果数据的兴趣,另外,根据用户提交的代码静态分析结果数据,得到用户对代码静态分析工具的分析反馈,有利于提供方掌握代码静态分析工具的运行情况以及分析规则的缺陷,进而有利于对代码静态分析工具的优化,通过用户对代码静态分析工具的使用体验。According to the technical scheme of the present invention, the code static analysis result data submitted by the user is received, and the verification analysis is performed; through the blockchain technology, the verified code static analysis result data is saved in the designated block of the blockchain; and, Through blockchain technology, a certain amount of virtual currency corresponding to the code static analysis result data submitted by the verified user is distributed to the account of the verified user. Through this technical solution, since a certain amount of virtual currency can be obtained, the interest of the user in submitting the code static analysis result data will be increased. In addition, according to the code static analysis result data submitted by the user, the user's analysis feedback on the code static analysis tool can be obtained. It is helpful for the provider to grasp the running status of the static code analysis tool and the defects of the analysis rules, which in turn is conducive to the optimization of the static code analysis tool, through the user's experience of using the static code analysis tool.

上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, in order to be able to understand the technical means of the present invention more clearly, it can be implemented according to the content of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and easy to understand , the following specific embodiments of the present invention are given.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are for the purpose of illustrating preferred embodiments only and are not to be considered limiting of the invention. Also, the same components are denoted by the same reference numerals throughout the drawings. In the attached image:

图1示出了根据本发明一个实施例的代码静态分析方法的流程示意图;1 shows a schematic flowchart of a code static analysis method according to an embodiment of the present invention;

图2示出了根据本发明一个实施例的代码静态分析装置的结构示意图;2 shows a schematic structural diagram of a code static analysis device according to an embodiment of the present invention;

图3示出了根据本发明一个实施例的电子设备的结构示意图;FIG. 3 shows a schematic structural diagram of an electronic device according to an embodiment of the present invention;

图4示出了根据本发明一个实施例的计算机可读存储介质的结构示意图。FIG. 4 shows a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present invention.

具体实施方式Detailed ways

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that the present disclosure will be more thoroughly understood, and will fully convey the scope of the present disclosure to those skilled in the art.

图1示出了根据本发明一个实施例的代码静态分析方法的流程示意图。如图1所示,该方法包括:FIG. 1 shows a schematic flowchart of a code static analysis method according to an embodiment of the present invention. As shown in Figure 1, the method includes:

步骤S110,接收用户提交的代码静态分析结果数据,并进行验证分析。Step S110: Receive the code static analysis result data submitted by the user, and perform verification analysis.

基于本技术方案,用户为了得到虚拟货币,会积极的反馈代码静态分析结果数据。但是为了排除用户会提交一些无效的代码静态分析结果数据,在接收到用户提交的代码静态分析结果数据后,还需要对用户提交的代码静态分析结果数据进行验证分析。Based on the technical solution, in order to obtain virtual currency, the user will actively feed back the code static analysis result data. However, in order to exclude some invalid code static analysis result data submitted by the user, after receiving the code static analysis result data submitted by the user, it is also necessary to perform verification analysis on the code static analysis result data submitted by the user.

步骤S120,通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中。In step S120, the data of the static analysis result of the code that has passed the verification is stored in a designated block of the blockchain through the blockchain technology.

在用户提交的代码静态分析结果数据通过验证后,会进行保存的操作。After the code static analysis result data submitted by the user passes the verification, the saving operation will be performed.

对于区块链技术,狭义来讲,它是一种按照时间顺序将数据区块以顺序相连的方式组合成的一种链式数据结构,并以密码学方式保证的不可篡改和不可伪造的分布式账本。广义来讲,它是利用块链式数据结构来验证与存储数据、利用分布式节点共识算法来生成和更新数据、利用密码学的方式保证数据传输和访问的安全、利用由自动化脚本代码组成的智能合约来编程和操作数据的一种全新的分布式基础架构与计算方式。区块链技术具有不可篡改和可追溯性的特征。单个甚至多个节点对数据库的修改无法影响其他节点的数据库,除非能控制整个网络中超过51%的节点同时修改,这几乎不可能发生。区块链中的每一笔交易都通过密码学方法与相邻两个区块串联,因此可以追溯到任何一笔交易的前世今生。For blockchain technology, in a narrow sense, it is a chain data structure that combines data blocks in sequential order according to time sequence, and cryptographically guarantees an untamperable and unforgeable distribution. ledger. Broadly speaking, it uses a block chain data structure to verify and store data, uses distributed node consensus algorithms to generate and update data, uses cryptography to ensure the security of data transmission and access, and uses automated script codes. A new distributed infrastructure and computing method that uses smart contracts to program and manipulate data. Blockchain technology has the characteristics of immutability and traceability. Modifications to the database by a single or even multiple nodes cannot affect the databases of other nodes, unless more than 51% of the nodes in the entire network can be controlled to modify at the same time, which is almost impossible. Each transaction in the blockchain is linked to two adjacent blocks by cryptographic methods, so it can be traced back to the past and present of any transaction.

在本实施例中,保存的操作是通过区块链技术实现的,是为了防止用户提交的代码静态分析结果数据被任意篡改,避免影响保存码静态分析结果数据的目的的实现,影响对代码静态分析工具的优化。具体是,将验证通过的代码静态分析结果数据保存至区块链的指定区块中。In this embodiment, the operation of saving is implemented through blockchain technology, in order to prevent the data of the static analysis result of the code submitted by the user from being arbitrarily tampered with, so as to avoid affecting the realization of the purpose of saving the data of the static analysis result of the code, and affecting the static analysis of the code. Optimization of analysis tools. Specifically, the code static analysis result data that has passed the verification is stored in the designated block of the blockchain.

步骤S130,通过区块链技术,向验证通过的用户的账户分发与其提交的代码静态分析结果数据对应的一定数量的虚拟货币。In step S130, a certain amount of virtual currency corresponding to the code static analysis result data submitted by the verified user is distributed to the account of the verified user through the blockchain technology.

为了提高用户提交代码静态分析结果数据的积极性,在验证通过后,向对应的用户的账户中分发一定数量的虚拟货币,用户可以使用该虚拟货币完成对应的操作或业务。In order to improve the user's enthusiasm for submitting code static analysis result data, after the verification is passed, a certain amount of virtual currency is distributed to the corresponding user's account, and the user can use the virtual currency to complete the corresponding operation or business.

现有技术中,代码静态分析工具不可避免的会出现误报、漏测的情况,为了优化代码静态分析工具,需要根据代码静态分析工具在进行代码静态分析的结果情况,排查代码静态分析工具的缺陷,以便进行优化。但是在现有技术中,用户使用代码静态分析工具后,考虑到程序代码的隐私性或者其他方面的考虑,不会进行代码静态分析结果数据的反馈,提供方无法根据代码静态分析工具的实际运行情况排查缺陷,这给代码静态分析工具的优化带来一定的困难。In the prior art, the static code analysis tool will inevitably have false positives and missed tests. In order to optimize the code static analysis tool, it is necessary to check the static code analysis tool according to the results of the code static analysis tool. defects for optimization. However, in the prior art, after the user uses the code static analysis tool, considering the privacy of the program code or other considerations, no feedback of the code static analysis result data will be performed, and the provider cannot follow the actual operation of the code static analysis tool. Situational troubleshooting, which brings certain difficulties to the optimization of code static analysis tools.

通过本实施例的技术方案,因为可以获得一定数量的虚拟货币,会提高用户提交代码静态分析结果数据的兴趣,另外,根据用户提交的代码静态分析结果数据,得到用户对代码静态分析工具的分析反馈,有利于提供方掌握代码静态分析工具的运行情况以及分析规则的缺陷,进而有利于对代码静态分析工具的优化,通过用户对代码静态分析工具的使用体验。Through the technical solution of this embodiment, since a certain amount of virtual currency can be obtained, the user's interest in submitting the code static analysis result data will be increased. In addition, according to the code static analysis result data submitted by the user, the user's analysis of the code static analysis tool can be obtained. Feedback is helpful for the provider to grasp the operation of the static code analysis tool and the defects of the analysis rules, which in turn is conducive to the optimization of the static code analysis tool through the user's experience of using the static code analysis tool.

在本发明的一个实施例中,图1所示的方法的步骤S130向验证通过的用户的账户分发与其提交的代码静态分析结果数据对应的一定数量的虚拟货币包括:设定预设分发规则;根据预设分发规则向验证通过的用户的账户分发与其提交的代码静态分析结果数据对应的一定数量的虚拟货币。In one embodiment of the present invention, step S130 of the method shown in FIG. 1 distributes a certain amount of virtual currency corresponding to the code static analysis result data submitted by the verified user's account to the account of the user who has passed the verification, including: setting a preset distribution rule; A certain amount of virtual currency corresponding to the code static analysis result data submitted by the verified user is distributed to the account of the verified user according to the preset distribution rule.

用户提交的代码静态分析结果数据的类型不同,以及有效的程度不同,因此,本实施例总预设分发规则,在该预设分发规则中规定有不同的代码静态分析结果数据的类型对应的应分发虚拟货币的数量;和/或,不同的有效程度对应的应分发虚拟货币的数量。The types of code static analysis result data submitted by users are different, and the degree of effectiveness is different. Therefore, this embodiment generally presets a distribution rule, and the preset distribution rule specifies that different types of code static analysis result data correspond to the application. The amount of virtual currency to be distributed; and/or the amount of virtual currency that should be distributed for different degrees of effectiveness.

在本发明的一个实施例中,图1所示的方法进一步包括:当接收到用户的权限兑换请求时,根据接收到的权限兑换请求中的虚拟货币的指定数量,设定该用户的代码静态分析的使用权限;或者,当接收到用户的指定货币兑换请求时,将用户的账户中的指定数量的虚拟货币,兑换成与指定数量的虚拟货币对应的一定数量的指定货币,将兑换的一定数量的指定货币记录在该用户的账户中。In one embodiment of the present invention, the method shown in FIG. 1 further includes: when a user's permission exchange request is received, setting the user's code static according to the specified amount of virtual currency in the received permission exchange request Or, when receiving the user's specified currency exchange request, exchange the specified amount of virtual currency in the user's account into a certain amount of specified currency corresponding to the specified amount of virtual currency, and the exchange will be a certain amount of currency. The amount of the specified currency is recorded in the user's account.

在本实施例中,用户可以利用得到的虚拟货币兑换代码静态分析工具的使用权限,不同数量的虚拟货币对应不同的使用权限;或者,将得到的虚拟货币兑换成其他指定货币,例如,Q币、微币、侠义元宝、纹银等,以便用户使用兑换的指定货币,可以进一步提高用户提交代码静态分析结果数据的兴趣。In this embodiment, the user can use the obtained use rights of the virtual currency exchange code static analysis tool, and different amounts of virtual currency correspond to different use rights; or, exchange the obtained virtual currency into other designated currencies, for example, Q coins , Weibo, Chivalry Yuanbao, Wen Yin, etc., so that users can use the designated currency for exchange, which can further increase the user's interest in submitting code static analysis result data.

在本发明的一个实施例中,图1所示的方法进一步包括:当接收到用户的指定会员兑换请求时,将用户的账户中的指定数量的虚拟货币,兑换成与指定数量的虚拟货币对应的指定应用的一定时间的会员使用权限。In one embodiment of the present invention, the method shown in FIG. 1 further includes: when a designated member exchange request from a user is received, exchanging a designated amount of virtual currency in the user's account into a virtual currency corresponding to the designated amount Member usage rights for a specified application for a certain period of time.

例如,将虚拟货币兑换成腾讯视频的会员、爱奇艺视频的会员等。For example, exchange virtual currency for members of Tencent Video, members of iQiyi Video, etc.

在本发明的一个实施例中,在上述进行兑换之前,图1所示的方法进一步包括:判断该用户的账户中的虚拟货币数量是否大于或等于兑换请求中的虚拟货币的指定数量;若判断为是,执行兑换请求;若判断为否,向该用户发送虚拟货币数量不足的通知。In an embodiment of the present invention, before the above-mentioned exchange is performed, the method shown in FIG. 1 further includes: judging whether the amount of virtual currency in the user's account is greater than or equal to the specified amount of virtual currency in the exchange request; If it is yes, execute the exchange request; if it is judged to be no, send a notification that the amount of virtual currency is insufficient to the user.

在本发明的一个实施例中,图1所示的方法中的用户提交的代码静态分析结果数据包括如下的一种或多种:代码样本的分析结果数据;已分析的代码样本数据;用于代码静态分析的分析规则代码数据。In an embodiment of the present invention, the code static analysis result data submitted by the user in the method shown in FIG. 1 includes one or more of the following: analysis result data of code samples; analyzed code sample data; Analysis rules code data for code static analysis.

在进行代码静态分析工具的优化中,需要的数据可以是代码样本的分析结果,判断代码静态分析的误报或漏测情况;也可以是已分析的代码样本数据,由于误报率或漏测率需要大量的代码样本的支持,根据用户提交的代码样本数据,可以获得误报率或漏测率;考虑到误报或漏测可能是分析规则代码的缺陷导致的,则用户可以根据自己掌握的代码静态分析的缺陷完成一个更好版本的用于代码静态分析的分析规则代码并将该代码数据提交,即用户也可以为代码静态分析工具的优化提供自己的修改方案。In the optimization of code static analysis tools, the required data can be the analysis results of code samples to judge the false positives or missed tests of code static analysis; it can also be the analyzed code sample data, due to the false positive rate or missed testing. The test rate requires the support of a large number of code samples. According to the code sample data submitted by the user, the false positive rate or missed test rate can be obtained; considering that the false positive or missed test may be caused by the defects of the analysis rule code, the user can master it according to his own. Complete a better version of the analysis rule code for code static analysis and submit the code data, that is, users can also provide their own modification solutions for the optimization of code static analysis tools.

因为用户提交的代码静态分析结果数据的有效程度不一样,例如,在上述的用户提交的代码静态分析结果数据的类型中,有效程度从小到大依次是:代码样本的分析结果数据;已分析的代码样本数据;用于代码静态分析的分析规则代码数据。因此,在分发虚拟货币时,验证通过代码样本的分析结果数据对应的虚拟货币数量要小于验证通过的已分析的代码样本数据对应的虚拟货币数量;验证通过的已分析的代码样本数据对应的虚拟货币数量要小于验证通过的用于代码静态分析的分析规则代码数据对应的虚拟货币的数量。Because the validity of the code static analysis result data submitted by the user is different, for example, in the above-mentioned types of code static analysis result data submitted by the user, the validity degree from small to large is: code sample analysis result data; Code sample data; analysis rule code data for code static analysis. Therefore, when distributing virtual currency, the amount of virtual currency corresponding to the analysis result data of the code sample that has passed the verification is smaller than the amount of virtual currency corresponding to the analyzed code sample data that has passed the verification; the virtual currency corresponding to the analyzed code sample data that has passed the verification The amount of currency should be smaller than the amount of virtual currency corresponding to the code data of the analysis rule code for static analysis of the code that has passed the verification.

在本发明的一个实施例中,图1所示的方法中的区块链的指定区块包括保存用于代码静态分析的分析规则代码的区块、保存代码样本的区块。也就是说,在区块链中保存有代码静态分析工具的各条分析规则的详情,即各条分析规则对应的用于代码静态分析的分析规则代码。In one embodiment of the present invention, the designated block of the blockchain in the method shown in FIG. 1 includes a block for saving analysis rule codes for code static analysis and a block for saving code samples. That is to say, the details of each analysis rule of the code static analysis tool are stored in the blockchain, that is, the analysis rule code for code static analysis corresponding to each analysis rule.

那么在进行保存的时候需要对应保存,图1所示的方法的步骤S120中的将验证通过的代码静态分析结果数据保存至区块链的指定区块中包括:当验证通过的代码静态分析结果数据是已分析的代码样本数据时,将该已分析的代码样本数据作为一条新的数据写入区块链的保存有代码样本的区块中;和/或,当验证通过的代码静态分析结果数据是用于代码静态分析的分析规则代码数据,将该用于代码静态分析的分析规则代码数据作为一条新的数据写入区块链的保存用于代码静态分析的分析规则代码的区块中。Then, it needs to be stored correspondingly when saving. In step S120 of the method shown in FIG. 1, saving the verified code static analysis result data to the designated block of the blockchain includes: when the verified code static analysis result When the data is the analyzed code sample data, write the analyzed code sample data as a new piece of data into the block where the code sample is stored in the blockchain; and/or, when the code static analysis result passes the verification The data is the analysis rule code data used for code static analysis, and the analysis rule code data used for code static analysis is written as a new piece of data into the block where the analysis rule code used for code static analysis is stored in the blockchain .

在本实施例中,不同的代码静态分析结果数据会保存至相应的区块中,考虑到,一个代码静态分析工具有会有不同的分析规则,则对应不同分析规则的代码静态分析结果数据会与对应的分析规则对应保存。In this embodiment, different code static analysis result data will be stored in corresponding blocks. Considering that a code static analysis tool has different analysis rules, the code static analysis result data corresponding to different analysis rules will be Save it corresponding to the corresponding analysis rule.

进一步地,区块链的指定区块还包括保存当前代码静态分析的误报率和漏测率,也就是说,在区块链中保存各条分析规则对应的误报率和漏测率。Further, the designated block of the blockchain also includes saving the false positive rate and the missed detection rate of the static analysis of the current code, that is to say, the false positive rate and the missed detection rate corresponding to each analysis rule are stored in the blockchain.

图1所示的方法进一步包括:获取区块链的指定区块中的代码样本增加后的新的代码静态分析的误报率和漏测率,和/或,获取使用新写入的用于代码静态分析的分析规则代码进行代码静态分析后的新的代码静态分析的误报率和漏测率;将获取的新的代码静态分析的误报率和漏测率作为一条新的数据写入区块链的保存代码静态分析的误报率和漏测率的区块中。The method shown in FIG. 1 further includes: acquiring the false positive rate and the missing detection rate of the static analysis of the new code after the code samples in the specified block of the blockchain are added, and/or, acquiring the newly written code for Analysis rules of code static analysis The false positive rate and missed detection rate of the new code static analysis after the code is statically analyzed; write the acquired new code static analysis false positive rate and missed detection rate as a new piece of data The blockchain saves the false positive rate and missed detection rate of the static analysis of the code in the block.

区块链中保存的误报率和漏测率是需要实时更新的,特别是,在新的已分析的代码样本数据写入,和/或,有新的用于代码静态分析的分析规则代码数据写入后,会影响误报率和漏测率,则需要获取新的误报率和漏测率,将新的误报率和漏测率作为一条新的数据写入区块链的保存代码静态分析的误报率和漏测率的区块中。The false positive rate and missed detection rate stored in the blockchain need to be updated in real time, especially, when new analyzed code sample data is written, and/or, there is new analysis rule code for code static analysis After the data is written, it will affect the false alarm rate and missed detection rate. It is necessary to obtain a new false alarm rate and missed detection rate, and write the new false positive rate and missed detection rate as a new piece of data into the blockchain for storage. In the block of the false positive rate and the missed detection rate of the static analysis of the code.

需要说明的是,因为区块链技术具有不可篡改和可追溯性的特征,这里在向区块中写入数据时,都是作为一条新的数据写入的,这样根据区块中数据的存储情况,还可以获取到某一相应的信息的历史更改或历史操作情况,例如,用于代码静态分析的分析规则代码都经历了哪些修改,或者,代码静态分析工具的误报率和漏测率的趋势等。It should be noted that because the blockchain technology has the characteristics of non-tampering and traceability, when writing data into a block, it is written as a new piece of data, so that according to the storage of data in the block It is also possible to obtain the historical changes or historical operations of a certain corresponding information, for example, what changes have been made to the analysis rule code used for code static analysis, or the false positive rate and missed detection rate of code static analysis tools trends, etc.

在本发明的一个实施例中,图1所示的步骤S110中的接收用户提交的代码静态分析结果数据,并进行验证分析包括:根据预设的验证规则对用户提交的代码静态分析结果数据进行验证。In an embodiment of the present invention, in step S110 shown in FIG. 1 , receiving the code static analysis result data submitted by the user, and performing the verification analysis includes: performing the code static analysis result data submitted by the user according to a preset verification rule. verify.

这里的验证规则可以根据需求进行设定,判断用户提交的代码静态分析结果数据是否有效,或者是否达到了预期的效果。The validation rules here can be set according to requirements to determine whether the code static analysis result data submitted by the user is valid, or whether the expected effect is achieved.

在本发明的一个实施例中,图1所示的步骤S110中的接收用户提交的代码静态分析结果数据,并进行验证分析包括:将用户提交的代码静态分析结果数据发送至验证人员处,以便验证人员验证用户提交的代码静态分析结果数据是否有效;接收验证人员返回的验证结果;当接收到的验证结果是验证通过时,再执行通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中的步骤。In an embodiment of the present invention, receiving the code static analysis result data submitted by the user in step S110 shown in FIG. 1 and performing the verification analysis includes: sending the code static analysis result data submitted by the user to the verification personnel, so that The verifier verifies whether the code static analysis result data submitted by the user is valid; receives the verification result returned by the verifier; when the received verification result is verified, the block chain technology is executed again, and the verified code static analysis result data Steps in the specified block to save to the blockchain.

在本实施例中,对用户提交的代码静态分析结果数据的验证分析是人工完成的,这样可以从人工的角度,对用户提交的代码静态分析结果数据进行全面的验证。在验证结束后,验证人员会返回相应的验证结果,例如验证通过或验证不通过。因为保存到区块链中的代码静态分析结果数据是需要起到一定的作用的,所以只有验证通过的代码静态分析结果数据才会被保存至区块链的指定区块中。In this embodiment, the verification and analysis of the code static analysis result data submitted by the user is done manually, so that the code static analysis result data submitted by the user can be comprehensively verified from a manual perspective. After the verification is over, the verifier will return the corresponding verification result, such as the verification passed or the verification failed. Because the code static analysis result data saved in the blockchain needs to play a certain role, only the code static analysis result data that has passed the verification will be saved in the designated block of the blockchain.

进一步地,上述中的验证结果中还包括验证人员的权限信息;则图1所示的方法进一步包括:根据验证人员的权限信息,判断验证人员是否有向区块链的指定区块中写入数据的权限;若判断为是,且当接收到的验证结果是验证通过时,再执行通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中的步骤。Further, the verification result in the above also includes the authority information of the verifier; the method shown in FIG. 1 further includes: according to the authority information of the verifier, judging whether the verifier has written in the designated block of the blockchain Permission of data; if it is judged to be yes, and when the received verification result is verified, then execute the steps of using blockchain technology to save the static analysis result data of the verified code to the designated block of the blockchain .

考虑到区块链的安全性,对区块链的写入操作是需要有写入权限的才可以执行的,因为本技术方案中的写入操作是自动完成的,则权限的设定和验证就放在了对验证人员的验证上,即给验证人员设定相应的操作权限,例如读取数据的权限,写入数据的权限、即可写入又可读取的权限。Taking into account the security of the blockchain, the write operation to the blockchain can only be performed with the write permission, because the write operation in this technical solution is automatically completed, then the permission setting and verification It is placed on the verification of verifiers, that is, to set the corresponding operation permissions for the verifiers, such as the permission to read data, the permission to write data, the permission to write and read.

因为是需要将验证通过的代码静态分析结果数据保存至区块链的指定区块中,在本实施例中,仅验证验证人员是否有写入数据的权限。只有在验证通过,且该验证通过的结果是具有写入数据权限的验证人员返回的情况下,才执行通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中的步骤。Because it is necessary to save the verified code static analysis result data in a designated block of the blockchain, in this embodiment, it is only verified whether the verification personnel have the authority to write data. Only when the verification is passed and the result of the verification is returned by a verifier with permission to write data, the blockchain technology will be executed, and the static analysis result data of the code that has passed the verification will be saved to the designated area of the blockchain. steps in a block.

优选地,上述的根据验证人员的权限信息,判断验证人员是否有向区块链的指定区块中写入数据的权限包括:利用托管平台github的权限管理技术,设定验证人员的权限。Preferably, according to the authority information of the verifier, determining whether the verifier has the authority to write data into the designated block of the blockchain includes: using the authority management technology of the hosting platform github to set the authority of the verifier.

本实施例中,是通过托管平台github的权限管理技术,设定验证人员的权限,以及对验证人员的权项进行管理。github是一个面向开源及私有软件项目的托管平台,因为只支持git作为唯一的版本库格式进行托管,故名github。In this embodiment, the authority of the verifier is set and the authority of the verifier is managed through the authority management technology of the hosting platform github. github is a hosting platform for open source and private software projects, because it only supports git as the only repository format for hosting, hence the name github.

图2示出了根据本发明一个实施例的代码静态分析装置的结构示意图。如图2所示,该代码静态分析装置200包括:FIG. 2 shows a schematic structural diagram of a code static analysis apparatus according to an embodiment of the present invention. As shown in FIG. 2, the code static analysis device 200 includes:

接收单元210,适于接收用户提交的代码静态分析结果数据,并进行验证分析。The receiving unit 210 is adapted to receive the code static analysis result data submitted by the user, and perform verification analysis.

基于本技术方案,用户为了得到虚拟货币,会积极的反馈代码静态分析结果数据。但是为了排除用户会提交一些无效的代码静态分析结果数据,在接收到用户提交的代码静态分析结果数据后,还需要对用户提交的代码静态分析结果数据进行验证分析。Based on the technical solution, in order to obtain virtual currency, the user will actively feed back the code static analysis result data. However, in order to exclude some invalid code static analysis result data submitted by the user, after receiving the code static analysis result data submitted by the user, it is also necessary to perform verification analysis on the code static analysis result data submitted by the user.

保存单元220,适于通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中。The saving unit 220 is adapted to save the verified code static analysis result data in a designated block of the blockchain through the blockchain technology.

在用户提交的代码静态分析结果数据通过验证后,会进行保存的操作。After the code static analysis result data submitted by the user passes the verification, the saving operation will be performed.

对于区块链技术,狭义来讲,它是一种按照时间顺序将数据区块以顺序相连的方式组合成的一种链式数据结构,并以密码学方式保证的不可篡改和不可伪造的分布式账本。广义来讲,它是利用块链式数据结构来验证与存储数据、利用分布式节点共识算法来生成和更新数据、利用密码学的方式保证数据传输和访问的安全、利用由自动化脚本代码组成的智能合约来编程和操作数据的一种全新的分布式基础架构与计算方式。区块链技术具有不可篡改和可追溯性的特征。单个甚至多个节点对数据库的修改无法影响其他节点的数据库,除非能控制整个网络中超过51%的节点同时修改,这几乎不可能发生。区块链中的每一笔交易都通过密码学方法与相邻两个区块串联,因此可以追溯到任何一笔交易的前世今生。For blockchain technology, in a narrow sense, it is a chain data structure that combines data blocks in sequential order according to time sequence, and cryptographically guarantees an untamperable and unforgeable distribution. ledger. Broadly speaking, it uses a block chain data structure to verify and store data, uses distributed node consensus algorithms to generate and update data, uses cryptography to ensure the security of data transmission and access, and uses automated script codes. A new distributed infrastructure and computing method that uses smart contracts to program and manipulate data. Blockchain technology has the characteristics of immutability and traceability. Modifications to the database by a single or even multiple nodes cannot affect the databases of other nodes, unless more than 51% of the nodes in the entire network can be controlled to modify at the same time, which is almost impossible. Each transaction in the blockchain is linked to two adjacent blocks by cryptographic methods, so it can be traced back to the past and present of any transaction.

在本实施例中,保存的操作是通过区块链技术实现的,是为了防止用户提交的代码静态分析结果数据被任意篡改,避免影响保存码静态分析结果数据的目的的实现,影响对代码静态分析工具的优化。具体是,将验证通过的代码静态分析结果数据保存至区块链的指定区块中。In this embodiment, the operation of saving is implemented through blockchain technology, in order to prevent the data of the static analysis result of the code submitted by the user from being arbitrarily tampered with, so as to avoid affecting the realization of the purpose of saving the data of the static analysis result of the code, and affecting the static analysis of the code. Optimization of analysis tools. Specifically, the code static analysis result data that has passed the verification is stored in the designated block of the blockchain.

分发单元230,适于通过区块链技术,向验证通过的用户的账户分发与其提交的代码静态分析结果数据对应的一定数量的虚拟货币。The distribution unit 230 is adapted to distribute a certain amount of virtual currency corresponding to the code static analysis result data submitted by the verified user to the account of the verified user through the blockchain technology.

为了提高用户提交代码静态分析结果数据的积极性,在验证通过后,向对应的用户的账户中分发一定数量的虚拟货币,用户可以使用该虚拟货币完成对应的操作或业务。In order to improve the user's enthusiasm for submitting code static analysis result data, after the verification is passed, a certain amount of virtual currency is distributed to the corresponding user's account, and the user can use the virtual currency to complete the corresponding operation or business.

现有技术中,代码静态分析工具不可避免的会出现误报、漏测的情况,为了优化代码静态分析工具,需要根据代码静态分析工具在进行代码静态分析的结果情况,排查代码静态分析工具的缺陷,以便进行优化。但是在现有技术中,用户使用代码静态分析工具后,考虑到程序代码的隐私性或者其他方面的考虑,不会进行代码静态分析结果数据的反馈,提供方无法根据代码静态分析工具的实际运行情况排查缺陷,这给代码静态分析工具的优化带来一定的困难。In the prior art, the static code analysis tool will inevitably have false positives and missed tests. In order to optimize the code static analysis tool, it is necessary to check the static code analysis tool according to the results of the code static analysis tool. defects for optimization. However, in the prior art, after the user uses the code static analysis tool, considering the privacy of the program code or other considerations, no feedback of the code static analysis result data will be performed, and the provider cannot follow the actual operation of the code static analysis tool. Situational troubleshooting, which brings certain difficulties to the optimization of code static analysis tools.

通过本实施例的技术方案,因为可以获得一定数量的虚拟货币,会提高用户提交代码静态分析结果数据的兴趣,另外,根据用户提交的代码静态分析结果数据,得到用户对代码静态分析工具的分析反馈,有利于提供方掌握代码静态分析工具的运行情况以及分析规则的缺陷,进而有利于对代码静态分析工具的优化,通过用户对代码静态分析工具的使用体验。Through the technical solution of this embodiment, since a certain amount of virtual currency can be obtained, the user's interest in submitting the code static analysis result data will be increased. In addition, according to the code static analysis result data submitted by the user, the user's analysis of the code static analysis tool can be obtained. Feedback is helpful for the provider to grasp the operation of the static code analysis tool and the defects of the analysis rules, which in turn is conducive to the optimization of the static code analysis tool through the user's experience of using the static code analysis tool.

在本发明的一个实施例中,图2所示的装置的分发单元230,适于设定预设分发规则;根据预设分发规则向验证通过的用户的账户分发与其提交的代码静态分析结果数据对应的一定数量的虚拟货币。In an embodiment of the present invention, the distribution unit 230 of the apparatus shown in FIG. 2 is adapted to set a preset distribution rule; distribute the code static analysis result data submitted by the user to the account of the verified user according to the preset distribution rule Corresponding to a certain amount of virtual currency.

用户提交的代码静态分析结果数据的类型不同,以及有效的程度不同,因此,本实施例总预设分发规则,在该预设分发规则中规定有不同的代码静态分析结果数据的类型对应的应分发虚拟货币的数量;和/或,不同的有效程度对应的应分发虚拟货币的数量。The types of code static analysis result data submitted by users are different, and the degree of effectiveness is different. Therefore, this embodiment generally presets a distribution rule, and the preset distribution rule specifies that different types of code static analysis result data correspond to the application. The amount of virtual currency to be distributed; and/or the amount of virtual currency that should be distributed for different degrees of effectiveness.

在本发明的一个实施例中,图2所示的装置进一步包括:In one embodiment of the present invention, the apparatus shown in FIG. 2 further includes:

兑换单元,适于当接收到用户的权限兑换请求时,根据接收到的权限兑换请求中的虚拟货币的指定数量,设定该用户的代码静态分析的使用权限;或者,当接收到用户的指定货币兑换请求时,将用户的账户中的指定数量的虚拟货币,兑换成与指定数量的虚拟货币对应的一定数量的指定货币,将兑换的一定数量的指定货币记录在该用户的账户中。The exchange unit is adapted to, when receiving the authorization exchange request from the user, set the usage authority of the static analysis of the code of the user according to the specified amount of virtual currency in the received authorization exchange request; or, when receiving the user's specification When a currency exchange request is made, the specified amount of virtual currency in the user's account is exchanged into a certain amount of specified currency corresponding to the specified amount of virtual currency, and the exchanged specified amount of specified currency is recorded in the user's account.

在本实施例中,用户可以利用得到的虚拟货币兑换代码静态分析工具的使用权限,不同数量的虚拟货币对应不同的使用权限;或者,将得到的虚拟货币兑换成其他指定货币,例如,Q币、微币、侠义元宝、纹银等,以便用户使用兑换的指定货币,可以进一步提高用户提交代码静态分析结果数据的兴趣。In this embodiment, the user can use the obtained use rights of the virtual currency exchange code static analysis tool, and different amounts of virtual currency correspond to different use rights; or, exchange the obtained virtual currency into other designated currencies, for example, Q coins , Weibo, Chivalry Yuanbao, Wen Yin, etc., so that users can use the designated currency for exchange, which can further increase the user's interest in submitting code static analysis result data.

在本发明的一个实施例中,上述兑换单元,还适于当接收到用户的指定会员兑换请求时,将用户的账户中的指定数量的虚拟货币,兑换成与指定数量的虚拟货币对应的指定应用的一定时间的会员使用权限。In an embodiment of the present invention, the above-mentioned exchange unit is further adapted to exchange a specified amount of virtual currency in the user's account into a specified amount corresponding to the specified amount of virtual currency when receiving a specified member exchange request from the user. Membership access to the app for a certain period of time.

例如,将虚拟货币兑换成腾讯视频的会员、爱奇艺视频的会员等。For example, exchange virtual currency for members of Tencent Video, members of iQiyi Video, etc.

在本发明的一个实施例中,在上述进行兑换之前,兑换单元,还适于判断该用户的账户中的虚拟货币数量是否大于或等于兑换请求中的虚拟货币的指定数量;若判断为是,执行兑换请求;若判断为否,向该用户发送虚拟货币数量不足的通知。In an embodiment of the present invention, before the above-mentioned exchange is performed, the exchange unit is further adapted to determine whether the amount of virtual currency in the user's account is greater than or equal to the specified amount of virtual currency in the exchange request; if the determination is yes, Execute the exchange request; if the judgment is no, send a notification to the user that the amount of virtual currency is insufficient.

在本发明的一个实施例中,上述的用户提交的代码静态分析结果数据包括如下的一种或多种:代码样本的分析结果数据;已分析的代码样本数据;用于代码静态分析的分析规则代码数据。In an embodiment of the present invention, the above-mentioned code static analysis result data submitted by the user includes one or more of the following: analysis result data of code samples; analyzed code sample data; analysis rules for code static analysis code data.

在进行代码静态分析工具的优化中,需要的数据可以是代码样本的分析结果,判断代码静态分析的误报或漏测情况;也可以是已分析的代码样本数据,由于误报率或漏测率需要大量的代码样本的支持,根据用户提交的代码样本数据,可以获得误报率或漏测率;考虑到误报或漏测可能是分析规则代码的缺陷导致的,则用户可以根据自己掌握的代码静态分析的缺陷完成一个更好版本的用于代码静态分析的分析规则代码并将该代码数据提交,即用户也可以为代码静态分析工具的优化提供自己的修改方案。In the optimization of code static analysis tools, the required data can be the analysis results of code samples to judge the false positives or missed tests of code static analysis; it can also be the analyzed code sample data, due to the false positive rate or missed testing. The test rate requires the support of a large number of code samples. According to the code sample data submitted by the user, the false positive rate or missed test rate can be obtained; considering that the false positive or missed test may be caused by the defects of the analysis rule code, the user can master it according to his own. Complete a better version of the analysis rule code for code static analysis and submit the code data, that is, users can also provide their own modification solutions for the optimization of code static analysis tools.

因为用户提交的代码静态分析结果数据的有效程度不一样,例如,在上述的用户提交的代码静态分析结果数据的类型中,有效程度从小到大依次是:代码样本的分析结果数据;已分析的代码样本数据;用于代码静态分析的分析规则代码数据。因此,在分发虚拟货币时,验证通过代码样本的分析结果数据对应的虚拟货币数量要小于验证通过的已分析的代码样本数据对应的虚拟货币数量;验证通过的已分析的代码样本数据对应的虚拟货币数量要小于验证通过的用于代码静态分析的分析规则代码数据对应的虚拟货币的数量。Because the validity of the code static analysis result data submitted by the user is different, for example, in the above-mentioned types of code static analysis result data submitted by the user, the validity degree from small to large is: code sample analysis result data; Code sample data; analysis rule code data for code static analysis. Therefore, when distributing virtual currency, the amount of virtual currency corresponding to the analysis result data of the code sample that has passed the verification is smaller than the amount of virtual currency corresponding to the analyzed code sample data that has passed the verification; the virtual currency corresponding to the analyzed code sample data that has passed the verification The amount of currency should be smaller than the amount of virtual currency corresponding to the code data of the analysis rule code for static analysis of the code that has passed the verification.

在本发明的一个实施例中,上述的区块链的指定区块包括保存用于代码静态分析的分析规则代码的区块、保存代码样本的区块。也就是说,在区块链中保存有代码静态分析工具的各条分析规则的详情,即各条分析规则对应的用于代码静态分析的分析规则代码。In an embodiment of the present invention, the designated block of the above-mentioned blockchain includes a block for storing analysis rule codes for static analysis of codes, and a block for storing code samples. That is to say, the details of each analysis rule of the code static analysis tool are stored in the blockchain, that is, the analysis rule code for code static analysis corresponding to each analysis rule.

图2所示的保存单元220,适于当验证通过的代码静态分析结果数据是已分析的代码样本数据时,将该已分析的代码样本数据作为一条新的数据写入区块链的保存有代码样本的区块中;和/或,当验证通过的代码静态分析结果数据是用于代码静态分析的分析规则代码数据,将该用于代码静态分析的分析规则代码数据作为一条新的数据写入区块链的保存用于代码静态分析的分析规则代码的区块中。The saving unit 220 shown in FIG. 2 is adapted to write the analyzed code sample data as a new piece of data into the saved data of the blockchain when the code static analysis result data that has passed the verification is the analyzed code sample data. In the block of the code sample; and/or, when the code static analysis result data that has passed the verification is the analysis rule code data used for the code static analysis, the analysis rule code data used for the code static analysis is written as a new piece of data into the block of the blockchain that holds the analysis rule code for static analysis of the code.

在本实施例中,不同的代码静态分析结果数据会保存至相应的区块中,考虑到,一个代码静态分析工具有会有不同的分析规则,则对应不同分析规则的代码静态分析结果数据会与对应的分析规则对应保存。In this embodiment, different code static analysis result data will be stored in corresponding blocks. Considering that a code static analysis tool has different analysis rules, the code static analysis result data corresponding to different analysis rules will be It is saved corresponding to the corresponding analysis rule.

进一步地,区块链的指定区块还包括保存当前代码静态分析的误报率和漏测率,也就是说,在区块链中保存各条分析规则对应的误报率和漏测率。Further, the designated block of the blockchain also includes saving the false positive rate and the missed detection rate of the static analysis of the current code, that is to say, the false positive rate and the missed detection rate corresponding to each analysis rule are stored in the blockchain.

图2所示的保存单元220,还适于获取区块链的指定区块中的代码样本增加后的新的代码静态分析的误报率和漏测率,和/或,获取使用新写入的用于代码静态分析的分析规则代码进行代码静态分析后的新的代码静态分析的误报率和漏测率;将获取的新的代码静态分析的误报率和漏测率作为一条新的数据写入区块链的保存代码静态分析的误报率和漏测率的区块中。The storage unit 220 shown in FIG. 2 is further adapted to obtain the false positive rate and the missed detection rate of the new code static analysis after the code samples in the specified block of the blockchain are added, and/or obtain the newly written code The analysis rules used for code static analysis are the false positive rate and missed detection rate of the new code static analysis after the code is statically analyzed; The data is written into the block of the blockchain that saves the false positive rate and missed detection rate of static analysis of the code.

区块链中保存的误报率和漏测率是需要实时更新的,特别是,在新的已分析的代码样本数据写入,和/或,有新的用于代码静态分析的分析规则代码数据写入后,会影响误报率和漏测率,则需要获取新的误报率和漏测率,将新的误报率和漏测率作为一条新的数据写入区块链的保存代码静态分析的误报率和漏测率的区块中。The false positive rate and missed detection rate stored in the blockchain need to be updated in real time, especially, when new analyzed code sample data is written, and/or, there is new analysis rule code for code static analysis After the data is written, it will affect the false alarm rate and missed detection rate. It is necessary to obtain a new false alarm rate and missed detection rate, and write the new false positive rate and missed detection rate as a new piece of data into the blockchain for storage. In the block of the false positive rate and the missed detection rate of the static analysis of the code.

需要说明的是,因为区块链技术具有不可篡改和可追溯性的特征,这里在向区块中写入数据时,都是作为一条新的数据写入的,这样根据区块中数据的存储情况,还可以获取到某一相应的信息的历史更改或历史操作情况,例如,用于代码静态分析的分析规则代码都经历了哪些修改,或者,代码静态分析工具的误报率和漏测率的趋势等。It should be noted that because the blockchain technology has the characteristics of non-tampering and traceability, when writing data into a block, it is written as a new piece of data, so that according to the storage of data in the block It is also possible to obtain the historical changes or historical operations of a certain corresponding information, for example, what changes have been made to the analysis rule code used for code static analysis, or the false positive rate and missed detection rate of code static analysis tools trend, etc.

在本发明的一个实施例中,图2所示的接收单元210,适于接收用户提交的代码静态分析结果数据,并进行验证分析包括:根据预设的验证规则对用户提交的代码静态分析结果数据进行验证。In an embodiment of the present invention, the receiving unit 210 shown in FIG. 2 is adapted to receive the code static analysis result data submitted by the user, and performing the verification analysis includes: performing the code static analysis result submitted by the user according to a preset verification rule. data is verified.

这里的验证规则可以根据需求进行设定,判断用户提交的代码静态分析结果数据是否有效,或者是否达到了预期的效果。The validation rules here can be set according to requirements to determine whether the code static analysis result data submitted by the user is valid, or whether the expected effect is achieved.

在本发明的一个实施例中,图2所示的接收单元210,适于将用户提交的代码静态分析结果数据发送至验证人员处,以便验证人员验证用户提交的代码静态分析结果数据是否有效;接收验证人员返回的验证结果;In one embodiment of the present invention, the receiving unit 210 shown in FIG. 2 is adapted to send the code static analysis result data submitted by the user to the verification personnel, so that the verification personnel can verify whether the code static analysis result data submitted by the user is valid; Receive the verification result returned by the verifier;

保存单元,适于当接收到的验证结果是验证通过时,再执行通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中的步骤。The storage unit is adapted to perform the step of using the blockchain technology to save the data of the static analysis result of the code that has passed the verification to a designated block of the blockchain when the received verification result is verified.

在本实施例中,对用户提交的代码静态分析结果数据的验证分析是人工完成的,这样可以从人工的角度,对用户提交的代码静态分析结果数据进行全面的验证。在验证结束后,验证人员会返回相应的验证结果,例如验证通过或验证不通过。因为保存到区块链中的代码静态分析结果数据是需要起到一定的作用的,所以只有验证通过的代码静态分析结果数据才会被保存至区块链的指定区块中。In this embodiment, the verification and analysis of the code static analysis result data submitted by the user is done manually, so that the code static analysis result data submitted by the user can be comprehensively verified from a manual perspective. After the verification is over, the verifier will return the corresponding verification result, such as the verification passed or the verification failed. Because the code static analysis result data saved in the blockchain needs to play a certain role, only the code static analysis result data that has passed the verification will be saved in the designated block of the blockchain.

进一步地,上述中的验证结果中还包括验证人员的权限信息。Further, the verification result in the above also includes the authority information of the verification personnel.

图2所示的保存单元220,适于根据验证人员的权限信息,判断验证人员是否有向区块链的指定区块中写入数据的权限;若判断为是,且当接收到的验证结果是验证通过时,再执行通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中的步骤。The storage unit 220 shown in FIG. 2 is suitable for judging whether the verifier has the authority to write data into the designated block of the blockchain according to the authority information of the verifier; if the judgment is yes, and when the received verification result When the verification is passed, the block chain technology is used to save the static analysis result data of the code that passed the verification to the designated block of the block chain.

考虑到区块链的安全性,对区块链的写入操作是需要有写入权限的才可以执行的,因为本技术方案中的写入操作是自动完成的,则权限的设定和验证就放在了对验证人员的验证上,即给验证人员设定相应的操作权限,例如读取数据的权限,写入数据的权限、即可写入又可读取的权限。Taking into account the security of the blockchain, the write operation to the blockchain can only be performed with the write permission, because the write operation in this technical solution is automatically completed, then the permission setting and verification It is placed on the verification of verifiers, that is, to set the corresponding operation permissions for the verifiers, such as the permission to read data, the permission to write data, the permission to write and read.

因为是需要将验证通过的代码静态分析结果数据保存至区块链的指定区块中,在本实施例中,仅验证验证人员是否有写入数据的权限。只有在验证通过,且该验证通过的结果是具有写入数据权限的验证人员返回的情况下,才执行通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中的步骤。Because it is necessary to save the verified code static analysis result data in a designated block of the blockchain, in this embodiment, it is only verified whether the verification personnel have the authority to write data. Only when the verification is passed and the result of the verification is returned by a verifier with permission to write data, the blockchain technology will be executed, and the static analysis result data of the code that has passed the verification will be saved to the designated area of the blockchain. steps in a block.

优选地,上述的保存单元220,适于利用托管平台github的权限管理技术,设定验证人员的权限。Preferably, the above-mentioned saving unit 220 is suitable for setting the authority of the verification personnel by using the authority management technology of the hosting platform github.

本实施例中,是通过托管平台github的权限管理技术,设定验证人员的权限,以及对验证人员的权项进行管理。github是一个面向开源及私有软件项目的托管平台,因为只支持git作为唯一的版本库格式进行托管,故名github。In this embodiment, the authority of the verifier is set and the authority of the verifier is managed through the authority management technology of the hosting platform github. github is a hosting platform for open source and private software projects, because it only supports git as the only repository format for hosting, hence the name github.

优选地,图2所示的代码静态分析装置引用在代码静态分析工具中。Preferably, the code static analysis apparatus shown in FIG. 2 is used in a code static analysis tool.

这样将代码静态分析工具的使用、反馈、保存、改进、奖励统一到代码静态分析工具,既能让用户使用到高精度的代码静态分析工具,又可以实现代码静态分析工具的运行机制不断改进的效果。In this way, the use, feedback, saving, improvement, and rewards of code static analysis tools are unified into code static analysis tools, which not only allows users to use high-precision code static analysis tools, but also realizes the continuous improvement of the running mechanism of code static analysis tools. Effect.

综上所述,根据本发明的技术方案,接收用户提交的代码静态分析结果数据,并进行验证分析;通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中;以及,通过区块链技术,向验证通过的用户的账户分发与其提交的代码静态分析结果数据对应的一定数量的虚拟货币。通过本技术方案,因为可以获得一定数量的虚拟货币,会提高用户提交代码静态分析结果数据的兴趣,另外,根据用户提交的代码静态分析结果数据,得到用户对代码静态分析工具的分析反馈,有利于提供方掌握代码静态分析工具的运行情况以及分析规则的缺陷,进而有利于对代码静态分析工具的优化,通过用户对代码静态分析工具的使用体验。To sum up, according to the technical solution of the present invention, the code static analysis result data submitted by the user is received, and the verification analysis is performed; through the blockchain technology, the verified code static analysis result data is saved to the designated area of the blockchain and, through the blockchain technology, a certain amount of virtual currency corresponding to the code static analysis result data submitted by the verified user is distributed to the account of the verified user. Through this technical solution, since a certain amount of virtual currency can be obtained, the interest of the user in submitting the code static analysis result data will be increased. In addition, according to the code static analysis result data submitted by the user, the user's analysis feedback on the code static analysis tool can be obtained. It is helpful for the provider to grasp the running status of the static code analysis tool and the defects of the analysis rules, which in turn is conducive to the optimization of the static code analysis tool, through the user's experience of using the static code analysis tool.

需要说明的是:It should be noted:

在此提供的算法和显示不与任何特定计算机、虚拟装置或者其它设备固有相关。各种通用装置也可以与基于在此的示教一起使用。根据上面的描述,构造这类装置所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays provided herein are not inherently related to any particular computer, virtual appliance, or other device. Various general-purpose devices can also be used with the teachings based on this. The structure required to construct such a device is apparent from the above description. Furthermore, the present invention is not directed to any particular programming language. It is to be understood that various programming languages may be used to implement the inventions described herein, and that the descriptions of specific languages above are intended to disclose the best mode for carrying out the invention.

在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. It will be understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it is to be understood that in the above description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together into a single embodiment, figure, or its description. This disclosure, however, should not be construed as reflecting an intention that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. The modules or units or components in the embodiments may be combined into one module or unit or component, and further they may be divided into multiple sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method so disclosed may be employed in any combination, unless at least some of such features and/or procedures or elements are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will appreciate that although some of the embodiments described herein include certain features, but not others, included in other embodiments, that combinations of features of different embodiments are intended to be within the scope of the invention within and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的代码静态分析装置、电子设备、计算机可读存储介质中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。Various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all of the code static analysis apparatus, electronic device, and computer-readable storage medium according to the embodiments of the present invention Some or all of the functionality of the component. The present invention can also be implemented as apparatus or apparatus programs (eg, computer programs and computer program products) for performing part or all of the methods described herein. Such a program implementing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such signals may be downloaded from Internet sites, or provided on carrier signals, or in any other form.

例如,图3示出了根据本发明一个实施例的电子设备的结构示意图。该电子设备300传统上包括处理器310和被安排成存储计算机可执行指令(程序代码)的存储器320。存储器320可以是诸如闪存、EEPROM(电可擦除可编程只读存储器)、EPROM、硬盘或者ROM之类的电子存储器。存储器320具有存储用于执行图1所示的以及各实施例中的任何方法步骤的程序代码340的存储空间330。例如,用于程序代码的存储空间330可以包括分别用于实现上面的方法中的各种步骤的各个程序代码340。这些程序代码可以从一个或者多个计算机程序产品中读出或者写入到这一个或者多个计算机程序产品中。这些计算机程序产品包括诸如硬盘,紧致盘(CD)、存储卡或者软盘之类的程序代码载体。这样的计算机程序产品通常为例如图4所述的计算机可读存储介质400。该计算机可读存储介质400可以具有与图3的电子设备中的存储器320类似布置的存储段、存储空间等。程序代码可以例如以适当形式进行压缩。通常,存储单元存储有用于执行根据本发明的方法步骤的程序代码410,即可以由诸如310之类的处理器读取的程序代码,当这些程序代码由电子设备运行时,导致该电子设备执行上面所描述的方法中的各个步骤。For example, FIG. 3 shows a schematic structural diagram of an electronic device according to an embodiment of the present invention. The electronic device 300 conventionally includes a processor 310 and a memory 320 arranged to store computer-executable instructions (program code). The memory 320 may be an electronic memory such as flash memory, EEPROM (Electrically Erasable Programmable Read Only Memory), EPROM, hard disk, or ROM. Memory 320 has storage space 330 for storing program code 340 for performing any of the method steps shown in FIG. 1 and in various embodiments. For example, storage space 330 for program code may include various program codes 340 for implementing various steps in the above methods, respectively. These program codes can be read from or written to one or more computer program products. These computer program products include program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks. Such a computer program product is typically, for example, computer readable storage medium 400 as depicted in FIG. 4 . The computer-readable storage medium 400 may have storage segments, storage spaces, etc. arranged similarly to the memory 320 in the electronic device of FIG. 3 . The program code may, for example, be compressed in a suitable form. Typically, the memory unit stores program code 410 for carrying out the method steps according to the invention, ie program code readable by a processor such as 310, which, when run by an electronic device, causes the electronic device to execute the program code 410 the various steps in the method described above.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-described embodiments illustrate rather than limit the invention, and that alternative embodiments may be devised by those skilled in the art without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several different elements and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. do not denote any order. These words can be interpreted as names.

本发明公开了A1、一种代码静态分析方法,其中,该方法包括:The present invention discloses A1, a code static analysis method, wherein the method includes:

接收用户提交的代码静态分析结果数据,并进行验证分析;Receive the code static analysis result data submitted by the user, and perform verification analysis;

通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中;Through the blockchain technology, the data of the static analysis result of the code that has passed the verification is saved in the designated block of the blockchain;

以及,通过区块链技术,向验证通过的用户的账户分发与其提交的代码静态分析结果数据对应的一定数量的虚拟货币。And, through the blockchain technology, a certain amount of virtual currency corresponding to the code static analysis result data submitted by the verified user is distributed to the account of the verified user.

A2、如A1所述的方法,其中,该方法进一步包括:A2. The method of A1, wherein the method further comprises:

当接收到用户的权限兑换请求时,根据接收到的权限兑换请求中的虚拟货币的指定数量,设定该用户的代码静态分析的使用权限;When receiving the user's permission exchange request, set the usage permission of the user's code static analysis according to the specified amount of virtual currency in the received permission exchange request;

或者,当接收到用户的指定货币兑换请求时,将用户的账户中的指定数量的虚拟货币,兑换成与指定数量的虚拟货币对应的一定数量的指定货币,将兑换的一定数量的指定货币记录在该用户的账户中。Or, when receiving the user's designated currency exchange request, exchange the designated amount of virtual currency in the user's account into a certain amount of designated currency corresponding to the designated amount of virtual currency, and record the exchanged certain amount of designated currency. in the user's account.

A3、如A1所述的方法,其中,所述用户提交的代码静态分析结果数据包括如下的一种或多种:A3. The method of A1, wherein the code static analysis result data submitted by the user includes one or more of the following:

代码样本的分析结果数据;Analysis result data of code samples;

已分析的代码样本数据;Analyzed code sample data;

用于代码静态分析的分析规则代码数据。Analysis rules code data for static analysis of code.

A4、如A1所述的方法,其中,所述区块链的指定区块包括保存用于代码静态分析的分析规则代码的区块、保存代码样本的区块;A4. The method of A1, wherein the designated block of the blockchain includes a block for saving analysis rule codes for static analysis of codes, and a block for saving code samples;

所述将验证通过的代码静态分析结果数据保存至区块链的指定区块中包括:The step of saving the verified code static analysis result data to the specified block of the blockchain includes:

当验证通过的代码静态分析结果数据是已分析的代码样本数据时,将该已分析的代码样本数据作为一条新的数据写入区块链的保存有代码样本的区块中;和/或,When the verified code static analysis result data is the analyzed code sample data, write the analyzed code sample data as a new piece of data into the block where the code sample is stored in the blockchain; and/or,

当验证通过的代码静态分析结果数据是用于代码静态分析的分析规则代码数据,将该用于代码静态分析的分析规则代码数据作为一条新的数据写入区块链的保存用于代码静态分析的分析规则代码的区块中。When the verified code static analysis result data is the analysis rule code data used for code static analysis, the analysis rule code data used for code static analysis is written into the blockchain as a new piece of data and saved for code static analysis in the block of the analysis rule code.

A5、如A4所述的方法,其中,所述区块链的指定区块还包括保存当前代码静态分析的误报率和漏测率;该方法进一步包括:A5. The method according to A4, wherein the designated block of the blockchain further includes saving the false positive rate and the missed detection rate of the static analysis of the current code; the method further includes:

获取所述区块链的指定区块中的代码样本增加后的新的代码静态分析的误报率和漏测率,和/或,获取使用新写入的用于代码静态分析的分析规则代码进行代码静态分析后的新的代码静态分析的误报率和漏测率;Obtain the false positive rate and missed detection rate of the new code static analysis after the code samples in the specified block of the blockchain are added, and/or obtain the newly written analysis rule code for code static analysis The false positive rate and missed detection rate of the new code static analysis after code static analysis;

将获取的新的代码静态分析的误报率和漏测率作为一条新的数据写入所述区块链的保存代码静态分析的误报率和漏测率的区块中。The acquired false positive rate and missed detection rate of the new code static analysis are written as a new piece of data into the block of the blockchain that stores the false positive rate and missed detection rate of the static code analysis.

A6、如A1所述的方法,其中,所述接收用户提交的代码静态分析结果数据,并进行验证分析包括:A6. The method according to A1, wherein the receiving the code static analysis result data submitted by the user and performing the verification analysis include:

将用户提交的代码静态分析结果数据发送至验证人员处,以便所述验证人员验证用户提交的代码静态分析结果数据是否有效;Send the code static analysis result data submitted by the user to the verifier, so that the verifier can verify whether the code static analysis result data submitted by the user is valid;

接收所述验证人员返回的验证结果;receiving the verification result returned by the verification personnel;

当接收到的验证结果是验证通过时,再执行通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中的步骤。When the received verification result is verified, the block chain technology is used to save the static analysis result data of the verified code to the designated block of the block chain.

A7、如A6所述的方法,其中,所述验证结果中还包括所述验证人员的权限信息;该方法进一步包括:A7. The method according to A6, wherein the verification result further includes the authority information of the verification personnel; the method further includes:

根据所述验证人员的权限信息,判断所述验证人员是否有向所述区块链的指定区块中写入数据的权限;According to the authority information of the verifier, determine whether the verifier has the authority to write data into the designated block of the blockchain;

若判断为是,且当接收到的验证结果是验证通过时,再执行通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中的步骤。If it is judged to be yes, and when the received verification result is verified, the block chain technology is used to save the static analysis result data of the verified code to the designated block of the block chain.

A8、如A7所述的方法,其中,所述根据所述验证人员的权限信息,判断所述验证人员是否有向所述区块链的指定区块中写入数据的权限包括:A8. The method according to A7, wherein, according to the authority information of the verifier, judging whether the verifier has the authority to write data into the designated block of the blockchain includes:

利用托管平台github的权限管理技术,设定验证人员的权限。Use the authority management technology of the hosting platform github to set the authority of the verifier.

本发明还公开了B9、一种代码静态分析装置,其中,该装置包括:The invention also discloses B9, a code static analysis device, wherein the device includes:

接收单元,适于接收用户提交的代码静态分析结果数据,并进行验证分析;A receiving unit, adapted to receive the code static analysis result data submitted by the user, and perform verification analysis;

保存单元,适于通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中;The storage unit is suitable for saving the data of the static analysis result of the code that has passed the verification to the designated block of the blockchain through the blockchain technology;

分发单元,适于通过区块链技术,向验证通过的用户的账户分发与其提交的代码静态分析结果数据对应的一定数量的虚拟货币。The distribution unit is suitable for distributing a certain amount of virtual currency corresponding to the code static analysis result data submitted by the verified user's account through the blockchain technology.

B10、如B9所述的装置,其中,该装置进一步包括:B10. The device of B9, wherein the device further comprises:

兑换单元,适于当接收到用户的权限兑换请求时,根据接收到的权限兑换请求中的虚拟货币的指定数量,设定该用户的代码静态分析的使用权限;或者,当接收到用户的指定货币兑换请求时,将用户的账户中的指定数量的虚拟货币,兑换成与指定数量的虚拟货币对应的一定数量的指定货币,将兑换的一定数量的指定货币记录在该用户的账户中。The exchange unit is adapted to, when receiving the authorization exchange request from the user, set the usage authority of the static analysis of the code of the user according to the specified amount of virtual currency in the received authorization exchange request; or, when receiving the user's specification When a currency exchange request is made, the specified amount of virtual currency in the user's account is exchanged into a certain amount of specified currency corresponding to the specified amount of virtual currency, and the exchanged specified amount of specified currency is recorded in the user's account.

B11、如B9所述的装置,其中,所述用户提交的代码静态分析结果数据包括如下的一种或多种:B11. The apparatus according to B9, wherein the code static analysis result data submitted by the user includes one or more of the following:

代码样本的分析结果数据;Analysis result data of code samples;

已分析的代码样本数据;Analyzed code sample data;

用于代码静态分析的分析规则代码数据。Analysis rules code data for static analysis of code.

B12、如B9所述的装置,其中,所述区块链的指定区块包括保存用于代码静态分析的分析规则代码的区块、保存代码样本的区块;B12. The device according to B9, wherein the designated block of the blockchain includes a block for saving analysis rule codes for static analysis of codes, and a block for saving code samples;

所述保存单元,适于当验证通过的代码静态分析结果数据是已分析的代码样本数据时,将该已分析的代码样本数据作为一条新的数据写入区块链的保存有代码样本的区块中;和/或,当验证通过的代码静态分析结果数据是用于代码静态分析的分析规则代码数据,将该用于代码静态分析的分析规则代码数据作为一条新的数据写入区块链的保存用于代码静态分析的分析规则代码的区块中。The storage unit is adapted to write the analyzed code sample data as a new piece of data into the area of the blockchain where the code samples are stored when the code static analysis result data that has passed the verification is the analyzed code sample data. and/or, when the code static analysis result data that has passed the verification is the analysis rule code data used for code static analysis, the analysis rule code data used for code static analysis is written into the blockchain as a new piece of data The block that holds the analysis rule code for static analysis of the code.

B13、如B12所述的装置,其中,所述区块链的指定区块还包括保存当前代码静态分析的误报率和漏测率;B13. The device according to B12, wherein the specified block of the blockchain further includes storing the false positive rate and the missed detection rate of the static analysis of the current code;

所述保存单元,还适于获取所述区块链的指定区块中的代码样本增加后的新的代码静态分析的误报率和漏测率,和/或,获取使用新写入的用于代码静态分析的分析规则代码进行代码静态分析后的新的代码静态分析的误报率和漏测率;将获取的新的代码静态分析的误报率和漏测率作为一条新的数据写入所述区块链的保存代码静态分析的误报率和漏测率的区块中。The storage unit is further adapted to obtain the false positive rate and the missed detection rate of the new code static analysis after the code samples in the designated block of the blockchain are added, and/or obtain the newly written code. Based on the analysis rules of code static analysis, the false positive rate and missed detection rate of the new code static analysis after the code static analysis is performed; the obtained new code static analysis false positive rate and missed detection rate are written as a new piece of data into the block of the blockchain that saves the false positive rate and missed detection rate of the static analysis of the code.

B14、如B9所述的装置,其中,B14. The device of B9, wherein,

所述接收单元,适于将用户提交的代码静态分析结果数据发送至验证人员处,以便所述验证人员验证用户提交的代码静态分析结果数据是否有效;接收所述验证人员返回的验证结果;The receiving unit is adapted to send the code static analysis result data submitted by the user to the verifier, so that the verifier can verify whether the code static analysis result data submitted by the user is valid; and receive the verification result returned by the verifier;

所述保存单元,适于当接收到的验证结果是验证通过时,再执行通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中的步骤。The storage unit is adapted to, when the received verification result is verified, and then execute the step of using the blockchain technology to save the verified code static analysis result data in the designated block of the blockchain.

B15、如B14所述的装置,其中,所述验证结果中还包括所述验证人员的权限信息;B15. The device according to B14, wherein the verification result further includes authority information of the verification personnel;

所述保存单元,适于根据所述验证人员的权限信息,判断所述验证人员是否有向所述区块链的指定区块中写入数据的权限;若判断为是,且当接收到的验证结果是验证通过时,再执行通过区块链技术,将验证通过的代码静态分析结果数据保存至区块链的指定区块中的步骤。The storage unit is adapted to judge whether the verifier has the authority to write data into the designated block of the blockchain according to the authority information of the verifier; The verification result is that when the verification is passed, the block chain technology is used to save the static analysis result data of the code that passed the verification to the designated block of the block chain.

B16、如B15所述的装置,其中,B16. The device of B15, wherein,

所述保存单元,适于利用托管平台github的权限管理技术,设定验证人员的权限。The storage unit is suitable for setting the authority of the verification personnel by using the authority management technology of the hosting platform github.

本发明还公开了C17、一种电子设备,其中,该电子设备包括:The present invention also discloses C17, an electronic device, wherein the electronic device includes:

处理器;以及,processor; and,

被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行根据A1~A8中任一项所述的方法。A memory arranged to store computer-executable instructions which, when executed, cause the processor to perform a method according to any of A1-A8.

本发明还公开了D18、一种计算机可读存储介质,其中,所述计算机可读存储介质存储一个或多个程序,所述一个或多个程序当被处理器执行时,实现A1~A8中任一项所述的方法。The present invention also discloses D18, a computer-readable storage medium, wherein the computer-readable storage medium stores one or more programs, and the one or more programs, when executed by the processor, implement the steps in A1 to A8. The method of any one.

Claims (10)

1, code static analysis method, wherein the method comprises:
receiving code static analysis result data submitted by a user, and performing verification analysis;
through a block chain technology, storing the code static analysis result data passing the verification into a specified block of a block chain;
and distributing a certain amount of virtual currency corresponding to the submitted code static analysis result data to the account of the user passing the verification through the blockchain technology.
2. The method of claim 1, wherein the method further includes:
when an authority exchange request of a user is received, setting the use authority of the code static analysis of the user according to the specified amount of the virtual currency in the received authority exchange request;
alternatively, when a specified currency conversion request from the user is received, the specified amount of virtual currency in the account of the user is converted into specified amounts of currency corresponding to the specified amount of virtual currency, and the converted specified amounts of currency are recorded in the account of the user.
3. The method of claim 1, wherein the user-submitted code static analysis results data comprises or more of:
analysis result data of the code sample;
code sample data that has been analyzed;
analysis rules code data for static analysis of code.
4. The method of claim 1, wherein the designated blocks of the blockchain include a block holding analysis rule codes for static analysis of code, a block holding code samples;
the step of storing the verified code static analysis result data into the designated block of the block chain comprises:
when the verified code static analysis result data is analyzed code sample data, the analyzed code sample data is written as new data in the blocks of the block chain where the code samples are stored, and/or,
when the verified code static analysis result data is analysis rule code data for code static analysis, the analysis rule code data for code static analysis is written as new data in the blocks of the block chain where the analysis rule code for code static analysis is stored.
5. The method of claim 4, wherein the designated blocks of the blockchain further include a false positive rate and a false negative rate that preserve static analysis of the current code, the method further comprising :
acquiring the false alarm rate and the missing detection rate of new code static analysis after the code samples in the appointed blocks of the block chain are increased, and/or acquiring the false alarm rate and the missing detection rate of new code static analysis after the code static analysis is carried out by using the newly written analysis rule codes for code static analysis;
and writing the obtained false alarm rate and the obtained missing detection rate of the new code static analysis into blocks of the block chain, which store the false alarm rate and the missing detection rate of the code static analysis, as pieces of new data.
6. The method of claim 1, wherein the receiving user-submitted code static analysis result data and performing validation analysis comprises:
sending the code static analysis result data submitted by the user to a verifier so that the verifier verifies whether the code static analysis result data submitted by the user is valid;
receiving a verification result returned by the verification personnel;
and when the received verification result is that the verification is passed, executing the step of storing the code static analysis result data which is passed through the verification into the specified block of the block chain by using the block chain technology.
7. The method of claim 6, wherein the verification result further includes authority information of the verified person, and the method further comprises :
judging whether the verifier has the authority to write data into the specified block of the block chain according to the authority information of the verifier;
if the judgment result is yes, and when the received verification result is that the verification is passed, the step of storing the code static analysis result data passed through the block chain technology into the specified block of the block chain is executed.
8, code static analysis device, wherein the device comprises:
the receiving unit is suitable for receiving code static analysis result data submitted by a user and carrying out verification analysis;
the storage unit is suitable for storing the verified code static analysis result data into a specified block of the block chain through a block chain technology;
and the distribution unit is suitable for distributing certain amount of virtual currency corresponding to the submitted code static analysis result data to the account of the authenticated user through the blockchain technology.
An electronic device of the type , wherein the electronic device comprises:
a processor; and the number of the first and second groups,
a memory arranged to store computer executable instructions that when executed cause the processor to perform the method of any of claims 1-7.
10, computer readable storage media, wherein the computer readable storage media stores or more programs, the or more programs when executed by a processor implement the method of any of claims 1-7.
CN201810792456.4A 2018-07-18 2018-07-18 A method and device for static analysis of code Pending CN110737464A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810792456.4A CN110737464A (en) 2018-07-18 2018-07-18 A method and device for static analysis of code

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810792456.4A CN110737464A (en) 2018-07-18 2018-07-18 A method and device for static analysis of code

Publications (1)

Publication Number Publication Date
CN110737464A true CN110737464A (en) 2020-01-31

Family

ID=69234969

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810792456.4A Pending CN110737464A (en) 2018-07-18 2018-07-18 A method and device for static analysis of code

Country Status (1)

Country Link
CN (1) CN110737464A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119226176A (en) * 2024-12-02 2024-12-31 深圳开源互联网安全技术有限公司 Static code testing method, device, equipment, storage medium and product

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070189522A1 (en) * 2006-01-06 2007-08-16 Kartik Raju Apparatuses for encoding, decoding, and authenticating data in cipher block chaining messaging authentication code
CN107516245A (en) * 2017-08-25 2017-12-26 苏州点阵信息科技有限公司 The information processing method of resource content evaluation platform based on block chain technology
CN107678865A (en) * 2017-09-20 2018-02-09 中国银行股份有限公司 The verification method and system of block chain based on transaction packet
CN107862548A (en) * 2017-11-03 2018-03-30 国云科技股份有限公司 A large-scale data sharing method based on blockchain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070189522A1 (en) * 2006-01-06 2007-08-16 Kartik Raju Apparatuses for encoding, decoding, and authenticating data in cipher block chaining messaging authentication code
CN107516245A (en) * 2017-08-25 2017-12-26 苏州点阵信息科技有限公司 The information processing method of resource content evaluation platform based on block chain technology
CN107678865A (en) * 2017-09-20 2018-02-09 中国银行股份有限公司 The verification method and system of block chain based on transaction packet
CN107862548A (en) * 2017-11-03 2018-03-30 国云科技股份有限公司 A large-scale data sharing method based on blockchain

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119226176A (en) * 2024-12-02 2024-12-31 深圳开源互联网安全技术有限公司 Static code testing method, device, equipment, storage medium and product

Similar Documents

Publication Publication Date Title
US20250181574A1 (en) System and method for a hybrid contract execution environment
US11281751B2 (en) Digital asset traceability and assurance using a distributed ledger
US11621973B2 (en) Blockchain cybersecurity audit platform
O'Donoghue et al. Design choices and trade-offs in health care blockchain implementations: systematic review
WO2020057016A1 (en) Blockchain-based insurance claim settlement method, electronic apparatus and storage medium
US20210136122A1 (en) Crowdsourced innovation laboratory and process implementation system
CN109428886A (en) For carrying out the method and system of comment verifying and confidence level scoring via block chain
EP3800601B1 (en) Collaboration hub with blockchain verification
US10078579B1 (en) Metrics-based analysis for testing a service
CN108073394A (en) Code administration method, apparatus, code administration server and storage medium
EP3158440A1 (en) Tenant provisioning for testing a production multi-tenant service
US12242983B2 (en) Distributed ledger based machine-learning model management
CN113612766A (en) Data management device, method, computer equipment and storage medium
KR20230132878A (en) Reduce transaction cancellations in execute-order-verify blockchain models
CN111596956A (en) Block chain-based information processing method and device, electronic device and medium
US20220164729A1 (en) Automated control compliance evidence manager using a secure distributed ledger
CN107277108A (en) Message treatment method, apparatus and system at a kind of node of block chain
CN115550018A (en) Access right authentication method, device, unified authentication system and program product
CN110737464A (en) A method and device for static analysis of code
CN110347607A (en) A kind of data cochain test method
CA3090986C (en) Method and system for overseeing execution of graph-based contracts using hash chains
JP2014182805A (en) Centrally managed and accessed system, method for performing data processing on a plurality of independent servers, and dataset
CN112650663A (en) Code processing method, device, equipment and medium
Wang Optimization of hyperledger fabric consensus mechanism based on node behaviour
Liu et al. A service-oriented framework for quantitative security analysis of software architectures

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200131

RJ01 Rejection of invention patent application after publication