[go: up one dir, main page]

CN115048647A - Safety protection method and device - Google Patents

Safety protection method and device Download PDF

Info

Publication number
CN115048647A
CN115048647A CN202210427319.7A CN202210427319A CN115048647A CN 115048647 A CN115048647 A CN 115048647A CN 202210427319 A CN202210427319 A CN 202210427319A CN 115048647 A CN115048647 A CN 115048647A
Authority
CN
China
Prior art keywords
file
legal
matching
compiled
files
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210427319.7A
Other languages
Chinese (zh)
Inventor
霍辉东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianxin Safety Technology Zhuhai Co Ltd
Qax Technology Group Inc
Original Assignee
Qianxin Safety Technology Zhuhai Co Ltd
Qax Technology Group Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qianxin Safety Technology Zhuhai Co Ltd, Qax Technology Group Inc filed Critical Qianxin Safety Technology Zhuhai Co Ltd
Priority to CN202210427319.7A priority Critical patent/CN115048647A/en
Publication of CN115048647A publication Critical patent/CN115048647A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Alarm Systems (AREA)

Abstract

The embodiment of the invention provides a safety protection method and a safety protection device, wherein the method comprises the following steps: acquiring a file to be compiled read in a compiling process through a first monitoring point; matching the file to be compiled with a legal file included in a white list to obtain a first matching result; and determining whether the file to be compiled is safe or not based on the first matching result. The safety protection method and the safety protection device only allow the known legal files in the white list to be compiled, do not allow the unknown files to be compiled, belong to the protection idea of the white list, and cannot be compiled even if the files to be compiled are uploaded, so that the attack caused by the uploading of the unknown files to be compiled can be avoided, and the safety protection of the network is realized.

Description

安全防护方法及装置Safety protection method and device

技术领域technical field

本发明涉及安全防护技术领域,尤其涉及一种安全防护方法及装置。The present invention relates to the technical field of safety protection, and in particular, to a safety protection method and device.

背景技术Background technique

随着信息技术的不断发展,人类社会的信息化程度越来越高,整个社会对网络信息的依赖程度也越来越高,从而网络安全的重要性也越来越高。目前对网络安全造成威胁的攻击也越来越多,例如,攻击者利用业务系统自身固有的漏洞上传任意文件达到攻击的目的。With the continuous development of information technology, the degree of informatization of human society is getting higher and higher, and the whole society is more and more dependent on network information, so the importance of network security is also higher and higher. At present, there are more and more attacks that threaten network security. For example, attackers use the inherent vulnerabilities of business systems to upload arbitrary files to achieve the purpose of attacks.

相关技术中,通常采用扫描配置基线的防护思路,例如,OpenRASP通过扫描一些常见漏洞的配置基线,辅助修改配置基线中比较危险的配置项,以实现配置项漏洞的修复,从而可以防范任意文件上传,进而达到防护任意文件上传造成的攻击。但这种防护方式只能针对过往出现过的漏洞进行防护,当有新的漏洞出现时无法修改对应的配置文件,从而会导致攻击者利用新的漏洞上传任意文件达到攻击的目的。In related technologies, the protection idea of scanning configuration baselines is usually adopted. For example, OpenRASP scans the configuration baselines of some common vulnerabilities and assists in modifying the more dangerous configuration items in the configuration baselines to repair configuration item vulnerabilities, thereby preventing arbitrary file uploads. , so as to protect against attacks caused by arbitrary file uploads. However, this protection method can only protect against the vulnerabilities that have appeared in the past. When a new vulnerability appears, the corresponding configuration file cannot be modified, which will cause the attacker to use the new vulnerability to upload arbitrary files to achieve the purpose of the attack.

发明内容SUMMARY OF THE INVENTION

针对现有技术中的问题,本发明实施例提供一种安全防护方法及装置。In view of the problems in the prior art, embodiments of the present invention provide a security protection method and device.

具体地,本发明实施例提供了以下技术方案:Specifically, the embodiments of the present invention provide the following technical solutions:

第一方面,本发明实施例提供了一种安全防护方法,包括:In a first aspect, an embodiment of the present invention provides a security protection method, including:

通过第一监控点获取编译过程中读取的待编译文件;Obtain the to-be-compiled file read during the compilation process through the first monitoring point;

将所述待编译文件与白名单包括的合法文件进行匹配,得到第一匹配结果;Matching the to-be-compiled file with the legal files included in the whitelist to obtain a first matching result;

基于所述第一匹配结果确定所述待编译文件是否安全。Whether the to-be-compiled file is safe is determined based on the first matching result.

进一步地,所述将所述待编译文件与白名单包括的合法文件进行匹配,得到第一匹配结果,包括:Further, the described to-be-compiled file is matched with the legal file included in the whitelist to obtain a first matching result, including:

在确定所述白名单包括的合法文件中包含编译过程中读取的所有待编译文件时,确定所述第一匹配结果为匹配成功;When it is determined that the legal files included in the whitelist include all files to be compiled read during the compilation process, determine that the first matching result is a successful match;

在确定所述白名单包括的合法文件中不包含编译过程中读取的所有待编译文件时,确定所述第一匹配结果为匹配失败。When it is determined that the legal files included in the whitelist do not contain all the files to be compiled read during the compilation process, it is determined that the first matching result is a matching failure.

进一步地,所述白名单还包括继承编译规范的合法类文件和所述待编译文件对应的合法编译结果文件;所述合法类文件为所述合法文件中的文件;Further, the whitelist also includes a legal class file that inherits the compilation specification and a legal compilation result file corresponding to the to-be-compiled file; the legal class file is a file in the legal file;

所述方法还包括:The method also includes:

在基于所述第一匹配结果确定所述待编译文件安全的情况下,通过第二监控点获取类加载过程中的待加载文件;In the case that the to-be-compiled file is determined to be safe based on the first matching result, obtain the to-be-loaded file in the class loading process through the second monitoring point;

将所述待加载文件与所述白名单中的合法类文件和合法编译结果文件进行匹配,得到第二匹配结果;Matching the to-be-loaded file with the legal class file and the legal compilation result file in the whitelist to obtain a second matching result;

基于所述第二匹配结果确定所述待加载文件是否安全。Whether the to-be-loaded file is safe is determined based on the second matching result.

进一步地,所述将所述待加载文件与所述白名单中的合法类文件和合法编译结果文件进行匹配,得到第二匹配结果,包括:Further, the described to-be-loaded file is matched with the legal class file and the legal compilation result file in the whitelist to obtain a second matching result, including:

确定所述白名单中的合法类文件的集合和合法编译结果文件的集合的交集;determining the intersection of the set of legal class files in the whitelist and the set of legal compilation result files;

在确定所述交集中包含类加载过程中的所有待加载文件时,确定所述第二匹配结果为匹配成功;When it is determined that all files to be loaded in the class loading process are included in the intersection, it is determined that the second matching result is a successful match;

在确定所述交集中不包含类加载过程中的所有待加载文件时,确定所述第二匹配结果为匹配失败。When it is determined that the intersection set does not contain all the files to be loaded in the class loading process, it is determined that the second matching result is a matching failure.

进一步地,在所述将所述待编译文件与白名单包括的合法文件进行匹配,得到第一匹配结果之前,所述方法还包括:Further, before the to-be-compiled file is matched with the legal file included in the whitelist to obtain a first matching result, the method further includes:

对部署代码进行扫描,得到所述部署代码中的合法文件,并将所述合法文件记录在所述白名单中。Scan the deployment code to obtain legal files in the deployment code, and record the legal files in the whitelist.

进一步地,所述方法还包括:Further, the method also includes:

在所述合法文件中确定继承编译规范的类文件,并将继承编译规范的类文件记录在所述白名单中。A class file inheriting the compilation specification is determined in the legal file, and the class file inheriting the compilation specification is recorded in the white list.

进一步地,在所述将所述待加载文件与所述白名单中的合法类文件和合法编译结果文件进行匹配,得到第二匹配结果之前,所述方法还包括:Further, before the to-be-loaded file is matched with the legal class file and the legal compilation result file in the whitelist to obtain a second matching result, the method further includes:

通过所述第一监控点获取所述待编译文件对应的合法编译结果文件,并将所述合法编译结果文件记录在所述白名单中。Obtain a legal compilation result file corresponding to the to-be-compiled file through the first monitoring point, and record the legal compilation result file in the whitelist.

进一步地,所述基于所述第二匹配结果确定所述待加载文件是否安全,包括:Further, determining whether the to-be-loaded file is safe based on the second matching result includes:

在所述第二匹配结果为匹配失败时,确定所述待加载文件不安全;When the second matching result is that the matching fails, it is determined that the to-be-loaded file is not safe;

在所述第二匹配结果为匹配成功时,确定所述待加载文件安全。When the second matching result is that the matching is successful, it is determined that the file to be loaded is safe.

进一步地,所述基于所述第一匹配结果确定所述待编译文件是否安全,包括:Further, determining whether the to-be-compiled file is safe based on the first matching result includes:

在所述第一匹配结果为匹配失败时,确定所述待编译文件不安全;When the first matching result is a matching failure, it is determined that the to-be-compiled file is not safe;

在所述第一匹配结果为匹配成功时,确定所述待编译文件安全。When the first matching result is that the matching is successful, it is determined that the to-be-compiled file is safe.

第二方面,本发明实施例还提供了一种安全防护装置,包括:In a second aspect, an embodiment of the present invention also provides a safety protection device, including:

第一获取单元,用于通过第一监控点获取编译过程中读取的待编译文件;a first acquisition unit, configured to acquire the to-be-compiled file read during the compilation process through the first monitoring point;

第一匹配单元,用于将所述待编译文件与白名单包括的合法文件进行匹配,得到第一匹配结果;a first matching unit, configured to match the to-be-compiled file with a legal file included in the whitelist to obtain a first matching result;

第一确定单元,用于基于所述第一匹配结果确定所述待编译文件是否安全。A first determining unit, configured to determine whether the to-be-compiled file is safe based on the first matching result.

第三方面,本发明实施例还提供了一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现如第一方面所述安全防护方法的步骤。In a third aspect, an embodiment of the present invention further provides an electronic device, including a memory, a processor, and a computer program stored in the memory and running on the processor, the processor implementing the first program when executing the program The steps of the security protection method described in the aspect.

第四方面,本发明实施例还提供了一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现如第一方面所述安全防护方法的步骤。In a fourth aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of the security protection method described in the first aspect.

第五方面,本发明实施例还提供了一种计算机程序产品,其上存储有可执行指令,该指令被处理器执行时使处理器实现第一方面所述安全防护方法的步骤。In a fifth aspect, an embodiment of the present invention further provides a computer program product that stores executable instructions thereon, and when the instructions are executed by a processor, enables the processor to implement the steps of the security protection method described in the first aspect.

本发明实施例提供的安全防护方法及装置,通过第一监控点获取编译过程中读取的待编译文件,并将待编译文件与白名单中包括的合法文件进行匹配,最后基于第一匹配结果确定待编译文件是否安全。可知,本发明只允许对白名单中已知的合法文件进行编译,不允许对未知待编译文件进行编译,属于白名单的防护思路,即便待编译文件已上传,但无法编译,从而可以避免未知待编译文件上传造成的攻击,实现了对网络的安全防护。In the security protection method and device provided by the embodiments of the present invention, the to-be-compiled file read in the compilation process is acquired through the first monitoring point, the to-be-compiled file is matched with the legal files included in the whitelist, and finally the first matching result is based on Determines whether the file to be compiled is safe. It can be seen that the present invention only allows the compilation of known legal files in the whitelist, and does not allow the compilation of unknown files to be compiled, which belongs to the protection idea of the whitelist. Even if the files to be compiled have been uploaded, they cannot be compiled, thereby avoiding unknown waiting. The attack caused by the upload of compiled files realizes the security protection of the network.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative efforts.

图1是本发明实施例提供的安全防护方法的流程示意图之一;1 is one of the schematic flowcharts of a security protection method provided by an embodiment of the present invention;

图2是本发明实施例提供的安全防护方法的流程示意图之二;2 is a second schematic flowchart of a security protection method provided by an embodiment of the present invention;

图3是本发明实施例提供的安全防护方法的流程示意图之三;3 is a third schematic flowchart of a security protection method provided by an embodiment of the present invention;

图4是本发明实施例提供的安全防护方法的流程示意图之四;4 is a fourth schematic flowchart of a security protection method provided by an embodiment of the present invention;

图5是本发明实施例提供的安全防护方法的流程示意图之五;5 is a fifth schematic flowchart of a security protection method provided by an embodiment of the present invention;

图6是本发明实施例提供的安全防护装置的结构示意图;6 is a schematic structural diagram of a safety protection device provided by an embodiment of the present invention;

图7是本发明实施例提供的电子设备的实体结构示意图。FIG. 7 is a schematic diagram of a physical structure of an electronic device provided by an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments These are some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

图1是本发明实施例提供的安全防护方法的流程示意图之一,如图1所示,该安全防护方法包括以下步骤:FIG. 1 is one of the schematic flow charts of the security protection method provided by the embodiment of the present invention. As shown in FIG. 1 , the security protection method includes the following steps:

步骤101、通过第一监控点获取编译过程中读取的待编译文件。Step 101: Acquire the to-be-compiled file read during the compilation process through the first monitoring point.

示例地,可以通过安全管理器(SecurityManager)或者Java代理(javaagent)等技术在JAVA服务器页面(Java Server Pages,JSP)编译过程设置第一监控点,并在运行至第一监控点时,通过第一监控点获取编译过程中读取的待编译文件,该待编译文件为需要编译的代码文件,待编译文件可以为一个也可以为多个。For example, the first monitoring point can be set during the compilation process of JAVA server pages (Java Server Pages, JSP) through technologies such as a security manager (SecurityManager) or a Java agent (javaagent), and when running to the first monitoring point, the first monitoring point can be set through the first monitoring point. A monitoring point acquires the to-be-compiled file read during the compilation process, the to-be-compiled file is the code file to be compiled, and the to-be-compiled file may be one or multiple.

步骤102、将所述待编译文件与白名单包括的合法文件进行匹配,得到第一匹配结果。Step 102: Match the to-be-compiled file with the legal files included in the whitelist to obtain a first matching result.

其中,合法文件为某个具体项目的部署代码中包括的所有文件,例如,部署代码中的所有类文件、所有需要编译的代码文件、视频文件、图片文件以及与项目相关的其他文件。The legal files are all files included in the deployment code of a specific project, for example, all class files in the deployment code, all code files that need to be compiled, video files, picture files, and other files related to the project.

示例地,在通过第一监控点获取到编译过程中读取的待编译文件时,采用白名单的防护思路对待编译文件的安全性进行分析,即,将待编译文件与预先存储的白名单中的合法文件进行匹配,具体匹配方式为遍历白名单中所有合法文件,以查找所有合法文件的集合中是否包含待编译文件,得到第一匹配结果。For example, when the to-be-compiled file read during the compilation process is obtained through the first monitoring point, the security of the to-be-compiled file is analyzed using the protection idea of a whitelist, that is, the to-be-compiled file is compared with the pre-stored whitelist. The specific matching method is to traverse all legal files in the whitelist to find out whether the set of all legal files contains the files to be compiled, and obtain the first matching result.

需要说明的是,将待编译文件与白名单包括的合法文件进行匹配,可以是将待编译文件的名称或者标识与白名单中的合法文件的名称或者标识进行匹配,本发明对此不作限定。It should be noted that the matching of the to-be-compiled file with the legal files included in the whitelist may be to match the name or identifier of the to-be-compiled file with the name or identifier of the legal file in the whitelist, which is not limited in the present invention.

步骤103、基于所述第一匹配结果确定所述待编译文件是否安全。Step 103: Determine whether the to-be-compiled file is safe based on the first matching result.

具体地,在所述第一匹配结果为匹配失败时,确定所述待编译文件不安全;在所述第一匹配结果为匹配成功时,确定所述待编译文件安全。Specifically, when the first matching result is that the matching fails, it is determined that the to-be-compiled file is not safe; when the first matching result is that the matching is successful, it is determined that the to-be-compiled file is safe.

示例地,在第一匹配结果为匹配失败时,则说明该待编译文件为未知的文件(例如,能够实现攻击的恶意JSP文件),从而可以确定该待编译文件为不安全的文件;在第一匹配结果为匹配成功时,则说明该待编译文件为已知的合法文件,从而可以确定该待编译文件为安全的文件。For example, when the first matching result is that the matching fails, it means that the to-be-compiled file is an unknown file (for example, a malicious JSP file that can implement attacks), so that it can be determined that the to-be-compiled file is an unsafe file; When a matching result is successful, it means that the to-be-compiled file is a known legal file, so it can be determined that the to-be-compiled file is a safe file.

另外,在确定待编译文件为不安全的文件时,可以生成告警信息,并将该告警信息进行存储或者输出,便于用户获知不安全的待编译文件。In addition, when it is determined that the to-be-compiled file is an unsafe file, alarm information can be generated, and the alarm information can be stored or output, so that the user can know the unsafe to-be-compiled file.

本发明实施例提供的安全防护方法,通过第一监控点获取编译过程中读取的待编译文件,并将待编译文件与白名单中包括的合法文件进行匹配,最后基于第一匹配结果确定待编译文件是否安全。可知,本发明只允许对白名单中已知的合法文件进行编译,不允许对未知待编译文件进行编译,属于白名单的防护思路,即便待编译文件已上传,但无法编译,从而可以避免未知待编译文件上传造成的攻击,实现了对网络的安全防护。In the security protection method provided by the embodiment of the present invention, the to-be-compiled file read in the compilation process is acquired through the first monitoring point, the to-be-compiled file is matched with the legal files included in the whitelist, and finally the to-be-compiled file is determined based on the first matching result. Is it safe to compile the file. It can be seen that the present invention only allows the compilation of known legal files in the whitelist, and does not allow the compilation of unknown files to be compiled, which belongs to the protection idea of the whitelist. Even if the files to be compiled have been uploaded, they cannot be compiled, thereby avoiding unknown waiting. The attack caused by the upload of compiled files realizes the security protection of the network.

可选地,图1中的步骤102具体可通过以下方式实现:Optionally, step 102 in FIG. 1 can be specifically implemented in the following manner:

在确定所述白名单包括的合法文件中包含编译过程中读取的所有待编译文件时,确定所述第一匹配结果为匹配成功;When it is determined that the legal files included in the whitelist include all files to be compiled read during the compilation process, determine that the first matching result is a successful match;

在确定所述白名单包括的合法文件中不包含编译过程中读取的所有待编译文件时,确定所述第一匹配结果为匹配失败。When it is determined that the legal files included in the whitelist do not contain all the files to be compiled read during the compilation process, it is determined that the first matching result is a matching failure.

示例地,在通过第一监控点获取到编译过程中读取的待编译文件时,遍历白名单中所有合法文件的集合,查找所有合法文件的集合中是否包含待编译文件,若在所有合法文件的集合中查找到待编译文件,则说明编译过程中读取的待编译文件为合法的,可以确定第一匹配结果为匹配成功。若在所有合法文件的集合中没有查找到待编译文件,则说明编译过程中读取的待编译文件为不合法的,可以确定第一匹配结果为匹配失败。For example, when the to-be-compiled file read in the compilation process is obtained through the first monitoring point, the set of all legal files in the whitelist is traversed to find out whether the set of all legal files contains the to-be-compiled file, if all legal files are If the to-be-compiled file is found in the set of , it means that the to-be-compiled file read during the compilation process is legal, and it can be determined that the first matching result is a successful match. If the to-be-compiled file is not found in the set of all legal files, it means that the to-be-compiled file read during the compilation process is illegal, and it can be determined that the first matching result is a matching failure.

本发明实施例提供的安全防护方法,在确定白名单中所有合法文件的集合中不包含待编译文件时,确定第一匹配结果为匹配失败,避免上传任意文件对网络造成的攻击,实现了对网络的安全防护。In the security protection method provided by the embodiment of the present invention, when it is determined that the set of all legal files in the whitelist does not contain the file to be compiled, the first matching result is determined to be a matching failure, so as to avoid the attack on the network caused by uploading any file, and realize the protection against Network security protection.

可选地,所述白名单还包括继承编译规范的合法类文件和所述待编译文件对应的合法编译结果文件;所述合法类文件为所述合法文件中的文件。Optionally, the whitelist further includes a legal class file that inherits the compilation specification and a legal compilation result file corresponding to the to-be-compiled file; the legal class file is a file in the legal file.

其中,编译规范为事先设定的JSP编译规则,具体编译规范的类型可基于实际需求进行设定;例如,容器Tomcat的编译规范为org.apache.jasper.runtime.HttpJspBase,容器WebLogic的编译规范为weblogic.servlet.jsp.JspBase;继承编译规范的合法类文件是指需要符合该编译规范的类文件;待编译文件对应的合法编译结果文件是指在对待编译文件进行合法编译后得到的文件;例如,待编译文件为某代码文件,合法编译结果文件是指对某代码文件进行合法编译后得到的类(class)文件。The compilation specification is a pre-set JSP compilation rule, and the specific compilation specification type can be set based on actual requirements; for example, the compilation specification of the container Tomcat is org.apache.jasper.runtime.HttpJspBase, and the compilation specification of the container WebLogic is weblogic.servlet.jsp.JspBase; the legal class file that inherits the compilation specification refers to the class file that needs to conform to the compilation specification; the legal compilation result file corresponding to the to-be-compiled file refers to the file obtained after legal compilation of the to-be-compiled file; for example , the file to be compiled is a certain code file, and the legal compilation result file refers to a class file obtained by legally compiling a certain code file.

可选地,图2是本发明提供的安全防护方法的流程示意图之二,如图2所示,在白名单还包括继承编译规范的合法类文件和待编译文件对应的合法编译结果文件的情况下,该安全防护方法还包括以下步骤:Optionally, FIG. 2 is the second schematic flow chart of the security protection method provided by the present invention. As shown in FIG. 2 , the whitelist also includes the legal class file that inherits the compilation specification and the legal compilation result file corresponding to the to-be-compiled file. Next, the security protection method further includes the following steps:

步骤104、在基于所述第一匹配结果确定所述待编译文件安全的情况下,通过第二监控点获取类加载过程中的待加载文件。Step 104: In the case that the to-be-compiled file is determined to be safe based on the first matching result, acquire the to-be-loaded file in the class loading process through the second monitoring point.

示例地,还可以通过SecurityManager或者Java代理等技术在JSP类加载过程设置第二监控点,并在运行至第二监控点时,通过第二监控点获取类加载过程中的待加载文件,该待加载文件为编译结果文件,即为class文件。For example, a second monitoring point can also be set in the JSP class loading process through technologies such as SecurityManager or Java agent, and when running to the second monitoring point, the file to be loaded in the class loading process can be obtained through the second monitoring point. The loaded file is the compilation result file, that is, the class file.

步骤105、将所述待加载文件与所述白名单中的合法类文件和合法编译结果文件进行匹配,得到第二匹配结果。Step 105: Match the to-be-loaded file with the legal class file and the legal compilation result file in the whitelist to obtain a second matching result.

具体地,确定所述白名单中的合法类文件的集合和合法编译结果文件的集合的交集;在确定所述交集中包含类加载过程中的所有待加载文件时,确定所述第二匹配结果为匹配成功;在确定所述交集中不包含类加载过程中的所有待加载文件时,确定所述第二匹配结果为匹配失败。Specifically, determine the intersection of the set of legal class files in the whitelist and the set of legal compilation result files; when it is determined that the intersection set includes all files to be loaded in the class loading process, determine the second matching result The matching is successful; when it is determined that the intersection set does not contain all the files to be loaded in the class loading process, it is determined that the second matching result is a matching failure.

示例地,在通过第二监控点获取到加载过程中的待加载文件时,需要对待加载文件的安全性进行分析,即将待加载文件与预先存储的白名单中的合法类文件和合法编译结果文件进行匹配,具体匹配方式为遍历白名单中所有合法类文件和所有合法编译结果文件,并确定所有合法类文件的集合与所有合法编译结果文件的集合的交集,例如,所有合法类文件的集合中包括文件1、文件2和文件3,所有合法编译结果文件的集合中包括文件2和文件3,则交集中包括的文件为文件2和文件3;在确定交集时,查找交集中是否包含待加载文件,若交集中包含待加载文件,则确定第二匹配结果为匹配成功;若交集中不包含待加载文件,则确定第二匹配结果为匹配失败。For example, when the file to be loaded in the loading process is obtained through the second monitoring point, the security of the file to be loaded needs to be analyzed, that is, the file to be loaded, the legal class file in the pre-stored whitelist and the legal compilation result file. The specific matching method is to traverse all legal class files and all legal compilation result files in the whitelist, and determine the intersection of the set of all legal class files and the set of all legal compilation result files, for example, in the set of all legal class files Including file 1, file 2 and file 3, the set of all legal compilation result files includes file 2 and file 3, then the files included in the intersection are file 2 and file 3; when determining the intersection, check whether the intersection contains files to be loaded. If the file to be loaded is included in the intersection set, it is determined that the second matching result is a successful match; if the file to be loaded is not included in the intersection set, it is determined that the second matching result is a matching failure.

需要说明的是,将待加载文件与白名单包括的合法类文件和合法编译结果文件进行匹配,可以是将待加载文件的名称或者标识与白名单中的合法类文件的名称或者标识、以及合法编译结果文件的名称或者标识进行匹配,本发明对此不作限定。It should be noted that to match the file to be loaded with the legal class file included in the whitelist and the legal compilation result file, it may be to match the name or identifier of the file to be loaded with the name or identifier of the legal class file in the whitelist, and the legal The names or identifiers of the compilation result files are matched, which is not limited in the present invention.

步骤106、基于所述第二匹配结果确定所述待加载文件是否安全。Step 106: Determine whether the file to be loaded is safe based on the second matching result.

具体地,在所述第二匹配结果为匹配失败时,确定所述待加载文件不安全;在所述第二匹配结果为匹配成功时,确定所述待加载文件安全。Specifically, when the second matching result is that the matching fails, it is determined that the file to be loaded is not safe; when the second matching result is that the matching is successful, it is determined that the file to be loaded is safe.

示例地,在第二匹配结果为匹配失败时,则说明该待加载文件为未知的文件(例如,能够实现攻击的恶意文件),从而可以确定该待加载文件为不安全的文件;在第二匹配结果为匹配成功时,则说明该待加载文件为已知的合法文件,从而可以确定该待加载文件为安全的文件。For example, when the second matching result is that the matching fails, it means that the to-be-loaded file is an unknown file (for example, a malicious file that can implement attacks), so that it can be determined that the to-be-loaded file is an unsafe file; in the second When the matching result is that the matching is successful, it means that the file to be loaded is a known legal file, so that it can be determined that the file to be loaded is a safe file.

另外,在确定待加载文件为不安全的文件时,可以生成告警信息,并将该告警信息进行存储或者输出,便于用户获知不安全的待加载文件。In addition, when it is determined that the file to be loaded is an unsafe file, alarm information can be generated, and the alarm information can be stored or output, so that the user can know the unsafe file to be loaded.

本发明实施例提供的安全防护方法,在确定待编译文件安全时,进一步通过第二监控点获取类加载过程中的待加载文件,并将待加载文件与白名单中的合法类文件和合法编译结果文件进行匹配,最后基于第二匹配结果确定待加载文件是否安全。这样能够确保待编译文件和待加载文件的安全性,从而避免了未知待编译文件和未知待加载文件上传对网络造成的攻击,实现了对网络进一步地安全防护。In the security protection method provided by the embodiment of the present invention, when it is determined that the file to be compiled is safe, the file to be loaded in the class loading process is further obtained through the second monitoring point, and the file to be loaded is compared with the legal class file in the whitelist and the legal compilation. The result file is matched, and finally, based on the second matching result, it is determined whether the file to be loaded is safe. In this way, the security of the files to be compiled and the files to be loaded can be ensured, thereby avoiding the attack on the network caused by the uploading of the unknown files to be compiled and the unknown files to be loaded, and realizing further security protection of the network.

图3是本发明实施例提供的安全防护方法的流程示意图之三,如图3所示,该安全防护方法还包括以下步骤:FIG. 3 is a third schematic flow diagram of a security protection method provided by an embodiment of the present invention. As shown in FIG. 3 , the security protection method further includes the following steps:

步骤107、对部署代码进行扫描,得到所述部署代码中的合法文件,并将所述合法文件记录在所述白名单中。Step 107: Scan the deployment code to obtain legal files in the deployment code, and record the legal files in the whitelist.

其中,部署代码可以为某个具体项目的部署代码;白名单中的各个合法文件可以为部署代码中涉及到的所有合法文件。The deployment code may be the deployment code of a specific project; each legal file in the whitelist may be all legal files involved in the deployment code.

示例地,扫描部署代码,分析得到部署代码中的所有类型的文件,将所有类型的文件都作为合法文件记录在白名单中,具体可以将所有类型的文件的名称或者标识记录在白名单中。For example, scan the deployment code, analyze and obtain all types of files in the deployment code, record all types of files as legal files in the whitelist, and specifically record the names or identifiers of all types of files in the whitelist.

需要说明的是,步骤107可以在步骤102之前执行,也可以在步骤101之前执行,本发明对此不作限定。It should be noted that, step 107 may be performed before step 102, or may be performed before step 101, which is not limited in the present invention.

图4是本发明实施例提供的安全防护方法的流程示意图之四,如图4所示,在执行步骤107之后,该安全防护方法还包括以下步骤:FIG. 4 is a fourth schematic flowchart of a security protection method provided by an embodiment of the present invention. As shown in FIG. 4 , after step 107 is performed, the security protection method further includes the following steps:

步骤108、在所述合法文件中确定继承编译规范的类文件,并将继承编译规范的类文件记录在所述白名单中。Step 108: Determine the class file inheriting the compilation specification in the legal file, and record the class file inheriting the compilation specification in the white list.

示例地,在分析得到部署代码中的所有类型的文件时,将所有类型的文件选择继承编译规范的类文件,并将继承编译规范的类文件的名称或者标识记录在白名单中。For example, when all types of files in the deployment code are obtained by analysis, class files inheriting the compilation specification are selected for all types of files, and the names or identifiers of the class files inheriting the compilation specification are recorded in the whitelist.

图5是本发明实施例提供的安全防护方法的流程示意图之五,如图5所示,该安全防护方法还包括以下步骤:FIG. 5 is a fifth schematic flowchart of a security protection method provided by an embodiment of the present invention. As shown in FIG. 5 , the security protection method further includes the following steps:

步骤109、通过所述第一监控点获取所述待编译文件对应的合法编译结果文件,并将所述合法编译结果文件记录在所述白名单中。Step 109: Acquire a legal compilation result file corresponding to the to-be-compiled file through the first monitoring point, and record the legal compilation result file in the whitelist.

示例地,在运行至第一监控点时,还可以获取待编译文件对应的合法编译结果文件,并将所有的合法编译结果文件的名称或者标识记录在白名单中。For example, when running to the first monitoring point, legal compilation result files corresponding to the files to be compiled may also be obtained, and the names or identifiers of all legal compilation result files may be recorded in the whitelist.

需要说明的是,上述步骤109可以在步骤105之前的任一步骤之前执行,本发明对此不作限定。It should be noted that, the above step 109 may be performed before any step before step 105, which is not limited in the present invention.

本发明实施例提供的安全防护方法,在针对任意文件上传造成的攻击的场景下,预先在白名单中记录部署代码中的所有合法文件、所有继承编译规范的类文件和所有合法编译结果文件,便于基于白名单的安全防护思路避免未知待编译文件或未知待加载文件上传对网络的攻击。In the security protection method provided by the embodiment of the present invention, under the scenario of an attack caused by any file upload, all legal files in the deployment code, all class files inheriting the compilation specification, and all legal compilation result files are recorded in the whitelist in advance, It is convenient for the security protection idea based on the whitelist to avoid the attack on the network caused by the upload of unknown files to be compiled or unknown files to be loaded.

图6是本发明实施例提供的安全防护装置的结构示意图,如图6所示,该安全防护装置包括第一获取单元601、第一匹配单元602和第一确定单元603;其中:FIG. 6 is a schematic structural diagram of a safety protection device provided by an embodiment of the present invention. As shown in FIG. 6 , the safety protection device includes a first obtaining unit 601, a first matching unit 602 and a first determining unit 603; wherein:

第一获取单元601,用于通过第一监控点获取编译过程中读取的待编译文件;A first obtaining unit 601, configured to obtain the to-be-compiled file read during the compilation process through the first monitoring point;

第一匹配单元602,用于将所述待编译文件与白名单包括的合法文件进行匹配,得到第一匹配结果;a first matching unit 602, configured to match the to-be-compiled file with a legal file included in the whitelist to obtain a first matching result;

第一确定单元603,用于基于所述第一匹配结果确定所述待编译文件是否安全。A first determining unit 603, configured to determine whether the to-be-compiled file is safe based on the first matching result.

本发明实施例提供的安全防护装置,通过第一监控点获取编译过程中读取的待编译文件,并将待编译文件与白名单中包括的合法文件进行匹配,最后基于第一匹配结果确定待编译文件是否安全。可知,本发明只允许对白名单中已知的合法文件进行编译,不允许对未知待编译文件进行编译,属于白名单的防护思路,即便待编译文件已上传,但无法编译,从而可以避免未知待编译文件上传造成的攻击,实现了对网络的安全防护。The security protection device provided by the embodiment of the present invention acquires the files to be compiled read during the compilation process through the first monitoring point, matches the to-be-compiled files with the legal files included in the whitelist, and finally determines the to-be-compiled files based on the first matching result. Is it safe to compile the file. It can be seen that the present invention only allows the compilation of known legal files in the whitelist, and does not allow the compilation of unknown files to be compiled, which belongs to the protection idea of the whitelist. Even if the files to be compiled have been uploaded, they cannot be compiled, thereby avoiding unknown waiting. The attack caused by the upload of compiled files realizes the security protection of the network.

基于上述任一实施例,所述第一匹配单元602具体用于:Based on any of the foregoing embodiments, the first matching unit 602 is specifically configured to:

在确定所述白名单包括的合法文件中包含编译过程中读取的所有待编译文件时,确定所述第一匹配结果为匹配成功;When it is determined that the legal files included in the whitelist include all files to be compiled read during the compilation process, determine that the first matching result is a successful match;

在确定所述白名单包括的合法文件中不包含编译过程中读取的所有待编译文件时,确定所述第一匹配结果为匹配失败。When it is determined that the legal files included in the whitelist do not contain all the files to be compiled read during the compilation process, it is determined that the first matching result is a matching failure.

基于上述任一实施例,所述白名单还包括继承编译规范的合法类文件和所述待编译文件对应的合法编译结果文件;所述合法类文件为所述合法文件中的文件;所述装置还包括:Based on any of the foregoing embodiments, the whitelist further includes a legal class file that inherits the compilation specification and a legal compilation result file corresponding to the to-be-compiled file; the legal class file is a file in the legal file; the device Also includes:

第二获取单元,用于在基于所述第一匹配结果确定所述待编译文件安全的情况下,通过第二监控点获取类加载过程中的待加载文件;a second acquiring unit, configured to acquire the to-be-loaded file in the class loading process through the second monitoring point under the condition that the to-be-compiled file is determined to be safe based on the first matching result;

第二匹配单元,用于将所述待加载文件与所述白名单中的合法类文件和合法编译结果文件进行匹配,得到第二匹配结果;a second matching unit, configured to match the to-be-loaded file with a legal class file and a legal compilation result file in the whitelist to obtain a second matching result;

第二确定单元,用于基于所述第二匹配结果确定所述待加载文件是否安全。A second determining unit, configured to determine whether the to-be-loaded file is safe based on the second matching result.

基于上述任一实施例,所述第二匹配单元具体用于:Based on any of the foregoing embodiments, the second matching unit is specifically configured to:

确定所述白名单中的合法类文件的集合和合法编译结果文件的集合的交集;determining the intersection of the set of legal class files in the whitelist and the set of legal compilation result files;

在确定所述交集中包含类加载过程中的所有待加载文件时,确定所述第二匹配结果为匹配成功;When it is determined that all files to be loaded in the class loading process are included in the intersection, it is determined that the second matching result is a successful match;

在确定所述交集中不包含类加载过程中的所有待加载文件时,确定所述第二匹配结果为匹配失败。When it is determined that the intersection set does not contain all the files to be loaded in the class loading process, it is determined that the second matching result is a matching failure.

基于上述任一实施例,所述装置还包括:Based on any of the foregoing embodiments, the apparatus further includes:

扫描单元,用于对部署代码进行扫描,得到所述部署代码中的合法文件,并将所述合法文件记录在所述白名单中。A scanning unit, configured to scan the deployment code, obtain legal files in the deployment code, and record the legal files in the whitelist.

基于上述任一实施例,所述装置还包括:Based on any of the foregoing embodiments, the apparatus further includes:

第三确定单元,用于在所述合法文件中确定继承编译规范的类文件,并将继承编译规范的类文件记录在所述白名单中。The third determining unit is configured to determine the class file inheriting the compilation specification in the legal file, and record the class file inheriting the compilation specification in the white list.

基于上述任一实施例,所述装置还包括:Based on any of the foregoing embodiments, the apparatus further includes:

第三获取单元,用于通过所述第一监控点获取所述待编译文件对应的合法编译结果文件,并将所述合法编译结果文件记录在所述白名单中。A third obtaining unit, configured to obtain a legal compilation result file corresponding to the to-be-compiled file through the first monitoring point, and record the legal compilation result file in the white list.

基于上述任一实施例,所述第二确定单元具体用于:Based on any of the foregoing embodiments, the second determining unit is specifically configured to:

在所述第二匹配结果为匹配失败时,确定所述待加载文件不安全;When the second matching result is that the matching fails, it is determined that the to-be-loaded file is not safe;

在所述第二匹配结果为匹配成功时,确定所述待加载文件安全。When the second matching result is that the matching is successful, it is determined that the file to be loaded is safe.

基于上述任一实施例,所述第一确定单元603具体用于:Based on any of the foregoing embodiments, the first determining unit 603 is specifically configured to:

在所述第一匹配结果为匹配失败时,确定所述待编译文件不安全;When the first matching result is a matching failure, it is determined that the to-be-compiled file is not safe;

在所述第一匹配结果为匹配成功时,确定所述待编译文件安全。When the first matching result is that the matching is successful, it is determined that the to-be-compiled file is safe.

图7是本发明实施例提供的电子设备的实体结构示意图,如图7所示,该电子设备可以包括:处理器(processor)710、通信接口(Communicat ions Interface)720、存储器(memory)730和通信总线740,其中,处理器710,通信接口720,存储器730通过通信总线740完成相互间的通信。处理器710可以调用存储器730中的逻辑指令,以执行如下方法:通过第一监控点获取编译过程中读取的待编译文件;FIG. 7 is a schematic diagram of the physical structure of an electronic device provided by an embodiment of the present invention. As shown in FIG. 7 , the electronic device may include: a processor (processor) 710, a communication interface (Communications Interface) 720, a memory (memory) 730 and The communication bus 740, wherein the processor 710, the communication interface 720, and the memory 730 complete the communication with each other through the communication bus 740. The processor 710 can call the logic instruction in the memory 730 to execute the following method: obtain the to-be-compiled file read during the compilation process through the first monitoring point;

将所述待编译文件与白名单包括的合法文件进行匹配,得到第一匹配结果;Matching the to-be-compiled file with the legal files included in the whitelist to obtain a first matching result;

基于所述第一匹配结果确定所述待编译文件是否安全。Whether the to-be-compiled file is safe is determined based on the first matching result.

此外,上述的存储器730中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。In addition, the above-mentioned logic instructions in the memory 730 can be implemented in the form of software functional units and can be stored in a computer-readable storage medium when sold or used as an independent product. Based on this understanding, the technical solution of the present invention can be embodied in the form of a software product in essence, or the part that contributes to the prior art or the part of the technical solution. The computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes .

另一方面,本发明还提供一种计算机程序产品,所述计算机程序产品包括计算机程序,计算机程序可存储在非暂态计算机可读存储介质上,所述计算机程序被处理器执行时,计算机能够执行上述各方法所提供的安全防护方法,该方法包括:通过第一监控点获取编译过程中读取的待编译文件;In another aspect, the present invention also provides a computer program product, the computer program product includes a computer program, the computer program can be stored on a non-transitory computer-readable storage medium, and when the computer program is executed by a processor, the computer can Executing the security protection method provided by the above methods, the method includes: acquiring the to-be-compiled file read during the compilation process through the first monitoring point;

将所述待编译文件与白名单包括的合法文件进行匹配,得到第一匹配结果;Matching the to-be-compiled file with the legal files included in the whitelist to obtain a first matching result;

基于所述第一匹配结果确定所述待编译文件是否安全。Whether the to-be-compiled file is safe is determined based on the first matching result.

又一方面,本发明还提供一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现以执行上述各方法提供的安全防护方法,该方法包括:通过第一监控点获取编译过程中读取的待编译文件;In another aspect, the present invention also provides a non-transitory computer-readable storage medium on which a computer program is stored, the computer program is implemented by a processor to execute the security protection method provided by the above methods, and the method includes: Obtain the to-be-compiled file read during the compilation process through the first monitoring point;

将所述待编译文件与白名单包括的合法文件进行匹配,得到第一匹配结果;Matching the to-be-compiled file with the legal files included in the whitelist to obtain a first matching result;

基于所述第一匹配结果确定所述待编译文件是否安全。Whether the to-be-compiled file is safe is determined based on the first matching result.

以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下,即可以理解并实施。The device embodiments described above are only illustrative, wherein the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in One place, or it can be distributed over multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment. Those of ordinary skill in the art can understand and implement it without creative effort.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on this understanding, the above-mentioned technical solutions can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products can be stored in computer-readable storage media, such as ROM/RAM, magnetic A disc, an optical disc, etc., includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the methods described in various embodiments or some parts of the embodiments.

最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, but not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that it can still be The technical solutions described in the foregoing embodiments are modified, or some technical features thereof are equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (13)

1. A method of safety protection, comprising:
acquiring a file to be compiled read in a compiling process through a first monitoring point;
matching the file to be compiled with a legal file included in a white list to obtain a first matching result;
and determining whether the file to be compiled is safe or not based on the first matching result.
2. The security protection method according to claim 1, wherein the matching the file to be compiled with a legal file included in a white list to obtain a first matching result includes:
when it is determined that the legal files included in the white list include all files to be compiled read in the compiling process, determining that the first matching result is successful in matching;
and when determining that the legal files included in the white list do not contain all the files to be compiled read in the compiling process, determining that the first matching result is matching failure.
3. The security protection method according to claim 1, wherein the white list further includes a legal class file inheriting the compilation specification and a legal compilation result file corresponding to the file to be compiled; the legal class file is a file in the legal file;
the method further comprises the following steps:
under the condition that the safety of the file to be compiled is determined based on the first matching result, the file to be loaded in the class loading process is obtained through a second monitoring point;
matching the file to be loaded with a legal class file and a legal compiling result file in the white list to obtain a second matching result;
and determining whether the file to be loaded is safe or not based on the second matching result.
4. The security protection method according to claim 3, wherein the matching the file to be loaded with the legal class file and the legal compilation result file in the white list to obtain a second matching result includes:
determining the intersection of the set of legal class files in the white list and the set of legal compiling result files;
when determining that the intersection contains all files to be loaded in the class loading process, determining that the second matching result is successful in matching;
and when determining that the intersection does not contain all files to be loaded in the class loading process, determining that the second matching result is matching failure.
5. The security protection method according to any one of claims 1 to 4, wherein before the matching the file to be compiled with the legal file included in the white list to obtain a first matching result, the method further comprises:
and scanning the deployment code to obtain a legal file in the deployment code, and recording the legal file in the white list.
6. The method of safeguarding according to claim 5, further comprising:
and determining a class file inheriting the compiling specification in the legal file, and recording the class file inheriting the compiling specification in the white list.
7. The security protection method according to claim 3, wherein before the matching the file to be loaded with the legal class file and the legal compilation result file in the white list to obtain a second matching result, the method further comprises:
and acquiring a legal compiling result file corresponding to the file to be compiled through the first monitoring point, and recording the legal compiling result file in the white list.
8. The security protection method according to claim 3, wherein the determining whether the file to be loaded is secure based on the second matching result comprises:
when the second matching result is matching failure, determining that the file to be loaded is unsafe;
and when the second matching result is successful matching, determining that the file to be loaded is safe.
9. The security protection method according to claim 1, wherein the determining whether the file to be compiled is secure based on the first matching result comprises:
when the first matching result is matching failure, determining that the file to be compiled is unsafe;
and when the first matching result is that the matching is successful, determining that the file to be compiled is safe.
10. A safety shield apparatus, comprising:
the first acquisition unit is used for acquiring the file to be compiled read in the compiling process through a first monitoring point;
the first matching unit is used for matching the file to be compiled with a legal file included in a white list to obtain a first matching result;
a first determining unit, configured to determine whether the file to be compiled is safe based on the first matching result.
11. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the security method of any of claims 1 to 9 when executing the program.
12. A non-transitory computer-readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the security method of any of claims 1 to 9.
13. A computer program product having executable instructions stored thereon, which when executed by a processor cause the processor to implement a method of safeguarding as claimed in any one of claims 1 to 9.
CN202210427319.7A 2022-04-21 2022-04-21 Safety protection method and device Pending CN115048647A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210427319.7A CN115048647A (en) 2022-04-21 2022-04-21 Safety protection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210427319.7A CN115048647A (en) 2022-04-21 2022-04-21 Safety protection method and device

Publications (1)

Publication Number Publication Date
CN115048647A true CN115048647A (en) 2022-09-13

Family

ID=83157899

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210427319.7A Pending CN115048647A (en) 2022-04-21 2022-04-21 Safety protection method and device

Country Status (1)

Country Link
CN (1) CN115048647A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160188350A1 (en) * 2014-12-27 2016-06-30 Mcafee, Inc. Trusted binary translation
CN108875320A (en) * 2018-07-17 2018-11-23 北京元心科技有限公司 Software security means of defence, device, electronic equipment and computer storage medium
CN114091031A (en) * 2021-10-11 2022-02-25 奇安信科技集团股份有限公司 Class loading protection method and device based on white rules

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160188350A1 (en) * 2014-12-27 2016-06-30 Mcafee, Inc. Trusted binary translation
CN108875320A (en) * 2018-07-17 2018-11-23 北京元心科技有限公司 Software security means of defence, device, electronic equipment and computer storage medium
CN114091031A (en) * 2021-10-11 2022-02-25 奇安信科技集团股份有限公司 Class loading protection method and device based on white rules

Similar Documents

Publication Publication Date Title
US11068585B2 (en) Filesystem action profiling of containers and security enforcement
US20240291868A1 (en) Identifying serverless functions with over-permissive roles
US10719612B2 (en) Static detection of vulnerabilities in base images of software containers
US9953162B2 (en) Rapid malware inspection of mobile applications
JP5802848B2 (en) Computer-implemented method, non-temporary computer-readable medium and computer system for identifying Trojanized applications (apps) for mobile environments
US20190104140A1 (en) System and method of cloud detection, investigation and elimination of targeted attacks
US9442783B2 (en) Methods and systems for providing security for page framing
US20080256634A1 (en) Target data detection in a streaming environment
US10574642B2 (en) Protecting a web server against an unauthorized client application
US12160450B2 (en) Admission control in a containerized computing environment
US10382493B2 (en) Method and system for creating and receiving neutralized data items
US11816213B2 (en) System and method for improved protection against malicious code elements
CN114021123A (en) Construction method, safety inspection method, device and medium of behavior baseline library
CN108600259B (en) Authentication and binding method of equipment, computer storage medium and server
CN115048647A (en) Safety protection method and device
Moriconi et al. Reflections on trusting docker: Invisible malware in continuous integration systems
CN109784037B (en) Document file security protection method and device, storage medium, computer equipment
CN114866532A (en) Method, device, equipment and medium for uploading security check result information of endpoint file
CN111523115B (en) Information determining method, function calling method and electronic device
CN112580038A (en) Anti-virus data processing method, device and equipment
US11580255B2 (en) Security tool for n-tier platforms
CN114978587A (en) Safety protection method and device
CN114896596A (en) Safety protection method and device
CN118862079B (en) Static detection accuracy improvement method based on false alarm feedback, computing device and readable storage medium
CN114491493A (en) Data evidence obtaining method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination