CN114371859A - Application software RASP program updating method, server, electronic device and storage medium - Google Patents
Application software RASP program updating method, server, electronic device and storage medium Download PDFInfo
- Publication number
- CN114371859A CN114371859A CN202111632449.6A CN202111632449A CN114371859A CN 114371859 A CN114371859 A CN 114371859A CN 202111632449 A CN202111632449 A CN 202111632449A CN 114371859 A CN114371859 A CN 114371859A
- Authority
- CN
- China
- Prior art keywords
- rasp
- program
- engine
- application software
- latest version
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 98
- 238000004422 calculation algorithm Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 12
- 238000001514 detection method Methods 0.000 claims description 8
- 238000005096 rolling process Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 7
- 238000004806 packaging method and process Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 239000000523 sample Substances 0.000 description 3
- 238000010295 mobile communication Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 239000000725 suspension Substances 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention discloses an application software RASP program updating method, a server, electronic equipment and a storage medium, and relates to the technical field of application safety. The method comprises the following steps: receiving an RASP program updating instruction issued by a server control end; judging whether to update the RASP program currently running according to the RASP program engine attribute information of the latest version and the RASP program engine attribute information currently running; if yes, obtaining a RASP program engine package of the latest version from the obtaining address; removing the RASP program currently running in the application software, and releasing resources related to the RASP program currently running; inserting the latest version of RASP program engine package into a method of the class of the application software. The invention can complete the service updating of the upgrading, the repairing and the like of the internal RASP program without restarting the application software, thereby avoiding the problem of the service stopping of the application software caused by the updating of the RASP program.
Description
Technical Field
The present invention relates to the field of application security technologies, and in particular, to an update method of an application software RASP program, a server, an electronic device, and a storage medium.
Background
Currently, most of the Application software integrated with the existing RASP (Runtime Application self-protection) needs to be restarted when RASP upgrade or Bug repair update is needed; taking a product applying the OpenRASP plug-in as an example, when the product needs to be upgraded, the RASP program engine needs to be manually upgraded when the application software is restarted next time, so that the application software may have a transient service stop.
Disclosure of Invention
In view of this, embodiments of the present invention provide an updating method for an internal RASP program of application software, a client, an electronic device, and a storage medium, which can complete service updating such as updating and repairing of the internal RASP program without restarting the application software, so as to avoid a problem of application software service stop caused by RASP program updating.
In order to achieve the purpose of the invention, the following technical scheme is adopted:
in a first aspect, an embodiment of the present invention provides an update method for an application RASP program, where the method includes: receiving an RASP program updating instruction issued by a server control end; the update instruction carries RASP program engine attribute information of the latest version maintained on a server control end and an acquisition address; judging whether to update the RASP program currently running according to the RASP program engine attribute information of the latest version and the RASP program engine attribute information currently running; if yes, obtaining a RASP program engine package of the latest version from the obtaining address; removing the RASP program currently running in the application software, and releasing resources related to the RASP program currently running; inserting the latest version of RASP program engine package into a method of the class of the application software.
With reference to the first aspect, in a first implementation manner of the first aspect, the engine attribute information includes: an engine version number; the judging whether to update the currently-operated RASP program according to the attribute information of the RASP program engine of the latest version and the attribute information of the currently-operated RASP program engine comprises the following steps: comparing the RASP program engine version number of the latest version with the RASP program engine version number currently running; and if the latest version number of the RASP program engine is greater than the currently running version number of the RASP program engine, determining to update the currently running RASP program.
With reference to the first aspect or the first implementation manner of the first aspect, in a second implementation manner of the first aspect, the engine attribute information includes: engine version number and engine package information abstract value;
the judging whether to update the currently-operated RASP program according to the attribute information of the RASP program engine of the latest version and the attribute information of the currently-operated RASP program engine comprises the following steps: comparing the latest version of the RASP program engine version number with the currently running RASP program engine version number, and comparing the latest version of the RASP program engine packet information abstract value with the currently running RASP program engine packet information abstract value; and if the version number of the RASP program engine of the latest version is greater than the version number of the RASP program engine currently running, and the information abstract value of the RASP program engine packet of the latest version is consistent with the information abstract value of the RASP program engine packet currently running, determining to update the RASP program currently running.
With reference to the first aspect, the first or second implementation manner of the first aspect, in a third implementation manner of the first aspect, after obtaining the latest version RASP program engine packet from the obtaining address, the method further includes: judging whether the obtained RASP program engine package of the latest version is complete or not; and if the RASP program engine package is complete, updating according to the RASP program engine package of the latest version acquired currently.
With reference to the first aspect, the first, second, or third implementation manner of the first aspect, in a fourth implementation manner of the first aspect, the removing the currently running RASP program in the application software and releasing resources associated with the currently running RASP program includes: removing the self-defined class converter which is registered for the RASP program currently running in the RASP program host running environment; the RASP program host running environment is a virtual execution environment of the application software; traversing the instrumentation classes loaded in the method of inserting the RASP program currently running into the application software in the RASP program running environment, and rolling back all the obtained loaded instrumentation classes to the original class; releasing resources related to the RASP program which is currently running; the associated resources include: the method comprises the steps of inserting a pile point manager, a class loader and occupying the memory space of application software.
With reference to the first aspect, the first, second, third or fourth implementation manner of the first aspect, in a fifth implementation manner of the first aspect, the method for inserting the latest version RASP program engine package into the class of the application software includes: acquiring attribute information of the RASP program engine package of the latest version; the attribute information includes: the name and the starting class of the engine package; acquiring a top parent class loader and/or a system class loader of the current application software according to the engine package name and the starting class; identifying the top-level parent class loader and/or the system class loader, and calling the top-level parent class loader and/or the system class loader to load an engine class for creating the RASP program with the latest version; and creating the RASP program with the latest version through the engine class.
With reference to the first aspect, any one of the first to fifth implementation manners of the first aspect, in a sixth implementation manner of the first aspect, in the method for inserting the latest version RASP program engine package into the class of application software, the method further includes: after creating a latest version RASP program by the engine class, starting the latest version RASP program; acquiring all loaded classes in a host running environment of an RASP program, and judging whether the loaded classes are classes to be inserted into piles or not; and if so, inserting the RASP program of the latest version into the corresponding class.
With reference to the first aspect, any one of the first to sixth implementation manners of the first aspect, in a seventh implementation manner of the first aspect, the latest version RASP program includes an attack detection algorithm, and the attack detection algorithm is configured to detect whether a user request entering an application software processing process is a network security attack.
In a second aspect, an embodiment of the present invention further provides a server, including a host, where the host is installed with application software, and a RASP program is embedded in the application software, and the RASP program is used for executing an update method of any RASP program of the application software in the first aspect in a running process of the application software, so as to automatically update an update.
In a third aspect, an embodiment of the present invention provides an electronic device, including: one or more processors; a memory; the memory stores one or more executable programs, and the one or more processors read the executable program codes stored in the memory to run programs corresponding to the executable program codes, so as to execute the method for updating the RASP program of the application software according to any one of the first aspect.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where one or more programs are stored, and the one or more programs are executable by one or more processors to implement the method for updating the RASP program of the application software according to any one of the first aspects.
The embodiment of the invention provides an updating method of an RASP program of application software, a server, electronic equipment and a storage medium, wherein the updating method comprises the following steps: receiving an RASP program updating instruction issued by a server control end; judging whether to update the RASP program currently running according to the RASP program engine attribute information of the latest version and the RASP program engine attribute information currently running; if yes, obtaining a RASP program engine package of the latest version from the obtaining address; removing the RASP program currently running in the application software, and releasing resources related to the RASP program currently running; inserting the latest version of RASP program engine package into a method of the class of the application software. Through the steps of the method, after an RASP program updating instruction sent by a server control end is received, whether the updating is needed or not can be automatically judged, after the updating is judged to be needed and the RASP program engine package of the latest version is obtained, resources related to the currently running RASP program are released by removing the currently running RASP program in the application software, and the application software can be restored to the state before the ras is deployed, so that the secondary installation updating can be carried out without restarting the application software, the RASP program engine package of the latest version is inserted into the method of the class of the application software, the service updating of the RASP program in the application software is automatically realized, and the problem of application software service stopping caused by the RASP program updating can be avoided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart illustrating an embodiment of a method for updating an RASP program of application software according to the present invention;
FIG. 2 is a flowchart illustrating an updating method of the RASP program according to another embodiment of the present invention;
FIG. 3 is a flowchart illustrating a method for updating the RASP program according to another embodiment of the present invention;
FIG. 4 is a flowchart illustrating a method for updating the RASP program according to another embodiment of the present invention;
FIG. 5 is a flowchart illustrating a method for updating the RASP program according to another embodiment of the present invention;
FIG. 6 is a block diagram illustrating an architecture of a server according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an embodiment of an electronic device of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The method for updating the RASP program of the application software provided by the embodiment of the invention can be applied to servers, such as a file server, a database server, an application program server, a WEB server and the like.
It should be noted that the method may be solidified in a certain manufactured product in the form of software, and when a user uses the product, the method flow of the present application may be reproduced.
FIG. 1 is a flowchart illustrating an embodiment of a method for updating an RASP program of application software according to the present invention; referring to fig. 1, the method for updating the RASP program of the application software may include:
The RASP is called Runtime Application Self-protect, that is, an Application Runtime Self-protection program, which is deployed in Application software and used for protecting against attacks on the Application software.
The server management and control end may be: the server management and control platform is a set of programs for controlling software management and upgrading of different levels of server operation, processing hardware, an operating system, application software and the like, and resource management, performance maintenance and monitoring configuration of the system. An IT administrator may observe the details of the remote system hardware configuration and monitor the usage and performance of critical components such as processors, hard drives, memory. Server management, deployment and software distribution functionality is extended by optional additional products.
The server management and control end maintains basic information of the RASP program, for example, engine attribute information of the RASP program, and an engine packet or an acquisition address of the engine packet.
The RASP procedure is colloquially referred to as RASP probe (RASP Agent).
Establishing heartbeat connection between an RASP probe (RASP Agent) and a server control end, and periodically sending and receiving heartbeat packets sent by the server control end;
when the server management and control end maintains the RASP program of the latest version, sending the RASP program updating instruction of the latest version to the server management and control end together when issuing the heartbeat packet; for example, an upgrade field is added to the heartbeat packet, which may include: RASP probe (RASP program) ID, engine package attribute information, including time of configuration, MD5, name, version, host name, and the like.
Before step 110, engine uploading and maintenance are performed on the cloud control server management platform by maintenance personnel:
when new pile insertion points need to be added or detection algorithms in the RASP program need to be increased, decreased or modified, maintainers upload the RASP program engine package of the latest version developed to a cloud control server management platform; detecting whether the file hash Md5 value of the currently uploaded RASP program engine package is uploaded already; if the engine package is not uploaded, the engine package is stored in a cloud control server management platform; checking whether the uploaded engine package is complete or not through a jarscaner-verify command, or checking whether the engine package is officially packaged or not, and is not modified by an untrusted third party; if the package is complete or officially packed, the package is a credible engine package; reading manifest metadata of an engine package, comprising: the system comprises an engine version, an engine package name, a starting class, a packaging mode, packaging time and Git version control related data, wherein the Git version control related data comprise branch hash, commit, last submitter name, mailbox and the like, the packaging mode, a JDK version and the like; and storing the attribute information of the RASP program engine of the latest version and the md5 into a database to prepare for sending to a server.
120. And judging whether to update the currently operated RASP program according to the RASP program engine attribute information of the latest version and the RASP program engine attribute information currently operated.
As can be seen from the previous latest version RASP program engine maintenance instance, in some embodiments, the engine attribute information may include: the engine version number.
Referring to fig. 2, the determining whether to update the currently running RASP program according to the latest version of RASP program engine attribute information and the currently running RASP program engine attribute information (step 120) includes:
121. comparing the RASP program engine version number of the latest version with the RASP program engine version number currently running;
122. and if the latest version number of the RASP program engine is greater than the currently running version number of the RASP program engine, determining to update the currently running RASP program.
In still other embodiments, the engine attribute information further comprises: an engine package information digest value (Message-digest value), such as an MD5(Message-digest algorithm 5) value.
Referring to fig. 3, the determining whether to update the currently running RASP program according to the latest version of RASP program engine attribute information and the currently running RASP program engine attribute information (step 120) includes:
121', comparing the latest version of RASP program engine version number with the currently running RASP program engine version number, and comparing the latest version of RASP program engine packet information abstract value with the currently running RASP program engine packet information abstract value;
122' if the latest version of RASP program engine version number is greater than the currently running RASP program engine version number and the latest version of RASP program engine packet information digest value is consistent with the currently running RASP program engine packet information digest value, determining to update the currently running RASP program.
130. And if so, acquiring the RASP program engine package of the latest version from the acquisition address.
Referring to fig. 4, as an alternative embodiment, after obtaining the latest version RASP program engine package from the fetch address, the method further comprises: step 135, judging whether the obtained RASP program engine package of the latest version is complete; and step 136, if the program engine package is complete, updating according to the RASP program engine package of the latest version which is currently obtained.
In some embodiments, the engine attribute information includes: an engine package information abstract value and a corresponding first information abstract algorithm; the judging whether the obtained RASP program engine package of the latest version is complete includes:
reading the content of the RASP program engine package of the latest version, and calculating a corresponding message digest value according to the first message digest algorithm; judging whether the calculated information abstract value is consistent with an engine package information abstract value carried in the updating instruction or not; and if the RASP program engine packages are consistent, determining that the RASP program engine package of the latest version acquired currently is complete.
140. And removing the RASP program currently running in the application software, and releasing resources related to the RASP program currently running.
Referring to fig. 5, the removing the RASP program currently running in the application software and releasing resources associated with the RASP program currently running (step 140) includes:
141. removing a custom class Transformer (Transformer) previously registered for a currently running RASP program in a RASP program host running environment; the RASP program host running environment is a virtual execution environment of the application software.
Specifically, a removeTransformer method of instrumentation technology may be used to remove the previously registered custom Transformer.
In JAVA technology, using Instrumentation, developers can build an application-independent Agent (Agent) that monitors and assists programs running on the jvm (JAVA Virtual machine) and even can replace and modify the definition of certain classes.
It is understood that once a Transformer is registered in the instrumentation, it is called each time a class is defined (classloader. defenses) or redefined (instrumentation. redefinesses), so that to implement the update of the RASP program, the previously registered custom Transformer needs to be removed first to release the resource and re-register the corresponding custom Transformer for the new RASP program.
142. Traversing the instrumentation (Hook) classes loaded in the method of inserting the RASP program currently running into the application software in the RASP program running environment, and rolling back all the obtained loaded instrumentation classes to the original class.
In this embodiment, by traversing all the hook classes, the translation classes of the instrumentation technique can be used to roll back to the original class.
143. Releasing resources related to the RASP program which is currently running; the associated resources include: the method comprises the steps of inserting a pile point manager, a class loader and occupying the memory space of application software.
Through the steps of the method, resources of the original RASP program engine, such as a hook point manager, a ClassLoader (class loader) for loading, occupation of memory space of application software and the like, are released and restored to the original state before the RASP program is not deployed, and the RASP program engine can be updated thermally without restarting the application software, so that the problem of service suspension of the application software caused by restarting can be avoided.
150. Inserting the latest version of RASP program engine package into a method of the class of the application software.
In the Java programming language, Class (Class) is an Object Oriented (OOP) tool in the Java programming language, which is a blueprint or template for creating homogeneous objects. In the Java programming language, there may be multiple classes in a program, there may be multiple methods (sometimes called functions) in a class, and the methods (methods) define the actions that an object of a class can perform; however, only one class requires a main method, which is an entry point of an application program, and it is known from the technical idea of the present invention that the RASP program can be inserted into any method of any class of application software.
In some embodiments, the method of inserting the latest version of RASP program engine package into the class of application software (step 150) comprises: acquiring attribute information of the RASP program engine package of the latest version; the attribute information includes: package name of engine and starting class.
The method can also comprise the following steps: the engine version, the packaging method, the packaging time, the Git version control related data, the JDK version, etc. listed above.
In this embodiment, after an engine package (engine file) is loaded, metadata (Manifest) in the engine file may be read, and basic attribute information such as a package name and a start class of the engine may be acquired.
And acquiring a top parent class loader and/or a system class loader of the current application software according to the engine package name and the starting class.
According to the characteristics of JVM parent delegation, in this embodiment, wider compatibility can be provided for class loading by acquiring a top parent class loader and/or acquiring a system class loader (systemlessloader) of current application software.
Identifying the top-level parent class loader and/or the system class loader, and calling the top-level parent class loader and/or the system class loader to load an engine class for creating the RASP program with the latest version; and creating the RASP program with the latest version through the engine class.
Custom loaders by using the class loader or its wrapper as described above, such as: URLClassLoader), the load engine, may create the latest version RASP engine instance in the class-provided blueprint or template.
Further, the method for inserting the latest version RASP program engine package into the class of the application software (step 150) further includes: after creating a latest version RASP program by the engine class, starting the latest version RASP program;
during the starting process, an engine is initialized firstly, including the initialization of version information, logs and detection algorithms in an engine package, and a converter of class byte codes is initialized through an addTransformer method of an initialization technology.
Acquiring all loaded classes in a host running environment of an RASP program, and judging whether the loaded classes are classes to be inserted into piles or not; and if so, inserting the RASP program of the latest version into the corresponding class.
The RASP program host operating environment is a virtual execution environment of application software, such as jvm (java virtual machine); all loaded classes in the current JVM are obtained by the getallloadclasses method of instrumentation technology (instrumentation technology framework).
In this embodiment, all loaded classes in the JVM may be traversed through a traversal algorithm, and when it is determined that the loaded classes need to be instrumented (hook), a retransmission method of instrumentation technology is invoked, and the most recent version RASP program is inserted in a corresponding class.
In some embodiments, the latest version RASP program includes an attack detection algorithm for detecting whether a user request entering an application software processing process is a network security attack.
In this embodiment, the RASP program including the security detection algorithm code may be inserted into an entrance and an exit of the key method, for example, the Main function, so as to implement real-time self-protection for the application software and improve the operation security of the application software and the host server.
According to the method for updating the RASP program of the application software provided by the embodiment of the invention, through the steps 110 to 150, after receiving the RASP program updating instruction issued by the server control end, whether the RASP program needs to be updated or not can be automatically judged, and after the RASP program needs to be updated and the RASP program engine package of the latest version is obtained, the RASP program currently running in the application software is removed, so that the resources related to the RASP program currently running are released, and the application software can be restored to the state before the ras is deployed.
Example two
Fig. 6 is a schematic block diagram of an architecture of a server according to an embodiment of the present invention, please refer to fig. 6, which includes a host, on which application software is installed, a RASP program is embedded in the application software, and the RASP program is used to execute an update method of the RASP program of the application software according to an embodiment in a running process of the application software, so as to automatically update an update.
The server of this embodiment may be configured to execute the technical solution of the method embodiment shown in fig. 1, and the implementation principle and the technical effect of the server of this embodiment are similar to those of the embodiment, and are not described herein again, and may refer to each other.
EXAMPLE III
A further embodiment of the present invention provides an electronic device, including one or more processors; a memory; the memory stores one or more executable programs, and the one or more processors read the executable program codes stored in the memory to run programs corresponding to the executable program codes so as to execute the method of any one of the embodiments.
Fig. 7 is a schematic structural diagram of an embodiment of an electronic device according to the present invention, which may implement the method according to any one of the embodiments of the present invention, as shown in fig. 7, as an alternative embodiment, the electronic device may include: the device comprises a shell 41, a processor 42, a memory 43, a circuit board 44 and a power circuit 45, wherein the circuit board 44 is arranged inside a space enclosed by the shell 41, and the processor 42 and the memory 43 are arranged on the circuit board 44; a power supply circuit 45 for supplying power to each circuit or device of the electronic apparatus; the memory 43 is used for storing executable program code; the processor 42 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 43, and is configured to execute the update method of the RASP program of the application software according to any one of the embodiments.
For the specific execution process of the above steps by the processor 42 and the steps further executed by the processor 42 by running the executable program code, reference may be made to the description of the first embodiment of the update method for the RASP program of the application software of the present invention, which is not described herein again.
The electronic device exists in a variety of forms, including but not limited to: (1) a mobile communication device: such devices are characterized by mobile communications capabilities and are primarily targeted at providing voice, data communications. Such terminals include: smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others. (2) Ultra mobile personal computer device: the equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such terminals include: PDA, MID, and UMPC devices, etc., such as ipads. (3) A portable entertainment device: such devices can display and play multimedia content. This type of device comprises: audio and video playing modules (such as an iPod), handheld game consoles, electronic books, and intelligent toys and portable car navigation devices. (4) A server: the device for providing the computing service comprises a processor, a hard disk, a memory, a system bus and the like, and the server is similar to a general computer architecture, but has higher requirements on processing capacity, stability, reliability, safety, expandability, manageability and the like because of the need of providing high-reliability service. (5) And other electronic equipment with data interaction function.
A further embodiment of the present invention provides a computer-readable storage medium, which stores one or more programs that are executable by one or more processors to implement the method for updating the RASP program of the application software according to any one of the foregoing embodiments.
In summary, it can be known from the descriptions of the above embodiments that the method for updating the RASP program of the application software disclosed in this embodiment can inject the RASP probe program into the application software without restarting the application software, so as to implement hot upgrade updating of the original RASP probe program, thereby avoiding the problem of application software service stopping caused by RASP program updating.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments.
For convenience of description, the above devices are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations of the invention.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may also be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (11)
1. An updating method of an RASP program of application software, which is characterized by comprising the following steps:
receiving an RASP program updating instruction issued by a server control end; the update instruction carries RASP program engine attribute information of the latest version maintained on a server control end and an acquisition address;
judging whether to update the RASP program currently running according to the RASP program engine attribute information of the latest version and the RASP program engine attribute information currently running;
if yes, obtaining a RASP program engine package of the latest version from the obtaining address;
removing the RASP program currently running in the application software, and releasing resources related to the RASP program currently running;
inserting the latest version of RASP program engine package into a method of the class of the application software.
2. The method for updating an application software RASP program according to claim 1, wherein the engine attribute information includes: an engine version number;
the judging whether to update the currently-operated RASP program according to the attribute information of the RASP program engine of the latest version and the attribute information of the currently-operated RASP program engine comprises the following steps:
comparing the RASP program engine version number of the latest version with the RASP program engine version number currently running;
and if the latest version number of the RASP program engine is greater than the currently running version number of the RASP program engine, determining to update the currently running RASP program.
3. The method for updating an application software RASP program according to claim 1, wherein the engine attribute information includes: engine version number and engine package information abstract value;
the judging whether to update the currently-operated RASP program according to the attribute information of the RASP program engine of the latest version and the attribute information of the currently-operated RASP program engine comprises the following steps:
comparing the latest version of the RASP program engine version number with the currently running RASP program engine version number, and comparing the latest version of the RASP program engine packet information abstract value with the currently running RASP program engine packet information abstract value;
and if the version number of the RASP program engine of the latest version is greater than the version number of the RASP program engine currently running, and the information abstract value of the RASP program engine packet of the latest version is consistent with the information abstract value of the RASP program engine packet currently running, determining to update the RASP program currently running.
4. The method for updating RASP program application according to claim 3, wherein after obtaining the latest RASP program engine package from the obtaining address, the method further comprises: judging whether the obtained RASP program engine package of the latest version is complete or not;
and if the RASP program engine package is complete, updating according to the RASP program engine package of the latest version acquired currently.
5. The method for updating RASP programs in application software according to claim 1, wherein the removing the RASP program currently running in the application software and releasing resources associated with the RASP program currently running comprises:
removing the self-defined class converter which is registered for the RASP program currently running in the RASP program host running environment; the RASP program host running environment is a virtual execution environment of the application software;
traversing the instrumentation classes loaded in the method of inserting the RASP program currently running into the application software in the RASP program running environment, and rolling back all the obtained loaded instrumentation classes to the original class;
releasing resources related to the RASP program which is currently running; the associated resources include: the method comprises the steps of inserting a pile point manager, a class loader and occupying the memory space of application software.
6. The method for updating RASP programs as claimed in claim 5, wherein the step of inserting the latest RASP program engine package into the class of the application software comprises:
acquiring attribute information of the RASP program engine package of the latest version; the attribute information includes: the name and the starting class of the engine package;
acquiring a top parent class loader and/or a system class loader of the current application software according to the engine package name and the starting class;
identifying the top-level parent class loader and/or the system class loader, and calling the top-level parent class loader and/or the system class loader to load an engine class for creating the RASP program with the latest version;
and creating the RASP program with the latest version through the engine class.
7. The method for updating RASP programs as claimed in claim 6, wherein the method for inserting the latest version RASP program engine package into the class of the application software further comprises: after creating a latest version RASP program by the engine class, starting the latest version RASP program;
acquiring all loaded classes in a host running environment of an RASP program, and judging whether the loaded classes are classes to be inserted into piles or not;
and if so, inserting the RASP program of the latest version into the corresponding class.
8. The method for updating an application software RASP program according to claim 7, wherein the most recent RASP program includes an attack detection algorithm, and the attack detection algorithm is configured to detect whether a user request entering the application software processing procedure is a network security attack.
9. A server, characterized by comprising a host, wherein application software is installed on the host, a RASP program is embedded in the application software, and the RASP program is used for executing the update method of the RASP program of the application software according to any one of claims 1 to 8 during the running process of the application software, so as to automatically upgrade and update.
10. An electronic device, comprising: one or more processors; a memory; the memory stores one or more executable programs, and the one or more processors read the executable program codes stored in the memory and execute programs corresponding to the executable program codes so as to execute the method of any one of claims 1 to 8.
11. A computer readable storage medium, characterized in that the computer readable storage medium stores one or more programs which are executable by one or more processors to implement the method of any of the preceding claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111632449.6A CN114371859A (en) | 2021-12-28 | 2021-12-28 | Application software RASP program updating method, server, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111632449.6A CN114371859A (en) | 2021-12-28 | 2021-12-28 | Application software RASP program updating method, server, electronic device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114371859A true CN114371859A (en) | 2022-04-19 |
Family
ID=81141469
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111632449.6A Pending CN114371859A (en) | 2021-12-28 | 2021-12-28 | Application software RASP program updating method, server, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114371859A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116484360A (en) * | 2023-06-25 | 2023-07-25 | 北京安天网络安全技术有限公司 | RASP-based injection method, RASP-based injection device, RASP-based injection medium and RASP-based injection equipment |
| WO2024001403A1 (en) * | 2022-06-27 | 2024-01-04 | 华为云计算技术有限公司 | Application update method, apparatus and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109194606A (en) * | 2018-07-05 | 2019-01-11 | 百度在线网络技术(北京)有限公司 | Attack detection system, method, computer equipment and storage medium |
| CN112328283A (en) * | 2020-11-12 | 2021-02-05 | 北京字节跳动网络技术有限公司 | Application program updating method, device, equipment and medium |
-
2021
- 2021-12-28 CN CN202111632449.6A patent/CN114371859A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109194606A (en) * | 2018-07-05 | 2019-01-11 | 百度在线网络技术(北京)有限公司 | Attack detection system, method, computer equipment and storage medium |
| CN112328283A (en) * | 2020-11-12 | 2021-02-05 | 北京字节跳动网络技术有限公司 | Application program updating method, device, equipment and medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024001403A1 (en) * | 2022-06-27 | 2024-01-04 | 华为云计算技术有限公司 | Application update method, apparatus and system |
| CN116484360A (en) * | 2023-06-25 | 2023-07-25 | 北京安天网络安全技术有限公司 | RASP-based injection method, RASP-based injection device, RASP-based injection medium and RASP-based injection equipment |
| CN116484360B (en) * | 2023-06-25 | 2023-09-08 | 北京安天网络安全技术有限公司 | RASP-based injection method, RASP-based injection device, RASP-based injection medium and RASP-based injection equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107346252B (en) | Application updating method and device | |
| CN105786538B (en) | software upgrading method and device based on android system | |
| CN109194606B (en) | Attack detection system, method, computer device and storage medium | |
| CN103379481B (en) | Method for achieving safety protection | |
| CN102760068B (en) | Loading method of Active X plugin and device | |
| CN112861191B (en) | Application program monitoring method and device | |
| CN114371859A (en) | Application software RASP program updating method, server, electronic device and storage medium | |
| CN113391874B (en) | Virtual machine detection countermeasure method and device, electronic equipment and storage medium | |
| CN106203092B (en) | Method and device for intercepting shutdown of malicious program and electronic equipment | |
| CN111880987A (en) | Dynamic monitoring method and device of application program, storage medium and electronic device | |
| CN110765394B (en) | Method and device for loading so files, storage medium and terminal equipment | |
| CN107220074A (en) | To the access of supporting layer software function, upgrade method and device | |
| CN111552524A (en) | Plug-in loading method and device and computer readable storage medium | |
| CN112181487B (en) | Software compatibility processing method and device, electronic equipment and storage medium | |
| CN108958785B (en) | Application program upgrading method and device | |
| CN111967022A (en) | Security vulnerability repairing method and device | |
| US20240281234A1 (en) | Method, apparatus, electronic device and storage medium for installing applications across systems | |
| CN113760339A (en) | Vulnerability repair method and device | |
| CN111241540A (en) | Service processing method and device | |
| CN113312073B (en) | Installation package file processing method and related device | |
| CN115809120A (en) | Attack simulation detection method, system, medium and electronic device for Docker container | |
| CN113064601B (en) | Method, device, terminal and storage medium for determining dynamic loading file | |
| CN113157543A (en) | Credibility measuring method and device, server and computer readable storage medium | |
| CN114721709A (en) | Program package generation method, device, storage medium and computer equipment | |
| CN113779576A (en) | Identification method and device for executable file infected virus and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |