技术领域technical field
本发明涉及信息安全技术领域,特别是一种漏洞修复方法及装置。The invention relates to the technical field of information security, in particular to a vulnerability repair method and device.
背景技术Background technique
在win10中,微软引入了新的windows更新发布机制,即不再使用过去的分散独立安装包的形式,而是改用每月一个大累计更新包的形式。这种形式解决了系统更新碎片化严重的问题,使得系统更新过程更加简单。但也存在一些问题,例如,累计更新包体积比较大(如win10x64累计更新已超过1G),包含了大而全的更新信息,而这些信息对于具体某个用户终端来说,并非都是必须的,对具体的某个用户终端来说,累计更新包中存在很多无用信息,这会造成不必要的流量浪费。In win10, Microsoft introduced a new windows update release mechanism, that is, instead of using the previous form of scattered independent installation packages, it will instead use the form of a large cumulative update package per month. This form solves the serious problem of system update fragmentation and makes the system update process easier. But there are also some problems. For example, the cumulative update package is relatively large (for example, the cumulative update of win10x64 has exceeded 1G), which contains large and complete update information, and these information are not necessary for a specific user terminal. , for a specific user terminal, there is a lot of useless information in the cumulative update package, which will cause unnecessary traffic waste.
发明内容Contents of the invention
鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的漏洞修复方法及相应的装置。In view of the above problems, the present invention is proposed to provide a vulnerability repair method and a corresponding device that overcome the above problems or at least partially solve the above problems.
依据本发明的一方面,提供了一种漏洞修复方法,包括:According to one aspect of the present invention, a method for repairing a vulnerability is provided, including:
加载与本地系统平台匹配的包含一个或多个更新补丁的扫描库;Load a scan library containing one or more update patches matching the local system platform;
利用加载的所述扫描库按照扫描规则对本地漏洞进行扫描,得到待安装的补丁,并确定所述待安装的补丁对应的、且本地系统中未存在的多个更新文件的标识;Using the loaded scanning library to scan the local vulnerabilities according to the scanning rules, obtain the patch to be installed, and determine the identifiers of a plurality of update files corresponding to the patch to be installed and not existing in the local system;
利用所述多个更新文件的标识从文件服务器处获取所述多个更新文件,进而利用所述多个更新文件对本地漏洞进行修复。The identifiers of the multiple update files are used to obtain the multiple update files from the file server, and then the local vulnerabilities are repaired by using the multiple update files.
可选地,加载与本地系统平台匹配的包含一个或多个更新补丁的扫描库,包括:Optionally, load a scan library containing one or more updated patches matching the local system platform, including:
获取本地系统的扫描库以及外部的数据发布服务器通过指定通道下发的与本地系统平台匹配的包含一个或多个更新补丁的扫描库;Obtain the scanning library of the local system and the scanning library containing one or more update patches that match the platform of the local system issued by the external data publishing server through the specified channel;
加载获取的所述扫描库。Load the acquired scan library.
可选地,所述文件服务器包括多个内容分发网络CDN结点和KV服务器,各CDN结点同步有各补丁对应的更新文件;所述KV服务器建立有更新文件的标识和地址信息的索引。Optionally, the file server includes a plurality of content distribution network CDN nodes and KV servers, each CDN node synchronously has update files corresponding to each patch; and the KV server establishes an index of identification and address information of update files.
可选地,所述扫描库中记录有各补丁对应的更新文件的标识,确定所述待安装的补丁对应的、且本地系统中未存在的多个更新文件的标识,包括:Optionally, the scan database records the identifiers of the update files corresponding to the patches, and determining the identifiers of multiple update files corresponding to the patches to be installed and not existing in the local system includes:
根据所述扫描库中记录的各补丁对应的更新文件的标识,确定所述待安装的补丁对应的备选更新文件的标识;According to the identification of the update file corresponding to each patch recorded in the scanning library, determine the identification of the candidate update file corresponding to the patch to be installed;
根据所述备选更新文件的标识,判断本地系统上是否已经存在该备选更新文件;According to the identification of the candidate update file, determine whether the candidate update file already exists on the local system;
若否,则将该备选更新文件的标识写入差量文件清单中,并将所述差量文件清单中文件的标识作为所述多个更新文件的标识;If not, write the identification of the alternative update file into the difference file list, and use the identification of the file in the difference file list as the identification of the plurality of update files;
若是,则将本地系统上的该备选更新文件复制到临时安装目录。If so, copy the candidate update file on the local system to a temporary installation directory.
可选地,各CDN结点还同步有各补丁对应的更新包,所述更新包中包含多个更新文件的标识,所述KV服务器还建立有更新包的标识和地址信息的索引。Optionally, each CDN node also synchronizes an update package corresponding to each patch, and the update package includes a plurality of update file identifiers, and the KV server also establishes an index of update package identifiers and address information.
可选地,所述扫描库中记录有各补丁对应的更新包的标识,确定所述待安装的补丁对应的、且本地系统中未存在的多个更新文件的标识,包括:Optionally, the scan library records the identifiers of the update packages corresponding to the patches, and determining the identifiers of multiple update files corresponding to the patches to be installed and not existing in the local system includes:
根据所述扫描库中记录的各补丁对应的更新包的标识,确定所述待安装的补丁对应的目标更新包的标识;Determine the identifier of the target update package corresponding to the patch to be installed according to the identifier of the update package corresponding to each patch recorded in the scanning library;
利用所述目标更新包的标识从所述KV服务器处获取所述目标更新包的地址信息;Obtaining the address information of the target update package from the KV server by using the identifier of the target update package;
利用所述目标更新包的地址信息从相应的CDN结点处下载得到所述目标更新包;downloading the target update package from a corresponding CDN node by using the address information of the target update package;
解压所述目标更新包确定所述多个更新文件的标识。and decompressing the target update package to determine identifiers of the plurality of update files.
可选地,解压所述目标更新包确定所述多个更新文件的标识,包括:Optionally, decompressing the target update package to determine the identifiers of the plurality of update files includes:
解压所述目标更新包得到备选更新文件的标识;Decompressing the target update package to obtain the identification of the alternative update file;
根据所述备选更新文件的标识,判断本地系统上是否已经存在该备选更新文件;According to the identification of the candidate update file, determine whether the candidate update file already exists on the local system;
若否,则将该备选更新文件的标识写入差量文件清单中,并将所述差量文件清单中文件的标识作为所述多个更新文件的标识;If not, write the identification of the alternative update file into the difference file list, and use the identification of the file in the difference file list as the identification of the plurality of update files;
若是,则将本地系统上的该备选更新文件复制到临时安装目录。If so, copy the candidate update file on the local system to a temporary installation directory.
可选地,利用所述多个更新文件的标识从文件服务器处获取所述多个更新文件,包括:Optionally, acquiring the multiple update files from the file server by using the identifiers of the multiple update files includes:
利用所述多个更新文件的标识从所述KV服务器处获取所述多个更新文件的地址信息;Obtain address information of the plurality of update files from the KV server by using the identifiers of the plurality of update files;
利用所述多个更新文件的地址信息从相应的CDN结点处下载得到所述多个更新文件。The multiple update files are downloaded from corresponding CDN nodes by using the address information of the multiple update files.
可选地,利用所述多个更新文件对本地漏洞进行修复,包括:Optionally, using the plurality of update files to repair local vulnerabilities includes:
将下载得到的所述多个更新文件复制到所述临时安装目录;copying the downloaded update files to the temporary installation directory;
安装所述临时安装目录中的文件,以对本地漏洞进行修复。Install files in the temporary installation directory to fix local vulnerabilities.
可选地,所述索引中还包括下列至少之一的索引信息:Optionally, the index further includes at least one of the following index information:
更新文件的摘要信息、大小、发布时间、校验信息。Update the summary information, size, release time, and verification information of the file.
可选地,将下载得到的所述多个更新文件复制到所述临时安装目录,包括:Optionally, copy the downloaded update files to the temporary installation directory, including:
利用所述多个更新文件的标识,从所述KV服务器处获取所述多个更新文件的包含更新文件的校验信息的索引信息;Using the identifiers of the plurality of update files, acquiring index information of the plurality of update files including verification information of the update files from the KV server;
利用所述校验信息对下载得到所述多个更新文件进行校验,在校验通过后,将所述多个更新文件复制到所述临时安装目录。The downloaded update files are verified by using the verification information, and after the verification is passed, the plurality of update files are copied to the temporary installation directory.
可选地,利用加载的所述扫描库按照扫描规则对本地漏洞进行扫描,得到待安装的补丁,包括:Optionally, use the loaded scanning library to scan local vulnerabilities according to scanning rules to obtain patches to be installed, including:
利用加载的所述扫描库按照扫描规则对本地漏洞进行扫描,得到本地系统上未安装的补丁的扫描结果集;Using the loaded scanning library to scan the local vulnerabilities according to the scanning rules, and obtain the scanning result set of the patches not installed on the local system;
从所述扫描结果集中选取待安装的补丁。A patch to be installed is selected from the scan result set.
可选地,利用加载的所述扫描库按照扫描规则对本地漏洞进行扫描,得到本地系统上未安装的补丁的扫描结果集,包括:Optionally, the loaded scanning library is used to scan local vulnerabilities according to scanning rules to obtain a scanning result set of patches not installed on the local system, including:
枚举加载的所述扫描库中所有的补丁,得到更新列表;Enumerate all the patches in the loaded scanning library to obtain an update list;
遍历所述更新列表,判断各补丁是否已经安装在本地系统上,若否,则将该补丁添加到所述扫描结果集中。Traverse the update list to determine whether each patch has been installed on the local system, and if not, add the patch to the scan result set.
依据本发明的另一方面,还提供了一种漏洞修复装置,包括:According to another aspect of the present invention, a vulnerability repairing device is also provided, including:
加载模块,适于加载与本地系统平台匹配的包含一个或多个更新补丁的扫描库;A loading module adapted to load a scanning library that matches the local system platform and contains one or more update patches;
确定模块,适于利用加载的所述扫描库按照扫描规则对本地漏洞进行扫描,得到待安装的补丁,并确定所述待安装的补丁对应的、且本地系统中未存在的多个更新文件的标识;The determining module is adapted to use the loaded scanning library to scan local vulnerabilities according to scanning rules to obtain the patch to be installed, and determine the number of update files corresponding to the patch to be installed and not existing in the local system. logo;
漏洞修复模块,适于利用所述多个更新文件的标识从文件服务器处获取所述多个更新文件,进而利用所述多个更新文件对本地漏洞进行修复。The vulnerability repair module is adapted to obtain the plurality of update files from the file server by using the identifiers of the plurality of update files, and then use the plurality of update files to repair local vulnerabilities.
可选地,所述加载模块还适于:Optionally, the loading module is also suitable for:
获取本地系统的扫描库以及外部的数据发布服务器通过指定通道下发的与本地系统平台匹配的包含一个或多个更新补丁的扫描库;Obtain the scanning library of the local system and the scanning library containing one or more update patches that match the platform of the local system issued by the external data publishing server through the specified channel;
加载获取的所述扫描库。Load the acquired scan library.
可选地,所述文件服务器包括多个内容分发网络CDN结点和KV服务器,各CDN结点同步有各补丁对应的更新文件;所述KV服务器建立有更新文件的标识和地址信息的索引。Optionally, the file server includes a plurality of content distribution network CDN nodes and KV servers, each CDN node synchronously has update files corresponding to each patch; and the KV server establishes an index of identification and address information of update files.
可选地,所述确定模块还适于:Optionally, the determination module is also suitable for:
根据所述扫描库中记录的各补丁对应的更新文件的标识,确定所述待安装的补丁对应的备选更新文件的标识;According to the identification of the update file corresponding to each patch recorded in the scanning library, determine the identification of the candidate update file corresponding to the patch to be installed;
根据所述备选更新文件的标识,判断本地系统上是否已经存在该备选更新文件;According to the identification of the candidate update file, determine whether the candidate update file already exists on the local system;
若否,则将该备选更新文件的标识写入差量文件清单中,并将所述差量文件清单中文件的标识作为所述多个更新文件的标识;If not, write the identification of the alternative update file into the difference file list, and use the identification of the file in the difference file list as the identification of the plurality of update files;
若是,则将本地系统上的该备选更新文件复制到临时安装目录。If so, copy the candidate update file on the local system to a temporary installation directory.
可选地,各CDN结点还同步有各补丁对应的更新包,所述更新包中包含多个更新文件的标识,所述KV服务器还建立有更新包的标识和地址信息的索引。Optionally, each CDN node also synchronizes an update package corresponding to each patch, and the update package includes a plurality of update file identifiers, and the KV server also establishes an index of update package identifiers and address information.
可选地,所述确定模块还适于:Optionally, the determination module is also suitable for:
根据所述扫描库中记录的各补丁对应的更新包的标识,确定所述待安装的补丁对应的目标更新包的标识;Determine the identifier of the target update package corresponding to the patch to be installed according to the identifier of the update package corresponding to each patch recorded in the scanning library;
利用所述目标更新包的标识从所述KV服务器处获取所述目标更新包的地址信息;Obtaining the address information of the target update package from the KV server by using the identifier of the target update package;
利用所述目标更新包的地址信息从相应的CDN结点处下载得到所述目标更新包;downloading the target update package from a corresponding CDN node by using the address information of the target update package;
解压所述目标更新包确定所述多个更新文件的标识。and decompressing the target update package to determine identifiers of the plurality of update files.
可选地,所述确定模块还适于:Optionally, the determination module is also suitable for:
解压所述目标更新包得到备选更新文件的标识;Decompressing the target update package to obtain the identification of the alternative update file;
根据所述备选更新文件的标识,判断本地系统上是否已经存在该备选更新文件;According to the identification of the candidate update file, determine whether the candidate update file already exists on the local system;
若否,则将该备选更新文件的标识写入差量文件清单中,并将所述差量文件清单中文件的标识作为所述多个更新文件的标识;If not, write the identification of the alternative update file into the difference file list, and use the identification of the file in the difference file list as the identification of the plurality of update files;
若是,则将本地系统上的该备选更新文件复制到临时安装目录。If so, copy the candidate update file on the local system to a temporary installation directory.
可选地,所述漏洞修复模块还适于:Optionally, the vulnerability repair module is also suitable for:
利用所述多个更新文件的标识从所述KV服务器处获取所述多个更新文件的地址信息;Obtain address information of the plurality of update files from the KV server by using the identifiers of the plurality of update files;
利用所述多个更新文件的地址信息从相应的CDN结点处下载得到所述多个更新文件。The multiple update files are downloaded from corresponding CDN nodes by using the address information of the multiple update files.
可选地,所述漏洞修复模块还适于:Optionally, the vulnerability repair module is also suitable for:
将下载得到的所述多个更新文件复制到所述临时安装目录;copying the downloaded update files to the temporary installation directory;
安装所述临时安装目录中的文件,以对本地漏洞进行修复。Install files in the temporary installation directory to fix local vulnerabilities.
可选地,所述索引中还包括下列至少之一的索引信息:Optionally, the index further includes at least one of the following index information:
更新文件的摘要信息、大小、发布时间、校验信息。Update the summary information, size, release time, and verification information of the file.
可选地,所述漏洞修复模块还适于:Optionally, the vulnerability repair module is also suitable for:
利用所述多个更新文件的标识,从所述KV服务器处获取所述多个更新文件的包含更新文件的校验信息的索引信息;Using the identifiers of the plurality of update files, acquiring index information of the plurality of update files including verification information of the update files from the KV server;
利用所述校验信息对下载得到所述多个更新文件进行校验,在校验通过后,将所述多个更新文件复制到所述临时安装目录。The downloaded update files are verified by using the verification information, and after the verification is passed, the plurality of update files are copied to the temporary installation directory.
可选地,所述确定模块还适于:Optionally, the determination module is also suitable for:
利用加载的所述扫描库按照扫描规则对本地漏洞进行扫描,得到本地系统上未安装的补丁的扫描结果集;Using the loaded scanning library to scan the local vulnerabilities according to the scanning rules, and obtain the scanning result set of the patches not installed on the local system;
从所述扫描结果集中选取待安装的补丁。A patch to be installed is selected from the scan result set.
可选地,所述确定模块还适于:Optionally, the determination module is also suitable for:
枚举加载的所述扫描库中所有的补丁,得到更新列表;Enumerate all the patches in the loaded scanning library to obtain an update list;
遍历所述更新列表,判断各补丁是否已经安装在本地系统上,若否,则将该补丁添加到所述扫描结果集中。Traverse the update list to determine whether each patch has been installed on the local system, and if not, add the patch to the scan result set.
在本发明实施例中,加载与本地系统平台匹配的包含一个或多个更新补丁的扫描库;进而利用加载的扫描库按照扫描规则对本地漏洞进行扫描,得到待安装的补丁,并确定待安装的补丁对应的、且本地系统中未存在的多个更新文件的标识;之后利用多个更新文件的标识从文件服务器处获取多个更新文件,进而利用多个更新文件对本地漏洞进行修复。由此可见,本发明实施例在进行漏洞修复时直接加载与自身系统平台匹配的扫描库,可以提高扫描效率,并提升漏洞修复的有效性。并且,本发明实施例无需从程序提供者处获取并处理用于修复程序漏洞的累计更新数据,而是直接从发布至的文件服务器处获取更新文件,能够提高获取更新文件的效率,从而提高漏洞修复的效率。另外,由于累计更新包体积比较大,本发明实施例从文件服务器处获取待安装的补丁对应的、且本地系统中未存在的多个更新文件,相比于现有技术中获取包含了大而全的更新信息的累计更新数据,本发明实施例能够节省数据流量,进一步提高漏洞修复的效率。In the embodiment of the present invention, a scan library that matches the local system platform and contains one or more updated patches is loaded; then, the loaded scan library is used to scan the local vulnerabilities according to the scan rules, obtain the patch to be installed, and determine the patch to be installed The identifiers of multiple update files corresponding to the patch and that do not exist in the local system; then use the identifiers of the multiple update files to obtain multiple update files from the file server, and then use the multiple update files to repair local vulnerabilities. It can be seen that the embodiment of the present invention directly loads the scanning library matching its own system platform when performing vulnerability repair, which can improve scanning efficiency and improve the effectiveness of vulnerability repair. Moreover, the embodiment of the present invention does not need to obtain and process the cumulative update data for repairing program vulnerabilities from the program provider, but directly obtains the update files from the file server to which it is published, which can improve the efficiency of obtaining update files, thereby improving the vulnerability. Repair efficiency. In addition, due to the relatively large volume of the cumulative update package, the embodiment of the present invention acquires multiple update files corresponding to the patch to be installed from the file server and that do not exist in the local system. The cumulative update data of the complete update information, the embodiments of the present invention can save data traffic and further improve the efficiency of vulnerability repair.
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the specific embodiments of the present invention are enumerated below.
根据下文结合附图对本发明具体实施例的详细描述,本领域技术人员将会更加明了本发明的上述以及其他目的、优点和特征。Those skilled in the art will be more aware of the above and other objects, advantages and features of the present invention according to the following detailed description of specific embodiments of the present invention in conjunction with the accompanying drawings.
附图说明Description of drawings
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiment. The drawings are only for the purpose of illustrating a preferred embodiment and are not to be considered as limiting the invention. Also throughout the drawings, the same reference numerals are used to designate the same components. In the attached picture:
图1示出了根据本发明一实施例的漏洞修复方法的流程图;FIG. 1 shows a flow chart of a vulnerability repair method according to an embodiment of the present invention;
图2示出了客户端的一种扫描流程的示意图;Fig. 2 shows a schematic diagram of a scanning process of the client;
图3示出了客户端的一种安装流程的示意图;FIG. 3 shows a schematic diagram of an installation process of a client;
图4示出了根据本发明一实施例的漏洞修复系统的结构示意图;以及FIG. 4 shows a schematic structural diagram of a vulnerability repair system according to an embodiment of the present invention; and
图5示出了根据本发明一实施例的漏洞修复装置的结构示意图。Fig. 5 shows a schematic structural diagram of a vulnerability repairing device according to an embodiment of the present invention.
具体实施方式detailed description
下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.
为解决上述技术问题,本发明实施例提供了一种漏洞修复方法,该方法可以应用在用户终端的客户端上。图1示出了根据本发明一实施例的漏洞修复方法的流程图。如图1所示,该方法至少可以包括以下步骤S102至步骤S106。In order to solve the above technical problems, the embodiment of the present invention provides a vulnerability repair method, which can be applied to the client of the user terminal. Fig. 1 shows a flowchart of a vulnerability repair method according to an embodiment of the present invention. As shown in FIG. 1 , the method may at least include the following steps S102 to S106.
步骤S102,加载与本地系统平台匹配的包含一个或多个更新补丁的扫描库。Step S102, loading a scanning library that matches the platform of the local system and contains one or more update patches.
步骤S104,利用加载的扫描库按照扫描规则对本地漏洞进行扫描,得到待安装的补丁,并确定待安装的补丁对应的、且本地系统中未存在的多个更新文件的标识。Step S104, using the loaded scanning library to scan the local vulnerabilities according to the scanning rules to obtain the patches to be installed, and determine the identifiers of multiple update files corresponding to the patches to be installed and not existing in the local system.
步骤S106,利用多个更新文件的标识从文件服务器处获取多个更新文件,进而利用多个更新文件对本地漏洞进行修复。Step S106, using the identifiers of the multiple updating files to obtain multiple updating files from the file server, and then using the multiple updating files to repair local vulnerabilities.
在本发明实施例中,加载与本地系统平台匹配的包含一个或多个更新补丁的扫描库;进而利用加载的扫描库按照扫描规则对本地漏洞进行扫描,得到待安装的补丁,并确定待安装的补丁对应的、且本地系统中未存在的多个更新文件的标识;之后利用多个更新文件的标识从文件服务器处获取多个更新文件,进而利用多个更新文件对本地漏洞进行修复。由此可见,本发明实施例在进行漏洞修复时直接加载与自身系统平台匹配的扫描库,可以提高扫描效率,并提升漏洞修复的有效性。并且,本发明实施例无需从程序提供者处获取并处理用于修复程序漏洞的累计更新数据,而是直接从发布至的文件服务器处获取更新文件,能够提高获取更新文件的效率,从而提高漏洞修复的效率。另外,由于累计更新包体积比较大,本发明实施例从文件服务器处获取待安装的补丁对应的、且本地系统中未存在的多个更新文件,相比于现有技术中获取包含了大而全的更新信息的累计更新数据,本发明实施例能够节省数据流量,进一步提高漏洞修复的效率。In the embodiment of the present invention, a scan library that matches the local system platform and contains one or more updated patches is loaded; then, the loaded scan library is used to scan the local vulnerabilities according to the scan rules, obtain the patch to be installed, and determine the patch to be installed The identifiers of multiple update files corresponding to the patch and that do not exist in the local system; then use the identifiers of the multiple update files to obtain multiple update files from the file server, and then use the multiple update files to repair local vulnerabilities. It can be seen that the embodiment of the present invention directly loads the scanning library matching its own system platform when performing vulnerability repair, which can improve scanning efficiency and improve the effectiveness of vulnerability repair. Moreover, the embodiment of the present invention does not need to obtain and process the cumulative update data for repairing program vulnerabilities from the program provider, but directly obtains the update files from the file server to which it is published, which can improve the efficiency of obtaining update files, thereby improving the vulnerability. Repair efficiency. In addition, due to the relatively large volume of the cumulative update package, the embodiment of the present invention acquires multiple update files corresponding to the patch to be installed from the file server and that do not exist in the local system. The cumulative update data of the complete update information, the embodiments of the present invention can save data traffic and further improve the efficiency of vulnerability repair.
上文步骤S102中加载与本地系统平台匹配的包含一个或多个更新补丁的扫描库,本发明实施例提供了一种可选的方案,即,获取本地系统的扫描库以及外部的数据发布服务器通过指定通道下发的与本地系统平台匹配的包含一个或多个更新补丁的扫描库,进而加载获取的扫描库。In the above step S102, the scanning library containing one or more update patches matching the local system platform is loaded. The embodiment of the present invention provides an optional solution, that is, obtaining the scanning library of the local system and the external data publishing server Through the scanning library containing one or more update patches delivered by the specified channel and matching the local system platform, the obtained scanning library is loaded.
进一步地,数据发布服务器可以按照指定时间周期从程序提供者处同步获取用于修复程序漏洞的累计更新数据;从累计更新数据中提取包含一个或多个更新补丁的全平台扫描库,对全平台扫描库按照系统平台进行拆分,得到各平台的扫描库;将累计更新数据中的更新文件发布到文件服务器,以及通过指定通道发布各平台的扫描库。此外,数据发布服务器在同步累计更新数据时,可以按照指定时间周期从程序提供者处同步获取用于修复程序漏洞的累计更新数据的描述信息,其中,描述信息中包含下载累计更新数据的下载地址;进而根据描述信息中的下载地址下载得到累计更新数据。Further, the data publishing server can synchronously obtain cumulative update data for repairing program vulnerabilities from the program provider according to a specified time period; extract a full-platform scan library containing one or more update patches from the cumulative update data, and scan the entire platform The scan library is split according to the system platform to obtain the scan library of each platform; the update files in the accumulated update data are published to the file server, and the scan library of each platform is released through the designated channel. In addition, when synchronizing the cumulative update data, the data publishing server can obtain the description information of the cumulative update data used to fix program vulnerabilities from the program provider synchronously according to a specified time period, wherein the description information includes the download address for downloading the cumulative update data ; and then download the accumulated update data according to the download address in the description information.
上文步骤S104中利用加载的扫描库按照扫描规则对本地漏洞进行扫描,得到待安装的补丁,本发明实施例提供了一种可选的方案,在该方案中,可以利用加载的扫描库按照扫描规则对本地漏洞进行扫描,得到本地系统上未安装的补丁的扫描结果集,进而从扫描结果集中选取待安装的补丁。In the above step S104, the loaded scanning library is used to scan the local vulnerabilities according to the scanning rules to obtain the patch to be installed. The embodiment of the present invention provides an optional solution. In this solution, the loaded scanning library can be used according to the The scan rule scans the local vulnerabilities, obtains the scan result set of patches not installed on the local system, and then selects the patch to be installed from the scan result set.
在可选的实施例中,可以枚举加载的扫描库中所有的补丁,得到更新列表,随后遍历更新列表,判断各补丁是否已经安装在本地系统上,若否,则将该补丁添加到扫描结果集中;若是,则继续从更新列表中选取下一个补丁,判断下一个补丁是否已经安装在本地系统上,以此类推。In an optional embodiment, all the patches in the loaded scanning library can be enumerated to obtain the update list, and then the update list is traversed to determine whether each patch has been installed on the local system. If not, the patch is added to the scan The result set; if so, continue to select the next patch from the update list to determine whether the next patch has been installed on the local system, and so on.
在可选的实施例中,在遍历更新列表,判断各补丁是否已经安装在本地系统上之前,还可以判断各补丁的父依赖是否检测通过,若是,则判断各补丁是否已经安装在本地系统上;若否,则继续从更新列表中选取下一个补丁,判断下一个补丁的父依赖是否检测通过,以此类推。In an optional embodiment, before traversing the update list to determine whether each patch has been installed on the local system, it is also possible to determine whether the parent dependency of each patch has been detected, and if so, to determine whether each patch has been installed on the local system ; If not, continue to select the next patch from the update list, judge whether the parent dependency of the next patch is detected, and so on.
在本发明的可选实施例中,文件服务器可以包括多个CDN(Content DeliveryNetwork,内容分发网络)结点和KV服务器。多个CDN结点中的各CDN结点适于同步各补丁对应的更新文件,KV服务器适于获取更新文件的标识和更新文件所在各CDN结点的地址信息,并建立更新文件的包含标识和地址信息的索引。这里的索引可以是key-value的形式,索引中的标识可以作为key,地址信息可以作为value。在可选的实施例中,索引中还可以包括更新文件的摘要信息、大小、发布时间、校验信息等索引信息,这些索引信息均可以作为value。In an optional embodiment of the present invention, the file server may include multiple CDN (Content Delivery Network, content distribution network) nodes and a KV server. Each CDN node in the plurality of CDN nodes is suitable for synchronizing the update files corresponding to each patch, and the KV server is suitable for obtaining the identification of the update file and the address information of each CDN node where the update file is located, and establishing the inclusion identification and Index of address information. The index here can be in the form of key-value, the identifier in the index can be used as the key, and the address information can be used as the value. In an optional embodiment, the index may also include index information such as summary information, size, release time, and verification information of the updated file, and all such index information may be used as a value.
在可选的实施例中,在各CDN结点同步更新文件时,可以是由数据发布服务器将更新文件上传到CDN发布服务器并同步到各CDN结点。In an optional embodiment, when each CDN node updates the file synchronously, the data release server may upload the update file to the CDN release server and synchronize to each CDN node.
在发明的可选实施例中,获取的扫描库中记录有各补丁对应的更新文件的标识,上文步骤S104中确定待安装的补丁对应的、且本地系统中未存在的多个更新文件的标识,本发明实施例提供了一种可选的方案,即,根据扫描库中记录的各补丁对应的更新文件的标识,确定待安装的补丁对应的备选更新文件的标识;根据备选更新文件的标识,判断本地系统上是否已经存在该备选更新文件,若否,则将该备选更新文件的标识写入差量文件清单中,并将差量文件清单中文件的标识作为多个更新文件的标识;若是,则将本地系统上的该备选更新文件复制到临时安装目录。这里的备选更新文件可以认为是待安装的补丁对应的所有更新文件,多个更新文件是差量更新文件。In an optional embodiment of the invention, the acquired scan database records the identifiers of the update files corresponding to each patch, and in step S104 above, it is determined that the multiple update files corresponding to the patch to be installed and that do not exist in the local system Identification, the embodiment of the present invention provides an optional solution, that is, according to the identification of the update file corresponding to each patch recorded in the scan library, determine the identification of the candidate update file corresponding to the patch to be installed; according to the alternative update File ID, to determine whether the candidate update file already exists on the local system, if not, write the ID of the candidate update file into the difference file list, and use the file ID in the difference file list as multiple ID of the update file; if so, copy the candidate update file on the local system to the temporary installation directory. The candidate update files here can be regarded as all update files corresponding to the patch to be installed, and multiple update files are differential update files.
在发明的可选实施例中,各CDN结点还同步有各补丁对应的更新包,更新包中包含多个更新文件的标识,KV服务器还建立有更新包的标识和地址信息的索引。并且,扫描库中记录有各补丁对应的更新包的标识,上文步骤S104中确定待安装的补丁对应的、且本地系统中未存在的多个更新文件的标识,本发明实施例还提供了一种可选的方案,在该方案中,可以根据扫描库中记录的各补丁对应的更新包的标识,确定待安装的补丁对应的目标更新包的标识;进而利用目标更新包的标识从KV服务器处获取目标更新包的地址信息;随后利用目标更新包的地址信息从相应的CDN结点处下载得到目标更新包;之后解压目标更新包确定多个更新文件的标识。In an optional embodiment of the invention, each CDN node also synchronously has an update package corresponding to each patch, and the update package includes a plurality of update file identifiers, and the KV server also establishes an index of update package identifiers and address information. In addition, the identification of the update package corresponding to each patch is recorded in the scanning library, and the identifications of multiple update files corresponding to the patch to be installed and not existing in the local system are determined in step S104 above. The embodiment of the present invention also provides An optional scheme, in which, the identity of the target update package corresponding to the patch to be installed can be determined according to the identity of the update package corresponding to each patch recorded in the scanning library; The server obtains the address information of the target update package; then uses the address information of the target update package to download the target update package from the corresponding CDN node; and then decompresses the target update package to determine the identifiers of multiple update files.
进一步地,解压目标更新包确定多个更新文件的标识,本发明实施例提供了一种可选的方案,即,解压目标更新包得到备选更新文件的标识,进而根据备选更新文件的标识,判断本地系统上是否已经存在该备选更新文件,若否,则将该备选更新文件的标识写入差量文件清单中,并将差量文件清单中文件的标识作为多个更新文件的标识;若是,则将本地系统上的该备选更新文件复制到临时安装目录。Further, decompressing the target update package determines the identifiers of a plurality of update files. The embodiment of the present invention provides an optional solution, that is, decompressing the target update package to obtain the identifiers of the candidate update files, and then according to the identifiers of the candidate update files , to determine whether the candidate update file already exists on the local system, if not, write the identifier of the candidate update file into the difference file list, and use the file identifiers in the difference file list as the identifiers of multiple update files ID; if so, copy the candidate update file on the local system to the temporary installation directory.
在步骤S104确定多个更新文件的标识后,步骤S106利用多个更新文件的标识从文件服务器处获取多个更新文件,具体地,利用多个更新文件的标识从KV服务器处获取多个更新文件的地址信息,进而利用多个更新文件的地址信息从相应的CDN结点处下载得到多个更新文件。接下来,将下载得到的多个更新文件复制到临时安装目录,并安装临时安装目录中的文件,以对本地漏洞进行修复。也就是说,将多个更新文件与本地系统上已经存在的文件进行合并,进而对本地漏洞进行修复。After step S104 determines the identification of a plurality of update files, step S106 uses the identification of a plurality of update files to obtain a plurality of update files from the file server, specifically, utilizes the identification of a plurality of update files to obtain a plurality of update files from the KV server The address information of the plurality of update files is then downloaded from the corresponding CDN node by using the address information of the plurality of update files to obtain a plurality of update files. Next, copy the downloaded update files to a temporary installation directory, and install the files in the temporary installation directory to repair local vulnerabilities. That is to say, multiple update files are merged with existing files on the local system to repair local vulnerabilities.
在可选的实施例中,为了保证多个更新文件的有效性,还可以对多个更新文件进行信息校验,具体地,可以利用多个更新文件的标识,从KV服务器处获取多个更新文件的包含更新文件的校验信息的索引信息,进而利用校验信息对下载得到多个更新文件进行校验,在校验通过后,将多个更新文件复制到临时安装目录。In an optional embodiment, in order to ensure the validity of multiple update files, information verification can also be performed on multiple update files. Specifically, multiple update files can be obtained from the KV server by using the identifiers of multiple update files. The index information of the file includes the verification information of the update file, and then uses the verification information to verify the downloaded multiple update files, and after the verification is passed, copy the multiple update files to the temporary installation directory.
以上介绍了图1所示的实施例中各个环节的多种实现方式,下面以一具体应用实例来介绍本发明实施例提供的漏洞修复方法,该方法可以应用在各个用户终端的客户端上。The above introduces various implementation modes of each link in the embodiment shown in FIG. 1 , and the following uses a specific application example to introduce the vulnerability repair method provided by the embodiment of the present invention, which can be applied to the client of each user terminal.
以程序提供者为微软为例,如前文介绍,在win10中,微软引入了新的windows更新发布机制,即不再使用过去的分散独立安装包的形式,而是改用每月一个大累计更新包的形式。本发明实施例针对各个用户终端提供相应的更新文件,从而来节省数据流量,提高漏洞修复的效率。Taking the program provider as Microsoft as an example, as mentioned above, in win10, Microsoft introduced a new windows update release mechanism, that is, instead of using the previous form of scattered independent installation packages, it uses a large cumulative update every month package form. The embodiments of the present invention provide corresponding update files for each user terminal, thereby saving data traffic and improving the efficiency of bug repair.
首先,搭建一台标准WSUS(Windows Server Update Services,Windows服务器更新服务)服务器,它包含一个标准WSUS服务以及一系列自实现的数据发布工具。First, build a standard WSUS (Windows Server Update Services, Windows Server Update Service) server, which includes a standard WSUS service and a series of self-implemented data publishing tools.
一方面,WSUS服务负责定期地从微软云服务器同步最新的更新数据库,更新数据库里面会包含重要的描述信息,主要有全平台扫描库、所有补丁的快速体验包URL(UniformResource Locator,统一资源定位符)、所有补丁的完整包URL及更新的PSF文件URL,等等。On the one hand, the WSUS service is responsible for synchronizing the latest update database from the Microsoft cloud server on a regular basis. The update database will contain important description information, mainly including the full platform scanning library and the quick experience package URL (UniformResource Locator, Uniform Resource Locator) of all patches. ), full package URLs for all patches and updated PSF file URLs, etc.
另一方面,数据发布工具负责根据上述更新数据库中的描述信息,将累计更新数据(如全平台扫描库、补丁的快速体验包、补丁的完整包、各补丁的PSF文件等)下载到WSUS服务器上。接着,从累计更新数据中提取包含一个或多个更新补丁的全平台扫描库,对全平台扫描库按照系统平台进行拆分,得到各平台的扫描库。然后,将累计更新数据中的更新文件发布到文件服务器,以及通过指定通道发布各平台的扫描库。最后,将重要数据进行备份。作为唯一的运营数据来源,一台WSUS服务器就可以了,同时这台服务器的安全性也至关重要。On the other hand, the data publishing tool is responsible for downloading the cumulative update data (such as the full platform scan library, the quick experience package of the patch, the complete package of the patch, the PSF file of each patch, etc.) to the WSUS server according to the description information in the above update database superior. Next, extract the full-platform scan library containing one or more update patches from the accumulated update data, split the full-platform scan library according to the system platform, and obtain the scan library of each platform. Then, publish the update files in the cumulative update data to the file server, and publish the scan library of each platform through the specified channel. Finally, back up important data. As the only source of operational data, a WSUS server is sufficient, and the security of this server is also crucial.
接下来,由文件服务器同步来自数据发布服务器发布的更新文件,这里的文件服务器是一个抽象的概念,作为数据发布的目的地,文件服务器并非单独的一台或几台服务器,而是一系列相互配合的服务器集群。文件服务器主要包含CDN结点和KV服务器两个部分。一方面,分布于全国各地的各CDN结点负责及时同步最新发布的更新文件,同时负责响应数以亿计的客户端文件下载请求。另一方面,KV服务器集群负责及时建立更新数据的索引,同时负责响应数以亿计的客户端索引请求,具体地,KV服务器获取更新文件的标识和更新文件所在各CDN结点的地址信息,并建立更新文件的包含标识和地址信息的索引。Next, the file server synchronizes the updated files issued by the data publishing server. The file server here is an abstract concept. As the destination of data publishing, the file server is not a single server or several servers, but a series of mutual Coordinated server cluster. The file server mainly includes two parts: CDN node and KV server. On the one hand, CDN nodes distributed across the country are responsible for synchronizing the latest update files in a timely manner, and are responsible for responding to hundreds of millions of client file download requests. On the other hand, the KV server cluster is responsible for establishing the index of updated data in a timely manner, and at the same time responsible for responding to hundreds of millions of client index requests. Specifically, the KV server obtains the identification of the updated file and the address information of each CDN node where the updated file is located. An index containing identification and address information of the update file is established.
数据发布完成后,就是发挥这些数据作用的时候了,也就是客户端从KV服务器及CDN结点请求数据并应用这些数据更新操作系统或应用程序,这个阶段可以分为扫描阶段和安装阶段两个部分。After the data release is completed, it is time to play the role of these data, that is, the client requests data from the KV server and CDN node and applies these data to update the operating system or application program. This stage can be divided into two stages: scanning stage and installation stage part.
1)扫描阶段1) Scanning stage
用户手动或后台定时器触发扫描时,客户端首先更新增量扫描库libleak2_diff.dat,请求成功后,加载通过指定通道发布的与本地系统平台匹配的目标扫描库的最新版本,然后再依据目标扫描库中规则对本地漏洞进行扫描,得到本地系统上未安装的补丁的扫描结果集,从扫描结果集中选取待安装的补丁。When the scan is triggered manually by the user or by a background timer, the client first updates the incremental scan library libleak2_diff.dat. After the request is successful, it loads the latest version of the target scan library that matches the local system platform published through the specified channel, and then scans according to the target The rules in the library scan the local vulnerabilities, obtain the scan result set of patches not installed on the local system, and select the patches to be installed from the scan result set.
图2示出了客户端的一种扫描流程的示意图,如图2所示,客户端的扫描流程可以包括以下步骤S202至S230。FIG. 2 shows a schematic diagram of a scanning process of the client. As shown in FIG. 2 , the scanning process of the client may include the following steps S202 to S230.
步骤S202,加载通过指定通道发布的与本地系统平台匹配的目标扫描库。Step S202, loading the target scanning library released through the specified channel and matching the platform of the local system.
步骤S204,枚举目标扫描库中所有的补丁,得到更新列表。Step S204, enumerating all the patches in the target scanning library to obtain an update list.
步骤S206,判断更新列表是否遍历完毕,若否,则继续执行步骤S208;若是,则继续执行步骤S230。Step S206, judging whether the update list has been traversed, if not, continue to execute step S208; if yes, continue to execute step S230.
步骤S208,从更新列表中取出一个补丁。Step S208, taking a patch from the update list.
步骤S210,判断该补丁的父依赖是否检测通过,若否,则返回执行步骤S206;若是,则继续执行步骤S212。Step S210, judge whether the parent dependency of the patch is detected, if not, return to step S206; if yes, continue to execute step S212.
步骤S212,枚举该补丁的所有子补丁,得到子更新列表,继续执行步骤S214。Step S212, enumerate all sub-patches of the patch to obtain a sub-update list, and continue to execute step S214.
步骤S214,判断子更新列表是否遍历完毕,若否,则继续执行步骤S216;若是,则继续执行步骤S226。Step S214, judging whether the sub-update list has been traversed, if not, continue to execute step S216; if yes, continue to execute step S226.
步骤S216,从子更新列表中取出一个子补丁。Step S216, taking out a sub-patch from the sub-update list.
步骤S218,判断该子补丁的父依赖是否检测通过,若否,则返回执行步骤S214;若是,则继续执行步骤S220。Step S218, determine whether the parent dependency of the sub-patch is detected, if not, return to step S214; if yes, continue to execute step S220.
步骤S220,判断该补丁是否已经安装在本地系统上,若是,则返回执行步骤S214;若否,则继续执行步骤S222。Step S220, determine whether the patch has been installed on the local system, if yes, return to step S214; if not, continue to execute step S222.
步骤S222,判断该补丁是否适用,若否,则返回执行步骤S214;若是,则继续执行步骤S224。Step S222, determine whether the patch is applicable, if not, return to step S214; if yes, continue to execute step S224.
步骤S224,添加该子补丁到子补丁扫描结果集。Step S224, adding the sub-patch to the sub-patch scanning result set.
步骤S226,判断子补丁扫描结果集是否为空,若是,则返回执行步骤S206;若否,则继续执行步骤S228。Step S226, judging whether the sub-patch scanning result set is empty, if yes, return to step S206; if not, continue to execute step S228.
步骤S228,添加当前补丁到更新扫描结果集,并继续执行步骤S206。Step S228, add the current patch to the updated scanning result set, and continue to execute step S206.
步骤S230,得到扫描结果集。In step S230, a scan result set is obtained.
2)安装阶段2) Installation stage
扫描完成后,用户可以从扫描结果集中选择需要安装的补丁(即待安装的补丁),然后启动安装过程。首先,根据目标扫描库计算出快速体验包(即待安装的补丁对应的更新包)key,使用该key向KV服务器请求快速体验包的索引信息(如,快速体验包的下载URL、校验信息等),当KV服务器返回快速体验包的索引信息后,从中提取出快速体验包的下载URL,然后利用该URL向CDN结点请求快速体验包,当CDN返回快速体验包后,利用索引信息中的摘要等校验信息对快速体验包进行校验。快速体验包校验通过后,利用快速体验包计算出所需差量更新文件的key,使用这些key向KV服务器请求差量索引信息,当KV服务器返回差量索引信息后,从中提取出差量更新文件的下载URL,然后利用该URL向CDN结点请求差量更新文件,当CDN结点返回差量更新文件后,利用索引信息中的摘要等校验信息对差量更新文件进行校验。所有差量更新文件都校验通过后,通过合并本地文件及差量更新文件生成完整包,最后调用指定接口对合成的完整包进行安装。After the scan is completed, the user can select the patch to be installed (ie, the patch to be installed) from the scan result set, and then start the installation process. First, calculate the key of the quick experience package (that is, the update package corresponding to the patch to be installed) according to the target scanning library, and use the key to request the index information of the quick experience package (such as the download URL of the quick experience package, verification information) to the KV server. etc.), when the KV server returns the index information of the quick experience package, extract the download URL of the quick experience package from it, and then use the URL to request the quick experience package from the CDN node, when the CDN returns the quick experience package, use the index information Verify the quick experience package with the verification information such as the summary. After the quick experience package verification is passed, use the quick experience package to calculate the key of the required differential update file, use these keys to request the differential index information from the KV server, and extract the differential update from the KV server after returning the differential index information The download URL of the file, and then use the URL to request the difference update file from the CDN node. After the CDN node returns the difference update file, use the check information such as the summary in the index information to verify the difference update file. After all the differential update files have passed the verification, the complete package is generated by merging the local files and the differential update files, and finally the specified interface is called to install the synthesized complete package.
图3示出了客户端的一种安装流程的示意图,如图3所示,客户端的安装流程可以包括以下步骤S302至S330。FIG. 3 shows a schematic diagram of an installation process of a client. As shown in FIG. 3 , the installation process of a client may include the following steps S302 to S330.
步骤S302,下载快速体验包。Step S302, downloading the quick experience package.
步骤S304,将快速体验包解压到临时安装目录。Step S304, decompressing the quick experience package to a temporary installation directory.
在该步骤中,临时安装目录可以是默认的,也可以是自定义的。In this step, the temporary installation directory can be the default or customized.
步骤S306,枚举所有以psf.cix.xml结尾文件,得到xml文件集合。Step S306, enumerating all files ending with psf.cix.xml to obtain a set of xml files.
步骤S308,判断xml文件集合是否取完,若否,则继续执行步骤S310;若是,则继续执行步骤S324。In step S308, it is judged whether the set of xml files has been fetched, if not, continue to execute step S310; if yes, continue to execute step S324.
步骤S310,取出集合中的一个xml文件。Step S310, take out an xml file in the collection.
步骤S312,枚举该xml文件中所有Files/file节点,得到文件集合。Step S312, enumerating all Files/file nodes in the xml file to obtain a file set.
步骤S314,判断文件集合是否取完,若是,则返回执行步骤S308;若否,则继续执行步骤S316。Step S314, judging whether the collection of files is finished, if yes, return to step S308; if not, continue to execute step S316.
步骤S316,取出集合中的一个文件。Step S316, take out a file in the collection.
步骤S318,判断winsxs历史版本中是否已经存在该文件,若是,则执行步骤S320;若否,则继续执行步骤S322。Step S318, judging whether the file already exists in the winsxs historical version, if yes, execute step S320; if not, continue to execute step S322.
步骤S320,复制该文件到临时安装目录,返回执行步骤S314。Step S320, copy the file to the temporary installation directory, and return to step S314.
步骤S322,将该文件相对路径写入差量文件清单中,返回执行步骤S314。Step S322, write the relative path of the file into the difference file list, and return to step S314.
步骤S324,判断差量文件清单是否为空,若是,则继续执行步骤S326;若否,则继续执行步骤S328。Step S324, judging whether the difference file list is empty, if yes, proceed to step S326; if not, proceed to step S328.
步骤S326,通过指定接口启动安装临时安装目录中的文件。Step S326, start to install the files in the temporary installation directory through the specified interface.
步骤S328,通过差量文件清单向自有CDN结点请求差量文件包,继续执行步骤S330。Step S328, request the difference file package from the self-owned CDN node through the difference file list, and continue to execute step S330.
步骤S330,差量文件包下载成功后,将其解压到临时安装目录,继续执行步骤S326。Step S330, after the difference file package is successfully downloaded, decompress it to a temporary installation directory, and continue to execute step S326.
需要说明的是,此处列举的程序提供者微软仅仅是示意性的,并不对本发明进行限制,本发明实施例可以应用在任何需要对程序(如操作系统、应用程序等)进行漏洞修复的场景。It should be noted that the program provider Microsoft listed here is only illustrative and does not limit the present invention. Embodiments of the present invention can be applied to any program (such as an operating system, application program, etc.) Scenes.
本发明实施例提供的漏洞修复方案,其核心思想是“累计更新数据的差量发布”,即,通过使用本平台的扫描库,对用户终端的当前系统环境进行扫描,从而计算出所有需更新文件的二进制差量(binary diff patch,即碎片文件),然后将所需的碎片文件从服务端下载到本地,最后使用这些碎片文件和本地文件合成所需的完整包进行安装,以修复用户终端上存在的漏洞。这种差量更新发布机制能节省80%以上的下载流量,可以从根本上解决现有实现方案存在的问题。The core idea of the vulnerability repair solution provided by the embodiment of the present invention is "difference release of accumulated update data", that is, by using the scanning library of this platform, the current system environment of the user terminal is scanned to calculate all the updates that need to be updated. The binary difference of the file (binary diff patch, that is, the fragmented file), and then download the required fragmented files from the server to the local, and finally use these fragmented files and local files to synthesize the complete package required for installation to repair the user terminal loopholes that exist. This differential update release mechanism can save more than 80% of download traffic, and can fundamentally solve the problems existing in existing implementation solutions.
图4示出了根据本发明一实施例的漏洞修复系统的结构示意图。如图4所示,该漏洞修复系统400(图4中未示出)可以包括:WSUS服务器410、CDN结点421、KV服务器422以及客户端430。Fig. 4 shows a schematic structural diagram of a vulnerability repair system according to an embodiment of the present invention. As shown in FIG. 4 , the vulnerability repair system 400 (not shown in FIG. 4 ) may include: a WSUS server 410 , a CDN node 421 , a KV server 422 and a client 430 .
漏洞修复系统400的工作流程可以分为数据发布阶段和客户端更新阶段,下面将分别进行详细介绍。The workflow of the vulnerability repair system 400 can be divided into a data release stage and a client update stage, which will be described in detail below.
首先介绍数据发布阶段。数据发布阶段,简单说就是当微软有数据更新时,漏洞修复系统及时将这些新数据同步过来并加以处理,然后以自己的方式发布给全网用户的过程。这是一个“推”的过程。数据发布阶段又可以分为同步更新数据、处理更新数据、发布更新数据、数据备份阶段。First introduce the data release phase. The data release stage, simply put, is the process in which when Microsoft has data updates, the vulnerability repair system will synchronize and process these new data in a timely manner, and then release them to users on the entire network in its own way. This is a "push" process. The data release stage can be divided into synchronous update data, process update data, release update data, and data backup stages.
(1)同步更新数据(1) Update data synchronously
为实现及时获取微软累计更新数据的需求,需要搭建一台标准WSUS服务器410,WSUS服务器410定期(如每30分钟一次等)地从微软云服务器同步获取用于修复系统程序漏洞的累计更新数据的描述信息,其中,累计更新数据包括全平台扫描库、补丁的快速体验包、补丁的完整包、各补丁的PSF文件等,描述信息中包含下载累计更新数据的下载地址。In order to realize the requirement of acquiring Microsoft cumulative update data in a timely manner, a standard WSUS server 410 needs to be built, and the WSUS server 410 periodically (such as once every 30 minutes) acquires the cumulative update data used to repair system program vulnerabilities from the Microsoft cloud server synchronously. The description information, wherein the cumulative update data includes the full platform scan library, the quick experience package of the patch, the complete package of the patch, the PSF file of each patch, etc., and the description information includes the download address for downloading the cumulative update data.
(2)处理更新数据(2) Processing update data
WSUS服务器410根据描述信息中的下载地址下载得到累计更新数据。接着,从累计更新数据中提取包含一个或多个更新补丁的全平台扫描库,对全平台扫描库按照系统平台进行拆分,得到各平台的扫描库。The WSUS server 410 downloads the cumulative update data according to the download address in the description information. Next, extract the full-platform scan library containing one or more update patches from the accumulated update data, split the full-platform scan library according to the system platform, and obtain the scan library of each platform.
在对全平台扫描库进行拆分时,可以调用WsusUtil命令从累计更新数据中提取包含一个或多个更新补丁的全平台扫描库,随后调用UpdateMake命令根据各系统平台的标识从全平台扫描库中导出各平台的补丁的更新列表,之后调用WsusScan命令根据全平台扫描库和更新列表生成各平台的扫描库。这里的各系统平台的标识可以如win7、win8.1、win10、office等,本发明不限于此。When splitting the full-platform scan library, you can call the WsusUtil command to extract the full-platform scan library containing one or more update patches from the cumulative update data, and then call the UpdateMake command to extract the full-platform scan library according to the identification of each system platform Export the patch update list of each platform, and then call the WsusScan command to generate the scan library of each platform according to the scan library of all platforms and the update list. The identifiers of the various system platforms here may be win7, win8.1, win10, office, etc., and the present invention is not limited thereto.
(3)发布更新数据(3) Publish update data
数据准备好后,就可以开始发布数据了。WSUS服务器410将累计更新数据中的更新文件发布到CDN结点421。之后,计算这些更新文件的key及索引信息(如更新文件的摘要信息、大小及发布到CDN上用于客户端430下载的URL)推送到KV服务器422群集建立索引。然后,对新的更新文件中的PE文件进行加白。最后通过指定通道发布各平台扫描库。Once the data is ready, you can start publishing the data. The WSUS server 410 publishes the update files in the accumulated update data to the CDN node 421 . Afterwards, calculate the key and index information of these update files (such as update file summary information, size and the URL issued to the CDN for the client 430 to download) and push to the KV server 422 cluster to build an index. Then, add white to the PE file in the new update file. Finally, the scanning library of each platform is published through the specified channel.
(4)数据备份阶段(4) Data backup stage
发布完成后,需要对重要的数据进行备份,这里主要需要备份已经计算完成的索引信息及各平台的扫描库,而且必须采用异地备份策略,备份于其它服务器。After the release is completed, important data needs to be backed up. Here, it is mainly necessary to back up the calculated index information and the scan library of each platform, and must adopt an off-site backup strategy to back up on other servers.
其次为客户端更新阶段。数据发布完成后,就是发挥这些数据作用的时候了,也就是客户端从KV服务器及CDN结点请求数据并应用这些数据更新操作系统或应用程序,这个阶段可以分为扫描阶段和安装阶段两个部分,可以参见前文介绍,此处不再赘述。Next is the client update phase. After the data release is completed, it is time to play the role of these data, that is, the client requests data from the KV server and CDN node and applies these data to update the operating system or application program. This stage can be divided into two stages: scanning stage and installation stage For the part, you can refer to the previous introduction, and will not repeat it here.
需要说明的是,实际应用中,上述所有可选实施方式可以采用结合的方式任意组合,形成本发明的可选实施例,在此不再一一赘述。It should be noted that, in practical applications, all the above optional implementation manners may be combined in any way to form optional embodiments of the present invention, which will not be repeated here.
基于上文各个实施例提供的漏洞修复方法,基于同一发明构思,本发明实施例还提供了一种漏洞修复装置。Based on the vulnerability repairing methods provided in the foregoing embodiments and based on the same inventive concept, an embodiment of the present invention also provides a vulnerability repairing device.
图5示出了根据本发明一实施例的漏洞修复装置的结构示意图。如图5所示,该装置至少可以包括加载模块510、确定模块520以及漏洞修复模块530。Fig. 5 shows a schematic structural diagram of a vulnerability repairing device according to an embodiment of the present invention. As shown in FIG. 5 , the device may at least include a loading module 510 , a determining module 520 and a vulnerability repairing module 530 .
现介绍本发明实施例的漏洞修复装置的各组成或器件的功能以及各部分间的连接关系:The function of each component or device and the connection relationship between each part of the vulnerability repairing device according to the embodiment of the present invention are now introduced:
加载模块510,适于加载与本地系统平台匹配的包含一个或多个更新补丁的扫描库;A loading module 510, adapted to load a scanning library that matches the local system platform and contains one or more update patches;
确定模块520,与加载模块510相耦合,适于利用加载的所述扫描库按照扫描规则对本地漏洞进行扫描,得到待安装的补丁,并确定所述待安装的补丁对应的、且本地系统中未存在的多个更新文件的标识;The determining module 520, coupled with the loading module 510, is adapted to use the loaded scanning library to scan the local vulnerabilities according to the scanning rules, obtain the patch to be installed, and determine the patch corresponding to the patch to be installed and in the local system Identification of multiple update files that do not exist;
漏洞修复模块530,与确定模块520相耦合,适于利用所述多个更新文件的标识从文件服务器处获取所述多个更新文件,进而利用所述多个更新文件对本地漏洞进行修复。The vulnerability repair module 530, coupled with the determination module 520, is adapted to obtain the plurality of update files from the file server by using the identifiers of the plurality of update files, and then use the plurality of update files to repair local vulnerabilities.
在本发明一实施例中,所述加载模块510还适于:In an embodiment of the present invention, the loading module 510 is also suitable for:
获取本地系统的扫描库以及外部的数据发布服务器通过指定通道下发的与本地系统平台匹配的包含一个或多个更新补丁的扫描库;Obtain the scanning library of the local system and the scanning library containing one or more update patches that match the platform of the local system issued by the external data publishing server through the specified channel;
加载获取的所述扫描库。Load the acquired scan library.
在本发明一实施例中,所述文件服务器包括多个内容分发网络CDN结点和KV服务器,各CDN结点同步有各补丁对应的更新文件;所述KV服务器建立有更新文件的标识和地址信息的索引。In one embodiment of the present invention, the file server includes a plurality of content distribution network CDN nodes and KV servers, and each CDN node has update files corresponding to each patch synchronously; the KV server has established the identification and address of the update files Index of information.
在本发明一实施例中,所述确定模块520还适于:In an embodiment of the present invention, the determination module 520 is further adapted to:
根据所述扫描库中记录的各补丁对应的更新文件的标识,确定所述待安装的补丁对应的备选更新文件的标识;According to the identification of the update file corresponding to each patch recorded in the scanning library, determine the identification of the candidate update file corresponding to the patch to be installed;
根据所述备选更新文件的标识,判断本地系统上是否已经存在该备选更新文件;According to the identification of the candidate update file, determine whether the candidate update file already exists on the local system;
若否,则将该备选更新文件的标识写入差量文件清单中,并将所述差量文件清单中文件的标识作为所述多个更新文件的标识;If not, write the identification of the alternative update file into the difference file list, and use the identification of the file in the difference file list as the identification of the plurality of update files;
若是,则将本地系统上的该备选更新文件复制到临时安装目录。If so, copy the candidate update file on the local system to a temporary installation directory.
在本发明一实施例中,各CDN结点还同步有各补丁对应的更新包,所述更新包中包含多个更新文件的标识,所述KV服务器还建立有更新包的标识和地址信息的索引。In an embodiment of the present invention, each CDN node also has an update package corresponding to each patch synchronously, and the update package includes a plurality of update file identifiers, and the KV server also establishes a database of update package identifiers and address information. index.
在本发明一实施例中,所述确定模块520还适于:In an embodiment of the present invention, the determination module 520 is further adapted to:
根据所述扫描库中记录的各补丁对应的更新包的标识,确定所述待安装的补丁对应的目标更新包的标识;Determine the identifier of the target update package corresponding to the patch to be installed according to the identifier of the update package corresponding to each patch recorded in the scanning library;
利用所述目标更新包的标识从所述KV服务器处获取所述目标更新包的地址信息;Obtaining the address information of the target update package from the KV server by using the identifier of the target update package;
利用所述目标更新包的地址信息从相应的CDN结点处下载得到所述目标更新包;downloading the target update package from a corresponding CDN node by using the address information of the target update package;
解压所述目标更新包确定所述多个更新文件的标识。and decompressing the target update package to determine identifiers of the plurality of update files.
在本发明一实施例中,所述确定模块520还适于:In an embodiment of the present invention, the determination module 520 is further adapted to:
解压所述目标更新包得到备选更新文件的标识;Decompressing the target update package to obtain the identification of the alternative update file;
根据所述备选更新文件的标识,判断本地系统上是否已经存在该备选更新文件;According to the identification of the candidate update file, determine whether the candidate update file already exists on the local system;
若否,则将该备选更新文件的标识写入差量文件清单中,并将所述差量文件清单中文件的标识作为所述多个更新文件的标识;If not, write the identification of the alternative update file into the difference file list, and use the identification of the file in the difference file list as the identification of the plurality of update files;
若是,则将本地系统上的该备选更新文件复制到临时安装目录。If so, copy the candidate update file on the local system to a temporary installation directory.
在本发明一实施例中,所述漏洞修复模块530还适于:In an embodiment of the present invention, the vulnerability repair module 530 is also suitable for:
利用所述多个更新文件的标识从所述KV服务器处获取所述多个更新文件的地址信息;Obtain address information of the plurality of update files from the KV server by using the identifiers of the plurality of update files;
利用所述多个更新文件的地址信息从相应的CDN结点处下载得到所述多个更新文件。The multiple update files are downloaded from corresponding CDN nodes by using the address information of the multiple update files.
在本发明一实施例中,所述漏洞修复模块530还适于:In an embodiment of the present invention, the vulnerability repair module 530 is also suitable for:
将下载得到的所述多个更新文件复制到所述临时安装目录;copying the downloaded update files to the temporary installation directory;
安装所述临时安装目录中的文件,以对本地漏洞进行修复。Install files in the temporary installation directory to fix local vulnerabilities.
在本发明一实施例中,所述索引中还包括下列至少之一的索引信息:In an embodiment of the present invention, the index further includes at least one of the following index information:
更新文件的摘要信息、大小、发布时间、校验信息。Update the summary information, size, release time, and verification information of the file.
在本发明一实施例中,所述漏洞修复模块530还适于:In an embodiment of the present invention, the vulnerability repair module 530 is also suitable for:
利用所述多个更新文件的标识,从所述KV服务器处获取所述多个更新文件的包含更新文件的校验信息的索引信息;Using the identifiers of the plurality of update files, acquiring index information of the plurality of update files including verification information of the update files from the KV server;
利用所述校验信息对下载得到所述多个更新文件进行校验,在校验通过后,将所述多个更新文件复制到所述临时安装目录。The downloaded update files are verified by using the verification information, and after the verification is passed, the plurality of update files are copied to the temporary installation directory.
在本发明一实施例中,所述确定模块520还适于:In an embodiment of the present invention, the determination module 520 is further adapted to:
利用加载的所述扫描库按照扫描规则对本地漏洞进行扫描,得到本地系统上未安装的补丁的扫描结果集;Using the loaded scanning library to scan the local vulnerabilities according to the scanning rules, and obtain the scanning result set of the patches not installed on the local system;
从所述扫描结果集中选取待安装的补丁。A patch to be installed is selected from the scan result set.
在本发明一实施例中,所述确定模块520还适于:In an embodiment of the present invention, the determination module 520 is further adapted to:
枚举加载的所述扫描库中所有的补丁,得到更新列表;Enumerate all the patches in the loaded scanning library to obtain an update list;
遍历所述更新列表,判断各补丁是否已经安装在本地系统上,若否,则将该补丁添加到所述扫描结果集中。Traverse the update list to determine whether each patch has been installed on the local system, and if not, add the patch to the scan result set.
根据上述任意一个可选实施例或多个可选实施例的组合,本发明实施例能够达到如下有益效果:According to any one of the above optional embodiments or a combination of multiple optional embodiments, the embodiments of the present invention can achieve the following beneficial effects:
在本发明实施例中,加载与本地系统平台匹配的包含一个或多个更新补丁的扫描库;进而利用加载的扫描库按照扫描规则对本地漏洞进行扫描,得到待安装的补丁,并确定待安装的补丁对应的、且本地系统中未存在的多个更新文件的标识;之后利用多个更新文件的标识从文件服务器处获取多个更新文件,进而利用多个更新文件对本地漏洞进行修复。由此可见,本发明实施例在进行漏洞修复时直接加载与自身系统平台匹配的扫描库,可以提高扫描效率,并提升漏洞修复的有效性。并且,本发明实施例无需从程序提供者处获取并处理用于修复程序漏洞的累计更新数据,而是直接从发布至的文件服务器处获取更新文件,能够提高获取更新文件的效率,从而提高漏洞修复的效率。另外,由于累计更新包体积比较大,本发明实施例从文件服务器处获取待安装的补丁对应的、且本地系统中未存在的多个更新文件,相比于现有技术中获取包含了大而全的更新信息的累计更新数据,本发明实施例能够节省数据流量,进一步提高漏洞修复的效率。In the embodiment of the present invention, a scan library that matches the local system platform and contains one or more updated patches is loaded; then, the loaded scan library is used to scan the local vulnerabilities according to the scan rules, obtain the patch to be installed, and determine the patch to be installed The identifiers of multiple update files corresponding to the patch and that do not exist in the local system; then use the identifiers of the multiple update files to obtain multiple update files from the file server, and then use the multiple update files to repair local vulnerabilities. It can be seen that the embodiment of the present invention directly loads the scanning library matching its own system platform when performing vulnerability repair, which can improve scanning efficiency and improve the effectiveness of vulnerability repair. Moreover, the embodiment of the present invention does not need to obtain and process the cumulative update data for repairing program vulnerabilities from the program provider, but directly obtains the update files from the file server to which it is published, which can improve the efficiency of obtaining update files, thereby improving the vulnerability. Repair efficiency. In addition, due to the relatively large volume of the cumulative update package, the embodiment of the present invention acquires multiple update files corresponding to the patch to be installed from the file server and that do not exist in the local system. The cumulative update data of the complete update information, the embodiments of the present invention can save data traffic and further improve the efficiency of vulnerability repair.
在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.
类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.
本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method or method so disclosed may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the claims, any one of the claimed embodiments can be used in any combination.
本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的漏洞修复装置中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all functions of some or all components in the vulnerability repairing device according to the embodiment of the present invention. The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet site, or provided on a carrier signal, or provided in any other form.
应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.
至此,本领域技术人员应认识到,虽然本文已详尽示出和描述了本发明的多个示例性实施例,但是,在不脱离本发明精神和范围的情况下,仍可根据本发明公开的内容直接确定或推导出符合本发明原理的许多其他变型或修改。因此,本发明的范围应被理解和认定为覆盖了所有这些其他变型或修改。So far, those skilled in the art should appreciate that, although a number of exemplary embodiments of the present invention have been shown and described in detail herein, without departing from the spirit and scope of the present invention, the disclosed embodiments of the present invention can still be used. Many other variations or modifications consistent with the principles of the invention are directly identified or derived from the content. Accordingly, the scope of the present invention should be understood and deemed to cover all such other variations or modifications.
根据本发明的一方面,提供了A1、一种漏洞修复方法,包括:According to one aspect of the present invention, A1, a method for repairing a vulnerability is provided, including:
加载与本地系统平台匹配的包含一个或多个更新补丁的扫描库;Load a scan library containing one or more update patches matching the local system platform;
利用加载的所述扫描库按照扫描规则对本地漏洞进行扫描,得到待安装的补丁,并确定所述待安装的补丁对应的、且本地系统中未存在的多个更新文件的标识;Using the loaded scanning library to scan the local vulnerabilities according to the scanning rules, obtain the patch to be installed, and determine the identifiers of a plurality of update files corresponding to the patch to be installed and not existing in the local system;
利用所述多个更新文件的标识从文件服务器处获取所述多个更新文件,进而利用所述多个更新文件对本地漏洞进行修复。The identifiers of the multiple update files are used to obtain the multiple update files from the file server, and then the local vulnerabilities are repaired by using the multiple update files.
A2、根据A1所述的方法,其中,加载与本地系统平台匹配的包含一个或多个更新补丁的扫描库,包括:A2, according to the method described in A1, wherein, loading the scan library that matches the local system platform and contains one or more update patches, including:
获取本地系统的扫描库以及外部的数据发布服务器通过指定通道下发的与本地系统平台匹配的包含一个或多个更新补丁的扫描库;Obtain the scanning library of the local system and the scanning library containing one or more update patches that match the platform of the local system issued by the external data publishing server through the specified channel;
加载获取的所述扫描库。Load the acquired scan library.
A3、根据A1或A2所述的方法,其中,所述文件服务器包括多个内容分发网络CDN结点和KV服务器,各CDN结点同步有各补丁对应的更新文件;所述KV服务器建立有更新文件的标识和地址信息的索引。A3. The method according to A1 or A2, wherein the file server includes a plurality of content distribution network CDN nodes and KV servers, and each CDN node has an update file corresponding to each patch synchronously; the KV server has an updated An index of identification and address information for files.
A4、根据A3所述的方法,其中,所述扫描库中记录有各补丁对应的更新文件的标识,确定所述待安装的补丁对应的、且本地系统中未存在的多个更新文件的标识,包括:A4. The method according to A3, wherein, the identifiers of update files corresponding to each patch are recorded in the scanning library, and the identifiers of a plurality of update files corresponding to the patch to be installed and not existing in the local system are determined ,include:
根据所述扫描库中记录的各补丁对应的更新文件的标识,确定所述待安装的补丁对应的备选更新文件的标识;According to the identification of the update file corresponding to each patch recorded in the scanning library, determine the identification of the candidate update file corresponding to the patch to be installed;
根据所述备选更新文件的标识,判断本地系统上是否已经存在该备选更新文件;According to the identification of the candidate update file, determine whether the candidate update file already exists on the local system;
若否,则将该备选更新文件的标识写入差量文件清单中,并将所述差量文件清单中文件的标识作为所述多个更新文件的标识;If not, write the identification of the alternative update file into the difference file list, and use the identification of the file in the difference file list as the identification of the plurality of update files;
若是,则将本地系统上的该备选更新文件复制到临时安装目录。If so, copy the candidate update file on the local system to a temporary installation directory.
A5、根据A3所述的方法,其中,各CDN结点还同步有各补丁对应的更新包,所述更新包中包含多个更新文件的标识,所述KV服务器还建立有更新包的标识和地址信息的索引。A5. The method according to A3, wherein each CDN node also has an update package corresponding to each patch synchronously, the update package includes a plurality of update file identifiers, and the KV server also establishes the update package identifier and Index of address information.
A6、根据A5所述的方法,其中,所述扫描库中记录有各补丁对应的更新包的标识,确定所述待安装的补丁对应的、且本地系统中未存在的多个更新文件的标识,包括:A6. The method according to A5, wherein, the identifiers of the update packages corresponding to the patches are recorded in the scanning library, and the identifiers of multiple update files corresponding to the patches to be installed and not existing in the local system are determined ,include:
根据所述扫描库中记录的各补丁对应的更新包的标识,确定所述待安装的补丁对应的目标更新包的标识;Determine the identifier of the target update package corresponding to the patch to be installed according to the identifier of the update package corresponding to each patch recorded in the scanning library;
利用所述目标更新包的标识从所述KV服务器处获取所述目标更新包的地址信息;Obtaining the address information of the target update package from the KV server by using the identifier of the target update package;
利用所述目标更新包的地址信息从相应的CDN结点处下载得到所述目标更新包;downloading the target update package from a corresponding CDN node by using the address information of the target update package;
解压所述目标更新包确定所述多个更新文件的标识。and decompressing the target update package to determine identifiers of the plurality of update files.
A7、根据A6所述的方法,其中,解压所述目标更新包确定所述多个更新文件的标识,包括:A7. The method according to A6, wherein decompressing the target update package to determine the identifiers of the plurality of update files includes:
解压所述目标更新包得到备选更新文件的标识;Decompressing the target update package to obtain the identification of the alternative update file;
根据所述备选更新文件的标识,判断本地系统上是否已经存在该备选更新文件;According to the identification of the candidate update file, determine whether the candidate update file already exists on the local system;
若否,则将该备选更新文件的标识写入差量文件清单中,并将所述差量文件清单中文件的标识作为所述多个更新文件的标识;If not, write the identification of the alternative update file into the difference file list, and use the identification of the file in the difference file list as the identification of the plurality of update files;
若是,则将本地系统上的该备选更新文件复制到临时安装目录。If so, copy the candidate update file on the local system to a temporary installation directory.
A8、根据A3-A7中任一项所述的方法,其中,利用所述多个更新文件的标识从文件服务器处获取所述多个更新文件,包括:A8. The method according to any one of A3-A7, wherein, using the identifiers of the plurality of update files to obtain the plurality of update files from the file server includes:
利用所述多个更新文件的标识从所述KV服务器处获取所述多个更新文件的地址信息;Obtain address information of the plurality of update files from the KV server by using the identifiers of the plurality of update files;
利用所述多个更新文件的地址信息从相应的CDN结点处下载得到所述多个更新文件。The multiple update files are downloaded from corresponding CDN nodes by using the address information of the multiple update files.
A9、根据A8所述的方法,其中,利用所述多个更新文件对本地漏洞进行修复,包括:A9, according to the method described in A8, wherein, using the plurality of update files to repair local vulnerabilities, including:
将下载得到的所述多个更新文件复制到所述临时安装目录;copying the downloaded update files to the temporary installation directory;
安装所述临时安装目录中的文件,以对本地漏洞进行修复。Install files in the temporary installation directory to fix local vulnerabilities.
A10、根据A9所述的方法,其中,所述索引中还包括下列至少之一的索引信息:A10. The method according to A9, wherein the index further includes at least one of the following index information:
更新文件的摘要信息、大小、发布时间、校验信息。Update the summary information, size, release time, and verification information of the file.
A11、根据A10所述的方法,其中,将下载得到的所述多个更新文件复制到所述临时安装目录,包括:A11. The method according to A10, wherein copying the plurality of downloaded update files to the temporary installation directory includes:
利用所述多个更新文件的标识,从所述KV服务器处获取所述多个更新文件的包含更新文件的校验信息的索引信息;Using the identifiers of the plurality of update files, acquiring index information of the plurality of update files including verification information of the update files from the KV server;
利用所述校验信息对下载得到所述多个更新文件进行校验,在校验通过后,将所述多个更新文件复制到所述临时安装目录。The downloaded update files are verified by using the verification information, and after the verification is passed, the plurality of update files are copied to the temporary installation directory.
A12、根据A1-A11中任一项所述的方法,其中,利用加载的所述扫描库按照扫描规则对本地漏洞进行扫描,得到待安装的补丁,包括:A12. The method according to any one of A1-A11, wherein the loaded scanning library is used to scan local vulnerabilities according to scanning rules to obtain patches to be installed, including:
利用加载的所述扫描库按照扫描规则对本地漏洞进行扫描,得到本地系统上未安装的补丁的扫描结果集;Using the loaded scanning library to scan the local vulnerabilities according to the scanning rules, and obtain the scanning result set of the patches not installed on the local system;
从所述扫描结果集中选取待安装的补丁。A patch to be installed is selected from the scan result set.
A13、根据A12所述的方法,其中,利用加载的所述扫描库按照扫描规则对本地漏洞进行扫描,得到本地系统上未安装的补丁的扫描结果集,包括:A13. The method according to A12, wherein, using the loaded scanning library to scan local vulnerabilities according to scanning rules, and obtain a scanning result set of patches not installed on the local system, including:
枚举加载的所述扫描库中所有的补丁,得到更新列表;Enumerate all the patches in the loaded scanning library to obtain an update list;
遍历所述更新列表,判断各补丁是否已经安装在本地系统上,若否,则将该补丁添加到所述扫描结果集中。Traverse the update list to determine whether each patch has been installed on the local system, and if not, add the patch to the scan result set.
根据本发明的另一方面,还提供了B14、一种漏洞修复装置,包括:According to another aspect of the present invention, there is also provided B14, a vulnerability repairing device, comprising:
加载模块,适于加载与本地系统平台匹配的包含一个或多个更新补丁的扫描库;A loading module adapted to load a scanning library that matches the local system platform and contains one or more update patches;
确定模块,适于利用加载的所述扫描库按照扫描规则对本地漏洞进行扫描,得到待安装的补丁,并确定所述待安装的补丁对应的、且本地系统中未存在的多个更新文件的标识;The determining module is adapted to use the loaded scanning library to scan local vulnerabilities according to scanning rules to obtain the patch to be installed, and determine the number of update files corresponding to the patch to be installed and not existing in the local system. logo;
漏洞修复模块,适于利用所述多个更新文件的标识从文件服务器处获取所述多个更新文件,进而利用所述多个更新文件对本地漏洞进行修复。The vulnerability repair module is adapted to obtain the plurality of update files from the file server by using the identifiers of the plurality of update files, and then use the plurality of update files to repair local vulnerabilities.
B15、根据B14所述的装置,其中,所述加载模块还适于:B15. The device according to B14, wherein the loading module is further adapted to:
获取本地系统的扫描库以及外部的数据发布服务器通过指定通道下发的与本地系统平台匹配的包含一个或多个更新补丁的扫描库;Obtain the scanning library of the local system and the scanning library containing one or more update patches that match the platform of the local system issued by the external data publishing server through the specified channel;
加载获取的所述扫描库。Load the acquired scan library.
B16、根据B14或B15所述的装置,其中,所述文件服务器包括多个内容分发网络CDN结点和KV服务器,各CDN结点同步有各补丁对应的更新文件;所述KV服务器建立有更新文件的标识和地址信息的索引。B16. The device according to B14 or B15, wherein the file server includes a plurality of content distribution network CDN nodes and KV servers, and each CDN node has an update file corresponding to each patch synchronously; the KV server has an updated An index of identification and address information for files.
B17、根据B16所述的装置,其中,所述确定模块还适于:B17. The device according to B16, wherein the determining module is further adapted to:
根据所述扫描库中记录的各补丁对应的更新文件的标识,确定所述待安装的补丁对应的备选更新文件的标识;According to the identification of the update file corresponding to each patch recorded in the scanning library, determine the identification of the candidate update file corresponding to the patch to be installed;
根据所述备选更新文件的标识,判断本地系统上是否已经存在该备选更新文件;According to the identification of the candidate update file, determine whether the candidate update file already exists on the local system;
若否,则将该备选更新文件的标识写入差量文件清单中,并将所述差量文件清单中文件的标识作为所述多个更新文件的标识;If not, write the identification of the alternative update file into the difference file list, and use the identification of the file in the difference file list as the identification of the plurality of update files;
若是,则将本地系统上的该备选更新文件复制到临时安装目录。If so, copy the candidate update file on the local system to a temporary installation directory.
B18、根据B16所述的装置,其中,各CDN结点还同步有各补丁对应的更新包,所述更新包中包含多个更新文件的标识,所述KV服务器还建立有更新包的标识和地址信息的索引。B18. The device according to B16, wherein each CDN node also has an update package corresponding to each patch synchronously, the update package includes a plurality of update file identifiers, and the KV server also establishes an update package identifier and Index of address information.
B19、根据B18所述的装置,其中,所述确定模块还适于:B19. The device according to B18, wherein the determining module is further adapted to:
根据所述扫描库中记录的各补丁对应的更新包的标识,确定所述待安装的补丁对应的目标更新包的标识;Determine the identifier of the target update package corresponding to the patch to be installed according to the identifier of the update package corresponding to each patch recorded in the scanning library;
利用所述目标更新包的标识从所述KV服务器处获取所述目标更新包的地址信息;Obtaining the address information of the target update package from the KV server by using the identifier of the target update package;
利用所述目标更新包的地址信息从相应的CDN结点处下载得到所述目标更新包;downloading the target update package from a corresponding CDN node by using the address information of the target update package;
解压所述目标更新包确定所述多个更新文件的标识。and decompressing the target update package to determine identifiers of the plurality of update files.
B20、根据B19所述的装置,其中,所述确定模块还适于:B20. The device according to B19, wherein the determining module is further adapted to:
解压所述目标更新包得到备选更新文件的标识;Decompressing the target update package to obtain the identification of the alternative update file;
根据所述备选更新文件的标识,判断本地系统上是否已经存在该备选更新文件;According to the identification of the candidate update file, determine whether the candidate update file already exists on the local system;
若否,则将该备选更新文件的标识写入差量文件清单中,并将所述差量文件清单中文件的标识作为所述多个更新文件的标识;If not, write the identification of the alternative update file into the difference file list, and use the identification of the file in the difference file list as the identification of the plurality of update files;
若是,则将本地系统上的该备选更新文件复制到临时安装目录。If so, copy the candidate update file on the local system to a temporary installation directory.
B21、根据B16-B20中任一项所述的装置,其中,所述漏洞修复模块还适于:B21. The device according to any one of B16-B20, wherein the vulnerability repair module is further adapted to:
利用所述多个更新文件的标识从所述KV服务器处获取所述多个更新文件的地址信息;Obtain address information of the plurality of update files from the KV server by using the identifiers of the plurality of update files;
利用所述多个更新文件的地址信息从相应的CDN结点处下载得到所述多个更新文件。The multiple update files are downloaded from corresponding CDN nodes by using the address information of the multiple update files.
B22、根据B21所述的装置,其中,所述漏洞修复模块还适于:B22. The device according to B21, wherein the vulnerability repair module is further adapted to:
将下载得到的所述多个更新文件复制到所述临时安装目录;copying the downloaded update files to the temporary installation directory;
安装所述临时安装目录中的文件,以对本地漏洞进行修复。Install files in the temporary installation directory to fix local vulnerabilities.
B23、根据B22所述的装置,其中,所述索引中还包括下列至少之一的索引信息:B23. The device according to B22, wherein the index further includes at least one of the following index information:
更新文件的摘要信息、大小、发布时间、校验信息。Update the summary information, size, release time, and verification information of the file.
B24、根据B23所述的装置,其中,所述漏洞修复模块还适于:B24. The device according to B23, wherein the vulnerability repair module is also suitable for:
利用所述多个更新文件的标识,从所述KV服务器处获取所述多个更新文件的包含更新文件的校验信息的索引信息;Using the identifiers of the plurality of update files, acquiring index information of the plurality of update files including verification information of the update files from the KV server;
利用所述校验信息对下载得到所述多个更新文件进行校验,在校验通过后,将所述多个更新文件复制到所述临时安装目录。The downloaded update files are verified by using the verification information, and after the verification is passed, the plurality of update files are copied to the temporary installation directory.
B25、根据B14-B24中任一项所述的装置,其中,所述确定模块还适于:B25. The device according to any one of B14-B24, wherein the determination module is further adapted to:
利用加载的所述扫描库按照扫描规则对本地漏洞进行扫描,得到本地系统上未安装的补丁的扫描结果集;Using the loaded scanning library to scan the local vulnerabilities according to the scanning rules, and obtain the scanning result set of the patches not installed on the local system;
从所述扫描结果集中选取待安装的补丁。A patch to be installed is selected from the scan result set.
B26、根据B24所述的装置,其中,所述确定模块还适于:B26. The device according to B24, wherein the determination module is further adapted to:
枚举加载的所述扫描库中所有的补丁,得到更新列表;Enumerate all the patches in the loaded scanning library to obtain an update list;
遍历所述更新列表,判断各补丁是否已经安装在本地系统上,若否,则将该补丁添加到所述扫描结果集中。Traverse the update list to determine whether each patch has been installed on the local system, and if not, add the patch to the scan result set.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710062973.1ACN106921731B (en) | 2017-01-24 | 2017-01-24 | Vulnerability repair method and device |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710062973.1ACN106921731B (en) | 2017-01-24 | 2017-01-24 | Vulnerability repair method and device |
| Publication Number | Publication Date |
|---|---|
| CN106921731Atrue CN106921731A (en) | 2017-07-04 |
| CN106921731B CN106921731B (en) | 2021-06-22 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710062973.1AActiveCN106921731B (en) | 2017-01-24 | 2017-01-24 | Vulnerability repair method and device |
| Country | Link |
|---|---|
| CN (1) | CN106921731B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107392033A (en)* | 2017-08-30 | 2017-11-24 | 杭州安恒信息技术有限公司 | A kind of Android device Permeation Test System and its automation penetration testing method |
| CN108200029A (en)* | 2017-12-27 | 2018-06-22 | 北京知道创宇信息技术有限公司 | Loophole situation detection method, device, server and readable storage medium storing program for executing |
| CN109218336A (en)* | 2018-11-16 | 2019-01-15 | 北京知道创宇信息技术有限公司 | Loophole defence method and system |
| CN109976788A (en)* | 2019-03-26 | 2019-07-05 | 深圳Tcl数字技术有限公司 | The miniature loophole restorative procedure of intelligent terminal, intelligent terminal, equipment and server |
| CN110572399A (en)* | 2019-09-10 | 2019-12-13 | 百度在线网络技术(北京)有限公司 | vulnerability detection processing method, device, equipment and storage medium |
| CN112541182A (en)* | 2020-12-23 | 2021-03-23 | 苏州三六零智能安全科技有限公司 | Kernel VFS layer system repairing method, device, equipment and storage medium |
| CN112579330A (en)* | 2019-09-30 | 2021-03-30 | 奇安信安全技术(珠海)有限公司 | Method, device and equipment for processing abnormal data of operating system |
| CN113704359A (en)* | 2021-09-03 | 2021-11-26 | 优刻得科技股份有限公司 | Synchronization method, system and server for multiple data copies of time sequence database |
| CN113760339A (en)* | 2020-07-01 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Vulnerability repair method and device |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101931944A (en)* | 2010-07-23 | 2010-12-29 | 华为终端有限公司 | Method, device and system for updating terminal patch online |
| CN103227992A (en)* | 2013-04-01 | 2013-07-31 | 南京理工大学常熟研究院有限公司 | Android terminal-based vulnerability scanning system |
| CN103745158A (en)* | 2014-01-26 | 2014-04-23 | 北京奇虎科技有限公司 | Method and device for repairing system bugs |
| CN103973475A (en)* | 2013-02-05 | 2014-08-06 | 腾讯科技(深圳)有限公司 | Difference service pack generating method, difference service pack downloading method, server and client-side |
| CN104378397A (en)* | 2013-08-15 | 2015-02-25 | 世纪禾光科技发展(北京)有限公司 | Method and system for issuing incremental updating of program package |
| CN104462975A (en)* | 2014-12-19 | 2015-03-25 | 北京奇虎科技有限公司 | Program scanning method, device and system |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101931944A (en)* | 2010-07-23 | 2010-12-29 | 华为终端有限公司 | Method, device and system for updating terminal patch online |
| CN103973475A (en)* | 2013-02-05 | 2014-08-06 | 腾讯科技(深圳)有限公司 | Difference service pack generating method, difference service pack downloading method, server and client-side |
| CN103227992A (en)* | 2013-04-01 | 2013-07-31 | 南京理工大学常熟研究院有限公司 | Android terminal-based vulnerability scanning system |
| CN104378397A (en)* | 2013-08-15 | 2015-02-25 | 世纪禾光科技发展(北京)有限公司 | Method and system for issuing incremental updating of program package |
| CN103745158A (en)* | 2014-01-26 | 2014-04-23 | 北京奇虎科技有限公司 | Method and device for repairing system bugs |
| CN104462975A (en)* | 2014-12-19 | 2015-03-25 | 北京奇虎科技有限公司 | Program scanning method, device and system |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107392033A (en)* | 2017-08-30 | 2017-11-24 | 杭州安恒信息技术有限公司 | A kind of Android device Permeation Test System and its automation penetration testing method |
| CN107392033B (en)* | 2017-08-30 | 2019-12-31 | 杭州安恒信息技术股份有限公司 | An Android device penetration testing system and its automated penetration testing method |
| CN108200029A (en)* | 2017-12-27 | 2018-06-22 | 北京知道创宇信息技术有限公司 | Loophole situation detection method, device, server and readable storage medium storing program for executing |
| CN109218336A (en)* | 2018-11-16 | 2019-01-15 | 北京知道创宇信息技术有限公司 | Loophole defence method and system |
| CN109976788A (en)* | 2019-03-26 | 2019-07-05 | 深圳Tcl数字技术有限公司 | The miniature loophole restorative procedure of intelligent terminal, intelligent terminal, equipment and server |
| CN109976788B (en)* | 2019-03-26 | 2024-03-15 | 深圳Tcl数字技术有限公司 | Intelligent terminal miniature vulnerability restoration method, intelligent terminal, equipment and server |
| CN110572399A (en)* | 2019-09-10 | 2019-12-13 | 百度在线网络技术(北京)有限公司 | vulnerability detection processing method, device, equipment and storage medium |
| CN112579330A (en)* | 2019-09-30 | 2021-03-30 | 奇安信安全技术(珠海)有限公司 | Method, device and equipment for processing abnormal data of operating system |
| CN112579330B (en)* | 2019-09-30 | 2024-02-06 | 奇安信安全技术(珠海)有限公司 | Methods, devices and equipment for processing abnormal data in operating systems |
| CN113760339A (en)* | 2020-07-01 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Vulnerability repair method and device |
| CN113760339B (en)* | 2020-07-01 | 2024-10-18 | 北京沃东天骏信息技术有限公司 | Vulnerability restoration method and device |
| CN112541182B (en)* | 2020-12-23 | 2022-11-04 | 苏州三六零智能安全科技有限公司 | Kernel VFS layer system repairing method, device, equipment and storage medium |
| CN112541182A (en)* | 2020-12-23 | 2021-03-23 | 苏州三六零智能安全科技有限公司 | Kernel VFS layer system repairing method, device, equipment and storage medium |
| CN113704359A (en)* | 2021-09-03 | 2021-11-26 | 优刻得科技股份有限公司 | Synchronization method, system and server for multiple data copies of time sequence database |
| CN113704359B (en)* | 2021-09-03 | 2024-04-26 | 优刻得科技股份有限公司 | Method, system and server for synchronizing multiple data copies of time sequence database |
| Publication number | Publication date |
|---|---|
| CN106921731B (en) | 2021-06-22 |
| Publication | Publication Date | Title |
|---|---|---|
| CN106921731B (en) | Vulnerability repair method and device | |
| CN106919843B (en) | Vulnerability repair system, method and device | |
| CN110162332B (en) | Method and system for constructing RN (radio network node) project | |
| US20190196805A1 (en) | Controlled rollout of updates for applications installed on client devices | |
| CN107729352A (en) | page resource loading method and terminal device | |
| JP2006172472A5 (en) | ||
| CN103745158A (en) | Method and device for repairing system bugs | |
| WO2015078166A1 (en) | Load processing method and device for system application installation package, and terminal | |
| CN110532016B (en) | Version management method, version updating method and version management system | |
| CN104699511A (en) | Plug-in upgrading method and plug-in upgrading device | |
| CN105554137B (en) | A kind of standby system and method | |
| CN109669692B (en) | Source code sharing method, server, computer readable storage medium and system | |
| CN106909427B (en) | A software update method and device, and a software update data release method and system | |
| CN118170431B (en) | Cross-operating system service migration method and device and electronic equipment | |
| CN111176706A (en) | Terminal upgrading method and device, electronic equipment and storage medium | |
| CN102541593A (en) | Rapid comparison method of versions of remote files | |
| WO2016041499A1 (en) | Application downloading method and mobile terminal | |
| CN105094787B (en) | Method and device for processing enterprise internet application | |
| CN103095698B (en) | Client software repair method, device and communication system | |
| CN113535221B (en) | Method and device for managing application version | |
| CN116974597A (en) | Information processing method and system based on toolkit, storage medium and terminal equipment | |
| CN114338395A (en) | C/S communication network management method, storage medium, electronic equipment and system | |
| CN109491692B (en) | Mobile application program hot updating method based on multiple service terminals | |
| CN114826599A (en) | Method, device and processor for downloading application program | |
| CN106547700A (en) | Program debugging method and device |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |