CN102156649B - Patch installation method and device thereof - Google Patents
Patch installation method and device thereof Download PDFInfo
- Publication number
- CN102156649B CN102156649B CN201110049719.0A CN201110049719A CN102156649B CN 102156649 B CN102156649 B CN 102156649B CN 201110049719 A CN201110049719 A CN 201110049719A CN 102156649 B CN102156649 B CN 102156649B
- Authority
- CN
- China
- Prior art keywords
- installation
- patch
- condition
- file
- installation condition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Stored Programmes (AREA)
Abstract
本发明提供一种漏洞修复方法及装置,其中,所述方法包括:获取第一补丁安装包,从所述第一补丁安装包中提取出第一安装条件相关文件;利用第二安装条件相关文件替换所述第一安装条件相关文件;根据所述第一补丁安装包以及替换后的结果生成第二补丁安装包;利用所述第二补丁安装包进行漏洞修复。通过本发明,有利于提高修复程序中存在的漏洞的成功率。
The present invention provides a vulnerability repair method and device, wherein the method includes: obtaining a first patch installation package, extracting a first installation condition related file from the first patch installation package; using a second installation condition related file Replacing the first installation condition-related files; generating a second patch installation package according to the first patch installation package and the replaced result; using the second patch installation package to repair vulnerabilities. Through the present invention, it is beneficial to improve the success rate of loopholes existing in the repair program.
Description
技术领域technical field
本发明涉及计算机技术领域,特别是涉及一种补丁安装方法及装置。The invention relates to the technical field of computers, in particular to a patch installation method and device.
背景技术Background technique
对于大型软件系统(如微软操作系统等)而言,在开发过程中,有很多因素是没有考虑到的,但是在使用过程中可能会暴露出一些问题,这些问题的存在可能会使用户在使用系统或软件时出现干扰工作或有害于安全等问题,因此,发现这种问题之后就需要另外编制一些小程序,以便对软件本身存在的问题进行修复,这种小程序就被称为补丁。通常,补丁是由软件的原来作者制作的,软件使用者可以从网站下载补丁,并安装到本地,就可以使其软件中存在的缺陷得到有效的修复,以达到纠正程序错误、减少或消除安全风险、提高程序的利用效率等目的。For large-scale software systems (such as Microsoft operating systems, etc.), there are many factors that have not been considered during the development process, but some problems may be exposed during the use process, and the existence of these problems may make users When the system or software has problems such as interfering with work or harmful to safety, after discovering such problems, it is necessary to compile some additional small programs to repair the problems in the software itself. This small program is called a patch. Usually, the patch is made by the original author of the software. Software users can download the patch from the website and install it locally, so that the defects in the software can be effectively repaired, so as to correct program errors, reduce or eliminate security issues. risk, improve the utilization efficiency of the program, etc.
当然,如果把所有补丁程序都下载、安装完毕,并不一定就使机器变得更安全。相反,如果安装了过时、不必要的,甚至是有问题的补丁,反而会给机器带来风险。因此,在发布补丁包(是指某个系统在某个时段所发布升级的补丁的合集)时,通常会在补丁包中限制补丁的安装条件,在向某机器中安装补丁时,安装测试程序需要首先根据补丁包中的安装条件,判断当前的机器环境是否满足该条件,如果满足,则安装相应的补丁,否则,不再安装。Of course, if all the patches are downloaded and installed, it does not necessarily make the machine more secure. Conversely, installing outdated, unnecessary, or even questionable patches can put your machine at risk. Therefore, when releasing a patch package (referring to a collection of upgraded patches released by a certain system at a certain period of time), the installation conditions of the patch are usually limited in the patch package, and when installing the patch to a certain machine, the test program is installed It is necessary to first judge whether the current machine environment satisfies the conditions according to the installation conditions in the patch package, and if so, install the corresponding patches; otherwise, do not install any more.
如此进行补丁安装,会出现一些问题。例如,微软公司对发布的补丁进行了版本区段的限制,而对于中国的大多数正版微软用户来说,由于一些技术原因导致检测补丁状态信息时发现操作系统的注册表中存储的版本信息、或者具体文件中存储的版本信息不符合补丁所要求的版本条件,从而导致补丁不能正常安装,进而不能及时、有效地使程序中存在的漏洞得到有效地修复。In this way of patch installation, there will be some problems. For example, Microsoft has restricted the version section of the released patches, and for most genuine Microsoft users in China, due to some technical reasons, when detecting the patch status information, it is found that the version information stored in the registry of the operating system, Or the version information stored in the specific file does not meet the version requirements required by the patch, thus causing the patch to not be installed normally, and thus the loopholes existing in the program cannot be effectively repaired in a timely and effective manner.
发明内容Contents of the invention
本发明提供一种漏洞修复方法及装置,有利于提高修复程序中存在的漏洞的成功率。The invention provides a loophole repairing method and device, which is beneficial to improving the success rate of loopholes existing in a repairing program.
本发明提供了如下方案:The present invention provides following scheme:
一种漏洞修复方法,包括:A vulnerability repair method, comprising:
获取第一补丁安装包,从所述第一补丁安装包中提取出第一安装条件相关文件;Obtaining a first patch installation package, and extracting first installation condition related files from the first patch installation package;
利用第二安装条件相关文件替换所述第一安装条件相关文件;replacing the first installation condition related file with a second installation condition related file;
根据所述第一补丁安装包以及替换后的结果生成第二补丁安装包;Generate a second patch installation package according to the first patch installation package and the replaced result;
利用所述第二补丁安装包进行漏洞修复。Vulnerabilities are repaired by using the second patch installation package.
优选地,所述第一安装条件相关文件包括:Preferably, the first installation condition-related files include:
第一补丁安装包中的安装测试程序和/或配置文件。Installation test programs and/or configuration files in the first patch installation package.
优选地,还包括:Preferably, it also includes:
生成新的安装条件,并根据新的安装条件生成所述第二安装条件相关文件。A new installation condition is generated, and files related to the second installation condition are generated according to the new installation condition.
优选地,所述生成新的安装条件包括:Preferably, said generating new installation conditions includes:
从所述第一安装条件相关文件中提取第一安装条件;根据所述第一安装条件生成新的安装条件。Extracting the first installation condition from the first installation condition related file; generating a new installation condition according to the first installation condition.
优选地,所述生成新的安装条件包括:Preferably, said generating new installation conditions includes:
抓取所述第一补丁安装包所在网页上发布的安装条件信息,所述安装条件信息包括操作系统条件以及程序/组件条件;根据所述安装条件信息生成新的安装条件。Capture the installation condition information published on the webpage where the first patch installation package is located, the installation condition information includes operating system conditions and program/component conditions; generate new installation conditions according to the installation condition information.
优选地,所述生成新的安装条件包括:Preferably, said generating new installation conditions includes:
如果目标机器环境中目标程序/组件的版本,低于所述程序/组件条件中的最新版本,则判定对应的补丁文件适于安装;If the version of the target program/component in the target machine environment is lower than the latest version in the program/component condition, it is determined that the corresponding patch file is suitable for installation;
或者,or,
当所述第一补丁安装包中的补丁文件能消除某程序/组件中存在的漏洞时,判定该补丁文件适于安装;When the patch file in the first patch installation package can eliminate a loophole in a certain program/component, it is determined that the patch file is suitable for installation;
或者,or,
如果在某机器环境中安装某补丁文件之后,能够修复某程序/组件中存在的漏洞,并且不会出现系统不稳定的现象,则判定该补丁文件适于在该机器环境中安装;If after installing a certain patch file in a certain machine environment, the loopholes in a certain program/component can be repaired, and there will be no system instability, then it is determined that the patch file is suitable for installation in this machine environment;
或者,or,
如果某补丁文件对应的目标程序/组件与系统运行的安全或稳定性无关,且不安装该补丁文件不影响其他补丁文件的安装时,判定该补丁文件不适于安装。If the target program/component corresponding to a patch file has nothing to do with the security or stability of the system operation, and the installation of other patch files will not be affected if the patch file is not installed, it is determined that the patch file is not suitable for installation.
一种漏洞修复装置,包括:A vulnerability repair device, comprising:
提取单元,用于获取第一补丁安装包,从所述第一补丁安装包中提取出第一安装条件相关文件;An extracting unit, configured to obtain a first patch installation package, and extract first installation condition related files from the first patch installation package;
替换单元,用于利用第二安装条件相关文件替换所述第一安装条件相关文件;a replacement unit, configured to replace the first installation condition related file with a second installation condition related file;
生成单元,用于根据所述第一补丁安装包以及替换后的结果生成第二补丁安装包;A generating unit, configured to generate a second patch installation package according to the first patch installation package and the replaced result;
修复单元,用于利用所述第二补丁安装包进行漏洞修复。A repairing unit, configured to use the second patch installation package to repair vulnerabilities.
优选地于,所述第一安装条件相关文件包括:Preferably, the first installation condition-related files include:
第一补丁安装包中的安装测试程序和/或配置文件。Installation test programs and/or configuration files in the first patch installation package.
优选地,还包括:Preferably, it also includes:
条件生成单元,用于生成新的安装条件,并根据新的安装条件生成所述第二安装条件相关文件。The condition generation unit is configured to generate a new installation condition, and generate the second installation condition related file according to the new installation condition.
优选地,所述条件生成单元包括:Preferably, the condition generation unit includes:
提取子单元,用于从所述第一安装条件相关文件中提取第一安装条件;根据所述第一安装条件生成新的安装条件。The extraction subunit is used to extract the first installation condition from the first installation condition-related file; and generate a new installation condition according to the first installation condition.
优选地,所述条件生成单元包括:Preferably, the condition generation unit includes:
抓取子单元,用于抓取所述第一补丁安装包所在网页上发布的安装条件信息,所述安装条件信息包括操作系统条件以及程序/组件条件;根据所述安装条件信息生成新的安装条件。The crawling subunit is used to grab the installation condition information published on the webpage where the first patch installation package is located, the installation condition information includes operating system conditions and program/component conditions; generate a new installation condition information according to the installation condition information condition.
优选地,所述条件生成单元包括:Preferably, the condition generation unit includes:
第一条件生成子单元,用于如果目标机器环境中目标程序/组件的版本,低于所述程序/组件条件中的最新版本,则判定对应的补丁文件适于安装;The first condition generates a subunit, which is used to determine that the corresponding patch file is suitable for installation if the version of the target program/component in the target machine environment is lower than the latest version in the program/component condition;
或者,or,
第二条件生成子单元,用于当所述第一补丁安装包中的补丁文件能消除某程序/组件中存在的漏洞时,判定该补丁文件适于安装;The second condition generates a subunit, which is used to determine that the patch file is suitable for installation when the patch file in the first patch installation package can eliminate the loopholes in a certain program/component;
或者,or,
第三条件生成子单元,用于如果在某机器环境中安装某补丁文件之后,能够修复某程序/组件中存在的漏洞,并且不会出现系统不稳定的现象,则判定该补丁文件适于在该机器环境中安装;The third condition generates a subunit, which is used to determine that the patch file is suitable for use in a certain machine environment if the loopholes in a certain program/component can be repaired and there will be no system instability. Installed in the machine environment;
或者,or,
第四条件生成子单元,用于如果某补丁文件对应的目标程序/组件与系统运行的安全或稳定性无关,且不安装该补丁文件不影响其他补丁文件的安装时,判定该补丁文件不适于安装。The fourth condition generates a subunit, which is used to determine that the patch file is not suitable if the target program/component corresponding to the patch file has nothing to do with the security or stability of the system operation, and the installation of the patch file does not affect the installation of other patch files. Install.
根据本发明提供的具体实施例,本发明公开了以下技术效果:According to the specific embodiments provided by the invention, the invention discloses the following technical effects:
本发明实施例能够替换补丁安装包中的安装条件相关文件,然后生成新的补丁安装包,并用新的补丁安装包对程序中存在的漏洞进行修复,其中,替换后的安装条件相关文件中的安装条件可以是经过对原安装条件再分析,从而优化更新得到的,这样,该新替换后的安装条件相关文件中的安装条件比原始安装条件相关文件中的安装条件更适合用户安装,且优化更新后的安装条件可以保证用户及时有效地安装补丁,减少系统风险,而使用优化更新的安装条件安装补丁时,就可以有效地提高修复程序中存在漏洞的成功率。The embodiment of the present invention can replace the installation condition-related files in the patch installation package, and then generate a new patch installation package, and use the new patch installation package to repair the loopholes in the program, wherein, in the replaced installation condition-related files The installation conditions can be obtained by reanalyzing the original installation conditions and optimizing the update. In this way, the installation conditions in the newly replaced installation condition related files are more suitable for user installation than those in the original installation condition related files, and the optimized The updated installation conditions can ensure that users can install patches in a timely and effective manner and reduce system risks. When installing patches with optimized and updated installation conditions, the success rate of fixing vulnerabilities in programs can be effectively improved.
附图说明Description of drawings
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the accompanying drawings required in the embodiments. Obviously, the accompanying drawings in the following description are only some of the present invention. Embodiments, for those of ordinary skill in the art, other drawings can also be obtained based on these drawings without any creative effort.
图1是本发明实施例提供的方法的流程图;Fig. 1 is the flowchart of the method provided by the embodiment of the present invention;
图2是本发明实施例提供的装置的示意图。Fig. 2 is a schematic diagram of a device provided by an embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. All other embodiments obtained by persons of ordinary skill in the art based on the embodiments of the present invention belong to the protection scope of the present invention.
参见图1,本发明实施例提供的漏洞修复方法包括以下步骤:Referring to Fig. 1, the vulnerability repairing method that the embodiment of the present invention provides comprises the following steps:
S101:获取第一补丁安装包,从所述第一补丁安装包中提取出第一安装条件相关文件;S101: Obtain a first patch installation package, and extract first installation condition related files from the first patch installation package;
其中,这里所谓的第一补丁安装包可以是指软件的原来作者提供的补丁安装包,例如微软针对其具体的软件产品提供的补丁安装包等等。软件的原作者通常会将其提供的补丁安装包发布到官方网站上,因此,也将这种补丁安装包称为官方发布的补丁安装包。可以通过到官方网站上下载等方式来获取这种官方发布的补丁安装包。Wherein, the so-called first patch installation package here may refer to the patch installation package provided by the original author of the software, such as the patch installation package provided by Microsoft for its specific software product, and the like. The original author of the software usually publishes the patch installation package provided by it on the official website. Therefore, this patch installation package is also called the officially released patch installation package. You can obtain this officially released patch installation package by downloading it from the official website.
对于一个补丁安装包而言,其中会包括补丁文件,也即真正用于修复程序漏洞的文件,另外还会包括安装测试程序。其中,安装测试程序包括一种用于安装补丁的可执行文件,具体的,可以由安装测试程序在进行具体的补丁安装之前,按照预先设置的安装条件,判断当前的机器环境是否可以安装该补丁安装包中的补丁文件,如果可以,则安装,否则不会执行安装的操作。另外,在有些情况下,安装测试程序还可能包括一种用于测试的可执行文件,具体的,可以由安装测试程序运行相关数据的测试程序,以便判断当前的补丁文件是否能够修复指定程序的漏洞,或者补丁文件的安装是否带来系统的不稳定等等。For a patch installation package, it will include a patch file, that is, a file actually used to fix program vulnerabilities, and also include an installation test program. Wherein, the installation test program includes an executable file for installing the patch. Specifically, the installation test program can determine whether the current machine environment can install the patch according to the preset installation conditions before performing the specific patch installation. Install the patch file in the package, if possible, install it, otherwise it will not perform the installation operation. In addition, in some cases, the installation test program may also include an executable file for testing. Specifically, the installation test program can run a test program with relevant data to determine whether the current patch file can repair the specified program. Vulnerabilities, or whether the installation of patch files brings system instability, etc.
其中,具体的安装条件可能是写在安装测试程序中的,只要运行安装测试程序,就可以自动按照写好的安装条件,对机器环境进行判断。另外,还有一种情况下,具体的安装条件可能是写在配置文件中的,安装测试程序在运行时,需要读取配置文件,再利用配置文件中的安装条件,对机器环境进行判断。Among them, the specific installation conditions may be written in the installation test program, as long as the installation test program is run, the machine environment can be judged automatically according to the written installation conditions. In addition, in another case, the specific installation conditions may be written in the configuration file. When the installation test program is running, it needs to read the configuration file, and then use the installation conditions in the configuration file to judge the machine environment.
因此,在本发明实施例中,安装条件相关文件可以是指补丁安装包中的安装测试程序和/或配置文件。也即,如果安装条件全部写在安装测试程序中,则安装条件相关文件就是指安装测试程序,在提取第一安装条件相关文件时,只提取官方发布的补丁安装包中的安装测试程序即可;如果安装条件全部写在配置文件中,则安装条件相关文件就是指配置文件,在提取第一安装条件相关文件时,只提取官方发布的补丁安装包中的配置文件即可;如果安装条件部分写在安装测试程序中,部分写在配置文件中,则安装条件相关文件就是指安装测试程序及配置文件,在提取第一安装条件相关文件时,需要提取官方发布的补丁安装包中的安装测试程序及配置文件。Therefore, in the embodiment of the present invention, the installation condition-related files may refer to the installation test program and/or the configuration file in the patch installation package. That is, if all the installation conditions are written in the installation test program, then the installation condition-related files refer to the installation test program. When extracting the first installation condition-related files, only the installation test program in the officially released patch installation package can be extracted. ; If all the installation conditions are written in the configuration file, then the installation condition related file refers to the configuration file. When extracting the first installation condition related file, only the configuration file in the officially released patch installation package can be extracted; if the installation condition part Written in the installation test program and partly written in the configuration file, the installation condition related files refer to the installation test program and configuration file. When extracting the first installation condition related files, it is necessary to extract the installation test in the officially released patch installation package. programs and configuration files.
S102:利用第二安装条件相关文件替换所述第一安装条件相关文件;S102: Replace the first installation condition related file with the second installation condition related file;
第二安装条件相关文件是与第一安装条件相关文件相对应的,如果第一安装条件相关文件是安装测试程序,则第二安装条件相关文件也应该是个安装测试程序,也即用一个新的安装测试程序替换原来的安装测试程序,这样,在安装补丁文件时,就会运行新的安装测试程序,并按照新的安装测试程序中设置的安装条件对机器环境进行判断。The second installation condition-related file is corresponding to the first installation condition-related file, if the first installation condition-related file is an installation test program, then the second installation condition-related file should also be an installation test program, that is, use a new The installation test program replaces the original installation test program, so that when the patch file is installed, the new installation test program will be run, and the machine environment will be judged according to the installation conditions set in the new installation test program.
类似的,如果第一安装条件相关文件是配置文件,则第二安装条件相关文件也应该是个配置文件,当然,由于补丁安装包中的安装测试程序并没有发生变化,因此为了使安装测试程序能够正常读取配置文件,替换后的配置文件可以与原来的配置文件采用相同的文件名;这样,补丁安装包中的安装测试程序在运行时,就可以读取新的配置文件中设置的安装条件,并按照该安装条件对机器环境进行判断。Similarly, if the first installation condition-related file is a configuration file, then the second installation condition-related file should also be a configuration file. Of course, since the installation test program in the patch installation package has not changed, in order to enable the installation test program to Read the configuration file normally, and the replaced configuration file can use the same file name as the original configuration file; in this way, the installation test program in the patch installation package can read the installation conditions set in the new configuration file when it is running , and judge the machine environment according to the installation conditions.
或者,如果第一安装条件相关文件包括安装测试程序以及配置文件,则第二安装条件相关文件也应该是既包括安装测试程序也包括配置文件。由于安装测试程序也会发生变化,因此替换后的配置文件可以与原来的配置文件可以采用相同的文件名,也可以采用不同的文件名,只要替换后的安装测试程序能够正常读取配置文件即可;这样,在安装补丁文件时,就会运行新的安装测试程序,新的安装测试程序在运行过程中,不仅会依据自身设定的安装条件对机器环境进行判断,还可以读取新的配置文件中的安装条件,并按照新的配置文件中设置的安装条件对机器环境进行判断。Alternatively, if the first installation condition-related file includes an installation test program and a configuration file, the second installation condition-related file should also include both an installation test program and a configuration file. Since the installation test program will also change, the replaced configuration file can use the same file name as the original configuration file, or it can use a different file name, as long as the replaced installation test program can read the configuration file normally. Yes; in this way, when installing the patch file, a new installation test program will be run. During the running process, the new installation test program will not only judge the machine environment according to the installation conditions set by itself, but also read the new The installation conditions in the configuration file, and judge the machine environment according to the installation conditions set in the new configuration file.
总之,无论上述何种情况,都可以通过替换原始补丁安装包中的安装条件相关文件,实现对原始的安装条件的修改。In a word, regardless of the above circumstances, the modification of the original installation conditions can be realized by replacing the installation condition-related files in the original patch installation package.
S103:根据所述第一补丁安装包以及替换后的结果生成第二补丁安装包;S103: Generate a second patch installation package according to the first patch installation package and the replaced result;
将第一安装条件相关条件替换为第二安装条件相关文件之后,就可以将第一补丁安装包中的补丁文件与第二安装条件相关文件重新进行打包,生成第二补丁安装包。这样,相当于补丁安装包中的补丁文件没有变化,只是安装条件相关文件发生了变化。After the conditions related to the first installation condition are replaced with the files related to the second installation condition, the patch files in the first patch installation package and the files related to the second installation condition can be repackaged to generate the second patch installation package. In this way, it is equivalent to that the patch files in the patch installation package have not changed, but only the files related to the installation conditions have changed.
其中,在生成第二补丁安装包时,可以采用与第一补丁安装包同样的打包方法,例如,补丁文件的顺序等可以与第一补丁安装包中相同,相当于将补丁安装包中安装条件相关文件以外的信息还原。Wherein, when generating the second patch installation package, the same packaging method as that of the first patch installation package can be adopted, for example, the order of the patch files can be the same as in the first patch installation package, which is equivalent to adding the installation conditions in the patch installation package to Restoration of information other than related files.
S104:利用所述第二补丁安装包进行漏洞修复。S104: Use the second patch installation package to repair the vulnerability.
生成第二补丁安装包之后,就可以利用第二补丁安装包对机器中的程序漏洞进行修复。After the second patch installation package is generated, the second patch installation package can be used to repair program vulnerabilities in the machine.
可见,在本发明实施例中,能够替换补丁安装包中的安装条件相关文件,然后生成新的补丁安装包,并用新的补丁安装包对程序中存在的漏洞进行修复,其中,替换后的安装条件相关文件中的安装条件可以是经过对原安装条件再分析,从而优化更新得到的,这样,该新替换后的安装条件相关文件中的安装条件比原始安装条件相关文件中的安装条件更适合用户,且优化更新后的安装条件可以保证用户及时有效地安装补丁,减少系统风险,而使用优化更新的安装条件安装补丁时,就可以有效地提高修复程序中存在漏洞的成功率。It can be seen that in the embodiment of the present invention, the installation condition-related files in the patch installation package can be replaced, and then a new patch installation package can be generated, and the loopholes existing in the program can be repaired with the new patch installation package, wherein, the replaced installation The installation conditions in the condition-related files can be obtained by re-analyzing the original installation conditions, thereby optimizing and updating them. In this way, the installation conditions in the newly replaced installation-condition-related files are more suitable than those in the original installation-condition-related files. Users, and optimized and updated installation conditions can ensure that users can install patches in a timely and effective manner, reducing system risks, and using optimized and updated installation conditions to install patches can effectively improve the success rate of repairing vulnerabilities.
其中,关于第二补丁安装包,可以由程序员等手动编写的,也可以是程序自动编写的。具体的安装条件设置方法可以有多种,下面以其中的一个例子进行介绍。Wherein, regarding the second patch installation package, it may be manually written by a programmer or the like, or may be automatically written by a program. There are many ways to set the specific installation conditions, and one of them will be introduced below.
通常,官方在发布补丁安装包的同时,会在网站上发布补丁安装包的安装条件(通常以文本的形式、独立于补丁安装包存在),这些条件通常仅对机器的操作系统版本、针对的软件以及软件版本的限制。例如,某官方网站上发布某补丁包的同时,还发布了如下信息:Usually, when the official patch installation package is released, the installation conditions of the patch installation package (usually in the form of text and independent of the patch installation package) will be released on the website. These conditions are usually only for the operating system version of the machine, for SOFTWARE AND SOFTWARE VERSION LIMITATIONS. For example, when a patch package is released on an official website, the following information is also released:
“操作系统:Windows XP sp3"OS: Windows XP sp3
software sp2software sp2
本机条件1:Native condition 1:
C:\Program Files\Microsoft Office\OFFICE11\\winword.exeC:\Program Files\Microsoft Office\OFFICE11\\winword.exe
本机条件2:Native condition 2:
C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.EXE”C:\Program Files\Microsoft Office\OFFICE11\\WINWORD.EXE”
可见,这些条件中,仅包括操作系统条件以及软件条件,也即仅对操作系统的版本、软件的名称以及版本进行了限制,换言之,只要是Windows XP sp3操作系统中的符合上述版本条件的上述软件,都可以用该补丁文件进行修复。但是,对于官方发布的补丁安装包而言,其中设置的安装条件除了上述条件之外,通常还包括其他条件,例如,还可能包括其他条件,例如文件的完整性、一致性以及依赖关系等的判断,这样,只要任何一个条件不满足,都无法实现补丁文件的安装。It can be seen that these conditions only include operating system conditions and software conditions, that is, only the version of the operating system, the name and version of the software are restricted. Software can be repaired with this patch file. However, for the officially released patch installation package, the installation conditions set therein usually include other conditions in addition to the above conditions, for example, other conditions may also be included, such as file integrity, consistency, and dependencies, etc. Judgment, in this way, as long as any one of the conditions is not satisfied, the installation of the patch file cannot be realized.
因此,在生成第二安装条件相关文件时,就可以依据官方网站上发布的操作系统及软件条件,设置新的安装条件,并生成新的安装条件相关文件。也即,在第二安装条件相关文件中,安装条件的设置可以仅考虑操作系统版本以及软件版本等因素,其他的文件完整性、一致性以及依赖关系等因素可以不必考虑。另外,在考虑操作系统及软件的版本信息时,还可以尽可能地包括更多的版本,例如,官方网站中的软件版本条件可能是一个闭区间,而本发明实施例中可以设置为开区间,使得目标机器环境中的软件版本只要低于官方网站中指出的最新值,就都可以安装相应的补丁文件。这样生成的安装条件会更适合用户安装,使得一些操作系统版本以及软件版本都符合要求,但文件的完整性、依赖性等不符合要求的机器环境,也能够成功地安装补丁文件。Therefore, when generating the second installation condition-related file, new installation conditions can be set according to the operating system and software conditions published on the official website, and a new installation condition-related file can be generated. That is, in the second installation condition-related file, the setting of the installation condition may only consider factors such as operating system version and software version, and other factors such as file integrity, consistency, and dependency may not be considered. In addition, when considering the version information of the operating system and software, more versions can be included as much as possible. For example, the software version condition on the official website may be a closed interval, but in the embodiment of the present invention, it can be set as an open interval , so that as long as the software version in the target machine environment is lower than the latest value indicated on the official website, the corresponding patch file can be installed. The installation conditions generated in this way will be more suitable for user installation, so that some operating system versions and software versions meet the requirements, but the machine environment such as file integrity and dependencies do not meet the requirements, and the patch files can also be successfully installed.
基于以上所述,在手动生成第二安装条件相关文件的情况下,程序员就可以从补丁安装包所在的官方网站上或其他途径获取补丁安装包所需的操作系统条件以及软件条件,然后根据该条件,重新编写安装测试程序的代码,或者重新编写配置文件即可。当然,还可以结合经验,仅对一些容易出现安装失败的补丁安装包按照本发明实施例所述的方法进行处理。Based on the above, in the case of manually generating the relevant files of the second installation condition, the programmer can obtain the operating system conditions and software conditions required by the patch installation package from the official website where the patch installation package is located or other channels, and then according to For this condition, rewrite the code for installing the test program, or rewrite the configuration file. Certainly, combined with experience, only some patch installation packages prone to installation failure can be processed according to the method described in the embodiment of the present invention.
在自动生成第二安装条件相关文件的情况下,可以预先设置好安装测试程序或配置文件模板,并通过一个程序自动到指定的官方网站上,抓取补丁安装包对应的安装条件信息,当抓取到安装条件信息之后,自动添加到安装测试程序或配置文件模板中即可生成新的安装测试程序或配置文件。In the case of automatically generating files related to the second installation condition, you can pre-set the installation test program or configuration file template, and automatically go to the designated official website through a program to capture the installation condition information corresponding to the patch installation package. After the installation condition information is obtained, it is automatically added to the installation test program or configuration file template to generate a new installation test program or configuration file.
当然,除了利用官方网站上发布的安装条件信息之外,还可以通过其他方式来获取新的安装条件,并利用新的安装条件生成第二补丁安装包。例如,还可以从第一安装条件相关文件进行中提取出第一安装条件,然后根据第一安装条件获取新的安装条件。具体的,可以对第一安装条件相关文件进行分析,例如,获取第一安装条件相关文件中指定位置的信息,或者利用预置的关键词对第一安装条件相关文件进行扫描,获取关键词对应的信息,等等,从而从中提取出第一安装条件。然后通过修改第一安装条件或删除其中的某些安装条件等方式,来得到新的安装条件。Of course, in addition to using the installation condition information released on the official website, there are other ways to obtain new installation conditions, and use the new installation conditions to generate the second patch installation package. For example, it is also possible to extract the first installation condition from the file progress related to the first installation condition, and then obtain a new installation condition according to the first installation condition. Specifically, the file related to the first installation condition may be analyzed, for example, information on a specified location in the file related to the first installation condition may be obtained, or the file related to the first installation condition may be scanned using a preset keyword to obtain information corresponding to the keyword. information, etc., thereby extracting the first installation condition therefrom. Then, new installation conditions are obtained by modifying the first installation conditions or deleting some of the installation conditions.
具体在生成新的安装条件时,除了可以考虑前述版本信息以外,还可以考虑其他因素。例如,如果某目标机器环境中安装有一个程序或组件,由于其存在可能会对系统运行带来不安全或不稳定的因素,而某补丁文件恰好可以消除该危险,则该机器中就应该安装该补丁文件,在设置安装条件时,就可以将该程序或组件设置为可以安装该补丁文件。具体的,在判断补丁文件是否能够修复某程序或组件的漏洞时,可以通过查看历史修复记录等进行判断。另外,如前文所述,安装测试程序中还可能包括用于对相关数据进行测试的程序,因此,也可以通过运行该测试的程序,来判断判断补丁文件是否能够修复某程序或组件的漏洞。Specifically, when generating a new installation condition, in addition to the aforementioned version information, other factors may also be considered. For example, if there is a program or component installed in the environment of a target machine, due to its existence, it may bring unsafe or unstable factors to the system operation, and a patch file can just eliminate the danger, then it should be installed in the machine. For the patch file, when the installation condition is set, the program or component can be set to be able to install the patch file. Specifically, when judging whether a patch file can repair a vulnerability of a certain program or component, it can be judged by checking historical repair records and the like. In addition, as mentioned above, the installation test program may also include a program for testing relevant data. Therefore, it is also possible to judge whether the patch file can fix the vulnerability of a certain program or component by running the test program.
另外,在实际应用中还可能存在以下情况:由于机器环境通常比较复杂,具体的配置等也各不相同,如果仅考虑操作系统条件、软件条件可能会使得在安装某些补丁文件之后,造成系统的不稳定等负面的影响,如果这样,则不应该安装该补丁文件。针对这种情况,可以如下进行:提取出第一补丁安装包中的补丁文件,在操作系统条件及软件条件均符合要求的情况下,模拟各种可能的机器环境,在各种可能的机器环境中安装补丁文件,经过一段时间的观察之后,如果发现某种机器环境下出现了系统不稳定等现象,则将这种机器环境排出在可以安装该补丁文件的范围之外。In addition, the following situations may also exist in practical applications: Since the machine environment is usually complex and the specific configurations are also different, if only the operating system and software conditions are considered, the system may fail after installing some patch files. Instability and other negative effects, if so, the patch file should not be installed. In view of this situation, it can be carried out as follows: extract the patch file in the first patch installation package, simulate various possible machine environments under the condition that the operating system conditions and software conditions all meet the requirements, and in various possible machine environments After a period of observation, if it is found that the system is unstable in a certain machine environment, this machine environment will be excluded from the range where the patch file can be installed.
当然,在实际应用中,官方发布的补丁文件中,有些补丁文件针对修复的程序或组件(例如Office帮助等),可能并不会对系统运行的安全性、稳定性等造成影响,并且如果不安装这种补丁文件,对与其他补丁文件的安装也不会造成影响,则可以不必安装该补丁文件,这样可以提高效率,避免不必要的系统开销。Of course, in actual applications, among the officially released patch files, some patch files are aimed at repaired programs or components (such as Office Help, etc.), which may not affect the security and stability of the system operation, and if not The installation of this patch file will not affect the installation of other patch files, so it is not necessary to install the patch file, which can improve efficiency and avoid unnecessary system overhead.
当然,同样可以通过运行原始补丁安装包中安装测试程序的测试程序,来判断安装某些补丁文件之后,是否会造成系统的不稳定等负面的影响,或者如果不安装某些补丁文件,是否会对与其他补丁文件的安装造成影响,等等。Of course, you can also run the test program installed in the original patch installation package to determine whether the installation of certain patch files will cause negative impacts such as system instability, or if some patch files are not installed, whether there will be Affect the installation of other patch files, etc.
与本发明实施例提供的漏洞修改方法相对应,本发明实施例还提供了一种漏洞修复装置,参见图2,该装置包括:Corresponding to the vulnerability modification method provided by the embodiment of the present invention, the embodiment of the present invention also provides a vulnerability repair device, see Figure 2, the device includes:
提取单元201,用于获取第一补丁安装包,从所述第一补丁安装包中提取出第一安装条件相关文件;An extracting unit 201, configured to obtain a first patch installation package, and extract a first installation condition related file from the first patch installation package;
替换单元202,用于利用第二安装条件相关文件替换所述第一安装条件相关文件;A replacement unit 202, configured to replace the first installation condition related file with a second installation condition related file;
生成单元203,用于根据所述第一补丁安装包以及替换后的结果生成第二补丁安装包;A generation unit 203, configured to generate a second patch installation package according to the first patch installation package and the replaced result;
修复单元204,用于利用所述第二补丁安装包进行漏洞修复。The repairing unit 204 is configured to use the second patch installation package to repair vulnerabilities.
其中,所述第一安装条件相关文件包括:Wherein, the first installation condition-related files include:
第一补丁安装包中的安装测试程序和/或配置文件。Installation test programs and/or configuration files in the first patch installation package.
实际应用中,可以通过程序自动生成新的安装条件,并进而生成第二安装条件相关文件,此时,该装置还可以包括:In practical applications, a new installation condition can be automatically generated through a program, and then a second installation condition-related file can be generated. At this time, the device can also include:
条件生成单元,用于生成新的安装条件,并根据新的安装条件生成所述第二安装条件相关文件。The condition generation unit is configured to generate a new installation condition, and generate the second installation condition related file according to the new installation condition.
其中,在一种实施方式下,所述条件生成单元可以包括:Wherein, in one embodiment, the condition generation unit may include:
提取子单元,用于从所述第一安装条件相关文件中提取第一安装条件;根据所述第一安装条件生成新的安装条件。The extraction subunit is used to extract the first installation condition from the first installation condition-related file; and generate a new installation condition according to the first installation condition.
在另一种实施方式下,所述条件生成单元可以包括:In another implementation manner, the condition generating unit may include:
抓取子单元,用于抓取所述第一补丁安装包所在网页上发布的安装条件信息,所述安装条件信息包括操作系统条件以及程序/组件条件;根据所述安装条件信息生成新的安装条件。The crawling subunit is used to grab the installation condition information published on the webpage where the first patch installation package is located, the installation condition information includes operating system conditions and program/component conditions; generate a new installation condition information according to the installation condition information condition.
其中,在生成具体的安装条件时,所述条件生成单元可以包括:Wherein, when generating specific installation conditions, the condition generating unit may include:
第一条件生成子单元,用于如果目标机器环境中目标程序/组件的版本,低于所述程序/组件条件中的最新版本,则判定对应的补丁文件适于安装。The first condition generates a subunit for determining that the corresponding patch file is suitable for installation if the version of the target program/component in the target machine environment is lower than the latest version in the program/component condition.
在其他实施方式中,所述条件生成单元也可以包括:In other implementation manners, the condition generating unit may also include:
第二条件生成子单元,用于当所述第一补丁安装包中的补丁文件能消除某程序/组件中存在的漏洞时,判定该补丁文件适于安装。The second condition generates a subunit, which is used to determine that the patch file is suitable for installation when the patch file in the first patch installation package can eliminate a loophole in a certain program/component.
或者,所述条件生成单元也可以包括:Alternatively, the condition generation unit may also include:
第三条件生成子单元,用于如果在某机器环境中安装某补丁文件之后,能够修复某程序/组件中存在的漏洞,并且不会出现系统不稳定的现象,则判定该补丁文件适于在该机器环境中安装。The third condition generates a subunit, which is used to determine that the patch file is suitable for use in a certain machine environment if the loopholes in a certain program/component can be repaired and there will be no system instability. installed in the machine environment.
再者,所述条件生成单元还可以包括:Furthermore, the condition generation unit may also include:
第四条件生成子单元,用于如果某补丁文件对应的目标程序/组件与系统运行的安全或稳定性无关,且不安装该补丁文件不影响其他补丁文件的安装时,判定该补丁文件不适于安装。The fourth condition generates a subunit, which is used to determine that the patch file is not suitable if the target program/component corresponding to the patch file has nothing to do with the security or stability of the system operation, and the installation of the patch file does not affect the installation of other patch files. Install.
可见,在本发明实施例提供的漏洞修复装置中,能够替换补丁安装包中的安装条件相关文件,然后生成新的补丁安装包,并用新的补丁安装包对程序中存在的漏洞进行修复,其中,替换后的安装条件相关文件中的安装条件可以是经过对原安装条件再分析,从而优化更新得到的,这样,该新替换后的安装条件相关文件中的安装条件比原始安装条件相关文件中的安装条件更适合用户,且优化更新后的安装条件可以保证用户及时有效地安装补丁,减少系统风险,而使用优化更新的安装条件安装补丁时,就可以有效地提高修复程序中存在漏洞的成功率。It can be seen that in the vulnerability repairing device provided by the embodiment of the present invention, the installation condition-related files in the patch installation package can be replaced, and then a new patch installation package can be generated, and the loopholes existing in the program can be repaired with the new patch installation package, wherein , the installation conditions in the replaced installation condition-related files can be obtained by re-analyzing the original installation conditions, thereby optimizing and updating. In this way, the installation conditions in the newly replaced installation-condition-related files are more The installation conditions are more suitable for users, and the optimized and updated installation conditions can ensure that users can install patches in a timely and effective manner, reducing system risks. When installing patches with optimized and updated installation conditions, it can effectively improve the success of repairing vulnerabilities. Rate.
以上对本发明所提供的一种漏洞修复方法及装置,进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处。综上所述,本说明书内容不应理解为对本发明的限制。A bug repair method and device provided by the present invention have been introduced above in detail. In this paper, specific examples are used to illustrate the principle and implementation of the present invention. The descriptions of the above embodiments are only used to help understand the present invention. method and its core idea; at the same time, for those of ordinary skill in the art, according to the idea of the present invention, there will be changes in the specific implementation and application scope. In summary, the contents of this specification should not be construed as limiting the present invention.
Claims (4)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110049719.0A CN102156649B (en) | 2011-03-01 | 2011-03-01 | Patch installation method and device thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110049719.0A CN102156649B (en) | 2011-03-01 | 2011-03-01 | Patch installation method and device thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102156649A CN102156649A (en) | 2011-08-17 |
| CN102156649B true CN102156649B (en) | 2017-05-24 |
Family
ID=44438157
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110049719.0A Active CN102156649B (en) | 2011-03-01 | 2011-03-01 | Patch installation method and device thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102156649B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102156651B (en) * | 2011-03-02 | 2015-05-06 | 奇智软件(北京)有限公司 | Method and device for realizing installation of patches |
| CN103455359A (en) * | 2013-09-22 | 2013-12-18 | 金蝶软件(中国)有限公司 | Method, device and system for patch installation |
| CN107911482B (en) * | 2017-12-11 | 2021-07-23 | 北京小米移动软件有限公司 | Target application opening method and device |
| CN108829430A (en) * | 2018-06-19 | 2018-11-16 | 厦门海迈科技股份有限公司 | Java Web project update method and relevant apparatus based on Eclipse and Tomcat |
| CN110443046B (en) * | 2019-08-14 | 2021-10-29 | 中国电子信息产业集团有限公司第六研究所 | Vulnerability repairing method and device |
| CN112632553A (en) * | 2019-10-09 | 2021-04-09 | Oppo(重庆)智能科技有限公司 | Vulnerability processing method and related product |
| CN114895928A (en) * | 2022-06-02 | 2022-08-12 | 瑞芯微电子股份有限公司 | Application installation method and apparatus, electronic device and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6161218A (en) * | 1996-01-16 | 2000-12-12 | Sun Microsystems Inc. | Software patch architecture |
| CN1831771A (en) * | 2005-03-11 | 2006-09-13 | 联想(北京)有限公司 | A way to update software |
| CN101533356A (en) * | 2009-04-21 | 2009-09-16 | 华为技术有限公司 | A method, a device and a system for realizing software online upgrade |
-
2011
- 2011-03-01 CN CN201110049719.0A patent/CN102156649B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6161218A (en) * | 1996-01-16 | 2000-12-12 | Sun Microsystems Inc. | Software patch architecture |
| CN1831771A (en) * | 2005-03-11 | 2006-09-13 | 联想(北京)有限公司 | A way to update software |
| CN101533356A (en) * | 2009-04-21 | 2009-09-16 | 华为技术有限公司 | A method, a device and a system for realizing software online upgrade |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102156649A (en) | 2011-08-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102156649B (en) | Patch installation method and device thereof | |
| EP3906488B1 (en) | Method and contract rewriting framework system for supporting smart contracts in a blockchain network | |
| CN102521081B (en) | Repair destroyed software | |
| CN104679527B (en) | Virtual machine image upgraded in offline method | |
| US7451435B2 (en) | Self-describing artifacts and application abstractions | |
| CN105786538B (en) | software upgrading method and device based on android system | |
| US9823909B1 (en) | Program code conversion for cross-platform compatibility | |
| US9063819B2 (en) | Extensible patch management | |
| CN104978532B (en) | A kind of bug-fixing client logic testing method and bug-fixing client logic testing system | |
| CN103745158A (en) | Method and device for repairing system bugs | |
| CN102012990A (en) | Method and device for repairing bugs of third-party software | |
| CN102262549B (en) | Method and system for installing patches | |
| Payer et al. | Hot-patching a web server: A case study of asap code repair | |
| US12265812B2 (en) | Immutable image for deployment to edge devices | |
| CN105389187A (en) | System update method | |
| BR112014017283B1 (en) | METHOD IMPLEMENTED BY MACHINE, MEDIUM READABLE BY TANGIBLE MACHINE AND DEVICE COMPRISING AN APPLICATION UPDATE | |
| CN102087607B (en) | Method and device for installing patch pack | |
| US10613846B2 (en) | Binary restoration in a container orchestration system | |
| US20120239971A1 (en) | Mitigating known software defects | |
| CN103810006B (en) | The installation method and device of service packs | |
| CN105549965A (en) | Method for integrating driver into different Linux kernel versions | |
| CN103823693A (en) | Service pack installation method | |
| CN106250160A (en) | A kind of Rapid transplant compiles the method for program of increasing income | |
| CN116775087A (en) | Thermal repair method, device, electronic equipment and storage medium | |
| US9372992B1 (en) | Ensuring integrity of a software package installer |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 100015 rooms 301-306, 2 / F and 3 / F, block B, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing Patentee after: Beijing Qizhi Business Consulting Co.,Ltd. Address before: The 4 layer 100025 unit of Beijing city Chaoyang District Jiuxianqiao Road No. 14 Building C Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220211 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100015 rooms 301-306, 2 / F and 3 / F, block B, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing Patentee before: Beijing Qizhi Business Consulting Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220322 Address after: 100016 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Patentee after: Sanliu0 Digital Security Technology Group Co.,Ltd. Address before: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. |