Search

CN-115617323-B - Security component generation method based on low-code development framework and related equipment

CN115617323BCN 115617323 BCN115617323 BCN 115617323BCN-115617323-B

Abstract

The application provides a security component generating method and related equipment based on a low-code development framework, wherein the method comprises the steps of selecting at least one security policy method associated with each front-end control in a predefined front-end security parameter table according to the difference of security protection requirements of different front-end controls, selecting at least one security policy method associated with each back-end interface in the predefined back-end security parameter table according to the difference of security protection requirements of different back-end interfaces, responding to the determination that the low-code development framework generates a software code, generating the security component according to all the front-end controls and all the security policy methods associated with the back-end interfaces related to the software code, enabling the software code finally output by the low-code development framework to contain the security component, reducing the risk of monitoring, stealing and tampering of information of a service object, and improving the security normative and security functions of the software code finally output by the low-code development framework.

Inventors

  • HE JIANJIN
  • ZHANG JINGYUAN
  • OU QINGHAI
  • LI TIANJIE
  • CAI ZHIWEI
  • LIANG JUNFENG
  • HAN FEIFEI
  • ZHANG CHI
  • CHENG PENG
  • CHENG YIHUA

Assignees

  • 北京中电飞华通信有限公司

Dates

Publication Date
20260512
Application Date
20220823

Claims (8)

  1. 1. A security component generation method based on a low code development framework, comprising: Selecting at least one security policy method associated therewith for each front-end control of the front-end from a predefined front-end security parameter table; selecting at least one security policy method associated therewith for each backend interface of the backend from a predefined backend security parameter table; Generating a software code in response to determining the low code development framework, and generating a security component according to all security policy methods associated with all front-end controls and back-end interfaces involved in the software code; all front-end controls related to the software codes and all security policy methods related to the back-end interfaces call corresponding security codes from the low-code development database and write the corresponding positions in the generated software codes, and all security codes written into the software codes form a security assembly together; before selecting at least one security policy method associated therewith for each front-end control of the front-end from a predefined front-end security parameter table, comprising: defining the front-end security parameter table according to the front-end control and the front-end security requirement; Defining the back-end security parameter table according to the back-end interface and the back-end security requirement; The control information in the front-end security parameter table and the security policy method are required to be connected, the corresponding security policy method is configured for each front-end control, the corresponding security policy method for the front-end control possibly encountering network attack is configured, and the corresponding security parameter is required to be configured according to the type of network attack possibly encountered by the back-end interface.
  2. 2. The low code development framework based security component generation method of claim 1, further comprising: And when the software code runs, the encryption and decryption algorithm is called from the public component library of the low-code development platform through the security component to encrypt and decrypt the data interaction process between the front end and the back end.
  3. 3. The method for generating a security component based on a low-code development framework according to claim 2, wherein the encryption and decryption algorithm comprises an SM2 algorithm, an SM3 algorithm and an SM4 algorithm.
  4. 4. The method for generating a security component based on a low-code development framework of claim 1, wherein the security parameters in the front-end security parameter table comprise a control name, a control type, a security policy method, a communication protocol, and a control state.
  5. 5. The method for generating a security component based on a low-code development framework of claim 1, wherein the security parameters in the back-end security parameter table comprise an interface protocol, an interface type, an interface name, an interface url, a field name, and a security policy method.
  6. 6. A security component generation apparatus based on a low code development framework, comprising: a front-end association module configured to select, for each front-end control of the front-end, at least one security policy method associated therewith from a predefined front-end security parameter table; A back-end association module configured to select at least one security policy method associated therewith for each back-end interface of the back-end from a predefined back-end security parameter table; The component generating module is configured to respond to the determination that the low-code development framework generates a software code, and generates a safety component according to all safety strategy methods related to all front-end controls and back-end interfaces related to the software code; Further comprises: the front-end definition module is configured to define the front-end security parameter table according to the front-end control and the front-end security requirement; The back-end definition module is configured to define the back-end security parameter table according to the back-end interface and the back-end security requirement; the parameter configuration module is configured to configure the security parameters in the front-end security parameter table and the back-end security parameter table, wherein the security parameters comprise the security policy method, control information in the front-end security parameter table and the security policy method are required to be linked, a corresponding security policy method is configured for each front-end control, the security policy method corresponding to the front-end control possibly encountering network attack is configured, and the corresponding security parameters are required to be configured according to the type of network attack possibly encountered by the back-end interface.
  7. 7. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 5 when the program is executed by the processor.
  8. 8. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to 5.

Description

Security component generation method based on low-code development framework and related equipment Technical Field The application relates to the technical field of network security, in particular to a security component generation method based on a low-code development framework and related equipment. Background Along with the continuous improvement of the informatization level, the dependency degree of enterprises on informatization related software products in the production process is higher and higher, the related software development demands are increased, low-code development tools are appeared on the market for improving the coding efficiency and shortening the project development period, programming knowledge required by a plurality of software developments is abstracted and packaged through low-code technology, a developer can realize the rapid development of application programs only through modes such as graphical dragging, parameterization configuration and the like when using the low-code development tools, the software codes are generated rapidly, repeated work in the code development is effectively solved, and the working efficiency is improved. The existing low-code technology only focuses on the rapid generation of the codes of the software function part, hardly involves the code security part, causes the generated codes to have obvious loopholes in the aspects of security normalization and security functions, has the risks of monitoring, stealing and falsifying the information of the service object, and cannot meet the requirements of enterprises and personal users on privacy and confidentiality. Disclosure of Invention In view of the above, the present application is directed to a method and related device for generating a security component based on a low-code development framework, which are used for solving or partially solving the above-mentioned technical problems. Based on the above object, the present application provides a security component generating method based on a low code development framework, comprising: Selecting at least one security policy method associated therewith for each front-end control of the front-end from a predefined front-end security parameter table; selecting at least one security policy method associated therewith for each backend interface of the backend from a predefined backend security parameter table; And generating a software code according to all front-end control related to the software code and all security policy methods associated with a back-end interface in response to determining that the low-code development framework generates the security component. Optionally, before selecting at least one security policy method associated therewith for each front-end control of the front-end from the predefined front-end security parameter table, comprising: defining the front-end security parameter table according to the front-end control and the front-end security requirement; Defining the back-end security parameter table according to the back-end interface and the back-end security requirement; And configuring the security parameters in the front-end security parameter table and the back-end security parameter table, wherein the security parameters comprise the security policy method. Optionally, the method for generating the security component based on the low-code development framework further comprises the following steps: And when the software code runs, the encryption and decryption algorithm is called from the public component library of the low-code development platform through the security component to encrypt and decrypt the data interaction process between the front end and the back end. Optionally, the encryption and decryption algorithm comprises an SM2 algorithm, an SM3 algorithm and an SM4 algorithm. Optionally, the security parameters in the front-end security parameter table comprise a control name, a control type, a security policy method, a communication protocol and a control state. Optionally, the security parameters in the back-end security parameter table comprise an interface protocol, an interface type, an interface name, an interface url, a field name and a security policy method. Based on the same inventive concept, the application also provides a security component generating device based on the low-code development framework, which comprises: a front-end association module configured to select, for each front-end control of the front-end, at least one security policy method associated therewith from a predefined front-end security parameter table; A back-end association module configured to select at least one security policy method associated therewith for each back-end interface of the back-end from a predefined back-end security parameter table; and the component generating module is configured to generate a software code according to all security policy methods related to all front-end controls and back-end interfac