Search

CN-116088848-B - Multi-tool static code checking and managing method and device and computer equipment

CN116088848BCN 116088848 BCN116088848 BCN 116088848BCN-116088848-B

Abstract

The disclosure relates to a multi-tool static code checking and managing method, a device and computer equipment. The method comprises the steps of receiving error type checking instructions input by a user, determining a target static code checking tool according to the error type checking instructions, checking a target code module by calling the target static code checking tool to obtain initial error grades of all the vulnerability questions in a vulnerability question set, reclassifying the initial error grades of all the vulnerability questions in the vulnerability question set based on preset error grade dividing standards to obtain preset error grades of all the vulnerability questions, obtaining final question scores of all the vulnerability questions based on the preset error grades of all the vulnerability questions, obtaining state information of all the vulnerability questions in real time, and processing all the vulnerability questions according to the state information of all the vulnerability questions and the final question scores of all the vulnerability questions. The method can process all vulnerability problems according to the unified standard, and user experience is improved.

Inventors

  • LI YANFEN
  • YAO MINGXING
  • CAO YUANYUAN

Assignees

  • 海信视像科技股份有限公司

Dates

Publication Date
20260508
Application Date
20221220

Claims (9)

  1. 1. A multi-tool static code inspection management method, characterized by being applied to a target application program integrating call interfaces of a plurality of static code inspection tools, the method comprising: Receiving an error category checking instruction input by a user; Determining a target static code checking tool according to the error category checking instruction, wherein the target static code checking tool is a tool with highest accuracy for checking the error category, which is recommended to a user from a plurality of static code checking tools according to the error category checking instruction; The target static code checking tool is called through a calling interface to check the target code module, and initial error grades of all vulnerability questions in the vulnerability question set are obtained; reclassifying the initial error grades of all the vulnerability questions in the vulnerability question set based on a preset error grade classification standard to obtain preset error grades of all the vulnerability questions; acquiring a final problem score of each vulnerability problem based on a preset error level of each vulnerability problem; acquiring state information of each vulnerability problem in real time; processing each vulnerability question according to the state information of each vulnerability question and the final question score of each vulnerability question; The obtaining the final problem score of each vulnerability problem based on the preset error level of each vulnerability problem includes: determining initial problem scores of all the vulnerability problems according to preset error grades of all the vulnerability problems; The method comprises the steps of obtaining a vulnerability question set checked by a target static code checking tool under a target language type, wherein the vulnerability question set comprises a first preset number of effective questions and a second preset number of invalid questions which are respectively corresponding to various error categories; Inputting the first preset number of effective questions and the second preset number of ineffective questions corresponding to the error categories into a preset service scoring model, and outputting the question judgment accuracy corresponding to the error categories; Inputting the initial problem score of each vulnerability problem into a preset problem scoring model according to the judging accuracy of the error class problem corresponding to each vulnerability problem, and outputting the final problem score of each vulnerability problem.
  2. 2. The method of claim 1, wherein the obtaining, in real time, status information of each vulnerability question includes: the method comprises the steps of obtaining key information of each vulnerability question, wherein the key information of each vulnerability question comprises a language type, a file name, an item name, a sub-item name, a line number of a question, a function name, an error category, an error identification, an error sub-identification, an error description, code content of a preset number of lines and an original address; Performing hash calculation according to the file name, the function name, the error identifier and the error sub-identifier to obtain key values of all vulnerability problems; and sequentially comparing the key values of the vulnerability questions with the key values of the historical vulnerability questions in a historical database to determine the state information of the vulnerability questions, wherein the historical database comprises the key information and the key values of the historical vulnerability questions.
  3. 3. The method of claim 2, wherein the sequentially comparing the key values of the respective vulnerability questions with the key values of the historical vulnerability questions in the historical database to determine the status information of the respective vulnerability questions comprises: judging whether the to-be-processed problem is consistent with a target historical vulnerability problem in the historical database according to the key value of the to-be-processed problem; if the to-be-processed problem is inconsistent with the target historical vulnerability problem in the historical database, determining that the state information of the to-be-processed problem is an unresolved problem; If the to-be-processed problem is consistent with the target historical vulnerability problem in the historical database, determining whether the to-be-processed problem and the target historical vulnerability problem in the historical database are repeated; If the to-be-processed problem and the target historical vulnerability problem in the historical database are not repeated, determining that the state information of the to-be-processed problem is an unresolved problem.
  4. 4. A method according to claim 3, wherein said determining whether the problem to be processed duplicates a target historical vulnerability problem in the historical database comprises: judging whether the code content of the preset number of lines of the to-be-processed problem is consistent with the code content of the preset number of lines of the target historical vulnerability problem; if the code content of the preset number of lines of the to-be-processed problem is consistent with the code content of the preset number of lines of the target historical vulnerability problem, determining that the to-be-processed problem is repeated with the target historical vulnerability problem in the historical database; If the code content of the preset number of lines of the to-be-processed problem is inconsistent with the code content of the preset number of lines of the target historical vulnerability problem, determining that the to-be-processed problem and the target historical vulnerability problem in the historical database are not repeated.
  5. 5. The method of claim 4, wherein after determining that the pending issue is recurring with a target historical vulnerability issue in the historical database, the method further comprises: Judging whether the error level of the target historical vulnerability question is a low-level error or not; If the error level of the target historical vulnerability question is a low-level error, determining that the state information of the to-be-processed question is an ignorable question; if the error level of the target historical vulnerability problem is not a low-level error, determining that the state information of the problem to be processed is the solved problem, and updating the manager responsible for the problem to be processed.
  6. 6. The method of claim 1, wherein the status information for each vulnerability question includes an unresolved question, a resolved question, a negligible question; the processing the vulnerability questions according to the state information of the vulnerability questions and the final question score of the vulnerability questions includes: Closing the vulnerability questions with state information of solved/negligible questions in the vulnerability question set; And sequencing the vulnerability questions of which the state information is the unsolved questions in the vulnerability question set according to the final scores of the vulnerability questions, and processing the vulnerability questions according to the processing priorities of the vulnerability questions.
  7. 7. The method according to claim 1, wherein the method further comprises: The static code inspection report is generated, wherein the static code inspection report comprises summarized information and detailed information, the summarized information comprises names of the target static code inspection tools, total number of problems scanned by the target static code inspection tools and number of problems respectively corresponding to each error level scanned by the target static code inspection tools, and the detailed information comprises error types of all vulnerability problems scanned by the target static code inspection tools, error levels of all vulnerability problems, problem responsibility people of all vulnerability problems and state information of all vulnerability problems.
  8. 8. A multi-tool static code inspection management apparatus applied to a target application integrating call interfaces of a plurality of static code inspection tools, the apparatus comprising: the instruction receiving module is used for receiving an error category checking instruction input by a user; The tool recommendation module is used for determining a target static code checking tool according to the error category checking instruction, wherein the target static code checking tool is a tool with highest accuracy for checking the error category, which is recommended to a user from a plurality of static code checking tools according to the error category checking instruction; The grade acquisition module is used for calling the target static code checking tool to check the target code module through a calling interface to acquire the initial error grade of each vulnerability problem in the vulnerability problem set; the grading module is used for reclassifying the initial error grades of all the vulnerability questions in the vulnerability question set based on preset error grade grading standards to obtain preset error grades of all the vulnerability questions; the problem scoring module is used for acquiring the final problem score of each vulnerability problem based on the preset error level of each vulnerability problem; the state information module is used for acquiring the state information of each vulnerability problem in real time; The problem processing module is used for processing each vulnerability problem according to the state information of each vulnerability problem and the final problem score of each vulnerability problem; The problem scoring module is specifically configured to: determining initial problem scores of all the vulnerability problems according to preset error grades of all the vulnerability problems; The method comprises the steps of obtaining a vulnerability question set checked by a target static code checking tool under a target language type, wherein the vulnerability question set comprises a first preset number of effective questions and a second preset number of invalid questions which are respectively corresponding to various error categories; Inputting the first preset number of effective questions and the second preset number of ineffective questions corresponding to the error categories into a preset service scoring model, and outputting the question judgment accuracy corresponding to the error categories; Inputting the initial problem score of each vulnerability problem into a preset problem scoring model according to the judging accuracy of the error class problem corresponding to each vulnerability problem, and outputting the final problem score of each vulnerability problem.
  9. 9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the multi-tool static code inspection management method according to any one of claims 1 to 7 when executing the computer program.

Description

Multi-tool static code checking and managing method and device and computer equipment Technical Field The disclosure relates to the field of computer technology, and in particular, to a method and device for checking and managing multiple static codes, and a computer device. Background The quality of the software code determines the quality of the later applications of large items, and the inspection of the quality of the software code is usually achieved by means of various static code inspection tools. The existing static code checking tools are various, the implementation mode, vulnerability division basis and the good checking key point of each static code checking tool are different, in an actual application scene, one large project is composed of codes of different functional modules submitted by a plurality of developers, and the code of each functional module is different in error category which needs to be detected in an important way. However, when various tools are used for inspection, the inspected problem score criteria are different, so that all problems detected in one project cannot be processed according to the unified standard. In the related art, one or several static code checking tools are generally integrated into one static code checking tool, but there may be cases where several static code checking tools are not compatible during the integration process. Therefore, how to integrate multiple static code inspection tools to form a unified inspection management mechanism is a current urgent problem to be solved. Disclosure of Invention In order to solve the technical problems described above or at least partially solve the technical problems described above, the present disclosure provides a display device and a multi-tool static code inspection management method, apparatus and computer device. In a first aspect, the present disclosure provides a multi-tool static code inspection management method applied to a target application program, where the target application program integrates call interfaces of multiple static code inspection tools, including: Receiving an error category checking instruction input by a user; Determining a target static code checking tool according to the error category checking instruction, wherein the target static code checking tool is a tool with highest accuracy for checking the error category, which is recommended to a user from a plurality of static code checking tools according to the error category checking instruction; The target static code checking tool is called through a calling interface to check the target code module, and initial error grades of all vulnerability questions in the vulnerability question set are obtained; reclassifying the initial error grades of all the vulnerability questions in the vulnerability question set based on a preset error grade classification standard to obtain preset error grades of all the vulnerability questions; acquiring a final problem score of each vulnerability problem based on a preset error level of each vulnerability problem; acquiring state information of each vulnerability problem in real time; And processing each vulnerability question according to the state information of each vulnerability question and the final question score of each vulnerability question. As an optional implementation manner of the embodiment of the present disclosure, the obtaining the final problem score of each vulnerability question based on the preset error level of each vulnerability question includes: determining initial problem scores of all the vulnerability problems according to preset error grades of all the vulnerability problems; The method comprises the steps of obtaining a vulnerability question set checked by a target static code checking tool under a target language type, wherein the vulnerability question set comprises a first preset number of effective questions and a second preset number of invalid questions which are respectively corresponding to various error categories; Inputting the first preset number of effective questions and the second preset number of ineffective questions corresponding to the error categories into a preset service scoring model, and outputting the question judgment accuracy corresponding to the error categories; Inputting the initial problem score of each vulnerability problem into a preset problem scoring model according to the judging accuracy of the error class problem corresponding to each vulnerability problem, and outputting the final problem score of each vulnerability problem. As an optional implementation manner of the embodiment of the present disclosure, the acquiring, in real time, status information of each vulnerability question includes: the method comprises the steps of obtaining key information of each vulnerability question, wherein the key information of each vulnerability question comprises a language type, a file name, an item name, a sub-item name, a line number o