Security scanning method and apparatus for mini program, and electronic device
First Claim
1. A security scanning method for a mini program, comprising:
- obtaining a target mini program to be released;
invoking a security scanning strategy combination to perform multi-dimensional security scanning on the target mini program, wherein the multi-dimensional security scanning comprises malicious code scanning on the target mini program, security loophole scanning on the target mini program, and security loophole scanning on a server interface of the target mini program;
wherein the security loophole scanning on the target mini program comprises one or more loophole scanning programs including;
determining whether the target mini program includes a sensitive information leaking loophole,determining whether the target mini program includes an HTML code loophole,determining whether the target mini program includes a JS code loophole, anddetermining whether the target mini program includes an unauthorized external resource reference loophole; and
when the target mini program passes the multi-dimensional security scanning, releasing the target mini program to a server.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and devices, including computer programs encoded on computer storage media, for security scanning a mini program are provided. One of the methods includes: obtaining a target mini program to be released, invoking a security scanning strategy combination to perform multi-dimensional security scanning on the target mini program; and when the target mini program passes the multi-dimensional security scanning, releasing the target mini program to a server. The multi-dimensional security scanning may include malicious code scanning on the target mini program, security loophole scanning on the target mini program, and security loophole scanning on a server interface of the target mini program.
16 Citations
20 Claims
-
1. A security scanning method for a mini program, comprising:
-
obtaining a target mini program to be released; invoking a security scanning strategy combination to perform multi-dimensional security scanning on the target mini program, wherein the multi-dimensional security scanning comprises malicious code scanning on the target mini program, security loophole scanning on the target mini program, and security loophole scanning on a server interface of the target mini program; wherein the security loophole scanning on the target mini program comprises one or more loophole scanning programs including; determining whether the target mini program includes a sensitive information leaking loophole, determining whether the target mini program includes an HTML code loophole, determining whether the target mini program includes a JS code loophole, and determining whether the target mini program includes an unauthorized external resource reference loophole; and when the target mini program passes the multi-dimensional security scanning, releasing the target mini program to a server. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A security scanning device for a mini program, comprising one or more processors and a non-transitory computer-readable memory coupled to the one or more processors and configured with instructions executable by the one or more processors to perform operations comprising:
-
obtaining a target mini program to be released; invoking a security scanning strategy combination to perform multi-dimensional security scanning on the target mini program, wherein the multi-dimensional security scanning comprises malicious code scanning on the target mini program, security loophole scanning on the target mini program, and security loophole scanning on a server interface of the target mini program; wherein the security loophole scanning on the target mini program comprises one or more loophole scanning programs including; determining whether the target mini program includes a sensitive information leaking loophole, determining whether the target mini program includes an HTML code loophole, determining whether the target mini program includes a JS code loophole, and determining whether the target mini program includes an unauthorized external resource reference loophole; and when the target mini program passes the multi-dimensional security scanning, releasing the target mini program to a server. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium for security scanning for a mini program, storing instructions executable by one or more processors to cause the one or more processors to perform operations comprising:
-
obtaining a target mini program to be released; invoking a security scanning strategy combination to perform multi-dimensional security scanning on the target mini program, wherein the multi-dimensional security scanning comprises malicious code scanning on the target mini program, security loophole scanning on the target mini program, and security loophole scanning on a server interface of the target mini program; wherein the security loophole scanning on the target mini program comprises one or more of; determining whether the target mini program includes a sensitive information leaking loophole; determining whether the target mini program includes an HTML code loophole; determining whether the target mini program includes a JS code loophole; and determining whether the target mini program includes an unauthorized external resource reference loophole; and when the target mini program passes the multi-dimensional security scanning, releasing the target mini program to a server. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification