CN112965749B - Request path acquisition method, device, computer equipment and storage medium - Google Patents

Abstract

The application relates to a request path acquisition method, a device, a computer device and a storage medium, wherein the request path acquisition method comprises the following steps: obtaining a target annotation name, wherein the target annotation name at least comprises a controller class annotation name, and the controller class annotation name is the identification of a request interface class file; acquiring an original file and reading an annotation name to be identified in the original file; comparing the annotation name to be identified in the original file with the target annotation name, and marking the original file as a target file if at least one same annotation name exists in the annotation name to be identified and the target annotation name; and reading annotation content in the target file, and acquiring a request path according to the annotation content. By the method and the device, the problem of low accuracy in acquiring the request path is solved, and the technical effect of accurately acquiring the request path is achieved.

Description

Request path acquisition method, device, computer equipment and storage medium

Technical field

This application relates to the field of Java data auditing, and in particular to a request path method, device, computer equipment and storage medium.

Background technique

Web applications are an important form of Internet applications and are the first choice for portal applications for key social information systems such as finance, operators, government departments, and education departments. With the announcement of various security incidents and security vulnerabilities with huge consequences, everyone is paying more and more attention to the security of website applications themselves, and there is an increasing need for website application security vulnerability detection. Java Web development has gone through nearly 20 years since 1999. Business or database-based frameworks such as Spring, Struts, Hibernate, and labtis have been launched. Many of them have the function of protecting Java web applications from application layer vulnerabilities. However, due to the weak security awareness of developers, the rapid flow of developers, and the vulnerabilities of the Java Web framework itself, vulnerabilities in SQL injection, command injection, file upload, or business-level logic often occur due to parameter contamination. There are many static scanning tools for Java Web, such as the commercial tool Fortify or the open source tool Findbugs. However, various tools cannot achieve greater inspection coverage. This is because audit tools generally use automated crawlers and manual clicks, which can only scan based on the existing request addresses on the interactive page, and it is difficult to obtain the request addresses implicit in the Java package in the underlying structure.

In the related technology, the source code of the java file is read through FileReader, and the specified character segment in the java file is obtained using the regular matching method, and then the request path is obtained; however, since the specified character segment is specified by the auditor, the accuracy of the character segment is different from the audit The level of personnel is related, so the accuracy of obtaining the request path through the regular matching method is low, and the request path may have false positives.

Currently, no effective solution has been proposed for the technical problem of low accuracy of the request path obtained in related technologies.

Contents of the invention

Embodiments of the present application provide a request path obtaining method, device, computer equipment, and storage medium to at least solve the technical problem of low accuracy in obtaining request paths in related technologies.

In the first aspect, embodiments of the present application provide a method for obtaining a request path, including:

Obtain the target annotation name, the target annotation name at least includes the controller class annotation name, and the controller class annotation name is the identifier of the request interface class file;

Obtain the original file and read the annotation name to be recognized in the original file;

Compare the annotation name to be identified in the original file with the target annotation name. If there is at least one identical annotation name in the annotation name to be identified and the target annotation name, mark the original file as Target file;

Read the annotation content in the target file, and obtain the request path based on the annotation content.

In one embodiment, obtaining the original file includes: obtaining a preset directory structure, which includes the file directory structure of the SpringBoot framework; obtaining an initial file and reading the directory structure to be identified in the initial file. ; Compare the directory structure to be identified with the preset directory structure. If the directory structure to be identified is consistent with the preset directory structure, use the initial file as the original file.

In one embodiment, reading the annotation name to be recognized in the original file includes: based on a parent delegation mechanism, loading the resource library data in the original file into the virtual machine through a class loader, so that the virtual machine Read the source code file in the original file according to the resource library data and the reflection mechanism to obtain the annotation name to be recognized; receive the annotation name to be recognized sent by the virtual machine.

In one embodiment, obtaining the request path according to the annotation content includes: obtaining the request method and request parameters. The request parameters include assignment parameters and non-assignment parameters. The assignment parameters include basic type parameters and determination objects. Parameters; if the request parameter is a non-assigned parameter, the request information is generated and sent according to the request path and request method.

In one embodiment, after obtaining the request method and the request parameters, the method further includes: if the request parameters are assignment parameters, determining whether the request parameters are basic type parameters; if the request parameters are basic type parameters, Then, the request parameter is assigned a value according to the annotation content; and the request information is generated and sent based on the request path, the request method, and the assigned request parameter.

In one embodiment, after obtaining the request method and request parameters, it also includes: if the request parameter is an assignment parameter, then determining whether the request parameter is a determined object parameter; if the request parameter is a determined object parameter, Then the determined object parameters are parsed into basic type parameters; the basic type parameters are assigned according to the annotation content; and request information is generated based on the request path, the request method and the assigned basic type parameters. and send.

In one embodiment, the controller class annotation name includes at least @Controller and @RsetController.

In the second aspect, embodiments of the present application provide a device for obtaining a request path, including:

Target acquisition module: used to obtain the target annotation name, the target annotation name at least includes the controller class annotation name, and the controller class annotation name is the identifier of the request interface class file;

Annotation acquisition module: used to obtain the original file and read the annotation name to be recognized in the original file;

Identification module: used to compare the name of the annotation to be identified in the original file with the name of the target annotation. If there is at least one identical annotation name in the name of the annotation to be identified and the name of the target annotation, then all The original file is marked as the target file;

Path acquisition module: used to read the annotation content in the target file and obtain the request path according to the annotation content.

In a third aspect, embodiments of the present application provide a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor. When the processor executes the computer program Implement the request path acquisition method as described in the first aspect above.

In a fourth aspect, embodiments of the present application provide a computer-readable storage medium on which a computer program is stored. When the program is executed by a processor, the request path acquisition method as described in the first aspect is implemented.

Compared with related technologies, the request path acquisition method, device, computer device and storage medium provided by the embodiments of the present application obtain the target annotation name, and the target annotation name at least includes the controller class annotation name, and the controller class annotation name The name is the identifier of the request interface class file; obtain the original file and read the annotation name to be recognized in the original file; compare the annotation name to be recognized in the original file with the target annotation name, if If there is at least one identical annotation name between the annotation name to be recognized and the target annotation name, mark the original file as the target file; read the annotation content in the target file, and obtain the request path according to the annotation content. Based on the annotation information in the original file, it is determined whether the file is a request interface class file, and the request path is obtained based on the annotation information in the interface class file, which solves the problem of low accuracy in obtaining the request path and achieves accurate acquisition of the request path. technical effects.

The details of one or more embodiments of the present application are set forth in the following drawings and description to make other features, objects, and advantages of the present application more concise and understandable.

Description of the drawings

The drawings described here are used to provide a further understanding of the present application and constitute a part of the present application. The illustrative embodiments of the present application and their descriptions are used to explain the present application and do not constitute an improper limitation of the present application. In the attached picture:

Figure 1 is a flow chart of a request path acquisition method according to an embodiment of the present application;

Figure 2 is a flow chart of a request path obtaining method according to another embodiment of the present application;

Figure 3 is a structural block diagram of a request path acquisition device according to an embodiment of the present application;

Figure 4 is a schematic diagram of the hardware structure of a computer device according to an embodiment of the present application.

Detailed ways

In order to make the purpose, technical solutions and advantages of the present application clearer, the present application will be described and illustrated below in conjunction with the drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present application and are not used to limit the present application. Based on the embodiments provided in this application, all other embodiments obtained by those of ordinary skill in the art without any creative work shall fall within the scope of protection of this application.

Obviously, the drawings in the following description are only some examples or embodiments of the present application. For those of ordinary skill in the art, without exerting creative efforts, the present application can also be applied according to these drawings. Other similar scenarios. In addition, it will also be appreciated that, although such development efforts may be complex and lengthy, the technology disclosed in this application will be readily apparent to those of ordinary skill in the art relevant to the disclosure of this application. Some design, manufacturing or production changes based on the content are only conventional technical means and should not be understood as insufficient content disclosed in this application.

Reference in this application to "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of this phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by those of ordinary skill in the art that the embodiments described in this application may be combined with other embodiments without conflict.

Unless otherwise defined, the technical terms or scientific terms involved in this application shall have the usual meanings understood by those with ordinary skills in the technical field to which this application belongs. "A", "an", "a", "the" and other similar words used in this application do not indicate a quantitative limit and may indicate singular or plural numbers. The terms "include", "comprises", "having" and any variations thereof involved in this application are intended to cover non-exclusive inclusion; for example, a process, method, system, product or product that includes a series of steps or modules (units). The equipment is not limited to the listed steps or units, but may also include steps or units that are not listed, or may further include other steps or units inherent to these processes, methods, products or equipment. Words such as "connected", "connected", "coupled" and the like mentioned in this application are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The "plurality" mentioned in this application refers to two or more than two. "And/or" describes the relationship between related objects, indicating that three relationships can exist. For example, "A and/or B" can mean: A alone exists, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the related objects are in an "or" relationship. The terms “first”, “second”, “third”, etc. used in this application are only used to distinguish similar objects and do not represent a specific ordering of the objects.

Due to the weak security awareness of developers, the rapid flow of developers, and the vulnerabilities of the Java Web framework itself, various Web security vulnerabilities often occur due to parameter contamination. The security of web applications cannot be taken lightly. As the component technologies and support methods of Web applications continue to enrich and change, security issues exposed by Web applications under Internet security are also emerging one after another. By conducting vulnerability attacks on web applications or servers exposed on the public network or in an intranet environment that can be directly connected without authorization, hackers can obtain the background administrator permissions of the web application or the system permissions of the server where the web application is located. On the one hand, You can directly obtain information such as sensitive files and sensitive data on the web application or server. On the other hand, you can also use the server as a springboard to penetrate the intranet segment where the server is located and attack other servers in the intranet segment. Or more smart devices, obtain a large amount of sensitive information on the intranet, obtain server permissions, etc. When conducting white-box audits of Web application source code, various audit tools cannot achieve high code coverage. This is because many interface addresses may not be displayed on the page or directly open for users to use. Audit tools generally use automation. Crawlers and manual clicks scan existing links on the interactive interface. When conducting audits, traversing all request addresses requires obtaining many hidden interface addresses and interface addresses that users cannot interact with. In addition, when analysis tools are used for auditing, the analysis results generated may also contain misjudgments or omissions. In another solution, security personnel manually obtain all request addresses during the source code audit process, which requires a lot of labor and time costs, and the audit efficiency is greatly reduced. Therefore, there is an urgent need to accurately obtain the request path to solve the problem of insufficient code coverage in white-box auditing.

This embodiment also provides a method for obtaining a request path. Figure 1 is a flow chart of a method for obtaining a request path according to an embodiment of the present application. As shown in the figure, the process includes the following steps:

Step S101: Obtain the target annotation name. The target annotation name at least includes the controller class annotation name. The controller class annotation name is the identifier of the requested interface class file.

Specifically, the target annotation name is the controller class annotation name, including but not limited to @Controller and @RsetController. Files with controller class annotation names are request interface class files. Based on the characteristics of the SpringBoot framework, files with this type of annotation will have request interface addresses and can be parsed by the program. Files that do not include this type of annotation will not have a request interface address and cannot be parsed. Annotations, also called metadata, are code-level descriptions at the same level as classes, interfaces, and enumerations. Annotations can be set in front of packages, classes, fields, methods, local variables, method parameters, etc. to explain and annotate these elements. The functions of annotations include: writing documents, that is, generating documents through the metadata identified in the code; code analysis, that is, analyzing the code through the metadata identified in the code; compilation checking, that is, using the metadata identified in the code to enable the compiler to Implement basic compilation checks.

In one embodiment, obtaining the original file includes: obtaining a preset directory structure, which includes the file directory structure of the SpringBoot framework; obtaining an initial file and reading the directory structure to be identified in the initial file. ; Compare the directory structure to be identified with the preset directory structure. If the directory structure to be identified is consistent with the preset directory structure, use the initial file as the original file. Specifically, by obtaining the file format, the specified .jar format file is read, that is, the Java file package. The Java file package is the initial file. Read the Java file package and identify whether its file structure conforms to the packaging file structure of the SpringBoot framework. If so, use the Java file package as the original file. The packaging file structure is the default directory. In one embodiment, the default directory is:

|--BOOT-INF

|--classes

|--lib

|--META-INF

Step S102: Obtain the original file and read the annotation name to be recognized in the original file.

In one embodiment, reading the annotation name to be recognized in the original file includes: based on a parent delegation mechanism, loading the resource library data in the original file into the virtual machine through a class loader, so that the virtual machine Read the source code file in the original file according to the resource library data and the reflection mechanism to obtain the annotation name to be recognized; receive the annotation name to be recognized sent by the virtual machine. Specifically, the parent delegation mechanism belongs to the underlying mechanism of the Java programming language. It means that when a class loader receives a class loading request, the class loader will first delegate the request to the parent class loader. This is true for every class loader. Only when the parent class loader cannot find the specified class within its search range, the child class loader will try to load it by itself. The Java reflection mechanism is a feature of Java itself. Java's reflection mechanism means that in the running state of the program, you can construct objects of any class, you can understand the class to which any object belongs, you can understand the member variables and methods of any class, and you can call the properties and methods of any object. . This function of dynamically obtaining program information and dynamically calling objects has become the reflection mechanism of the Java language. Reflection is seen as the key to dynamic languages. Reflection can be implemented through functions such as getAnnotation. When reading the annotation name in the Java package, read all the jars in the lib directory of the Java package and load the JVM, that is, the Java virtual machine, through the classloader class loader. jar refers to the Java resource library referenced in the Java file package. When a Java program is running, it needs to obtain the main program code and the externally referenced Java resource library. The main program code is the source code. The externally referenced Java resource library will be stored in the lib directory in the form of a jar package when the Java software is released. The virtual machine reads all source code files through the reflection mechanism and obtains the annotation names in the source code files.

Step S103: Compare the annotation name to be identified in the original file with the target annotation name. If there is at least one identical annotation name in the annotation name to be identified and the target annotation name, then compare the original The file is marked as a target file.

In one embodiment, it is identified whether the source code file includes at least one controller class annotation, and if present, the source code file is marked as a target file. Preferably, all source code files are read through a reflection mechanism, and files with controller class annotation names are marked as target files.

Step S104: Read the annotation content in the target file, and obtain the request path according to the annotation content.

Specifically, the annotation content such as RestMapping, @GetMapping, and @PostMapping in the target file is read, and the URL path is obtained based on the annotation content. The URL is the request path, but the URL path does not include request parameters. URL is a Uniform Resource Locator, which is the address of a standard resource on the Internet. Every file on the Internet has a unique URL, which contains information indicating the location of the file and how the browser should handle the file. The basic URL includes: protocol, IP address, path and file name.

After obtaining the request path according to the annotation content, it includes: obtaining the request method and request parameters. The request parameters include assignment parameters and non-assignment parameters. The assignment parameters include basic type parameters and determined object parameters; if the request parameters If it is a non-assignment parameter, the request information will be generated and sent according to the request path and request method. Specifically, the request method, such as post method and get method, can also be obtained by parsing the Java code in the target file. In addition, the request parameters can be obtained by parsing the function in the Java code, and the parameter type can be obtained according to the request parameters. If the parameter type is HttpServletRequest or HttpServletPesponse, the corresponding request parameter is a non-assignment parameter, which means that the request does not need to assign a value to the request parameter. Generate the corresponding http request based on the previously obtained request path and request parameters. Send the corresponding http request through httprequest.

In one embodiment, after obtaining the request method and the request parameters, the method further includes: if the request parameters are assignment parameters, determining whether the request parameters are basic type parameters; if the request parameters are basic type parameters, Then, the request parameter is assigned a value according to the annotation content; and the request information is generated and sent based on the request path, the request method, and the assigned request parameter. Specifically, if the parameter type of the request parameter is the basic parameter type in Java programming such as String, Int, Integeter, long, Long, Date, String[], and boolean, the request parameter will be assigned a value according to the annotation content, and the value will be assigned according to the request path, The request method and the assigned request parameters generate the corresponding http request. Send the corresponding http request through httprequest. For example, in the following program code:

In the above code, @GetMapping is the annotation name, (value="/{id}) is the annotation content, where value is the value to be assigned to the parameter id. As can be seen from getCpe(@PathVariable int id,String token), int and String is a basic parameter. Assigning the value of value to id completes the assignment of parameter id. For example, value=0001, then according to the above procedure, the result after assignment is parameter id=0001.

In one embodiment, after obtaining the request method and request parameters, it also includes: if the request parameter is an assignment parameter, then determining whether the request parameter is a determined object parameter; if the request parameter is a determined object parameter, Then the determined object parameters are parsed into basic type parameters; the basic type parameters are assigned according to the annotation content; and request information is generated based on the request path, the request method and the assigned basic type parameters. and send. Specifically, if the parameter type of the request parameter is a certain object parameter, continue to parse the certain object parameter until the parameter types of all request parameters are String, Int, Integeter, long, Long, Date, String[] and boolean Until the basic parameter types in Java programming. Among them, determining the object parameter indicates that the class in the source code file inherits from the Object class. For example: the determined object parameter A contains determined object parameters A1 and A2, and also includes several basic type parameters B1, B2...Bn, then continue to parse A1 and A2 until all parameters are basic type parameters, and the parameter types of all parameters All are basic type parameters.

In one embodiment, the controller class annotation name includes at least @Controller and @RsetController.

In one embodiment, Figure 2 is a flow chart of a method for obtaining a request path according to another embodiment of the present application. As shown in Figure 2, the original file is first obtained, and the original file is a Java file package in .jar format. Determine whether the file directory structure of the original file package conforms to the file directory structure of the SpringBoot framework; if it matches, load all the jar packages in the lib directory of the original file through the classloader. If the loading is successful, read the jar package and obtain it through the reflection mechanism. The annotation information in the original file marks all source files including @Controller and @RsetController in the original file as routing files, and the routing file is the target file. Obtain the request path of the routing file based on the annotation content. Obtain the request method and request parameters by reading the source file. Parse the request parameters and determine whether to assign values to the request parameters based on their parameter types. Finally, an http request is generated based on the request path, request method and request parameters, and httprequest is used to send the request. This embodiment can traverse request paths for all Web programs developed based on the SpringBoot framework, and can also configure corresponding parameters in httprequest to achieve forwarding and proxy effects. Preferably, the request acquisition method of this embodiment can also be combined with a variety of scanning attacks to improve the work efficiency of security testers and the coverage of code testing.

Through the above steps, this application loads the classloader class loader to load the contents of the jar package based on the parent delegation mechanism, and directly obtains the class object through the reflection mechanism of the Java language and performs further analysis without the need to decompile the source file again. . Moreover, the annotation information in the source file is directly obtained through reflection, and the request path is directly obtained by parsing the parameters in the annotation content. Compared with the method of obtaining the request path through regular matching in related technologies, the request path can be obtained more accurately. . In addition, if the obtained request parameters are known objects, further recursive analysis is performed, and finally an http request with or without parameters is generated and sent directly based on the request path, request method and request parameters, and the auxiliary audit tool performs white-box auditing. Greatly improves the code coverage and audit efficiency of white-box auditing.

It should be noted that the steps shown in the above process or the flow chart of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, and although a logical sequence is shown in the flow chart, in the In some cases, the steps shown or described may be performed in a different order than here.

This embodiment also provides a request path acquisition device, which is used to implement the above embodiments and preferred implementations. What has been described will not be described again. As used below, the terms "module", "unit", "sub-unit", etc. may be a combination of software and/or hardware that implements a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.

Figure 3 is a structural block diagram of a request path acquisition device according to an embodiment of the present application. As shown in Figure 3, the device includes:

Target acquisition module 10: used to acquire the target annotation name, the target annotation name at least includes the controller class annotation name, and the controller class annotation name is the identifier of the requested interface class file.

Annotation acquisition module 20: used to obtain the original file and read the name of the annotation to be recognized in the original file.

Identification module 30: used to compare the annotation name to be identified in the original file with the target annotation name. If there is at least one identical annotation name in the annotation name to be identified and the target annotation name, then The original file is marked as the target file.

Path acquisition module 40: used to read the annotation content in the target file and obtain the request path according to the annotation content.

The target acquisition module 10 is also used to obtain the preset directory structure, which includes the file directory structure of the SpringBoot framework; obtain the initial file and read the directory structure to be identified in the initial file; The directory structure is compared with the preset directory structure. If the directory structure to be identified is consistent with the preset directory structure, the initial file is used as the original file.

The annotation acquisition module 20 is also used to load the resource library data in the original file into the virtual machine through the class loader based on the parent delegation mechanism, so that the virtual machine reads the original file according to the resource library data and the reflection mechanism. source code file in the source code file to obtain the annotation name to be recognized; and receive the annotation name to be recognized sent by the virtual machine.

The path acquisition module 40 is also used to obtain the request method and request parameters. The request parameters include assignment parameters and non-assignment parameters. The assignment parameters include basic type parameters and determined object parameters; if the request parameters are non-assignment parameters, Then the request information is generated and sent according to the request path and request method.

The path acquisition module 40 is also used to determine whether the request parameter is a basic type parameter if the request parameter is an assignment parameter; if the request parameter is a basic type parameter, to determine whether the request parameter is a basic type parameter according to the annotation content. Perform assignment; generate and send request information based on the request path, the request method, and the assigned request parameters.

The path acquisition module 40 is also configured to determine whether the request parameter is a determined object parameter if the request parameter is an assignment parameter, and to parse the determined object parameter into a basic type if the request parameter is a determined object parameter. Parameters; assign values to the basic type parameters according to the annotation content; generate and send request information based on the request path, the request method and the assigned basic type parameters.

The target acquisition module 10 is also used to obtain the controller class annotation name, which at least includes @Controller and @RsetController.

It should be noted that each of the above modules can be a functional module or a program module, and can be implemented by software or hardware. For modules implemented by hardware, each of the above-mentioned modules can be located in the same processor; or each of the above-mentioned modules can also be located in different processors in any combination.

In addition, the request path acquisition method described in conjunction with FIG. 1 according to the embodiment of the present application can be implemented by a computer device. Figure 4 is a schematic diagram of the hardware structure of a computer device according to an embodiment of the present application.

The computer device may include a processor 51 and a memory 52 storing computer program instructions.

Specifically, the above-mentioned processor 51 may include a central processing unit (CPU), or an Application Specific Integrated Circuit (ASIC for short), or may be configured to implement one or more integrated circuits of embodiments of the present application.

Among others, memory 52 may include mass storage for data or instructions. By way of example and not limitation, the memory 52 may include a hard disk drive (HDD for short), a floppy disk drive, a solid state drive (SSD for short), flash memory, an optical disk, a magneto-optical disk, a magnetic tape, or a universal serial bus. (Universal SerialBus, USB for short) drive or a combination of two or more of these. Memory 52 may include removable or non-removable (or fixed) media, where appropriate. Where appropriate, memory 52 may be internal or external to the data processing device. In certain embodiments, memory 52 is Non-Volatile memory. In a specific embodiment, the memory 52 includes read-only memory (Read-Only Memory, ROM for short) and random access memory (RandomAccess Memory, RAM for short). Under appropriate circumstances, the ROM can be a mask-programmed ROM, a programmable ROM (Programmable Read-Only Memory, referred to as PROM), an erasable PROM (Erasable ProgrammableRead-Only Memory, referred to as EPROM), or an electrically erasable ROM. Except for PROM (Electrically Erasable Programmable Read-Only Memory, referred to as EEPROM), electrically rewritable ROM (Electrically Alterable Read-Only Memory, referred to as EAROM) or flash memory (FLASH) or a combination of two or more of these. Under appropriate circumstances, the RAM can be static random access memory (Static Random-Access Memory, referred to as SRAM) or dynamic random access memory (Dynamic Random Access Memory, referred to as DRAM), wherein the DRAM can be a fast page Fast Page Mode Dynamic Random Access Memory (FPMDRAM for short), Extended Date Out Dynamic Random Access Memory (EDODRAM for short), Synchronous Dynamic Random Access Memory (Synchronous Dynamic Random-Access Memory (SDRAM for short), etc.

The memory 52 may be used to store or cache various data files required for processing and/or communication, as well as possible computer program instructions executed by the processor 51 .

The processor 51 reads and executes the computer program instructions stored in the memory 52 to implement any of the request path acquisition methods in the above embodiments.

In some of these embodiments, the computer device may also include a communication interface 53 and a bus 50 . Among them, as shown in Figure 4, the processor 51, the memory 52, and the communication interface 53 are connected through the bus 50 and complete communication with each other.

The communication interface 53 is used to implement communication between modules, devices, units and/or equipment in the embodiments of the present application. The communication port 53 can also implement data communication with other components such as: external devices, image/data acquisition equipment, databases, external storage, image/data processing workstations, etc.

Bus 50 includes hardware, software, or both, coupling components of the computer equipment to one another. The bus 50 includes, but is not limited to, at least one of the following: Data Bus, Address Bus, Control Bus, Expansion Bus, and Local Bus. By way of example, but not limitation, the bus 50 may include an Accelerated Graphics Port (AGP) or other graphics bus, an Extended Industry Standard Architecture (EISA) bus, or a Front Side Bus. , referred to as FSB), Hyper Transport (HT) interconnect, Industry Standard Architecture (ISA) bus, wireless bandwidth (InfiniBand) interconnect, Low Pin Count, LPC for short) bus, memory bus, Micro Channel Architecture (MCA for short) bus, Peripheral Component Interconnect (PCI for short) bus, PCI-Express (PCI-X) bus, Serial Advanced Technical Attachment (Serial Advanced Technology Attachment, referred to as SATA) bus, Video Electronics Standards Association Local Bus (referred to as VLB) bus or other suitable bus or a combination of two or more of these. Where appropriate, bus 50 may include one or more buses. Although the embodiments of this application describe and illustrate a specific bus, this application contemplates any suitable bus or interconnection.

The computer device can execute the request path obtaining method in the embodiment of the present application based on the obtained computer program instructions, thereby implementing the request path obtaining method described in conjunction with FIG. 1 .

In addition, combined with the request path acquisition method in the above embodiment, the embodiment of the present application can provide a computer-readable storage medium for implementation. Computer program instructions are stored on the computer-readable storage medium; when the computer program instructions are executed by the processor, any one of the request path acquisition methods in the above embodiments is implemented.

The technical features of the above-described embodiments can be combined in any way. To simplify the description, not all possible combinations of the technical features in the above-described embodiments are described. However, as long as there is no contradiction in the combination of these technical features, All should be considered to be within the scope of this manual.

The above-described embodiments only express several implementation modes of the present application, and their descriptions are relatively specific and detailed, but they should not be construed as limiting the scope of the invention patent. It should be noted that, for those of ordinary skill in the art, several modifications and improvements can be made without departing from the concept of the present application, and these all fall within the protection scope of the present application. Therefore, the protection scope of this patent application should be determined by the appended claims.

Claims (8)

1. A request path acquisition method, comprising:

obtaining a target annotation name, wherein the target annotation name at least comprises a controller class annotation name, and the controller class annotation name is the identification of a request interface class file;

acquiring an original file and reading an annotation name to be identified in the original file;

comparing the annotation name to be identified in the original file with the target annotation name, and marking the original file as a target file if at least one same annotation name exists in the annotation name to be identified and the target annotation name;

reading annotation content in the target file, and acquiring a request path according to the annotation content;

the obtaining the original file comprises the following steps:

acquiring a preset directory structure, wherein the preset directory structure comprises a file directory structure of a SpringBoot frame;

acquiring an initial file and reading a directory structure to be identified in the initial file;

comparing the directory structure to be identified with the preset directory structure, and taking the initial file as an original file if the directory structure to be identified is consistent with the preset directory structure;

the reading of the annotation name to be identified in the original file comprises the following steps:

based on a parent delegation mechanism, loading the resource library data in the original file into a virtual machine through a class loader, so that the virtual machine reads a source code file in the original file according to the resource library data and a reflection mechanism to obtain the annotation name to be identified;

and receiving the annotation name to be identified, which is sent by the virtual machine.

2. The request path acquisition method according to claim 1, wherein the acquiring the request path from the annotation content, after that, comprises:

acquiring a request mode and request parameters, wherein the request parameters comprise assignment parameters and non-assignment parameters, and the assignment parameters comprise basic type parameters and determined object parameters;

and if the request parameters are non-assignment parameters, generating request information according to the request path and the request mode and sending the request information.

3. The request path acquisition method according to claim 2, wherein the acquiring the request manner and the request parameters further comprises:

if the request parameter is an assigned parameter, judging whether the request parameter is a basic type parameter or not;

if the request parameters are basic type parameters, assigning values to the request parameters according to the annotation content;

and generating and sending request information based on the request path, the request mode and the assigned request parameters.

4. The request path acquisition method according to claim 2, wherein the acquiring the request manner and the request parameters further comprises:

if the request parameter is an assigned parameter, judging whether the request parameter is a determined object parameter,

if the request parameter is a determined object parameter, analyzing the determined object parameter into a basic type parameter;

assigning a value to the basic type parameter according to the annotation content;

and generating request information and sending the request information based on the request path, the request mode and the assigned basic type parameter.

5. The request path acquisition method according to claim 1, wherein the Controller class annotation names include at least @ Controller and @ RsetController.

6. A request path acquisition apparatus, comprising:

the target acquisition module: the method comprises the steps that a target annotation name is obtained, wherein the target annotation name at least comprises a controller class annotation name, and the controller class annotation name is an identifier of a request interface class file;

an annotation acquisition module: the method comprises the steps of obtaining an original file and reading an annotation name to be identified in the original file;

and an identification module: the method comprises the steps of comparing an annotation name to be identified in an original file with a target annotation name, and marking the original file as a target file if at least one same annotation name exists in the annotation name to be identified and the target annotation name;

and a path acquisition module: the method comprises the steps of reading annotation content in the target file, and acquiring a request path according to the annotation content;

the annotation acquisition module: the method is also used for acquiring a preset directory structure, wherein the preset directory structure comprises a file directory structure of a SpringBoot frame; acquiring an initial file and reading a directory structure to be identified in the initial file; comparing the directory structure to be identified with the preset directory structure, and taking the initial file as an original file if the directory structure to be identified is consistent with the preset directory structure;

the annotation acquisition module: the method is also used for loading the resource library data in the original file into the virtual machine through the class loader based on the parent delegation mechanism, so that the virtual machine reads the source code file in the original file according to the resource library data and the reflection mechanism to obtain the annotation name to be identified; and receiving the annotation name to be identified, which is sent by the virtual machine.

7. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the request path acquisition method according to any one of claims 1 to 5 when executing the computer program.

8. A computer-readable storage medium, on which a computer program is stored, characterized in that the program, when executed by a processor, implements the request path acquisition method according to any one of claims 1 to 5.