[go: up one dir, main page]

WO2025152628A1 - Application programming interface asset management method and apparatus, and electronic device - Google Patents

Application programming interface asset management method and apparatus, and electronic device

Info

Publication number
WO2025152628A1
WO2025152628A1 PCT/CN2024/135609 CN2024135609W WO2025152628A1 WO 2025152628 A1 WO2025152628 A1 WO 2025152628A1 CN 2024135609 W CN2024135609 W CN 2024135609W WO 2025152628 A1 WO2025152628 A1 WO 2025152628A1
Authority
WO
WIPO (PCT)
Prior art keywords
asset information
request
asset
information
path
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/CN2024/135609
Other languages
French (fr)
Chinese (zh)
Inventor
赵毅
刘剑群
吴朝亮
雷加伟
刘奇
邢佳佳
宫冠鹏
王学文
许佳行
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Bestpay Co Ltd
Original Assignee
China Telecom Bestpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Bestpay Co Ltd filed Critical China Telecom Bestpay Co Ltd
Publication of WO2025152628A1 publication Critical patent/WO2025152628A1/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Definitions

  • the present application relates to the field of data processing, and more specifically, to a method, device and electronic device for managing application program interface assets.
  • APIs application programming interfaces
  • All information and resources related to APIs are called API assets, such as the API name, description, version, endpoint, authorization mechanism, availability, and performance indicators.
  • API assets such as the API name, description, version, endpoint, authorization mechanism, availability, and performance indicators.
  • each business system when managing API assets in network traffic data, each business system can collect the API assets involved in real time and then report them to the system that manages API assets.
  • this method inevitably leads to omissions and coverage of collected API assets, and results in poor real-time management of API assets.
  • this method does not count the sensitive information involved in API assets, and cannot take corresponding measures for APIs involving sensitive information, resulting in low data security.
  • a method for managing application program interface assets comprising: when network traffic data is received, extracting asset information of the application program interface assets contained in each network request in the network traffic data to obtain an asset information set, wherein the asset information comprises at least the following information: asset path, request type, sensitive information type, wherein the sensitive information type refers to the type of sensitive information when the application program interface asset contains sensitive information; aggregating the asset information in the asset information set according to the asset path and the request type to obtain N types of asset information, wherein N is a positive integer; counting the sensitive information type involved in each type of asset information in the N types of asset information according to the asset information set to obtain target asset information; and updating the asset information in a preset database according to the target asset information to manage the application program interface assets in the network traffic data, wherein the preset database stores the asset information of the application program interface assets.
  • determining the application program interface assets included in the request parameter set by a preset regular expression to obtain the asset information set includes: using a first regular expression to match the target parameter of each network request in the request parameter set to obtain a first matching result, wherein the target parameter at least includes the following field information: the request domain name, the request path; when the first matching result indicates a successful match, determining the first network request corresponding to the first matching result, and generating the asset path of the first network request; when the first matching result indicates a failed match, using multiple second regular expressions to match the request path of the second network request to obtain a second matching result, and generating the asset path of the second network request based on the second matching result, wherein the second network request refers to the network request other than the first network request in the request parameter set; combining the request type of the first network request, the asset path of the first network request, the request type of the second network request, and the asset path of the second network request to obtain the asset information set.
  • the extraction unit includes: an extraction subunit, used to extract request parameters of each network request in the network traffic data to obtain a request parameter set, wherein the request parameters include at least the following field information: request domain name, request path, request parameters, response parameters, and the request type; a first determination subunit, used to determine the application interface assets included in the request parameter set through a preset regular expression to obtain an asset information set; a marking subunit, used to determine the first asset information containing sensitive information in the asset information set through the regular expression, mark the first asset information, and update the asset information in the asset information set.
  • the determination subunit includes: a first matching module, which is used to match the target parameter of each network request in the request parameter set with a first regular expression to obtain a first matching result, wherein the target parameter at least includes the following field information: the request domain name, the request path; a first determination module, which is used to determine the first network request corresponding to the first matching result when the first matching result indicates a successful match, and generate the asset path of the first network request; a second matching module, which is used to match the request path of the second network request with multiple second regular expressions when the first matching result indicates a failed match, and generate the asset path of the second network request based on the second matching result, wherein the second network request refers to the network request other than the first network request in the request parameter set; a combination module, which is used to combine the request type of the first network request, the asset path of the first network request, the request type of the second network request and the asset path of the second network request to obtain the asset information set.
  • a first matching module which is used to match the target parameter
  • the annotation subunit includes: a third matching module, used to use a third regular expression set to match each network request in the request parameter set to obtain a third matching result, wherein the third regular expression set includes a set of regular expressions constructed based on different sensitive information types; a second determination module, used to determine the asset information corresponding to the successfully matched network request in the asset information set when the third matching result indicates a successful match, to obtain the first asset information; an update module, used to determine the sensitive information type of the first asset information based on the third matching result, and update the asset information set using the sensitive information type of the first asset information.
  • a computer-readable storage medium includes a stored computer program, wherein when the computer program is running, the device where the computer-readable storage medium is located is controlled to execute any one of the above-mentioned application program interface asset management methods.
  • an electronic device comprising one or more processors and a memory, the memory being used to store one or more programs, wherein when the one or more programs are executed by one or more processors, the one or more processors implement any one of the above-mentioned methods for managing application program interface assets.
  • FIG1 is a flow chart of a method for managing application program interface assets according to a first embodiment of the present application
  • FIG2 is a schematic diagram of an optional method for managing application program interface assets provided according to the first embodiment of the present application
  • FIG. 3 is a schematic diagram of an application program interface asset management device provided according to Embodiment 2 of the present application.
  • FIG. 4 is a schematic diagram of an electronic device for managing application program interface assets provided according to a fifth embodiment of the present application.
  • the user information including but not limited to user device information, user personal information, user information contained in network traffic data, user information contained in application program interfaces, etc.
  • data including but not limited to data used for analysis, stored data, displayed data, collected network traffic data, etc.
  • the collection, use and processing of relevant data must comply with relevant laws, regulations and standards in the relevant areas, and corresponding operation entrances shall be provided for users to choose to authorize or refuse.
  • Flink Apache Flink is a framework and distributed processing engine for stateful computations on unbounded and bounded data streams. Flink runs on all common cluster environments and can compute at memory speed and at any scale.
  • FIG. 1 is a flow chart of a method for managing application program interface assets provided according to Embodiment 1 of the present application. As shown in FIG. 1 , the method includes the following steps:
  • Step S101 when network traffic data is received, extract the asset information of the application interface assets contained in each network request in the network traffic data to obtain an asset information set, wherein the asset information includes at least the following information: asset path, request type, sensitive information type, and the sensitive information type refers to the type of sensitive information when the application interface asset contains sensitive information.
  • a network request refers to the behavior of a client where a user is located sending a request to a server to obtain a specific resource, for example, a request to obtain a web page, a picture, a video, data, etc.
  • This request can be made through the http protocol or other requests, for example, FTP (File Transfer Protocol) requests, SSH (Secure Shell) requests, DNS (Domain Name System) requests, etc.
  • Requests generated through the http protocol can be called http requests.
  • Step S102 aggregating the asset information in the asset information set according to the asset path and the request type to obtain N types of asset information, where N is a positive integer.
  • the management device of the application interface assets includes a processor and a memory.
  • the above-mentioned extraction unit 301, aggregation unit 302, statistics unit 303 and update unit 304 are all stored in the memory as program units, and the processor executes the above-mentioned program units stored in the memory to realize corresponding functions.
  • the processor includes a kernel, which calls the corresponding program unit from the memory.
  • One or more kernels can be set, and the real-time performance of managing API assets can be improved by adjusting kernel parameters.
  • the memory may include non-permanent memory in a computer-readable medium, in the form of random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash RAM, and the memory includes at least one memory chip.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash random access memory
  • determining first asset information containing sensitive information in an asset information set through a regular expression, marking the first asset information, and updating the asset information in the asset information set including: using a third regular expression set to match each network request in a request parameter set to obtain a third matching result, wherein the third regular expression set includes a set of regular expressions constructed based on different sensitive information types; when the third matching result indicates a successful match, determining in the asset information set the asset information corresponding to the successfully matched network request to obtain the first asset information; determining the sensitive information type of the first asset information based on the third matching result, and using the sensitive information type of the first asset information to update the asset information set.
  • the above method When executed on a data processing device, it is also suitable for executing an initialization program having the following method steps: before determining the application interface assets included in the request parameter set through a preset regular expression and obtaining the asset information set, the above method also includes: determining the aggregation rules of the application interface assets based on business needs; configuring the regular expression based on the aggregation rules to obtain the preset regular expression, and loading the preset regular expression.
  • an initialized program having the following method steps: updating the asset information in a preset database based on target asset information, including: when the target asset information is inconsistent with the asset information in the preset database, updating the corresponding asset information in the preset database based on the target asset information; when the target asset information is consistent with the asset information in the preset database, updating the time information of the corresponding asset information in the target asset information in the preset database.
  • the embodiments of the present application may be provided as methods, systems, or computer program products. Therefore, the present application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment in combination with software and hardware. Moreover, the present application may adopt the form of a computer program product implemented in one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) that include computer-usable program code.
  • a computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
  • These computer program instructions may also be loaded onto a computer or other programmable data processing device so that a series of operational steps are executed on the computer or other programmable device to produce a computer-implemented process, whereby the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
  • a computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
  • processors CPU
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • Memory may include non-permanent storage in a computer-readable medium, random access memory (RAM) and/or non-volatile memory in the form of read-only memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer readable media include permanent and non-permanent, removable and non-removable media that can be implemented by any method or technology to store information.
  • Information can be computer readable instructions, data structures, program modules or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, compact disk read-only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, magnetic cassettes, magnetic disk storage or other magnetic storage devices or any other non-transmission media that can be used to store information that can be accessed by a computing device.
  • computer readable media does not include temporary computer readable media (transitory media), such as modulated data signals and carrier waves.
  • the embodiments of the present application may be provided as methods, systems or computer program products. Therefore, the present application may adopt the form of a complete hardware embodiment, a complete software embodiment or an embodiment in combination with software and hardware. Moreover, the present application may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) that contain computer-usable program code.
  • a computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed in the present application are an application programming interface asset management method and apparatus, and an electronic device, which method is applied to the field of data processing. The method comprises: upon receiving network traffic data, extracting from the network traffic data asset information of application programming interface assets included in each network request, so as to obtain an asset information set; on the basis of an asset path and a request type, performing aggregation on asset information in the asset information set, so as to obtain N types of asset information; on the basis of the asset information set, statistically compiling a sensitive information type related to each of the N types of asset information, so as to obtain target asset information; and on the basis of the target asset information, updating asset information in a preset database, so as to manage the application programming interface assets in the network traffic data.

Description

应用程序接口资产的管理方法、装置及电子设备Application program interface asset management method, device and electronic device

相关申请Related Applications

本申请要求2024年01月16日提交的,申请号为2024100644708,名称为“应用程序接口资产的管理方法、装置及电子设备”的中国专利申请的优先权,在此将其全文引入作为参考。This application claims priority to Chinese patent application number 2024100644708, filed on January 16, 2024, entitled “Application Programming Interface Asset Management Method, Device and Electronic Device”, the entire text of which is hereby incorporated by reference.

技术领域Technical Field

本申请涉及数据处理领域,具体而言,涉及一种应用程序接口资产的管理方法、装置及电子设备。The present application relates to the field of data processing, and more specifically, to a method, device and electronic device for managing application program interface assets.

背景技术Background Art

随着公司或者组织中越来越多的数字化系统建立,各类数据数字化系统都会提供对内或对外的应用程序编程接口(Application Programming Interface,API),与API相关的所有信息和资源称为API资产,例如,API的名称、描述、版本、终端点、授权机制、可用性和性能指标等。为了更好地管理组织中的API资产和安全审计的需求要收集各个系统的API信息进行集中管理。As more and more digital systems are established in companies or organizations, various data digital systems will provide internal or external application programming interfaces (APIs). All information and resources related to APIs are called API assets, such as the API name, description, version, endpoint, authorization mechanism, availability, and performance indicators. In order to better manage the API assets and security audit needs in the organization, it is necessary to collect API information from each system for centralized management.

现有技术中对网络流量数据中的API资产进行管理时,可以通过各个业务系统实时收集自身涉及的API资产,然后上报至管理API资产的系统中,但这种方法由于各个业务系统之间的差异和网络问题,导致收集到的API资产难免有所疏漏和无法覆盖的地方,以及导致实时管理API资产的效果较差。此外,这种方法未统计API资产涉及的敏感信息,无法对涉及敏感信息的API采取相应的措施,导致数据安全性较低的问题。In the prior art, when managing API assets in network traffic data, each business system can collect the API assets involved in real time and then report them to the system that manages API assets. However, due to differences between business systems and network problems, this method inevitably leads to omissions and coverage of collected API assets, and results in poor real-time management of API assets. In addition, this method does not count the sensitive information involved in API assets, and cannot take corresponding measures for APIs involving sensitive information, resulting in low data security.

针对相关技术中管理网络流量数据中的应用程序接口资产时,由于网络流量数据较多,导致管理应用程序接口资产的时效性较差的问题,目前尚未提出有效的解决方案。Regarding the problem of poor timeliness of managing application program interface assets in network traffic data in related technologies due to the large amount of network traffic data, no effective solution has been proposed so far.

发明内容Summary of the invention

根据本申请的第一个方面,提供了一种应用程序接口资产的管理方法,该方法包括:在接收到网络流量数据的情况下,提取所述网络流量数据中每个网络请求包含的应用程序接口资产的资产信息,得到资产信息集合,其中,所述资产信息至少包括以下信息:资产路径、请求类型、敏感信息类型,所述敏感信息类型是指所述应用程序接口资产在包含敏感信息的情况下所述敏感信息的类型;依据所述资产路径和所述请求类型对所述资产信息集合中的资产信息进行聚合,得到N类资产信息,其中,N是正整数;依据所述资产信息集合统计所述N类资产信息中每类资产信息涉及的所述敏感信息类型,得到目标资产信息;依据所述目标资产信息更新预设数据库中的资产信息,以对所述网络流量数据中的应用程序接口资产进行管理,其中,所述预设数据库存储着所述应用程序接口资产的资产信息。According to the first aspect of the present application, a method for managing application program interface assets is provided, the method comprising: when network traffic data is received, extracting asset information of the application program interface assets contained in each network request in the network traffic data to obtain an asset information set, wherein the asset information comprises at least the following information: asset path, request type, sensitive information type, wherein the sensitive information type refers to the type of sensitive information when the application program interface asset contains sensitive information; aggregating the asset information in the asset information set according to the asset path and the request type to obtain N types of asset information, wherein N is a positive integer; counting the sensitive information type involved in each type of asset information in the N types of asset information according to the asset information set to obtain target asset information; and updating the asset information in a preset database according to the target asset information to manage the application program interface assets in the network traffic data, wherein the preset database stores the asset information of the application program interface assets.

在一些实施例中,提取所述网络流量数据中每个网络请求包含的应用程序接口资产的资产信息,得到资产信息集合包括:提取所述网络流量数据中每个网络请求的请求参数,得到请求参数集合,其中,所述请求参数至少包括以下字段信息:请求域名、请求路径、请求参数、响应参数、所述请求类型;通过预设的正则表达式确定所述请求参数集合中包含的应用程序接口资产,得到资产信息集合;通过所述正则表达式确定所述资产信息集合中存在敏感信息的第一资产信息,对所述第一资产信息进行标注,并更新所述资产信息集合中的资产信息。In some embodiments, extracting the asset information of the application interface assets contained in each network request in the network traffic data to obtain an asset information set includes: extracting the request parameters of each network request in the network traffic data to obtain a request parameter set, wherein the request parameters include at least the following field information: request domain name, request path, request parameters, response parameters, and the request type; determining the application interface assets contained in the request parameter set through a preset regular expression to obtain an asset information set; determining first asset information containing sensitive information in the asset information set through the regular expression, marking the first asset information, and updating the asset information in the asset information set.

在一些实施例中,通过预设的正则表达式确定所述请求参数集合中包含的应用程序接口资产,得到资产信息集合包括:采用第一正则表达式对所述请求参数集合中每个网络请求的目标参数进行匹配,得到第一匹配结果,其中,所述目标参数至少包含以下字段信息:所述请求域名、所述请求路径;在所述第一匹配结果指示匹配成功的情况下,确定所述第一匹配结果对应的第一网络请求,并生成所述第一网络请求的所述资产路径;在所述第一匹配结果指示匹配失败的情况下,采用多个第二正则表达式对第二网络请求的所述请求路径进行匹配,得到第二匹配结果,并依据所述第二匹配结果生成所述第二网络请求的所述资产路径,其中,所述第二网络请求是指所述请求参数集合中除所述第一网络请求之外的网络请求;将所述第一网络请求的所述请求类型、所述第一网络请求的所述资产路径、所述第二网络请求的所述请求类型和所述第二网络请求的资产路径进行组合,得到所述资产信息集合。In some embodiments, determining the application program interface assets included in the request parameter set by a preset regular expression to obtain the asset information set includes: using a first regular expression to match the target parameter of each network request in the request parameter set to obtain a first matching result, wherein the target parameter at least includes the following field information: the request domain name, the request path; when the first matching result indicates a successful match, determining the first network request corresponding to the first matching result, and generating the asset path of the first network request; when the first matching result indicates a failed match, using multiple second regular expressions to match the request path of the second network request to obtain a second matching result, and generating the asset path of the second network request based on the second matching result, wherein the second network request refers to the network request other than the first network request in the request parameter set; combining the request type of the first network request, the asset path of the first network request, the request type of the second network request, and the asset path of the second network request to obtain the asset information set.

在一些实施例中,采用多个第二正则表达式对第二网络请求的所述请求路径进行匹配,得到第二匹配结果,并依据所述第二匹配结果生成所述第二网络请求的所述资产路径包括:依据预设字符对每个第二网络请求的所述请求路径进行拆分,得到每个第二网络请求的第一路径列表;采用所述多个第二正则表达式对所述第一路径列表中的每个元素依次进行正则匹配,得到第三匹配结果,其中,所述多个第二正则表达式是依据不同聚合规则构建的正则表达式;在所述第三匹配结果指示匹配成功的情况下,采用第二预设字符串替换匹配成功的元素,得到每个第二网络请求的第二路径列表;对所述第二路径列表中的元素进行拼接,得到每个第二网络请求的目标路径,并依据每个第二网络请求的请求参数和每个第二网络请求的目标路径生成所述第二网络请求的所述资产路径。In some embodiments, multiple second regular expressions are used to match the request path of the second network request to obtain a second matching result, and the asset path of the second network request is generated according to the second matching result, including: splitting the request path of each second network request according to preset characters to obtain a first path list for each second network request; using the multiple second regular expressions to perform regular matching on each element in the first path list in turn to obtain a third matching result, wherein the multiple second regular expressions are regular expressions constructed according to different aggregation rules; when the third matching result indicates a successful match, a second preset string is used to replace the successfully matched elements to obtain a second path list for each second network request; the elements in the second path list are concatenated to obtain a target path for each second network request, and the asset path of the second network request is generated according to the request parameters of each second network request and the target path of each second network request.

在一些实施例中,通过所述正则表达式确定所述资产信息集合中存在敏感信息的第一资产信息,对所述第一资产信息进行标注,并更新所述资产信息集合中的资产信息包括:采用第三正则表达式集合对所述请求参数集合中的每个网络请求进行匹配,得到第三匹配结果,其中,所述第三正则表达式集合包含依据不同敏感信息类型构建的正则表达式的集合;在所述第三匹配结果指示匹配成功的情况下,在所述资产信息集合中确定匹配成功的网络请求对应的资产信息,得到所述第一资产信息;依据所述第三匹配结果确定所述第一资产信息的敏感信息类型,并采用所述第一资产信息的敏感信息类型更新所述资产信息集合。In some embodiments, determining the first asset information containing sensitive information in the asset information set through the regular expression, marking the first asset information, and updating the asset information in the asset information set includes: using a third regular expression set to match each network request in the request parameter set to obtain a third matching result, wherein the third regular expression set includes a set of regular expressions constructed based on different sensitive information types; when the third matching result indicates a successful match, determining the asset information corresponding to the successfully matched network request in the asset information set to obtain the first asset information; determining the sensitive information type of the first asset information based on the third matching result, and updating the asset information set using the sensitive information type of the first asset information.

在一些实施例中,在通过预设的正则表达式确定所述请求参数集合中包含的应用程序接口资产,得到资产信息集合之前,所述方法还包括:依据业务需求确定所述应用程序接口资产的聚合规则;依据所述聚合规则配置正则表达式,得到所述预设的正则表达式,并加载所述预设的正则表达式。In some embodiments, before determining the application interface assets included in the request parameter set through a preset regular expression to obtain an asset information set, the method also includes: determining aggregation rules for the application interface assets based on business needs; configuring regular expressions based on the aggregation rules to obtain the preset regular expressions, and loading the preset regular expressions.

在一些实施例中,依据所述目标资产信息更新预设数据库中的资产信息包括:在所述目标资产信息与所述预设数据库中的资产信息不一致的情况下,依据所述目标资产信息更新所述预设数据库中对应的资产信息;在所述目标资产信息与所述预设数据库中的资产信息一致的情况下,在所述预设数据库中更新所述目标资产信息中对应的资产信息的时间信息。In some embodiments, updating the asset information in the preset database based on the target asset information includes: when the target asset information is inconsistent with the asset information in the preset database, updating the corresponding asset information in the preset database based on the target asset information; when the target asset information is consistent with the asset information in the preset database, updating the time information of the corresponding asset information in the target asset information in the preset database.

根据本申请的第二方面,提供了一种应用程序接口资产的管理装置,该装置包括:提取单元,用于在接收到网络流量数据的情况下,提取所述网络流量数据中每个网络请求包含的应用程序接口资产的资产信息,得到资产信息集合,其中,所述资产信息至少包括以下信息:资产路径、请求类型、敏感信息类型,所述敏感信息类型是指所述应用程序接口资产在包含敏感信息的情况下所述敏感信息的类型;聚合单元,用于依据所述资产路径和所述请求类型对所述资产信息集合中的资产信息进行聚合,得到N类资产信息,其中,N是正整数;统计单元,用于依据所述资产信息集合统计所述N类资产信息中每类资产信息涉及的所述敏感信息类型,得到目标资产信息;更新单元,用于依据所述目标资产信息更新预设数据库中的资产信息,以对所述网络流量数据中的应用程序接口资产进行管理,其中,所述预设数据库存储着所述应用程序接口资产的资产信息。According to a second aspect of the present application, a device for managing application program interface assets is provided, the device comprising: an extraction unit, for extracting, when receiving network traffic data, asset information of application program interface assets contained in each network request in the network traffic data, to obtain an asset information set, wherein the asset information comprises at least the following information: asset path, request type, sensitive information type, wherein the sensitive information type refers to the type of sensitive information when the application program interface asset contains sensitive information; an aggregation unit, for aggregating the asset information in the asset information set according to the asset path and the request type, to obtain N types of asset information, wherein N is a positive integer; a statistics unit, for counting the sensitive information type involved in each type of asset information in the N types of asset information according to the asset information set, to obtain target asset information; an update unit, for updating the asset information in a preset database according to the target asset information, so as to manage the application program interface assets in the network traffic data, wherein the preset database stores the asset information of the application program interface assets.

在一些实施例中,所述提取单元包括:提取子单元,用于提取所述网络流量数据中每个网络请求的请求参数,得到请求参数集合,其中,所述请求参数至少包括以下字段信息:请求域名、请求路径、请求参数、响应参数、所述请求类型;第一确定子单元,用于通过预设的正则表达式确定所述请求参数集合中包含的应用程序接口资产,得到资产信息集合;标注子单元,用于通过所述正则表达式确定所述资产信息集合中存在敏感信息的第一资产信息,对所述第一资产信息进行标注,并更新所述资产信息集合中的资产信息。In some embodiments, the extraction unit includes: an extraction subunit, used to extract request parameters of each network request in the network traffic data to obtain a request parameter set, wherein the request parameters include at least the following field information: request domain name, request path, request parameters, response parameters, and the request type; a first determination subunit, used to determine the application interface assets included in the request parameter set through a preset regular expression to obtain an asset information set; a marking subunit, used to determine the first asset information containing sensitive information in the asset information set through the regular expression, mark the first asset information, and update the asset information in the asset information set.

在一些实施例中,所述确定子单元包括:第一匹配模块,用于采用第一正则表达式对所述请求参数集合中每个网络请求的目标参数进行匹配,得到第一匹配结果,其中,所述目标参数至少包含以下字段信息:所述请求域名、所述请求路径;第一确定模块,用于在所述第一匹配结果指示匹配成功的情况下,确定所述第一匹配结果对应的第一网络请求,并生成所述第一网络请求的所述资产路径;第二匹配模块,用于在所述第一匹配结果指示匹配失败的情况下,采用多个第二正则表达式对第二网络请求的所述请求路径进行匹配,得到第二匹配结果,并依据所述第二匹配结果生成所述第二网络请求的所述资产路径,其中,所述第二网络请求是指所述请求参数集合中除所述第一网络请求之外的网络请求;组合模块,用于将所述第一网络请求的所述请求类型、所述第一网络请求的所述资产路径、所述第二网络请求的所述请求类型和所述第二网络请求的资产路径进行组合,得到所述资产信息集合。In some embodiments, the determination subunit includes: a first matching module, which is used to match the target parameter of each network request in the request parameter set with a first regular expression to obtain a first matching result, wherein the target parameter at least includes the following field information: the request domain name, the request path; a first determination module, which is used to determine the first network request corresponding to the first matching result when the first matching result indicates a successful match, and generate the asset path of the first network request; a second matching module, which is used to match the request path of the second network request with multiple second regular expressions when the first matching result indicates a failed match, and generate the asset path of the second network request based on the second matching result, wherein the second network request refers to the network request other than the first network request in the request parameter set; a combination module, which is used to combine the request type of the first network request, the asset path of the first network request, the request type of the second network request and the asset path of the second network request to obtain the asset information set.

在一些实施例中,所述第二匹配模块包括:拆分子模块,用于依据预设字符对每个第二网络请求的所述请求路径进行拆分,得到每个第二网络请求的第一路径列表;匹配子模块,用于采用所述多个第二正则表达式对所述第一路径列表中的每个元素依次进行正则匹配,得到第三匹配结果,其中,所述多个第二正则表达式是依据不同聚合规则构建的正则表达式;替换子模块,用于在所述第三匹配结果指示匹配成功的情况下,采用第二预设字符串替换匹配成功的元素,得到每个第二网络请求的第二路径列表;拼接子模块,用于对所述第二路径列表中的元素进行拼接,得到每个第二网络请求的目标路径,并依据每个第二网络请求的请求参数和每个第二网络请求的目标路径生成所述第二网络请求的所述资产路径。In some embodiments, the second matching module includes: a splitting submodule, which is used to split the request path of each second network request according to preset characters to obtain a first path list for each second network request; a matching submodule, which is used to use the multiple second regular expressions to perform regular matching on each element in the first path list in turn to obtain a third matching result, wherein the multiple second regular expressions are regular expressions constructed according to different aggregation rules; a replacement submodule, which is used to replace the successfully matched elements with a second preset string when the third matching result indicates a successful match to obtain a second path list for each second network request; a splicing submodule, which is used to splice the elements in the second path list to obtain a target path for each second network request, and generate the asset path of the second network request according to the request parameters of each second network request and the target path of each second network request.

在一些实施例中,所述标注子单元包括:第三匹配模块,用于采用第三正则表达式集合对所述请求参数集合中的每个网络请求进行匹配,得到第三匹配结果,其中,所述第三正则表达式集合包含依据不同敏感信息类型构建的正则表达式的集合;第二确定模块,用于在所述第三匹配结果指示匹配成功的情况下,在所述资产信息集合中确定匹配成功的网络请求对应的资产信息,得到所述第一资产信息;更新模块,用于依据所述第三匹配结果确定所述第一资产信息的敏感信息类型,并采用所述第一资产信息的敏感信息类型更新所述资产信息集合。In some embodiments, the annotation subunit includes: a third matching module, used to use a third regular expression set to match each network request in the request parameter set to obtain a third matching result, wherein the third regular expression set includes a set of regular expressions constructed based on different sensitive information types; a second determination module, used to determine the asset information corresponding to the successfully matched network request in the asset information set when the third matching result indicates a successful match, to obtain the first asset information; an update module, used to determine the sensitive information type of the first asset information based on the third matching result, and update the asset information set using the sensitive information type of the first asset information.

在一些实施例中,所述提取单元还包括:第二确定子单元,用于在通过预设的正则表达式确定所述请求参数集合中包含的应用程序接口资产,得到资产信息集合之前,依据业务需求确定所述应用程序接口资产的聚合规则;加载子单元,用于依据所述聚合规则配置正则表达式,得到所述预设的正则表达式,并加载所述预设的正则表达式。In some embodiments, the extraction unit also includes: a second determination sub-unit, used to determine the application interface assets included in the request parameter set through a preset regular expression, and before obtaining the asset information set, determine the aggregation rules of the application interface assets according to business needs; a loading sub-unit, used to configure the regular expression according to the aggregation rule, obtain the preset regular expression, and load the preset regular expression.

在一些实施例中,所述更新单元包括:第一更新子单元,用于在所述目标资产信息与所述预设数据库中的资产信息不一致的情况下,依据所述目标资产信息更新所述预设数据库中对应的资产信息;第二更新子单元,用于在所述目标资产信息与所述预设数据库中的资产信息一致的情况下,在所述预设数据库中更新所述目标资产信息中对应的资产信息的时间信息。In some embodiments, the update unit includes: a first update sub-unit, used to update the corresponding asset information in the preset database according to the target asset information when the target asset information is inconsistent with the asset information in the preset database; a second update sub-unit, used to update the time information of the corresponding asset information in the target asset information in the preset database when the target asset information is consistent with the asset information in the preset database.

根据本申请的第三个方面,提供了一种计算机可读存储介质,所述计算机可读存储介质包括存储的计算机程序,其中,在所述计算机程序运行时控制所述计算机可读存储介质所在设备执行上述任意一项所述应用程序接口资产的管理方法。According to a third aspect of the present application, a computer-readable storage medium is provided, wherein the computer-readable storage medium includes a stored computer program, wherein when the computer program is running, the device where the computer-readable storage medium is located is controlled to execute any one of the above-mentioned application program interface asset management methods.

根据本申请的第四方面,提供了一种电子设备,包括一个或多个处理器和存储器,存储器用于存储一个或多个程序,其中,当一个或多个程序被一个或多个处理器执行时,使得一个或多个处理器实现上述任意一项所述应用程序接口资产的管理方法。According to the fourth aspect of the present application, an electronic device is provided, comprising one or more processors and a memory, the memory being used to store one or more programs, wherein when the one or more programs are executed by one or more processors, the one or more processors implement any one of the above-mentioned methods for managing application program interface assets.

本申请的一个或多个实施例的细节在下面的附图和描述中提出。本申请的其它特征、目的和优点将从说明书、附图以及权利要求书变得明显。The details of one or more embodiments of the present application are set forth in the following drawings and description. Other features, objects, and advantages of the present application will become apparent from the description, drawings, and claims.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

构成本申请的一部分的附图用来提供对本申请的进一步理解,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings constituting a part of the present application are used to provide a further understanding of the present application. The illustrative embodiments and descriptions of the present application are used to explain the present application and do not constitute an improper limitation on the present application. In the drawings:

图1是根据本申请实施例一提供的应用程序接口资产的管理方法的流程图;FIG1 is a flow chart of a method for managing application program interface assets according to a first embodiment of the present application;

图2是根据本申请实施例一提供的可选的应用程序接口资产的管理方法的示意图;FIG2 is a schematic diagram of an optional method for managing application program interface assets provided according to the first embodiment of the present application;

图3是根据本申请实施例二提供的应用程序接口资产的管理装置的示意图;3 is a schematic diagram of an application program interface asset management device provided according to Embodiment 2 of the present application;

图4是根据本申请实施例五提供的应用程序接口资产的管理电子设备的示意图。FIG. 4 is a schematic diagram of an electronic device for managing application program interface assets provided according to a fifth embodiment of the present application.

具体实施方式DETAILED DESCRIPTION

需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。下面将参考附图并结合实施例来详细说明本申请。It should be noted that, in the absence of conflict, the embodiments and features in the embodiments of the present application can be combined with each other. The present application will be described in detail below with reference to the accompanying drawings and in combination with the embodiments.

需要说明的是,本申请所涉及的用户信息(包括但不限于用户设备信息、用户个人信息、网络流量数据中包含的用户信息、应用程序接口中包含的用户信息等)和数据(包括但不限于用于分析的数据、存储的数据、展示的数据、采集的网络流量数据等),均为经用户授权或者经过各方充分授权的信息和数据,并且相关数据的收集、使用和处理需要遵守相关区域的相关法律法规和标准,并提供有相应的操作入口,供用户选择授权或者拒绝。It should be noted that the user information (including but not limited to user device information, user personal information, user information contained in network traffic data, user information contained in application program interfaces, etc.) and data (including but not limited to data used for analysis, stored data, displayed data, collected network traffic data, etc.) involved in this application are all information and data authorized by the user or fully authorized by all parties, and the collection, use and processing of relevant data must comply with relevant laws, regulations and standards in the relevant areas, and corresponding operation entrances shall be provided for users to choose to authorize or refuse.

为了使本技术领域的人员更好地理解本申请方案,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分的实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本申请保护的范围。In order to enable those skilled in the art to better understand the solution of the present application, the technical solution in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments are only part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by ordinary technicians in this field without creative work should fall within the scope of protection of the present application.

需要说明的是,本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本申请的实施例。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。It should be noted that the terms "first", "second", etc. in the specification and claims of the present application and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequential order. It should be understood that the data used in this way can be interchanged where appropriate, so that the embodiments of the present application described here. In addition, the terms "including" and "having" and any of their variations are intended to cover non-exclusive inclusions, for example, a process, method, system, product or device comprising a series of steps or units is not necessarily limited to those steps or units clearly listed, but may include other steps or units that are not clearly listed or inherent to these processes, methods, products or devices.

为了便于描述,以下对本申请实施例涉及的部分名词或术语进行说明:For the convenience of description, some nouns or terms involved in the embodiments of the present application are explained below:

Flink:Apache Flink是一个框架和分布式处理引擎,用于在无边界和有边界数据流上进行有状态的计算。Flink能在所有常见集群环境中运行,并能以内存速度和任意规模进行计算。Flink: Apache Flink is a framework and distributed processing engine for stateful computations on unbounded and bounded data streams. Flink runs on all common cluster environments and can compute at memory speed and at any scale.

实施例一Embodiment 1

下面结合实施步骤对本申请进行说明,图1是根据本申请实施例一提供的应用程序接口资产的管理方法的流程图,如图1所示,该方法包括如下步骤:The present application is described below in conjunction with the implementation steps. FIG. 1 is a flow chart of a method for managing application program interface assets provided according to Embodiment 1 of the present application. As shown in FIG. 1 , the method includes the following steps:

步骤S101,在接收到网络流量数据的情况下,提取网络流量数据中每个网络请求包含的应用程序接口资产的资产信息,得到资产信息集合,其中,资产信息至少包括以下信息:资产路径、请求类型、敏感信息类型,敏感信息类型是指应用程序接口资产在包含敏感信息的情况下敏感信息的类型。Step S101, when network traffic data is received, extract the asset information of the application interface assets contained in each network request in the network traffic data to obtain an asset information set, wherein the asset information includes at least the following information: asset path, request type, sensitive information type, and the sensitive information type refers to the type of sensitive information when the application interface asset contains sensitive information.

在本实施例一中,网络请求是指用户所在的客户端向服务器发送请求以获取特定资源的行为,例如,获取网页、图片、视频、数据等内容的请求。这种请求可以通过http协议进行,也可以通过其他请求进行,例如,FTP(File Transfer Protocol)请求、SSH(Secure Shell)请求、DNS(Domain Name System)请求等。通过http协议生成的请求可以称为http请求。In the first embodiment, a network request refers to the behavior of a client where a user is located sending a request to a server to obtain a specific resource, for example, a request to obtain a web page, a picture, a video, data, etc. This request can be made through the http protocol or other requests, for example, FTP (File Transfer Protocol) requests, SSH (Secure Shell) requests, DNS (Domain Name System) requests, etc. Requests generated through the http protocol can be called http requests.

为了实时管理网络流量数据中的API资产信息(即上述的应用程序接口资产的信息),需要从网络流量数据中每个网络请求的请求参数中提取该网络请求涉及的API资产信息,由每个网络请求的API资产信息得到上述的资产信息集合。API资产信息中的资产路径用于标识网络请求涉及的API资产,请求类型是指网络请求的类型,例如,GET、POST、PUT、DELETE等,敏感信息类型是指网络请求中包含的敏感信息的类型,例如,身份证号、手机号等。In order to manage the API asset information (i.e. the information of the application program interface assets mentioned above) in the network traffic data in real time, it is necessary to extract the API asset information involved in the network request from the request parameters of each network request in the network traffic data, and obtain the above asset information set from the API asset information of each network request. The asset path in the API asset information is used to identify the API asset involved in the network request, the request type refers to the type of network request, such as GET, POST, PUT, DELETE, etc., and the sensitive information type refers to the type of sensitive information contained in the network request, such as ID number, mobile phone number, etc.

步骤S102,依据资产路径和请求类型对资产信息集合中的资产信息进行聚合,得到N类资产信息,其中,N是正整数。Step S102, aggregating the asset information in the asset information set according to the asset path and the request type to obtain N types of asset information, where N is a positive integer.

在本实施例一中,为了对实时采集的网络请求中的API资产进行管理,需要根据业务需求或业务人员的聚合需求对网络请求中的API资产进行聚合,从而根据API资产的类别统计网络流量数据中的API资产信息,满足业务人员管理API资产的需求,同时去除网络请求中的冗余资产信息,便于业务人员进行管理,达到了提高业务人员管理API资产的效率的效果。In the first embodiment of the present invention, in order to manage the API assets in the network requests collected in real time, it is necessary to aggregate the API assets in the network requests according to business needs or the aggregation needs of business personnel, so as to count the API asset information in the network traffic data according to the category of API assets, meet the needs of business personnel to manage API assets, and at the same time remove redundant asset information in the network requests to facilitate management by business personnel, thereby achieving the effect of improving the efficiency of business personnel in managing API assets.

在一可选的实施例中,可以根据业务需求确定聚合规则,聚合规则中可以定义不同的资产路径和请求类型,然后根据资产路径和请求类型对资产信息集合中每个API资产进行分类,得到上述的N类资产信息。In an optional embodiment, aggregation rules can be determined according to business needs, in which different asset paths and request types can be defined. Then, each API asset in the asset information set is classified according to the asset path and request type to obtain the above-mentioned N types of asset information.

步骤S103,依据资产信息集合统计N类资产信息中每类资产信息涉及的敏感信息类型,得到目标资产信息。Step S103, based on the asset information set, statistics are collected on the type of sensitive information involved in each type of asset information in N types of asset information to obtain target asset information.

在本实施例一中,对资产信息聚合分类后,可以统计每一类API资产中涉及明文传输的敏感信息,即每一类API资产中传输未加密的敏感信息,从而可以帮助企业及时发现和处理潜在的安全风险,采取相应的保护措施,保障用户的数据安全和隐私,同时避免了API资产过多和资产信息冗余导致业务人员难以管理API资产的问题。In the first embodiment of the present invention, after the asset information is aggregated and classified, the sensitive information involved in plain text transmission in each type of API assets can be counted, that is, the unencrypted sensitive information transmitted in each type of API assets. This can help enterprises to promptly discover and deal with potential security risks, take corresponding protection measures, and ensure user data security and privacy. At the same time, it avoids the problem of too many API assets and redundant asset information making it difficult for business personnel to manage API assets.

步骤S104,依据目标资产信息更新预设数据库中的资产信息,以对网络流量数据中的应用程序接口资产进行管理,其中,预设数据库存储着应用程序接口资产的资产信息。Step S104, updating the asset information in the preset database according to the target asset information to manage the application program interface assets in the network traffic data, wherein the preset database stores the asset information of the application program interface assets.

在本实施例一中,为了避免每解析到一条API资产后立即存储至预设数据库中,导致读写资源被大量占用,导致集群处理效率较低的问题,可以对API资产信息进行聚合,并统计涉及敏感信息的敏感信息类型得到目标资产信息之后,根据目标资产信息批量更新预设数据库中的资产信息,以实现在节省集群资源的同时,提高资产信息的实时性和准确性的效果。In the first embodiment of the present invention, in order to avoid storing each API asset immediately in the preset database after parsing, resulting in a large amount of read and write resources being occupied and causing low cluster processing efficiency, the API asset information can be aggregated, and the sensitive information types involving sensitive information can be counted to obtain the target asset information. Then, the asset information in the preset database can be updated in batches according to the target asset information, so as to achieve the effect of saving cluster resources while improving the real-time and accuracy of asset information.

综上所述,本申请实施例一提供的应用程序接口资产的管理方法,通过在接收到网络流量数据的情况下,提取网络流量数据中每个网络请求包含的应用程序接口资产的资产信息,得到资产信息集合,其中,资产信息至少包括以下信息:资产路径、请求类型、敏感信息类型,敏感信息类型是指应用程序接口资产在包含敏感信息的情况下敏感信息的类型;依据资产路径和请求类型对资产信息集合中的资产信息进行聚合,得到N类资产信息,其中,N是正整数;依据资产信息集合统计N类资产信息中每类资产信息涉及的敏感信息类型,得到目标资产信息;依据目标资产信息更新预设数据库中的资产信息,以对网络流量数据中的应用程序接口资产进行管理,其中,预设数据库存储着应用程序接口资产的资产信息,解决了相关技术中管理网络流量数据中的应用程序接口资产时,由于网络流量数据较多,导致管理应用程序接口资产的时效性较差的问题。通过从网络流量数据中提取和聚合大量网络请求的API资产,根据聚合后的资产信息批量更新预设数据库中的API资产信息,能够提炼出关键信息,去除冗余信息,以辅助业务人员对API资产进行管理,保证了API资产信息的实时性,达到了业务人员实时管理API资产的效果,同时通过统计敏感信息类型,有利于业务人员根据敏感信息类型对API资产配置相应的安全措施,达到了保证数据安全性的效果。In summary, the method for managing application program interface assets provided in the first embodiment of the present application, when receiving network traffic data, extracts the asset information of the application program interface assets contained in each network request in the network traffic data to obtain an asset information set, wherein the asset information includes at least the following information: asset path, request type, sensitive information type, and the sensitive information type refers to the type of sensitive information when the application program interface asset contains sensitive information; the asset information in the asset information set is aggregated according to the asset path and the request type to obtain N types of asset information, wherein N is a positive integer; the sensitive information type involved in each type of asset information in the N types of asset information is counted according to the asset information set to obtain the target asset information; the asset information in the preset database is updated according to the target asset information to manage the application program interface assets in the network traffic data, wherein the preset database stores the asset information of the application program interface assets, and solves the problem of poor timeliness of managing application program interface assets in the related technology due to the large amount of network traffic data when managing application program interface assets in network traffic data. By extracting and aggregating a large number of API assets requested by network traffic data, and updating the API asset information in the preset database in batches according to the aggregated asset information, it is possible to extract key information and remove redundant information to assist business personnel in managing API assets, thereby ensuring the real-time nature of API asset information and enabling business personnel to manage API assets in real time. At the same time, by counting sensitive information types, it is helpful for business personnel to configure corresponding security measures for API assets according to the sensitive information types, thereby ensuring data security.

可选地,在本申请实施例一提供的应用程序接口资产的管理方法中,提取网络流量数据中每个网络请求包含的应用程序接口资产的资产信息,得到资产信息集合包括:提取网络流量数据中每个网络请求的请求参数,得到请求参数集合,其中,请求参数至少包括以下字段信息:请求域名、请求路径、请求参数、响应参数、请求类型;通过预设的正则表达式确定请求参数集合中包含的应用程序接口资产,得到资产信息集合;通过正则表达式确定资产信息集合中存在敏感信息的第一资产信息,对第一资产信息进行标注,并更新资产信息集合中的资产信息。Optionally, in the management method of application interface assets provided in Example 1 of the present application, asset information of the application interface assets contained in each network request in the network traffic data is extracted to obtain an asset information set, including: extracting request parameters of each network request in the network traffic data to obtain a request parameter set, wherein the request parameters include at least the following field information: request domain name, request path, request parameters, response parameters, request type; determining the application interface assets contained in the request parameter set through a preset regular expression to obtain an asset information set; determining the first asset information containing sensitive information in the asset information set through a regular expression, marking the first asset information, and updating the asset information in the asset information set.

在本实施例一中,为了对API资产进行实时管理,可以实时捕获网络流量数据,从中提取出每个网络请求的相关参数(即上述的请求参数集合),并根据请求参数集合中每个网络请求的相关参数解析该网络请求中包含的API资产,以及标注每个API资产涉及敏感信息的敏感信息类型。In the first embodiment of the present invention, in order to manage API assets in real time, network traffic data can be captured in real time, and relevant parameters of each network request (i.e., the request parameter set mentioned above) can be extracted therefrom. The API assets contained in the network request can be parsed according to the relevant parameters of each network request in the request parameter set, and the sensitive information type of each API asset involving sensitive information can be marked.

具体地,使用流量探针采集网络流量数据(例如,http数据流)存储至kafka集群或其他数据存储系统中,从kafka集群获取网络流量数据,再将网络流量数据中每个网络请求的相关参数解析为预设的数据结构,即上述的请求参数,请求参数中包含的字段信息如表1所示,其中,请求域名是指http请求访问的域名地址,例如,“www.example.com”,请求路径是指http请求的具体资源的路径,例如,“/index.html”,请求参数是指http请求的参数,例如,“http://example.com/api/user?id=123”中的“id=123”,响应参数是指服务器响应http请求后返回给客户端的响应结果的参数例如,状态码为200表示成功响应、Content-Type(返回的数据类型)为字符串等内容,请求类型是指http请求的类型,以指示服务器需要执行的操作,例如,GET、POST、PUT、DELETE等。解析出每个网络请求的网络参数后,由所有网络请求的网络参数得到上述的请求参数集合。Specifically, a flow probe is used to collect network flow data (for example, http data stream) and store it in a kafka cluster or other data storage system, the network flow data is obtained from the kafka cluster, and then the relevant parameters of each network request in the network flow data are parsed into a preset data structure, that is, the above-mentioned request parameters. The field information contained in the request parameters is shown in Table 1, wherein the request domain name refers to the domain name address accessed by the http request, for example, "www.example.com", the request path refers to the path of the specific resource of the http request, for example, "/index.html", the request parameter refers to the parameter of the http request, for example, "id=123" in "http://example.com/api/user?id=123", the response parameter refers to the parameter of the response result returned to the client by the server after responding to the http request, for example, the status code is 200 to indicate a successful response, the Content-Type (the type of data returned) is a string, etc., and the request type refers to the type of the http request to indicate the operation that the server needs to perform, for example, GET, POST, PUT, DELETE, etc. After parsing the network parameters of each network request, the above-mentioned request parameter set is obtained from the network parameters of all network requests.

然后,根据采用预设的正则表达式对上述的请求参数集合中每个网络请求的请求参数进行匹配,解析其中的API资产,得到上述的资产信息集合,其中,预设的正则表达式是预先根据API资产聚合规则配置并加载好的。最后,根据匹配敏感信息的正则表达式确定资产信息集合中每个API资产信息是否包含敏感信息,以及确定敏感信息的类型,并进行相应的标注,以更新资产信息集合中的资产信息。Then, the request parameters of each network request in the above request parameter set are matched by using a preset regular expression, and the API assets therein are parsed to obtain the above asset information set, wherein the preset regular expression is pre-configured and loaded according to the API asset aggregation rule. Finally, whether each API asset information in the asset information set contains sensitive information is determined based on the regular expression matching the sensitive information, and the type of sensitive information is determined, and corresponding annotations are performed to update the asset information in the asset information set.

表1
Table 1

可选地,在本申请实施例一提供的应用程序接口资产的管理方法中,通过预设的正则表达式确定请求参数集合中包含的应用程序接口资产,得到资产信息集合包括:采用第一正则表达式对请求参数集合中每个网络请求的目标参数进行匹配,得到第一匹配结果,其中,目标参数至少包含以下字段信息:请求域名、请求路径;在第一匹配结果指示匹配成功的情况下,确定第一匹配结果对应的第一网络请求,并生成第一网络请求的资产路径;在第一匹配结果指示匹配失败的情况下,采用多个第二正则表达式对第二网络请求的请求路径进行匹配,得到第二匹配结果,并依据第二匹配结果生成第二网络请求的资产路径,其中,第二网络请求是指请求参数集合中除第一网络请求之外的网络请求;将第一网络请求的请求类型、第一网络请求的资产路径、第二网络请求的请求类型和第二网络请求的资产路径进行组合,得到资产信息集合。Optionally, in the management method of application program interface assets provided in the first embodiment of the present application, the application program interface assets included in the request parameter set are determined by a preset regular expression, and the asset information set is obtained, including: using a first regular expression to match the target parameter of each network request in the request parameter set to obtain a first matching result, wherein the target parameter at least includes the following field information: request domain name, request path; when the first matching result indicates a successful match, determining the first network request corresponding to the first matching result, and generating the asset path of the first network request; when the first matching result indicates a failed match, using multiple second regular expressions to match the request path of the second network request to obtain a second matching result, and generating the asset path of the second network request based on the second matching result, wherein the second network request refers to the network request other than the first network request in the request parameter set; combining the request type of the first network request, the asset path of the first network request, the request type of the second network request, and the asset path of the second network request to obtain the asset information set.

在本实施例一中,第一正则表达式是根据优先级较高的聚合规则配置的正则表达式,优先级较高的聚合规则可以是根据业务需求制定的聚合规则,第一正则表达式的示例可以如表2所示,其中,规则标记值是指匹配成功后标记该网络请求的资产信息时所使用的标记值。需要注意的是,第一正则表达式的数量可以根据业务需求进行适应性的调整,在本实施例一中不做具体限制。In the first embodiment, the first regular expression is a regular expression configured according to a higher priority aggregation rule, and the higher priority aggregation rule may be an aggregation rule formulated according to business requirements. An example of the first regular expression may be shown in Table 2, wherein the rule tag value refers to the tag value used when marking the asset information of the network request after a successful match. It should be noted that the number of the first regular expressions may be adaptively adjusted according to business requirements, and is not specifically limited in the first embodiment.

多个第二正则表达式是根据不同url路径分析规则构建的多个正则表达式,用于将API资产按照不同url路径分为多类,第二正则表达式的示例可以如表3所示,其中,包含了三类url路径的聚合规则,分别对应不同的规则标记值(如表3中的“:id”、“:uuid”、“:.jpg”)。The multiple second regular expressions are multiple regular expressions constructed according to different URL path analysis rules, and are used to classify API assets into multiple categories according to different URL paths. An example of the second regular expression can be shown in Table 3, which includes aggregation rules for three types of URL paths, corresponding to different rule tag values (such as ":id", ":uuid", ":.jpg" in Table 3).

表2
Table 2

表3
Table 3

在一可选的实施例中,在解析网络请求中的API资产时,可以采用至少一个第一正则表达式与请求参数集合中每个网络请求的请求域名和请求路径(即上述的目标参数)进行匹配,若该网络请求的请求域名和请求路径与第一正则表达式匹配成功,则直接根据该网络请求的请求类型和第一正则表达式对应的规则标记值,标记当前网络请求的API资产的资产路径。若该网络请求的请求域名和请求路径与第一正则表达式未匹配成功,则采用多个第二正则表达式对该网络请求进行匹配,一旦与多个第二正则表达式中任意一个正则表达式匹配成功,则根据该网络请求的请求参数和匹配成功的第二正则表达式对应的规则标记值生成该网络请求的资产路径,若该网络请求与所有第二正则表达式均匹配不成功,则继续解析下一个网络请求。最后,根据每个网络请求的请求类型和资产路径确定每个网络请求的资产信息,得到上述的资产信息集合。In an optional embodiment, when parsing the API assets in the network request, at least one first regular expression can be used to match the request domain name and request path (i.e., the above-mentioned target parameters) of each network request in the request parameter set. If the request domain name and request path of the network request successfully match the first regular expression, the asset path of the API assets of the current network request is directly marked according to the request type of the network request and the rule tag value corresponding to the first regular expression. If the request domain name and request path of the network request do not successfully match the first regular expression, multiple second regular expressions are used to match the network request. Once it successfully matches any one of the multiple second regular expressions, the asset path of the network request is generated according to the request parameters of the network request and the rule tag value corresponding to the second regular expression that successfully matches. If the network request fails to match all the second regular expressions, the next network request is parsed. Finally, the asset information of each network request is determined according to the request type and asset path of each network request to obtain the above-mentioned asset information set.

可选地,在本申请实施例一提供的应用程序接口资产的管理方法中,采用多个第二正则表达式对第二网络请求的请求路径进行匹配,得到第二匹配结果,并依据第二匹配结果生成第二网络请求的资产路径包括:依据预设字符对每个第二网络请求的请求路径进行拆分,得到每个第二网络请求的第一路径列表;采用多个第二正则表达式对第一路径列表中的每个元素依次进行正则匹配,得到第三匹配结果,其中,多个第二正则表达式是依据不同聚合规则构建的正则表达式;在第三匹配结果指示匹配成功的情况下,采用第二预设字符串替换匹配成功的元素,得到每个第二网络请求的第二路径列表;对第二路径列表中的元素进行拼接,得到每个第二网络请求的目标路径,并依据每个第二网络请求的请求参数和每个第二网络请求的目标路径生成第二网络请求的资产路径。Optionally, in the management method of application program interface assets provided in the first embodiment of the present application, multiple second regular expressions are used to match the request path of the second network request to obtain a second matching result, and the asset path of the second network request is generated based on the second matching result, including: splitting the request path of each second network request according to preset characters to obtain a first path list for each second network request; using multiple second regular expressions to perform regular matching on each element in the first path list in turn to obtain a third matching result, wherein the multiple second regular expressions are regular expressions constructed based on different aggregation rules; when the third matching result indicates a successful match, using a second preset string to replace the successfully matched elements to obtain a second path list for each second network request; splicing the elements in the second path list to obtain a target path for each second network request, and generating the asset path of the second network request based on the request parameters of each second network request and the target path of each second network request.

在一可选的实施例中,可以采用分隔符“/”(即上述的预设字符)拆分每个第二网络请求的请求路径,将拆分后的字符串作为列表的每个元素,得到上述的每个第二网络请求的第一路径列表。然后,采用表3中包含的多个第二正则表达式与第一路径列表中的每个元素依次进行正则匹配,在某个列元素与任意一个第二正则表达式匹配成功时,采用匹配成功的第二正则表达式对应的规则标记值替换第一路径列表中匹配成功的元素,若第一路径列表中的每个元素与所有第二正则表达式均未匹配成功时,则不替换第一路径列表中的元素。最后,在每个网络请求对应的第一路径列表匹配完成后,将替换后的第一路径列表进行拼接,作为每个网络请求对应的目标路径,并以该网络请求的请求类型、请求域名和目标路径作为该网络请求的资产路径。In an optional embodiment, the delimiter "/" (i.e., the preset character mentioned above) can be used to split the request path of each second network request, and the split character string is used as each element of the list to obtain the first path list of each second network request mentioned above. Then, multiple second regular expressions contained in Table 3 are used to perform regular matching with each element in the first path list in turn. When a column element successfully matches any second regular expression, the rule mark value corresponding to the successfully matched second regular expression is used to replace the successfully matched element in the first path list. If each element in the first path list does not successfully match all second regular expressions, the element in the first path list is not replaced. Finally, after the first path list corresponding to each network request is matched, the replaced first path list is spliced as the target path corresponding to each network request, and the request type, request domain name and target path of the network request are used as the asset path of the network request.

可选地,在本申请实施例一提供的应用程序接口资产的管理方法中,通过正则表达式确定资产信息集合中存在敏感信息的第一资产信息,对第一资产信息进行标注,并更新资产信息集合中的资产信息包括:采用第三正则表达式集合对请求参数集合中的每个网络请求进行匹配,得到第三匹配结果,其中,第三正则表达式集合包含依据不同敏感信息类型构建的正则表达式的集合;在第三匹配结果指示匹配成功的情况下,在资产信息集合中确定匹配成功的网络请求对应的资产信息,得到第一资产信息;依据第三匹配结果确定第一资产信息的敏感信息类型,并采用第一资产信息的敏感信息类型更新资产信息集合。Optionally, in the management method of application interface assets provided in Example 1 of the present application, first asset information containing sensitive information in an asset information set is determined by using a regular expression, the first asset information is marked, and the asset information in the asset information set is updated, including: using a third regular expression set to match each network request in a request parameter set to obtain a third matching result, wherein the third regular expression set includes a set of regular expressions constructed based on different sensitive information types; when the third matching result indicates a successful match, determining in the asset information set the asset information corresponding to the successfully matched network request to obtain the first asset information; determining the sensitive information type of the first asset information based on the third matching result, and updating the asset information set using the sensitive information type of the first asset information.

在本实施例一中,可以根据API资产涉及的至少一种敏感信息类型配置对应的正则表达式,即上述的第三正则表达式集合,通过第三正则表达式集合中每个第三正则表达式与每个网络请求中的请求参数进行匹配,若匹配成功,则为该网络请求加上第三正则表达式对应的敏感信息标识(如表4中的规则标记值),即上述的第一资产信息,从而确定资产信息集合中每个API资产涉及敏感信息的敏感信息类型,并更新资产信息集合。其中,第三正则表达式集合中的第三正则表达式可以如表4所示。In the first embodiment, a corresponding regular expression can be configured according to at least one sensitive information type involved in the API asset, that is, the third regular expression set mentioned above, and each third regular expression in the third regular expression set is matched with the request parameters in each network request. If the match is successful, the sensitive information identifier corresponding to the third regular expression (such as the rule tag value in Table 4), that is, the first asset information mentioned above, is added to the network request, thereby determining the sensitive information type of the sensitive information involved in each API asset in the asset information set, and updating the asset information set. Among them, the third regular expression in the third regular expression set can be as shown in Table 4.

表4
Table 4

可选地,在本申请实施例一提供的应用程序接口资产的管理方法中,在通过预设的正则表达式确定请求参数集合中包含的应用程序接口资产,得到资产信息集合之前,上述的方法还包括:依据业务需求确定应用程序接口资产的聚合规则;依据聚合规则配置正则表达式,得到预设的正则表达式,并加载预设的正则表达式。Optionally, in the application interface asset management method provided in Example 1 of the present application, before determining the application interface assets included in the request parameter set through a preset regular expression to obtain the asset information set, the above method also includes: determining the aggregation rules of the application interface assets based on business needs; configuring the regular expression based on the aggregation rules to obtain the preset regular expression, and loading the preset regular expression.

在本实施例一中,为了灵活地根据业务需求调整API资产的聚合结果,可以根据业务需求灵活地配置和/或调整API的聚合规则,根据确定的聚合规则配置对应的正则表达式,即上述的预设的正则表达式(例如,上述的第一正则表达式、上述的第二正则表达式、上述的第三正则表达式),并且需要在解析网络流量数据之前,预先加载配置好的聚合规则,以便实时对采集到的网络流量数据进行解析。此外,在一可选的实施例中还可以将预设的正则表达式加载至keyby算子中,通过keyby算子可以对多个网络请求进行并行解析,从而达到了提高网络请求的处理效率的效果,进一步达到了保证管理API资产的实时性的效果。In the first embodiment of the present invention, in order to flexibly adjust the aggregation results of API assets according to business needs, the aggregation rules of the API can be flexibly configured and/or adjusted according to business needs, and the corresponding regular expressions, i.e., the above-mentioned preset regular expressions (e.g., the above-mentioned first regular expression, the above-mentioned second regular expression, the above-mentioned third regular expression) are configured according to the determined aggregation rules, and it is necessary to pre-load the configured aggregation rules before parsing the network traffic data so as to parse the collected network traffic data in real time. In addition, in an optional embodiment, the preset regular expression can also be loaded into the keyby operator, and multiple network requests can be parsed in parallel through the keyby operator, thereby achieving the effect of improving the processing efficiency of network requests, and further achieving the effect of ensuring the real-time management of API assets.

在一可选的实施例中,当业务人员需要更换聚合规则(例如,业务人员发现预设数据库中存在未聚类的API资产信息,或聚类结果错误的API资产信息)时,可以根据预设数据库中API资产信息调整解析规则,即上述的优先级较高的聚合规则,并相应的调整优先级较高的聚合规则对应的第一正则表达式,然后重新配置和加载调整后的第一正则表达式,以便后续继续对http数据流进行处理。In an optional embodiment, when business personnel need to replace the aggregation rules (for example, business personnel find that there is unclustered API asset information in the preset database, or API asset information with incorrect clustering results), the parsing rules can be adjusted according to the API asset information in the preset database, that is, the above-mentioned higher-priority aggregation rules, and the first regular expression corresponding to the higher-priority aggregation rules can be adjusted accordingly, and then the adjusted first regular expression can be reconfigured and loaded to continue processing the http data stream subsequently.

可选地,在本申请实施例一提供的应用程序接口资产的管理方法中,依据目标资产信息更新预设数据库中的资产信息包括:在目标资产信息与预设数据库中的资产信息不一致的情况下,依据目标资产信息更新预设数据库中对应的资产信息;在目标资产信息与预设数据库中的资产信息一致的情况下,在预设数据库中更新目标资产信息中对应的资产信息的时间信息。Optionally, in the application interface asset management method provided in Example 1 of the present application, updating the asset information in the preset database based on the target asset information includes: when the target asset information is inconsistent with the asset information in the preset database, updating the corresponding asset information in the preset database based on the target asset information; when the target asset information is consistent with the asset information in the preset database, updating the time information of the corresponding asset information in the target asset information in the preset database.

在本实施例一中,为了保证预设数据库中API资产信息的实时性,需要在统计到目标资产信息之后,将目标资产信息与预设数据库中保存的API资产信息进行比对,比对二者中的API资产的网络请求信息、API资产类型、数量和敏感信息类型等信息是否一致。若不一致,则依据目标资产信息更新预设数据库中的API资产信息,例如,目标资产信息中jpg类型的API资产比预设数据库中jpg类型的API资产多一个,则在预设数据库中新增该API资产,并记录更新时间;若不一致,则根据当前时刻更新预设数据库中目标资产信息包含的API资产的更新时间,以保证API资产信息的实时性。业务人员还可以根据预设数据库中更新后的资产信息调整聚合规则,并加载聚合规则,以便后续采用调整后的聚合规则解析http数据流。In the first embodiment of the present invention, in order to ensure the real-time nature of the API asset information in the preset database, it is necessary to compare the target asset information with the API asset information stored in the preset database after the target asset information is counted, and compare whether the network request information, API asset type, quantity, and sensitive information type of the API assets in the two are consistent. If not, the API asset information in the preset database is updated according to the target asset information. For example, if there is one more API asset of type jpg in the target asset information than in the preset database, the API asset is added to the preset database and the update time is recorded; if not, the update time of the API asset contained in the target asset information in the preset database is updated according to the current moment to ensure the real-time nature of the API asset information. Business personnel can also adjust the aggregation rules according to the updated asset information in the preset database, and load the aggregation rules so that the adjusted aggregation rules can be used to parse the http data stream later.

可选地,在本实施例一中,本方案实时更新API资产信息的流程可以如图2所示。首先,通过流量探针采集http数据流,对http数据流进行格式化处理,提取http数据流中每个http请求的请求参数,得到上述的请求参数集合。然后,采用优先级较高的第一正则表达式与请求参数集合中每个网络请求的请求参数进行匹配,若匹配成功则对下一个网络请求进行匹配,若匹配不成功,则采用多个第二正则表达式进行匹配,解析得到每个网络请求的资产信息,并对每个网络请求涉及敏感信息的敏感信息类型进行标注,得到上述的资产信息集合。最后,根据每个网络请求的资产信息对http数据流中的API资产进行聚合,并统计每一类资产信息涉及的敏感信息类型,得到上述的目标资产信息,依据目标资产信息更新预设数据库(如图2中的API资产库)中的API资产信息,保证数据的实时性。Optionally, in the first embodiment of the present invention, the process of updating API asset information in real time in this scheme can be shown in FIG2. First, the http data stream is collected through the flow probe, the http data stream is formatted, and the request parameters of each http request in the http data stream are extracted to obtain the above-mentioned request parameter set. Then, the first regular expression with a higher priority is used to match the request parameters of each network request in the request parameter set. If the match is successful, the next network request is matched. If the match is unsuccessful, multiple second regular expressions are used for matching, and the asset information of each network request is parsed to obtain the asset information, and the sensitive information type of each network request involving sensitive information is marked to obtain the above-mentioned asset information set. Finally, the API assets in the http data stream are aggregated according to the asset information of each network request, and the sensitive information type involved in each type of asset information is counted to obtain the above-mentioned target asset information, and the API asset information in the preset database (such as the API asset library in FIG2) is updated according to the target asset information to ensure the real-time performance of the data.

需要说明的是,在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行,并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。It should be noted that the steps shown in the flowcharts of the accompanying drawings can be executed in a computer system such as a set of computer executable instructions, and that, although a logical order is shown in the flowcharts, in some cases, the steps shown or described can be executed in an order different from that shown here.

实施例二Embodiment 2

本申请实施例二还提供了一种应用程序接口资产的管理装置,需要说明的是,本申请实施例二的应用程序接口资产的管理装置可以用于执行本申请实施例一所提供的用于应用程序接口资产的管理方法。以下对本申请实施例二提供的应用程序接口资产的管理装置进行介绍。The second embodiment of the present application also provides a management device for application program interface assets. It should be noted that the management device for application program interface assets in the second embodiment of the present application can be used to execute the management method for application program interface assets provided in the first embodiment of the present application. The management device for application program interface assets provided in the second embodiment of the present application is introduced below.

图3是根据本申请实施例二的应用程序接口资产的管理装置的示意图。如图3所示,该装置包括:提取单元301、聚合单元302、统计单元303和更新单元304。Fig. 3 is a schematic diagram of an application program interface asset management device according to the second embodiment of the present application. As shown in Fig. 3 , the device includes: an extraction unit 301 , an aggregation unit 302 , a statistics unit 303 and an update unit 304 .

具体地,提取单元301,用于在接收到网络流量数据的情况下,提取网络流量数据中每个网络请求包含的应用程序接口资产的资产信息,得到资产信息集合,其中,资产信息至少包括以下信息:资产路径、请求类型、敏感信息类型,敏感信息类型是指应用程序接口资产在包含敏感信息的情况下敏感信息的类型。Specifically, the extraction unit 301 is used to extract the asset information of the application interface assets contained in each network request in the network traffic data when the network traffic data is received, and obtain an asset information set, wherein the asset information includes at least the following information: asset path, request type, and sensitive information type, and the sensitive information type refers to the type of sensitive information when the application interface asset contains sensitive information.

聚合单元302,用于依据资产路径和请求类型对资产信息集合中的资产信息进行聚合,得到N类资产信息,其中,N是正整数。The aggregation unit 302 is used to aggregate the asset information in the asset information set according to the asset path and the request type to obtain N types of asset information, where N is a positive integer.

统计单元303,用于依据资产信息集合统计N类资产信息中每类资产信息涉及的敏感信息类型,得到目标资产信息。The statistical unit 303 is used to count the sensitive information types involved in each type of asset information in N types of asset information based on the asset information set to obtain target asset information.

更新单元304,用于依据目标资产信息更新预设数据库中的资产信息,以对网络流量数据中的应用程序接口资产进行管理,其中,预设数据库存储着应用程序接口资产的资产信息。The updating unit 304 is used to update the asset information in the preset database according to the target asset information so as to manage the application program interface assets in the network traffic data, wherein the preset database stores the asset information of the application program interface assets.

本申请实施例二提供的应用程序接口资产的管理装置,通过提取单元301在接收到网络流量数据的情况下,提取网络流量数据中每个网络请求包含的应用程序接口资产的资产信息,得到资产信息集合,其中,资产信息至少包括以下信息:资产路径、请求类型、敏感信息类型,敏感信息类型是指应用程序接口资产在包含敏感信息的情况下敏感信息的类型;聚合单元302依据资产路径和请求类型对资产信息集合中的资产信息进行聚合,得到N类资产信息,其中,N是正整数;统计单元303依据资产信息集合统计N类资产信息中每类资产信息涉及的敏感信息类型,得到目标资产信息;更新单元304依据目标资产信息更新预设数据库中的资产信息,以对网络流量数据中的应用程序接口资产进行管理,其中,预设数据库存储着应用程序接口资产的资产信息,解决了相关技术中管理网络流量数据中的应用程序接口资产时,由于网络流量数据较多,导致管理应用程序接口资产的时效性较差的问题。通过从网络流量数据中提取和聚合大量网络请求的API资产,根据聚合后的资产信息批量更新预设数据库中的API资产信息,能够提炼出关键信息,去除冗余信息,以辅助业务人员对API资产进行管理,保证了API资产信息的实时性,达到了业务人员实时管理API资产的效果,同时通过统计敏感信息类型,有利于业务人员根据敏感信息类型对API资产配置相应的安全措施,达到了保证数据安全性的效果。The second embodiment of the present application provides an application interface asset management device. When receiving network traffic data, the extraction unit 301 extracts the asset information of the application interface asset contained in each network request in the network traffic data to obtain an asset information set, wherein the asset information includes at least the following information: asset path, request type, and sensitive information type, wherein the sensitive information type refers to the type of sensitive information when the application interface asset contains sensitive information; the aggregation unit 302 aggregates the asset information in the asset information set according to the asset path and the request type to obtain N types of asset information, wherein N is a positive integer; the statistical unit 303 counts the sensitive information type involved in each type of asset information in the N types of asset information according to the asset information set to obtain target asset information; the update unit 304 updates the asset information in the preset database according to the target asset information to manage the application interface assets in the network traffic data, wherein the preset database stores the asset information of the application interface assets, and solves the problem of poor timeliness of managing application interface assets in the related art due to the large amount of network traffic data when managing application interface assets in network traffic data. By extracting and aggregating a large number of API assets requested by network traffic data, and updating the API asset information in the preset database in batches according to the aggregated asset information, it is possible to extract key information and remove redundant information to assist business personnel in managing API assets, thereby ensuring the real-time nature of API asset information and enabling business personnel to manage API assets in real time. At the same time, by counting sensitive information types, it is helpful for business personnel to configure corresponding security measures for API assets according to the sensitive information types, thereby ensuring data security.

可选地,在本申请实施例二提供的应用程序接口资产的管理装置中,上述的提取单元301包括:提取子单元,用于提取网络流量数据中每个网络请求的请求参数,得到请求参数集合,其中,请求参数至少包括以下字段信息:请求域名、请求路径、请求参数、响应参数、请求类型;第一确定子单元,用于通过预设的正则表达式确定请求参数集合中包含的应用程序接口资产,得到资产信息集合;标注子单元,用于通过正则表达式确定资产信息集合中存在敏感信息的第一资产信息,对第一资产信息进行标注,并更新资产信息集合中的资产信息。Optionally, in the application interface asset management device provided in Example 2 of the present application, the above-mentioned extraction unit 301 includes: an extraction sub-unit, used to extract request parameters of each network request in the network traffic data to obtain a request parameter set, wherein the request parameters include at least the following field information: request domain name, request path, request parameters, response parameters, request type; a first determination sub-unit, used to determine the application interface assets included in the request parameter set through a preset regular expression to obtain an asset information set; a marking sub-unit, used to determine the first asset information containing sensitive information in the asset information set through a regular expression, mark the first asset information, and update the asset information in the asset information set.

可选地,在本申请实施例二提供的应用程序接口资产的管理装置中,上述的确定子单元包括:第一匹配模块,用于采用第一正则表达式对请求参数集合中每个网络请求的目标参数进行匹配,得到第一匹配结果,其中,目标参数至少包含以下字段信息:请求域名、请求路径;第一确定模块,用于在第一匹配结果指示匹配成功的情况下,确定第一匹配结果对应的第一网络请求,并生成第一网络请求的资产路径;第二匹配模块,用于在第一匹配结果指示匹配失败的情况下,采用多个第二正则表达式对第二网络请求的请求路径进行匹配,得到第二匹配结果,并依据第二匹配结果生成第二网络请求的资产路径,其中,第二网络请求是指请求参数集合中除第一网络请求之外的网络请求;组合模块,用于将第一网络请求的请求类型、第一网络请求的资产路径、第二网络请求的请求类型和第二网络请求的资产路径进行组合,得到资产信息集合。Optionally, in the application program interface asset management device provided in Example 2 of the present application, the above-mentioned determination subunit includes: a first matching module, which is used to use a first regular expression to match the target parameter of each network request in the request parameter set to obtain a first matching result, wherein the target parameter at least includes the following field information: request domain name, request path; a first determination module, which is used to determine the first network request corresponding to the first matching result when the first matching result indicates a successful match, and generate the asset path of the first network request; a second matching module, which is used to use multiple second regular expressions to match the request path of the second network request when the first matching result indicates a failed match, and obtain a second matching result, and generate the asset path of the second network request based on the second matching result, wherein the second network request refers to the network request other than the first network request in the request parameter set; a combination module, which is used to combine the request type of the first network request, the asset path of the first network request, the request type of the second network request and the asset path of the second network request to obtain an asset information set.

可选地,在本申请实施例二提供的应用程序接口资产的管理装置中,上述的第二匹配模块包括:拆分子模块,用于依据预设字符对每个第二网络请求的请求路径进行拆分,得到每个第二网络请求的第一路径列表;匹配子模块,用于采用多个第二正则表达式对第一路径列表中的每个元素依次进行正则匹配,得到第三匹配结果,其中,多个第二正则表达式是依据不同聚合规则构建的正则表达式;替换子模块,用于在第三匹配结果指示匹配成功的情况下,采用第二预设字符串替换匹配成功的元素,得到每个第二网络请求的第二路径列表;拼接子模块,用于对第二路径列表中的元素进行拼接,得到每个第二网络请求的目标路径,并依据每个第二网络请求的请求参数和每个第二网络请求的目标路径生成第二网络请求的资产路径。Optionally, in the application program interface asset management device provided in Example 2 of the present application, the above-mentioned second matching module includes: a splitting submodule, which is used to split the request path of each second network request according to preset characters to obtain a first path list for each second network request; a matching submodule, which is used to use multiple second regular expressions to perform regular matching on each element in the first path list in turn to obtain a third matching result, wherein the multiple second regular expressions are regular expressions constructed according to different aggregation rules; a replacement submodule, which is used to replace the successfully matched elements with a second preset string when the third matching result indicates a successful match to obtain a second path list for each second network request; a splicing submodule, which is used to splice the elements in the second path list to obtain the target path of each second network request, and generate the asset path of the second network request based on the request parameters of each second network request and the target path of each second network request.

可选地,在本申请实施例二提供的应用程序接口资产的管理装置中,上述的标注子单元包括:第三匹配模块,用于采用第三正则表达式集合对请求参数集合中的每个网络请求进行匹配,得到第三匹配结果,其中,第三正则表达式集合包含依据不同敏感信息类型构建的正则表达式的集合;第二确定模块,用于在第三匹配结果指示匹配成功的情况下,在资产信息集合中确定匹配成功的网络请求对应的资产信息,得到第一资产信息;更新模块,用于依据第三匹配结果确定第一资产信息的敏感信息类型,并采用第一资产信息的敏感信息类型更新资产信息集合。Optionally, in the application interface asset management device provided in Example 2 of the present application, the above-mentioned annotation sub-unit includes: a third matching module, used to use a third regular expression set to match each network request in the request parameter set to obtain a third matching result, wherein the third regular expression set includes a set of regular expressions constructed according to different sensitive information types; a second determination module, used to determine the asset information corresponding to the successfully matched network request in the asset information set when the third matching result indicates a successful match, and obtain the first asset information; an update module, used to determine the sensitive information type of the first asset information based on the third matching result, and update the asset information set using the sensitive information type of the first asset information.

可选地,在本申请实施例二提供的应用程序接口资产的管理装置中,上述的提取单元301还包括:第二确定子单元,用于在通过预设的正则表达式确定请求参数集合中包含的应用程序接口资产,得到资产信息集合之前,依据业务需求确定应用程序接口资产的聚合规则;加载子单元,用于依据聚合规则配置正则表达式,得到预设的正则表达式,并加载预设的正则表达式。Optionally, in the application interface asset management device provided in Example 2 of the present application, the above-mentioned extraction unit 301 also includes: a second determination sub-unit, used to determine the application interface assets included in the request parameter set through a preset regular expression, and before obtaining the asset information set, determine the aggregation rules of the application interface assets according to business needs; a loading sub-unit, used to configure the regular expression according to the aggregation rule, obtain the preset regular expression, and load the preset regular expression.

可选地,在本申请实施例二提供的应用程序接口资产的管理装置中,上述的更新单元304包括:第一更新子单元,用于在目标资产信息与预设数据库中的资产信息不一致的情况下,依据目标资产信息更新预设数据库中对应的资产信息;第二更新子单元,用于在目标资产信息与预设数据库中的资产信息一致的情况下,在预设数据库中更新目标资产信息中对应的资产信息的时间信息。Optionally, in the application interface asset management device provided in Example 2 of the present application, the above-mentioned update unit 304 includes: a first update sub-unit, used to update the corresponding asset information in the preset database according to the target asset information when the target asset information is inconsistent with the asset information in the preset database; a second update sub-unit, used to update the time information of the corresponding asset information in the target asset information in the preset database when the target asset information is consistent with the asset information in the preset database.

所述应用程序接口资产的管理装置包括处理器和存储器,上述的提取单元301、聚合单元302、统计单元303和更新单元304等均作为程序单元存储在存储器中,由处理器执行存储在存储器中的上述程序单元来实现相应的功能。The management device of the application interface assets includes a processor and a memory. The above-mentioned extraction unit 301, aggregation unit 302, statistics unit 303 and update unit 304 are all stored in the memory as program units, and the processor executes the above-mentioned program units stored in the memory to realize corresponding functions.

处理器中包含内核,由内核去存储器中调取相应的程序单元。内核可以设置一个或以上,通过调整内核参数来提高管理API资产的实时性。The processor includes a kernel, which calls the corresponding program unit from the memory. One or more kernels can be set, and the real-time performance of managing API assets can be improved by adjusting kernel parameters.

存储器可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM),存储器包括至少一个存储芯片。The memory may include non-permanent memory in a computer-readable medium, in the form of random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash RAM, and the memory includes at least one memory chip.

本申请实施例三提供了一种计算机可读存储介质,其上存储有程序,该程序被处理器执行时实现应用程序接口资产的管理方法。Embodiment 3 of the present application provides a computer-readable storage medium having a program stored thereon, which implements a method for managing application program interface assets when executed by a processor.

本申请实施例四提供了一种处理器,处理器用于运行程序,其中,程序运行时执行应用程序接口资产的管理方法。Embodiment 4 of the present application provides a processor, which is used to run a program, wherein the method for managing application program interface assets is executed when the program is running.

如图4所示,本申请实施例五提供了一种电子设备,设备包括处理器、存储器及存储在存储器上并可在处理器上运行的程序,处理器执行程序时实现以下步骤:在接收到网络流量数据的情况下,提取网络流量数据中每个网络请求包含的应用程序接口资产的资产信息,得到资产信息集合,其中,资产信息至少包括以下信息:资产路径、请求类型、敏感信息类型,敏感信息类型是指应用程序接口资产在包含敏感信息的情况下敏感信息的类型;依据资产路径和请求类型对资产信息集合中的资产信息进行聚合,得到N类资产信息,其中,N是正整数;依据资产信息集合统计N类资产信息中每类资产信息涉及的敏感信息类型,得到目标资产信息;依据目标资产信息更新预设数据库中的资产信息,以对网络流量数据中的应用程序接口资产进行管理,其中,预设数据库存储着应用程序接口资产的资产信息。As shown in Figure 4, embodiment 5 of the present application provides an electronic device, the device includes a processor, a memory, and a program stored in the memory and executable on the processor, and the processor implements the following steps when executing the program: when receiving network traffic data, extract the asset information of the application interface asset contained in each network request in the network traffic data to obtain an asset information set, wherein the asset information includes at least the following information: asset path, request type, sensitive information type, and the sensitive information type refers to the type of sensitive information of the application interface asset when it contains sensitive information; aggregate the asset information in the asset information set according to the asset path and the request type to obtain N types of asset information, wherein N is a positive integer; count the sensitive information type involved in each type of asset information in the N types of asset information according to the asset information set to obtain target asset information; update the asset information in the preset database according to the target asset information to manage the application interface assets in the network traffic data, wherein the preset database stores the asset information of the application interface assets.

处理器执行程序时还实现以下步骤:提取网络流量数据中每个网络请求包含的应用程序接口资产的资产信息,得到资产信息集合包括:提取网络流量数据中每个网络请求的请求参数,得到请求参数集合,其中,请求参数至少包括以下字段信息:请求域名、请求路径、请求参数、响应参数、请求类型;通过预设的正则表达式确定请求参数集合中包含的应用程序接口资产,得到资产信息集合;通过正则表达式确定资产信息集合中存在敏感信息的第一资产信息,对第一资产信息进行标注,并更新资产信息集合中的资产信息。When the processor executes the program, the following steps are also implemented: extracting the asset information of the application interface assets contained in each network request in the network traffic data, and obtaining an asset information set including: extracting the request parameters of each network request in the network traffic data, and obtaining a request parameter set, wherein the request parameters at least include the following field information: request domain name, request path, request parameters, response parameters, and request type; determining the application interface assets contained in the request parameter set through a preset regular expression, and obtaining an asset information set; determining the first asset information containing sensitive information in the asset information set through a regular expression, marking the first asset information, and updating the asset information in the asset information set.

处理器执行程序时还实现以下步骤:通过预设的正则表达式确定请求参数集合中包含的应用程序接口资产,得到资产信息集合包括:采用第一正则表达式对请求参数集合中每个网络请求的目标参数进行匹配,得到第一匹配结果,其中,目标参数至少包含以下字段信息:请求域名、请求路径;在第一匹配结果指示匹配成功的情况下,确定第一匹配结果对应的第一网络请求,并生成第一网络请求的资产路径;在第一匹配结果指示匹配失败的情况下,采用多个第二正则表达式对第二网络请求的请求路径进行匹配,得到第二匹配结果,并依据第二匹配结果生成第二网络请求的资产路径,其中,第二网络请求是指请求参数集合中除第一网络请求之外的网络请求;将第一网络请求的请求类型、第一网络请求的资产路径、第二网络请求的请求类型和第二网络请求的资产路径进行组合,得到资产信息集合。When the processor executes the program, the following steps are also implemented: determining the application program interface assets included in the request parameter set by a preset regular expression, and obtaining the asset information set includes: using a first regular expression to match the target parameter of each network request in the request parameter set to obtain a first matching result, wherein the target parameter at least includes the following field information: request domain name, request path; when the first matching result indicates a successful match, determining the first network request corresponding to the first matching result, and generating the asset path of the first network request; when the first matching result indicates a failed match, using multiple second regular expressions to match the request path of the second network request to obtain a second matching result, and generating the asset path of the second network request based on the second matching result, wherein the second network request refers to a network request other than the first network request in the request parameter set; combining the request type of the first network request, the asset path of the first network request, the request type of the second network request, and the asset path of the second network request to obtain the asset information set.

处理器执行程序时还实现以下步骤:采用多个第二正则表达式对第二网络请求的请求路径进行匹配,得到第二匹配结果,并依据第二匹配结果生成第二网络请求的资产路径包括:依据预设字符对每个第二网络请求的请求路径进行拆分,得到每个第二网络请求的第一路径列表;采用多个第二正则表达式对第一路径列表中的每个元素依次进行正则匹配,得到第三匹配结果,其中,多个第二正则表达式是依据不同聚合规则构建的正则表达式;在第三匹配结果指示匹配成功的情况下,采用第二预设字符串替换匹配成功的元素,得到每个第二网络请求的第二路径列表;对第二路径列表中的元素进行拼接,得到每个第二网络请求的目标路径,并依据每个第二网络请求的请求参数和每个第二网络请求的目标路径生成第二网络请求的资产路径。When the processor executes the program, the following steps are also implemented: using multiple second regular expressions to match the request path of the second network request to obtain a second matching result, and generating the asset path of the second network request based on the second matching result includes: splitting the request path of each second network request according to preset characters to obtain a first path list of each second network request; using multiple second regular expressions to perform regular matching on each element in the first path list in turn to obtain a third matching result, wherein the multiple second regular expressions are regular expressions constructed according to different aggregation rules; when the third matching result indicates a successful match, using a second preset string to replace the successfully matched element to obtain a second path list of each second network request; splicing the elements in the second path list to obtain a target path of each second network request, and generating the asset path of the second network request based on the request parameters of each second network request and the target path of each second network request.

处理器执行程序时还实现以下步骤:通过正则表达式确定资产信息集合中存在敏感信息的第一资产信息,对第一资产信息进行标注,并更新资产信息集合中的资产信息包括:采用第三正则表达式集合对请求参数集合中的每个网络请求进行匹配,得到第三匹配结果,其中,第三正则表达式集合包含依据不同敏感信息类型构建的正则表达式的集合;在第三匹配结果指示匹配成功的情况下,在资产信息集合中确定匹配成功的网络请求对应的资产信息,得到第一资产信息;依据第三匹配结果确定第一资产信息的敏感信息类型,并采用第一资产信息的敏感信息类型更新资产信息集合。When the processor executes the program, the following steps are also implemented: determining the first asset information containing sensitive information in the asset information set through a regular expression, marking the first asset information, and updating the asset information in the asset information set, including: using a third regular expression set to match each network request in the request parameter set to obtain a third matching result, wherein the third regular expression set includes a set of regular expressions constructed based on different sensitive information types; when the third matching result indicates a successful match, determining the asset information corresponding to the successfully matched network request in the asset information set to obtain the first asset information; determining the sensitive information type of the first asset information based on the third matching result, and using the sensitive information type of the first asset information to update the asset information set.

处理器执行程序时还实现以下步骤:在通过预设的正则表达式确定请求参数集合中包含的应用程序接口资产,得到资产信息集合之前,上述的方法还包括:依据业务需求确定应用程序接口资产的聚合规则;依据聚合规则配置正则表达式,得到预设的正则表达式,并加载预设的正则表达式。When the processor executes the program, the following steps are also implemented: before determining the application interface assets included in the request parameter set through a preset regular expression and obtaining the asset information set, the above method also includes: determining the aggregation rules of the application interface assets based on business needs; configuring the regular expression based on the aggregation rules, obtaining the preset regular expression, and loading the preset regular expression.

处理器执行程序时还实现以下步骤:依据目标资产信息更新预设数据库中的资产信息包括:在目标资产信息与预设数据库中的资产信息不一致的情况下,依据目标资产信息更新预设数据库中对应的资产信息;在目标资产信息与预设数据库中的资产信息一致的情况下,在预设数据库中更新目标资产信息中对应的资产信息的时间信息。When the processor executes the program, the following steps are also implemented: Updating the asset information in the preset database based on the target asset information includes: when the target asset information is inconsistent with the asset information in the preset database, updating the corresponding asset information in the preset database based on the target asset information; when the target asset information is consistent with the asset information in the preset database, updating the time information of the corresponding asset information in the target asset information in the preset database.

本文中的设备可以是服务器、PC、PAD、手机等。The devices in this article can be servers, PCs, PADs, mobile phones, etc.

本申请还提供了一种计算机程序产品,当在数据处理设备上执行时,适于执行初始化有如下方法步骤的程序:在接收到网络流量数据的情况下,提取网络流量数据中每个网络请求包含的应用程序接口资产的资产信息,得到资产信息集合,其中,资产信息至少包括以下信息:资产路径、请求类型、敏感信息类型,敏感信息类型是指应用程序接口资产在包含敏感信息的情况下敏感信息的类型;依据资产路径和请求类型对资产信息集合中的资产信息进行聚合,得到N类资产信息,其中,N是正整数;依据资产信息集合统计N类资产信息中每类资产信息涉及的敏感信息类型,得到目标资产信息;依据目标资产信息更新预设数据库中的资产信息,以对网络流量数据中的应用程序接口资产进行管理,其中,预设数据库存储着应用程序接口资产的资产信息。The present application also provides a computer program product, which, when executed on a data processing device, is suitable for executing a program that is initialized with the following method steps: when network traffic data is received, extracting the asset information of the application interface assets contained in each network request in the network traffic data to obtain an asset information set, wherein the asset information includes at least the following information: asset path, request type, sensitive information type, and the sensitive information type refers to the type of sensitive information of the application interface asset when it contains sensitive information; aggregating the asset information in the asset information set according to the asset path and request type to obtain N types of asset information, wherein N is a positive integer; counting the sensitive information type involved in each type of asset information in the N types of asset information according to the asset information set to obtain target asset information; and updating the asset information in the preset database according to the target asset information to manage the application interface assets in the network traffic data, wherein the preset database stores the asset information of the application interface assets.

当在数据处理设备上执行时,还适于执行初始化有如下方法步骤的程序:提取网络流量数据中每个网络请求包含的应用程序接口资产的资产信息,得到资产信息集合包括:提取网络流量数据中每个网络请求的请求参数,得到请求参数集合,其中,请求参数至少包括以下字段信息:请求域名、请求路径、请求参数、响应参数、请求类型;通过预设的正则表达式确定请求参数集合中包含的应用程序接口资产,得到资产信息集合;通过正则表达式确定资产信息集合中存在敏感信息的第一资产信息,对第一资产信息进行标注,并更新资产信息集合中的资产信息。When executed on a data processing device, it is also suitable for executing an initialization program having the following method steps: extracting asset information of application interface assets contained in each network request in network traffic data to obtain an asset information set including: extracting request parameters of each network request in network traffic data to obtain a request parameter set, wherein the request parameters include at least the following field information: request domain name, request path, request parameters, response parameters, request type; determining the application interface assets contained in the request parameter set by a preset regular expression to obtain an asset information set; determining the first asset information containing sensitive information in the asset information set by a regular expression, marking the first asset information, and updating the asset information in the asset information set.

当在数据处理设备上执行时,还适于执行初始化有如下方法步骤的程序:通过预设的正则表达式确定请求参数集合中包含的应用程序接口资产,得到资产信息集合包括:采用第一正则表达式对请求参数集合中每个网络请求的目标参数进行匹配,得到第一匹配结果,其中,目标参数至少包含以下字段信息:请求域名、请求路径;在第一匹配结果指示匹配成功的情况下,确定第一匹配结果对应的第一网络请求,并生成第一网络请求的资产路径;在第一匹配结果指示匹配失败的情况下,采用多个第二正则表达式对第二网络请求的请求路径进行匹配,得到第二匹配结果,并依据第二匹配结果生成第二网络请求的资产路径,其中,第二网络请求是指请求参数集合中除第一网络请求之外的网络请求;将第一网络请求的请求类型、第一网络请求的资产路径、第二网络请求的请求类型和第二网络请求的资产路径进行组合,得到资产信息集合。When executed on a data processing device, it is also suitable for executing a program that is initialized with the following method steps: determining the application interface assets included in the request parameter set by a preset regular expression, and obtaining the asset information set includes: using a first regular expression to match the target parameter of each network request in the request parameter set to obtain a first matching result, wherein the target parameter at least includes the following field information: request domain name, request path; when the first matching result indicates a successful match, determining the first network request corresponding to the first matching result, and generating the asset path of the first network request; when the first matching result indicates a failed match, using multiple second regular expressions to match the request path of the second network request to obtain a second matching result, and generating the asset path of the second network request based on the second matching result, wherein the second network request refers to the network request other than the first network request in the request parameter set; combining the request type of the first network request, the asset path of the first network request, the request type of the second network request, and the asset path of the second network request to obtain the asset information set.

当在数据处理设备上执行时,还适于执行初始化有如下方法步骤的程序:采用多个第二正则表达式对第二网络请求的请求路径进行匹配,得到第二匹配结果,并依据第二匹配结果生成第二网络请求的资产路径包括:依据预设字符对每个第二网络请求的请求路径进行拆分,得到每个第二网络请求的第一路径列表;采用多个第二正则表达式对第一路径列表中的每个元素依次进行正则匹配,得到第三匹配结果,其中,多个第二正则表达式是依据不同聚合规则构建的正则表达式;在第三匹配结果指示匹配成功的情况下,采用第二预设字符串替换匹配成功的元素,得到每个第二网络请求的第二路径列表;对第二路径列表中的元素进行拼接,得到每个第二网络请求的目标路径,并依据每个第二网络请求的请求参数和每个第二网络请求的目标路径生成第二网络请求的资产路径。When executed on a data processing device, it is also suitable for executing a program that is initialized with the following method steps: using multiple second regular expressions to match the request path of the second network request to obtain a second matching result, and generating the asset path of the second network request based on the second matching result, including: splitting the request path of each second network request according to preset characters to obtain a first path list of each second network request; using multiple second regular expressions to perform regular matching on each element in the first path list in turn to obtain a third matching result, wherein the multiple second regular expressions are regular expressions constructed based on different aggregation rules; when the third matching result indicates a successful match, using a second preset string to replace the successfully matched element to obtain a second path list for each second network request; splicing the elements in the second path list to obtain a target path for each second network request, and generating the asset path of the second network request based on the request parameters of each second network request and the target path of each second network request.

当在数据处理设备上执行时,还适于执行初始化有如下方法步骤的程序:通过正则表达式确定资产信息集合中存在敏感信息的第一资产信息,对第一资产信息进行标注,并更新资产信息集合中的资产信息包括:采用第三正则表达式集合对请求参数集合中的每个网络请求进行匹配,得到第三匹配结果,其中,第三正则表达式集合包含依据不同敏感信息类型构建的正则表达式的集合;在第三匹配结果指示匹配成功的情况下,在资产信息集合中确定匹配成功的网络请求对应的资产信息,得到第一资产信息;依据第三匹配结果确定第一资产信息的敏感信息类型,并采用第一资产信息的敏感信息类型更新资产信息集合。When executed on a data processing device, it is also suitable for executing an initialization program having the following method steps: determining first asset information containing sensitive information in an asset information set through a regular expression, marking the first asset information, and updating the asset information in the asset information set, including: using a third regular expression set to match each network request in a request parameter set to obtain a third matching result, wherein the third regular expression set includes a set of regular expressions constructed based on different sensitive information types; when the third matching result indicates a successful match, determining in the asset information set the asset information corresponding to the successfully matched network request to obtain the first asset information; determining the sensitive information type of the first asset information based on the third matching result, and using the sensitive information type of the first asset information to update the asset information set.

当在数据处理设备上执行时,还适于执行初始化有如下方法步骤的程序:在通过预设的正则表达式确定请求参数集合中包含的应用程序接口资产,得到资产信息集合之前,上述的方法还包括:依据业务需求确定应用程序接口资产的聚合规则;依据聚合规则配置正则表达式,得到预设的正则表达式,并加载预设的正则表达式。When executed on a data processing device, it is also suitable for executing an initialization program having the following method steps: before determining the application interface assets included in the request parameter set through a preset regular expression and obtaining the asset information set, the above method also includes: determining the aggregation rules of the application interface assets based on business needs; configuring the regular expression based on the aggregation rules to obtain the preset regular expression, and loading the preset regular expression.

当在数据处理设备上执行时,还适于执行初始化有如下方法步骤的程序:依据目标资产信息更新预设数据库中的资产信息包括:在目标资产信息与预设数据库中的资产信息不一致的情况下,依据目标资产信息更新预设数据库中对应的资产信息;在目标资产信息与预设数据库中的资产信息一致的情况下,在预设数据库中更新目标资产信息中对应的资产信息的时间信息。When executed on a data processing device, it is also suitable for executing an initialized program having the following method steps: updating the asset information in a preset database based on target asset information, including: when the target asset information is inconsistent with the asset information in the preset database, updating the corresponding asset information in the preset database based on the target asset information; when the target asset information is consistent with the asset information in the preset database, updating the time information of the corresponding asset information in the target asset information in the preset database.

本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that the embodiments of the present application may be provided as methods, systems, or computer program products. Therefore, the present application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment in combination with software and hardware. Moreover, the present application may adopt the form of a computer program product implemented in one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) that include computer-usable program code.

本申请是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to the flowchart and/or block diagram of the method, device (system) and computer program product according to the embodiment of the present application. It should be understood that each process and/or box in the flowchart and/or block diagram, and the combination of the process and/or box in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor or other programmable data processing device to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing device produce a device for realizing the function specified in one process or multiple processes in the flowchart and/or one box or multiple boxes in the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device so that a series of operational steps are executed on the computer or other programmable device to produce a computer-implemented process, whereby the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, a computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.

存储器可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。存储器是计算机可读介质的示例。Memory may include non-permanent storage in a computer-readable medium, random access memory (RAM) and/or non-volatile memory in the form of read-only memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer readable media include permanent and non-permanent, removable and non-removable media that can be implemented by any method or technology to store information. Information can be computer readable instructions, data structures, program modules or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, compact disk read-only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, magnetic cassettes, magnetic disk storage or other magnetic storage devices or any other non-transmission media that can be used to store information that can be accessed by a computing device. As defined in this article, computer readable media does not include temporary computer readable media (transitory media), such as modulated data signals and carrier waves.

还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "comprises" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or device including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, commodity or device. In the absence of more restrictions, the elements defined by the sentence "comprises a ..." do not exclude the existence of other identical elements in the process, method, commodity or device including the elements.

本领域技术人员应明白,本申请的实施例可提供为方法、系统或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that the embodiments of the present application may be provided as methods, systems or computer program products. Therefore, the present application may adopt the form of a complete hardware embodiment, a complete software embodiment or an embodiment in combination with software and hardware. Moreover, the present application may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) that contain computer-usable program code.

以上仅为本申请的实施例而已,并不用于限制本申请。对于本领域技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本申请的权利要求范围之内。The above are only embodiments of the present application and are not intended to limit the present application. For those skilled in the art, the present application may have various changes and variations. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included within the scope of the claims of the present application.

Claims (10)

一种应用程序接口资产的管理方法,包括:A method for managing application program interface assets, comprising: 在接收到网络流量数据的情况下,提取所述网络流量数据中每个网络请求包含的应用程序接口资产的资产信息,得到资产信息集合,其中,所述资产信息至少包括以下信息:资产路径、请求类型、敏感信息类型,所述敏感信息类型是指所述应用程序接口资产在包含敏感信息的情况下所述敏感信息的类型;When network traffic data is received, asset information of the application program interface asset contained in each network request in the network traffic data is extracted to obtain an asset information set, wherein the asset information includes at least the following information: asset path, request type, and sensitive information type, wherein the sensitive information type refers to the type of sensitive information when the application program interface asset contains sensitive information; 依据所述资产路径和所述请求类型对所述资产信息集合中的资产信息进行聚合,得到N类资产信息,其中,N是正整数;Aggregating the asset information in the asset information set according to the asset path and the request type to obtain N types of asset information, where N is a positive integer; 依据所述资产信息集合统计所述N类资产信息中每类资产信息涉及的所述敏感信息类型,得到目标资产信息;According to the asset information set, the sensitive information type involved in each type of asset information in the N types of asset information is counted to obtain target asset information; 依据所述目标资产信息更新预设数据库中的资产信息,以对所述网络流量数据中的应用程序接口资产进行管理,其中,所述预设数据库存储着所述应用程序接口资产的资产信息。The asset information in a preset database is updated according to the target asset information to manage the application program interface assets in the network traffic data, wherein the preset database stores the asset information of the application program interface assets. 根据权利要求1所述的方法,其中提取所述网络流量数据中每个网络请求包含的应用程序接口资产的资产信息,得到资产信息集合包括:The method according to claim 1, wherein extracting the asset information of the application program interface asset contained in each network request in the network traffic data to obtain the asset information set comprises: 提取所述网络流量数据中每个网络请求的请求参数,得到请求参数集合,其中,所述请求参数至少包括以下字段信息:请求域名、请求路径、请求参数、响应参数、所述请求类型;Extracting request parameters of each network request in the network traffic data to obtain a request parameter set, wherein the request parameters at least include the following field information: request domain name, request path, request parameters, response parameters, and the request type; 通过预设的正则表达式确定所述请求参数集合中包含的应用程序接口资产,得到资产信息集合;Determine the application program interface assets included in the request parameter set by using a preset regular expression to obtain an asset information set; 通过所述正则表达式确定所述资产信息集合中存在敏感信息的第一资产信息,对所述第一资产信息进行标注,并更新所述资产信息集合中的资产信息。The first asset information containing sensitive information in the asset information set is determined by using the regular expression, the first asset information is marked, and the asset information in the asset information set is updated. 根据权利要求2所述的方法,其中通过预设的正则表达式确定所述请求参数集合中包含的应用程序接口资产,得到资产信息集合包括:The method according to claim 2, wherein determining the application program interface assets included in the request parameter set by a preset regular expression to obtain the asset information set comprises: 采用第一正则表达式对所述请求参数集合中每个网络请求的目标参数进行匹配,得到第一匹配结果,其中,所述目标参数至少包含以下字段信息:所述请求域名、所述请求路径;A first regular expression is used to match the target parameter of each network request in the request parameter set to obtain a first matching result, wherein the target parameter at least includes the following field information: the request domain name and the request path; 在所述第一匹配结果指示匹配成功的情况下,确定所述第一匹配结果对应的第一网络请求,并生成所述第一网络请求的所述资产路径;If the first matching result indicates a successful match, determining a first network request corresponding to the first matching result, and generating the asset path of the first network request; 在所述第一匹配结果指示匹配失败的情况下,采用多个第二正则表达式对第二网络请求的所述请求路径进行匹配,得到第二匹配结果,并依据所述第二匹配结果生成所述第二网络请求的所述资产路径,其中,所述第二网络请求是指所述请求参数集合中除所述第一网络请求之外的网络请求;When the first matching result indicates a matching failure, multiple second regular expressions are used to match the request path of the second network request to obtain a second matching result, and the asset path of the second network request is generated according to the second matching result, wherein the second network request refers to a network request other than the first network request in the request parameter set; 将所述第一网络请求的所述请求类型、所述第一网络请求的所述资产路径、所述第二网络请求的所述请求类型和所述第二网络请求的资产路径进行组合,得到所述资产信息集合。The request type of the first network request, the asset path of the first network request, the request type of the second network request, and the asset path of the second network request are combined to obtain the asset information set. 根据权利要求3所述的方法,其中采用多个第二正则表达式对第二网络请求的所述请求路径进行匹配,得到第二匹配结果,并依据所述第二匹配结果生成所述第二网络请求的所述资产路径包括:According to the method of claim 3, wherein using a plurality of second regular expressions to match the request path of the second network request to obtain a second matching result, and generating the asset path of the second network request according to the second matching result comprises: 依据预设字符对每个第二网络请求的所述请求路径进行拆分,得到每个第二网络请求的第一路径列表;Splitting the request path of each second network request according to preset characters to obtain a first path list of each second network request; 采用所述多个第二正则表达式对所述第一路径列表中的每个元素依次进行正则匹配,得到第三匹配结果,其中,所述多个第二正则表达式是依据不同聚合规则构建的正则表达式;Using the multiple second regular expressions to perform regular matching on each element in the first path list in turn to obtain a third matching result, wherein the multiple second regular expressions are regular expressions constructed according to different aggregation rules; 在所述第三匹配结果指示匹配成功的情况下,采用第二预设字符串替换匹配成功的元素,得到每个第二网络请求的第二路径列表;When the third matching result indicates a successful match, the second preset character string is used to replace the successfully matched element to obtain a second path list for each second network request; 对所述第二路径列表中的元素进行拼接,得到每个第二网络请求的目标路径,并依据每个第二网络请求的请求参数和每个第二网络请求的目标路径生成所述第二网络请求的所述资产路径。The elements in the second path list are concatenated to obtain the target path of each second network request, and the asset path of the second network request is generated according to the request parameters of each second network request and the target path of each second network request. 根据权利要求2所述的方法,其中通过所述正则表达式确定所述资产信息集合中存在敏感信息的第一资产信息,对所述第一资产信息进行标注,并更新所述资产信息集合中的资产信息包括:The method according to claim 2, wherein determining the first asset information containing sensitive information in the asset information set by the regular expression, marking the first asset information, and updating the asset information in the asset information set comprises: 采用第三正则表达式集合对所述请求参数集合中的每个网络请求进行匹配,得到第三匹配结果,其中,所述第三正则表达式集合包含依据不同敏感信息类型构建的正则表达式的集合;Using a third regular expression set to match each network request in the request parameter set to obtain a third matching result, wherein the third regular expression set includes a set of regular expressions constructed according to different sensitive information types; 在所述第三匹配结果指示匹配成功的情况下,在所述资产信息集合中确定匹配成功的网络请求对应的资产信息,得到所述第一资产信息;If the third matching result indicates a successful match, determine the asset information corresponding to the successfully matched network request in the asset information set to obtain the first asset information; 依据所述第三匹配结果确定所述第一资产信息的敏感信息类型,并采用所述第一资产信息的敏感信息类型更新所述资产信息集合。The sensitive information type of the first asset information is determined according to the third matching result, and the asset information set is updated using the sensitive information type of the first asset information. 根据权利要求2所述的方法,其中在通过预设的正则表达式确定所述请求参数集合中包含的应用程序接口资产,得到资产信息集合之前,所述方法还包括:The method according to claim 2, wherein before determining the application program interface assets included in the request parameter set by using a preset regular expression to obtain the asset information set, the method further comprises: 依据业务需求确定所述应用程序接口资产的聚合规则;Determine aggregation rules for the application program interface assets according to business requirements; 依据所述聚合规则配置正则表达式,得到所述预设的正则表达式,并加载所述预设的正则表达式。A regular expression is configured according to the aggregation rule to obtain the preset regular expression, and the preset regular expression is loaded. 根据权利要求1所述的方法,其中依据所述目标资产信息更新预设数据库中的资产信息包括:The method according to claim 1, wherein updating the asset information in the preset database according to the target asset information comprises: 在所述目标资产信息与所述预设数据库中的资产信息不一致的情况下,依据所述目标资产信息更新所述预设数据库中对应的资产信息;When the target asset information is inconsistent with the asset information in the preset database, updating the corresponding asset information in the preset database according to the target asset information; 在所述目标资产信息与所述预设数据库中的资产信息一致的情况下,在所述预设数据库中更新所述目标资产信息中对应的资产信息的时间信息。When the target asset information is consistent with the asset information in the preset database, the time information of the corresponding asset information in the target asset information is updated in the preset database. 一种应用程序接口资产的管理装置,包括:A management device for application program interface assets, comprising: 提取单元,用于在接收到网络流量数据的情况下,提取所述网络流量数据中每个网络请求包含的应用程序接口资产的资产信息,得到资产信息集合,其中,所述资产信息至少包括以下信息:资产路径、请求类型、敏感信息类型,所述敏感信息类型是指所述应用程序接口资产在包含敏感信息的情况下所述敏感信息的类型;The extraction unit is used to extract the asset information of the application program interface asset contained in each network request in the network flow data when the network flow data is received, and obtain an asset information set, wherein the asset information at least includes the following information: asset path, request type, sensitive information type, and the sensitive information type refers to the type of sensitive information when the application program interface asset contains sensitive information; 聚合单元,用于依据所述资产路径和所述请求类型对所述资产信息集合中的资产信息进行聚合,得到N类资产信息,其中,N是正整数;an aggregation unit, configured to aggregate the asset information in the asset information set according to the asset path and the request type to obtain N types of asset information, where N is a positive integer; 统计单元,用于依据所述资产信息集合统计所述N类资产信息中每类资产信息涉及的所述敏感信息类型,得到目标资产信息;A statistical unit, configured to count the sensitive information type involved in each type of asset information in the N types of asset information according to the asset information set, to obtain target asset information; 更新单元,用于依据所述目标资产信息更新预设数据库中的资产信息,以对所述网络流量数据中的应用程序接口资产进行管理,其中,所述预设数据库存储着所述应用程序接口资产的资产信息。An updating unit is used to update the asset information in a preset database according to the target asset information so as to manage the application program interface assets in the network traffic data, wherein the preset database stores the asset information of the application program interface assets. 一种计算机可读存储介质,所述计算机可读存储介质包括存储的计算机程序,其中,在所述计算机程序运行时控制所述计算机可读存储介质所在设备执行权利要求1至7中任意一项所述的应用程序接口资产的管理方法。A computer-readable storage medium, the computer-readable storage medium comprising a stored computer program, wherein when the computer program is running, the device where the computer-readable storage medium is located is controlled to execute the method for managing application program interface assets as described in any one of claims 1 to 7. 一种电子设备,包括一个或多个处理器和存储器,所述存储器用于存储一个或多个程序,其中,当所述一个或多个程序被所述一个或多个处理器执行时,使得所述一个或多个处理器实现权利要求1至7中任意一项所述的应用程序接口资产的管理方法。An electronic device comprises one or more processors and a memory, wherein the memory is used to store one or more programs, wherein when the one or more programs are executed by the one or more processors, the one or more processors implement the method for managing application program interface assets as described in any one of claims 1 to 7.
PCT/CN2024/135609 2024-01-16 2024-11-29 Application programming interface asset management method and apparatus, and electronic device Pending WO2025152628A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202410064470.8A CN117892348A (en) 2024-01-16 2024-01-16 Application program interface asset management method, device and electronic device
CN202410064470.8 2024-01-16

Publications (1)

Publication Number Publication Date
WO2025152628A1 true WO2025152628A1 (en) 2025-07-24

Family

ID=90642456

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2024/135609 Pending WO2025152628A1 (en) 2024-01-16 2024-11-29 Application programming interface asset management method and apparatus, and electronic device

Country Status (2)

Country Link
CN (1) CN117892348A (en)
WO (1) WO2025152628A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117892348A (en) * 2024-01-16 2024-04-16 天翼电子商务有限公司 Application program interface asset management method, device and electronic device
CN118368236B (en) * 2024-05-15 2024-12-31 北京火山引擎科技有限公司 Method for discovering interface resources and related equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109167799A (en) * 2018-11-06 2019-01-08 北京华顺信安科技有限公司 A kind of vulnerability monitoring detection system for intelligent network information system
US20190297055A1 (en) * 2018-03-26 2019-09-26 Fortinet, Inc. Automated learning of externally defined network assets by a network security device
CN116170331A (en) * 2023-04-23 2023-05-26 远江盛邦(北京)网络安全科技股份有限公司 API asset management method, device, electronic equipment and storage medium
CN116738369A (en) * 2023-06-27 2023-09-12 恒安嘉新(北京)科技股份公司 Traffic data classification method, device, equipment and storage medium
CN117892348A (en) * 2024-01-16 2024-04-16 天翼电子商务有限公司 Application program interface asset management method, device and electronic device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190297055A1 (en) * 2018-03-26 2019-09-26 Fortinet, Inc. Automated learning of externally defined network assets by a network security device
CN109167799A (en) * 2018-11-06 2019-01-08 北京华顺信安科技有限公司 A kind of vulnerability monitoring detection system for intelligent network information system
CN116170331A (en) * 2023-04-23 2023-05-26 远江盛邦(北京)网络安全科技股份有限公司 API asset management method, device, electronic equipment and storage medium
CN116738369A (en) * 2023-06-27 2023-09-12 恒安嘉新(北京)科技股份公司 Traffic data classification method, device, equipment and storage medium
CN117892348A (en) * 2024-01-16 2024-04-16 天翼电子商务有限公司 Application program interface asset management method, device and electronic device

Also Published As

Publication number Publication date
CN117892348A (en) 2024-04-16

Similar Documents

Publication Publication Date Title
US11711420B2 (en) Automated management of resource attributes across network-based services
US11546380B2 (en) System and method for creation and implementation of data processing workflows using a distributed computational graph
US20230216739A1 (en) Systems and Methods for Configuration Verification Across Secured Network Boundaries
US9996565B2 (en) Managing an index of a table of a database
US10592474B2 (en) Processing log files using a database system
US9647922B2 (en) Computer implemented methods and apparatus for trials onboarding
US10223329B2 (en) Policy based data collection, processing, and negotiation for analytics
US12225049B2 (en) System and methods for integrating datasets and automating transformation workflows using a distributed computational graph
US10122788B2 (en) Managed function execution for processing data streams in real time
US9996596B2 (en) Managing a table of a database
CN114640713B (en) Data access monitoring and control
WO2025152628A1 (en) Application programming interface asset management method and apparatus, and electronic device
US10397051B1 (en) Configuration and testing of network-based service platform resources using a service platform specific language
CN111736775A (en) Multi-source storage method, device, computer system and storage medium
US10951540B1 (en) Capture and execution of provider network tasks
US10182104B1 (en) Automatic propagation of resource attributes in a provider network according to propagation criteria
US20170078361A1 (en) Method and System for Collecting Digital Media Data and Metadata and Audience Data
US11243756B1 (en) Extensible resource compliance management
US11711314B1 (en) Grouping resource metadata tags
US20250265049A1 (en) Systems, Methods, And Devices for Automatic Application Programming Interface Model Generation Based on Network Traffic
CN112511515B (en) Chain number cube for data chaining
US20110282980A1 (en) Dynamic protection of a resource during sudden surges in traffic
US20210089556A1 (en) Asynchronous row to object enrichment of database change streams
US11656972B1 (en) Paginating results obtained from separate programmatic interfaces
CN115842818A (en) Big data transmission method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24918236

Country of ref document: EP

Kind code of ref document: A1