CN109086606A - A kind of program bug method for digging, device, terminal and storage medium - Google Patents

Abstract

The present invention relates to a kind of program bug method for digging, device, terminal and storage mediums, which comprises selects corresponding policy template according to test target；Test case is generated according to the policy template, wherein the generation test case includes generating interface testing use-case, generate data relationship test case and generating data flow test case；The test case is injected into the test target, the test target is tested, and the log in test process is saved；Reproduction script is generated according to the policy template and the log.The present invention can accurately and efficiently have found the security breaches in program code, improve code safety and reliability, while improving the efficiency and quality of bug excavation.

Description

A kind of program bug method for digging, device, terminal and storage medium

Technical field

The present invention relates to computer security technical field more particularly to a kind of program bug method for digging, device, terminal and Storage medium.

Background technique

Loophole is the trigger point that non-secure domains are switched to by security domain, i.e., leads in computer safety field because design is inconsiderate Defect existing for the system or software of cause, so as to so that attacker accesses in the case where unauthorized or destroy system.Leakage Hole is static, passively, but can trigger.Bug excavation refers to the exploration to unknown loophole, the various technologies of integrated application And tool, the potential loophole in software is found out as much as possible.

Common bug excavation technology includes client layer and inner nuclear layer both direction.Existing client layer bug excavation technology Main target be widely used user software, such as web browser, office office software and outlook mailbox software Deng.The main target of existing inner nuclear layer bug excavation technology is operating system kernel layer, file system layer and network layer etc..

Most of current bug excavation scheme is the analysis for client layer software, there is a small number of schemes for being directed to inner nuclear layer Also it is difficult to cover figure library, main cause is shape library and is not belonging to the system core, it is easily ignored, it realizes and compares again Complexity, the prior art deeply can not be tested effectively.

Summary of the invention

Technical problem to be solved by the present invention lies in provide a kind of program bug method for digging, device, terminal and storage Medium can accurately and efficiently find the security breaches in program code, improve code safety.

In order to solve the above-mentioned technical problem, in a first aspect, the present invention provides a kind of program bug method for digging, comprising:

Corresponding policy template is selected according to test target；

Test case is generated according to the policy template, wherein the generation test case includes generating interface testing to use Example generates data relationship test case and generates data flow test case；

The test case is injected into the test target, the test target is tested, and to testing Log in journey is saved；

Reproduction script is generated according to the policy template and the log.

Second aspect, the present invention provides a kind of program bug excavating gears, comprising:

Policy template selecting module, for selecting corresponding policy template according to test target；

Test cases technology module, for generating test case according to the policy template, wherein the test case is raw It include interface testing use-case generation module, relation test use-case generation module and data current test use-case generation module at module；

Testing execution module, for the test case to be injected into the test target, to the test target into Row test, and the log in test process is saved；

Script use-case recurrent modules, for generating reproduction script according to the policy template and the log.

The third aspect, the present invention provides a kind of terminals, comprising:

Processor and memory, wherein the processor is used to calling and executing the program stored in the memory, For storing program, described program is used for the memory:

Corresponding policy template is selected according to test target；

Test case is generated according to the policy template, wherein the generation test case includes generating interface testing to use Example generates data relationship test case and generates data flow test case；

The test case is injected into the test target, the test target is tested, and to testing Log in journey is saved；

Reproduction script is generated according to the policy template and the log.

Fourth aspect, the present invention provides a kind of computer storage medium, being stored with computer in the storage medium can It executes instruction, the computer executable instructions are loaded by processor and execute following steps:

Corresponding policy template is selected according to test target；

Test case is generated according to the policy template, wherein the generation test case includes generating interface testing to use Example generates data relationship test case and generates data flow test case；

The test case is injected into the test target, the test target is tested, and to testing Log in journey is saved；

Reproduction script is generated according to the policy template and the log.

The implementation of the embodiments of the present invention has the following beneficial effects:

The present invention generates corresponding test case according to test target selection strategy template, and according to policy template, wherein The test case includes generating interface testing use-case, generate data relationship test case and generating data flow test case；Again The test case of generation is injected into test target and is tested, and the log in test process is saved；Last root Reproduction script is generated according to policy template and log.The present invention can accurately and efficiently have found the security breaches in program code, mention High code safety and reliability, while improving the efficiency and quality of bug excavation；It is provided by the invention to be based on interface, data The bug excavation technology of relationship and data flow solves the difficulty that traditional bug excavation technology is difficult to all kinds of program bugs detected Topic.

Detailed description of the invention

To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this For the those of ordinary skill of field, without creative efforts, it can also be obtained according to these attached drawings others Attached drawing.

Fig. 1 is bug excavation implement scene schematic diagram provided in an embodiment of the present invention；

Fig. 2 is a kind of schematic diagram of client layer bug excavation method provided in an embodiment of the present invention；

Fig. 3 is a kind of schematic diagram of inner nuclear layer bug excavation method provided in an embodiment of the present invention；

Fig. 4 is a kind of circuit theory schematic diagram of bug excavation technology provided in an embodiment of the present invention；

Fig. 5 is a kind of flow diagram of program bug method for digging provided in an embodiment of the present invention；

Fig. 6 is that interface testing use-case provided in an embodiment of the present invention generates schematic diagram；

Fig. 7 is that relation test use-case provided in an embodiment of the present invention generates schematic diagram；

Fig. 8 is data flow Test cases technology schematic diagram provided in an embodiment of the present invention；

Fig. 9 is the flow diagram of another program bug method for digging provided in an embodiment of the present invention；

Figure 10 is a kind of schematic diagram of program bug excavating gear provided in an embodiment of the present invention；

Figure 11 is interface testing use-case generation module schematic diagram provided in an embodiment of the present invention；

Figure 12 is relation test use-case generation module schematic diagram provided in an embodiment of the present invention；

Figure 13 is data flow Test cases technology module diagram provided in an embodiment of the present invention；

Figure 14 is a kind of structural schematic diagram of terminal provided in an embodiment of the present invention.

Specific embodiment

To make the object, technical solutions and advantages of the present invention clearer, the present invention is made into one below in conjunction with attached drawing Step ground detailed description.Obviously, described embodiment is only a part of the embodiments of the present invention, rather than whole implementation Example.Based on the embodiments of the present invention, those of ordinary skill in the art are obtained without making creative work Every other embodiment, shall fall within the protection scope of the present invention.

It lays down a definition first to noun involved in the embodiment of the present invention.

Scripting language: the language or dynamic language for the enlarging that is otherwise known as are a kind of programming languages, for controlling software The program of application, script usually with text (such as ASCII) preservation, are only explained or are compiled when called.

Shape library: being a program library for rendering computers figure over the display.Generally provide one group of execution The function of Rendering operations, the class method can usually operate on CPU completely, also can use GPU (Graphics Processing Unit, graphics processor) carry out it is hardware-accelerated.Since the realization of this class method usually requires (to show with hardware Card) interaction, therefore have higher execution permission (interior Nuclear Authorization), if there is defect, gently then system crash is heavy then can be disliked Main body of anticipating utilizes, and causes safety accident.

Security breaches: computer information system is durings demand, design, realization, configuration, operation etc., intentionally or accidentally The defect of generation.These defects are present in different forms among the at all levels and link of computer information system, once It is utilized, the safety of computer information system will be damaged, to influence computer information system by malice main body It operates normally.

Bug excavation method: its code is solved using the methods of debugging, test, manual audit for target program Analysis, thus achieve the purpose that find its present in security breaches.

Bug excavation device: being directed to target program, using computer automation technology, carries out automatic vulnerability digging to its code A kind of device of pick finds safety leakage its main feature is that can use the efficient implementation capacity of computer in the case where unattended Hole.

The program of program bug meaning in the present invention includes but is not limited to various system softwares, APP application (Application, application program) and various kinds of equipment driving etc..

Program bug method for digging of the invention can directly run on single computer unit, such as personal computer, service On device equipment or the computer platform of cloud simulation.

Referring to Figure 1, it illustrates a kind of implement scene schematic diagram of the invention, in the scene, entire bug excavation mistake Journey is realized in host, and test target is mounted in host, passes through number required for external input test command and test According to testing test target, and output test result, test result provides effective help for the subsequent analysis loophole origin cause of formation.

Fig. 2 is referred to, it illustrates a kind of client layer bug excavation method schematic diagrames, for different software, repeatedly The lopsided sample that such software can be used is constructed, and runs and detects whether to will appear exception, then carries out abnormal collect Genetic analysis specifically includes:

S210. lopsided sample is constructed.

Here constructing lopsided sample it is abnormal can to generate according to certain rules a batch based on a normal file template Shape sample.

S220. the lopsided sample is sent into target software.

S230. when the lopsided sample is received by the target software, the target software is run.

S240. detect whether the target software exception occurs.

S250. when not occurring abnormal, next lopsided sample is obtained, and return to step S220, it will be next Lopsided sample is sent into the target software.

S260. when occurring abnormal, record currently leads to abnormal lopsided sample and exception information.

The exception information of record may include buffer status, stack state etc..Staff can according to these exception informations, into The analysis of one step leads to whether the reason of generating current erroneous and current loophole can be utilized.

Fig. 3 is referred to, it illustrates a kind of inner nuclear layer bug excavation method schematic diagrames, by constructing lopsided file, deformity Network packet and random Interface parameter record kernel exception by system crash log to test inner nuclear layer, And it is parsed into because specifically including:

S310. lopsided data are constructed.

S320. the lopsided data are imported into goal systems module and operating system program.

S330. whether detection system collapses.

S340. when there is not system crash, next group of deformity data are obtained, and return to step S320.

S350. when detecting system crash, system crash log is saved.

In the present embodiment, by taking the bug excavation of shape library as an example, for the bug excavation of the program codes of shape library, The above-mentioned client layer bug excavation technology of the present embodiment and inner nuclear layer bug excavation technology have the defects that certain.

The characteristics of bug excavation technology of client layer, is:

1. although there are figure library in client layer, the code safety of shape library is even more important in kernel, only Inner nuclear layer can not be effectively touched by client layer test.

2. shape library is not some application software, it is the base library of application software, sometimes be only some module or certain A function, since lopsided sample is to act on entire application software, the module being related to is numerous, therefore is difficult precisely to touch shape library Target causes a large amount of invalid tests.

3. the realization due to shape library is complicated, building sample difficulty is big, often generates invalid sample.

Therefore, client layer bug excavation technology can not realize effective bug excavation for figure bank code.

The characteristics of bug excavation technology of inner nuclear layer, is:

1. the substrate for generalling use similar C language writes loophole since inner nuclear layer service belongs to underlying services Test program, so that sample and record sample can not be quickly generated easily, often a change just needs to recompilate.And scheme Complexity is realized in shape library, needs often to change measurement direction, is thus difficult to realize automation.

2. the realization due to shape library is complicated, it is layering, data format is underground, and kernel interface format is underground, Therefore existing test method can not generate effective test data, if being extremely difficult to effective coverage again using random value.

3. kernel test method the particularity for not considering shape library, incompatible with shape library data and interface.

4. the journal function of the bug excavation technology of inner nuclear layer is complicated, reduction reproduction is inconvenient.

The embodiment of the invention provides a kind of bug excavation technologies to pass through order line on the basis of the signal of the scene of Fig. 1 Policy template is passed to host by form, and the output of test result is then provided in a manner of reappearing script, has recorded triggering loophole When use case script and system crash dump file, provide effective help for the subsequent analysis loophole origin cause of formation.One kind being based on shape library The frame construction drawing of bug excavation technology can be found in Fig. 4, including ccf layer and two layers of application layer design.

Application layer mainly realizes bug excavation method provided by the invention, wherein specifically comprising shape library interface data, The information of shape library data relationship, shape library data flow, and the policy template of tester's offer is stored, and provide pair It is complicated in relationship, the support of data tuning, while application layer can have flexible scalability with frame seamless connection, it can Different graphic library is targetedly tested, is described as follows:

Shape library interface data, data relationship, data flow: this data is the base of shape library bug excavation method in this programme Plinth.

Policy template: when strategy refers to test graphics library, the selection of test data and test interface, since shape library is realized Complexity only can not cover all modules by a kind of strategy, therefore policy template provides flexible extension side for tester Method.

Data relationship complicates: the variation of data relationship can influence the execution route of figure bank code, and relationship is more complicated The potential problem of shape library may be more triggered, the support complicated to relationship is thus provided.

Data tuning: when carrying out figure library test, many test datas are invalid, if without tuning, meeting The plenty of time is wasted in invalid test, therefore data tuning can be carried out according to test result.Specifically, it is once being surveyed excessively After examination, it is found that certain data lead to test invalidation in the presence of significantly unreasonable, then when testing again, need the part number It is removed according to from test data.

Ccf layer provides general utility functions and the basic-level support of bug excavation device, light weight and cross-platform, makes the dress Set and had multiple functions, for example, abnormal monitoring, heat update policy template, be restarted automatically, script reproduction etc. functions.

Fig. 5 is referred to, it illustrates a kind of program bug method for digging, can be directed to the characteristic of shape library, and support is based on The bug excavation frame of script realizes that the validity test to shape library, this method specifically include:

S510. corresponding policy template is selected according to test target.

Before test, it needs to select suitable policy template according to test target, to prevent testing in vain.Here test Target can be figure bank interface, shape library data relationship or shape library data flow, and different test targets corresponds to different Policy template.For three test targets mentioned above, they can be tested simultaneously, it can also be only individually to wherein One tested, in the actual operation process, can determine test target according to actual test demand.

S520. test case is generated according to the policy template, wherein the generation test case includes generating interface to survey Example, generation data relationship test case and generation data flow test case on probation.

It here can be according to policy template Mass production test case, to improve the Test coverage face to target.

Figure bank interface is and realizes the test for being connected directly, therefore being directed to interface inside shape library, is most directly to have The mode of effect, the generation interface testing use-case include:

S610. interface data is constructed, the interface data is generated according to preset standard.

It needs to generate according to the service interface customization of shape library, because of shape library complex interfaces, data controlled range is big, such as It is pure to generate a large amount of invalid datas with chance.

S620. randomizing data is carried out to the interface data generated according to preset standard.

For comprehensive test graphics library, all kinds of lopsided data are needed, therefore will data as much as possible on the basis of customization Randomization, the range that widens one's influence and depth.

S630. classification assembling carried out to the interface, and according to preset logic to the interface after the classification assembling into Row sequence.

Since shape library interface quantity is more, close relation, logic is obstructed if random sequence, and effective calling is not achieved, Therefore it needs to carry out classification assembling to interface, be ranked up according to shape library logic.

S640. sequence randomization is carried out to the execution sequence of the interface.

For comprehensive test graphics library, single execution sequence is certainly insufficient, therefore to use up on the basis of logically true Possible sequence randomization, expands test scope and depth.

Data structure is complicated in shape library, therefore constructs the data structure of multiplicity and combine complicated data relationship and can have The triggering loophole of effect, the generation data relationship test case include:

S710. relation data is constructed, the relation data is generated according to preset standard.

S720. relation data randomization is carried out to the relation data.

Purpose based on test needs on the basis of relationship is accurate, is randomized, could survey comprehensively to content as far as possible Examination.

S730. classify to the relationship.

Shape library has many relationships, is associated with difference according to the difference of module between relationship, it is therefore necessary to relationship Classify, and then can more targeted test.

S740. on the basis of fundamental relation is correct, relationship complication is carried out to the relationship.

It needs that shape library data relationship standard is relied on to formulate, for example point constitutes line, line constitutes face, this set membership is not Can be chaotic, and the variation of relationship will affect figure bank code and execute logic, it is therefore desirable on the basis of relationship is correct as far as possible Complicated, such as the combination of point-line-surface, color bleeding etc..

Either shape library or other programs, data flow be it is essential, the wider the trend of data flow the deeper, energy The more execution routes of trigger, it is therefore desirable to which there is the method for digging for shape library data flow, the generation data flow Test case includes:

S810. data flow is constructed, the data flow is generated according to preset standard.

S820. the data flow in last test is analyzed, to obtain the trend of the data flow.

After having carried out a data test, need to carry out data-flow analysis, most common is the method using manual intervention It is debugged, analyzes data trend.In addition it can use software automation analysis, common mode is code pitching pile or dynamic The technologies such as injection.

S830. the optimization of row data range is flowed into current data according to the reachable path of current data stream.

After analyzing data flow, range optimization can be carried out to shape library data according to the reachable path currently flowed, expand number According to the lateral extent of stream, increase covering surface, it is made to have wider deeper flow direction.

S840. row data depth optimization is flowed into current data according to the reachable path of the data flow.

After analyzing data flow, depth optimization, increase pair can be carried out to shape library data according to the reachable path currently flowed The depth test of target.

S530. the test case is injected into the test target, the test target is tested, and to survey Log during examination is saved.

S540. reproduction script is generated according to the policy template and the log.

Specifically, during the test, it when abnormal collapse occurs in shape library, needs the log to abnormal conditions and is System crashdump file is saved, and is restored to case script, it is ensured that when mistake occurs for shape library, is saved in time existing , guarantee is provided for the reproduction of subsequent loophole and loophole genetic analysis.

After being saved to the scene for being abnormal situation, according to files such as policy template and logs to triggering shape library leakage The script in hole is restored according to the format of regulation, generates reproducible script.

Fig. 9 is referred to, it illustrates a kind of program bug method for digging flow diagrams, comprising:

S910. policy template is updated according to the testing requirement remote thermal of the test target.

Without updating policy template according to testing requirement heat, it is possible to reduce test is complicated in the case where restarting test machine Degree, improves efficiency.

S920. the corresponding policy template is selected according to test target.

Invalid test in order to prevent, needs the policy template for selecting to be suitble to test target.

S930. test case is generated according to the policy template.

Here test case can be with Mass production, to improve the Test coverage face to target.

S940. the test case is injected into the test target, the test target is tested, and to survey Log during examination is saved.

S950. it detects in test process, whether the target program of test exception occurs.

S960. when not occurring abnormal, dynamic adjustment is carried out to the policy template according to the test result of return, and Return step S910, continuation execute down.

S970. when occurring abnormal, reproduction script is generated according to the policy template and the log.

S980. the operating condition of real-time detection script during the test.

S990. it when detecting that abnormal conditions occurs in script operation, then automatically exits from script and system is restarted.

After restarting, bug excavation operation can be continued to execute according to the process of bug excavation automatically.

Script abnormal monitoring in test process and test is parallel executes leads to nothing when discovery Run Script goes wrong Method continues to test, then is restarted automatically, and greatly improves the stability of test, completes automation.

The embodiment of the invention provides a specific bug excavation cases, and the test platform of present case is Windows 7 32 systems, by taking official of Microsoft default graphics library win32k as an example.

Present case is tested just for the data relationship in win32k, relationship relevant to present case have window, dc, Bitmap etc..

Using the above-mentioned bug excavation method based on shape library, loophole is finally generated, causes system crash, system crash Main information it is as follows:

1.0:kd>！analyze-v

2.KERNEL_MODE_EXCEPTION_NOT_HANDLED_M(1000008e)

3.This is a very common bugcheck.Usually the exception address pinpoints

4.the driver/function that caused the problem.Always note this address

5.as well as the link date of the driver/image that contains this address.

6.Some common problems are exception code 0x80000003.This means a hard

7.coded breakpoint or assertion was hit,but this system was booted

8./NODEBUG.This is not supposed to happen as developers should never have

9.hardcoded breakpoints in retail code,but...

10.If this happens,make sure a debugger gets connected,and the

11.system is booted/DEBUG.This will let us see why this breakpoint is

12.happening.

13.Arguments:

14.Arg1:c0000005,The exception code that was not handled

15.Arg2:905920e2,The address that the exception occurred at

16.Arg3:93b13a30,Trap Frame

17.Arg4:00000000

18.FAULTING_IP:

19.win32k！GreGradientFill+412

20.905920e2 f6432480 test byte ptr[ebx+24h],80h

21.TRAP_FRAME:93b13a30--(.trap 0xffffffff93b13a30)

22.ErrCode=00000000

23.eax=fa860720 ebx=00000000 ecx=fa860d20 edx=000007c3 esi= Fab24da8 edi=00000000

24.eip=905920e2 esp=93b13aa4 ebp=93b13bc4 iopl=0 nv up ei pl nz na po nc

25.cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl= 00010202

26.win32k！GreGradientFill+0x412:

27.905920e2 f6432480 test byte ptr [ebx+24h], 80h ds:0023:00000024=?

28.STACK_TEXT:

29.93b13bc4 905927f3 00000001 f9854fc0 00000003 win32k！ GreGradientFill+0x412

30.93b13c14 82858db6 1701072c 00000001 00000003 win32k！ NtGdiGradientFill+0x178

31.93b13c14 76df6bf4 1701072c 00000001 00000003 nt！ KiSystemServicePostCall

32.WARNING:Frame IP not in any known module.Following frames may be wrong.

33.0021f9d8 00000000 00000000 00000000 00000000 0x76df6bf4

34.FOLLOWUP_IP:

35.win32k！GreGradientFill+412

36.905920e2 f6432480 test byte ptr[ebx+24h],80h

Journal file, system crash dump file and the policy template saved when according to shape library system crash, finally The script for generating loophole is restored, as a result as follows:

The embodiment of the invention also provides a kind of program bug excavating gear, referring to Figure 10, comprising:

Policy template selecting module 1010, for selecting corresponding policy template according to test target.

Test cases technology module 1020, for generating test case according to the policy template, wherein the test is used Example generation module 1020 includes that interface testing use-case generation module 1021, relation test use-case generation module 1022 and data flow are surveyed Example generation module 1023 on probation.

Testing execution module 1030, for the test case to be injected into the test target, to the test mesh Mark is tested, and is saved to the log in test process.

Script use-case recurrent modules 1040, for generating reproduction script according to the policy template and the log.

Wherein, referring to Figure 11, the interface testing use-case generation module 1021 includes:

Interface data constructs module 1110, and for constructing interface data, the interface data is generated according to preset standard.

Interface data is randomized module 1120, for carrying out data to the interface data generated according to preset standard Randomization.

Interface class module 1130, for carrying out classification assembling to the interface, and according to preset logic to described point Interface after class assembling is ranked up.

Sequence is randomized module 1140, carries out sequence randomization for the execution sequence to the interface.

Referring to Figure 12, the relation test use-case generation module 1022 includes:

Relation data constructs module 1210, and for constructing relation data, the relation data is generated according to preset standard.

Relation data is randomized module 1220, for carrying out relation data randomization to the relation data.

Relationship categorization module 1230, for classifying to the relationship.

Relationship complicates module 1240, for carrying out relationship complexity to the relationship on the basis of fundamental relation is correct Change.

Referring to Figure 13, the data flow Test cases technology module 1023 includes:

Data flow constructs module 1310, and for constructing data flow, the data flow is generated according to preset standard.

Data-flow analysis module 1320, for analyzing the data flow in last test, to obtain the number According to the trend of stream.

Range optimization module 1330, for flowing into row data range to current data according to the reachable path of current data stream Optimization.

Depth optimization module 1340, for carrying out data depth to current data stream according to the reachable path of the data flow Optimization.

The testing execution module 1030 specifically can also include log preservation and script recovery module and system crash text Part preserving module, the two modules are to ensure that, when mistake occurs for shape library, timely saving scene reappears and leaked for subsequent loophole Hole genetic analysis provides guarantee.

Further, the bug excavation device further include:

The hot update module 1050 of policy template, for when needing to change Mining Strategy, according to the survey of the test target Examination demand remote thermal updates the policy template.

Dynamic adjustment module 1060, for during the test, according to the test result of return to the policy template into Mobile state adjustment.

Exception monitoring module 1070, the operating condition for real-time monitoring script.

It is restarted automatically module 1080, is used for after bug excavation device runs a period of time, since shape library may be located It can not change in a kind of specific state, it is therefore desirable to system be restarted, shape library is allowed to restore.For example, detecting When script is operating abnormally, then automatically exits from script and restart.

Other implementation details of the present apparatus are identical as bug excavation method provided by above-mentioned Fig. 5 to Fig. 9, herein no longer It repeats.

Referring to Figure 14, it illustrates a kind of structural schematic diagrams of terminal, and specifically, terminal 1400 may include RF (Radio Frequency, radio frequency) circuit 1410, the memory for including one or more computer readable storage medium 1420, input unit 1430, display unit 1440, sensor 1450, voicefrequency circuit 1460, WiFi (wireless Fidelity, Wireless Fidelity) module 1470, include one or more than one processor 1480, the Yi Ji electricity of processing core The components such as source 1490.It will be understood by those skilled in the art that the restriction of the not structure paired terminal of terminal structure shown in Figure 14, It may include perhaps combining certain components or different component layouts than illustrating more or fewer components.Wherein:

RF circuit 1410 can be used for receiving and sending messages or communication process in, signal sends and receivees, particularly, by base station After downlink information receives, one or the processing of more than one processor 1480 are transferred to；In addition, the data for being related to uplink are sent to Base station.In general, RF circuit 1410 include but is not limited to antenna, at least one amplifier, tuner, one or more oscillator, It is subscriber identity module (SIM) card, transceiver, coupler, LNA (Low Noise Amplifier, low-noise amplifier), double Work device etc..In addition, RF circuit 1410 can also be communicated with network and other equipment by wireless communication.The wireless communication can be with Using any communication standard or agreement, including but not limited to GSM (Global System of Mobile communication, Global system for mobile communications), GPRS (General Packet Radio Service, general packet radio service), CDMA (Code Division Multiple Access, CDMA), WCDMA (Wideband Code Division Multiple Access, wideband code division multiple access), LTE (Long Term Evolution, long term evolution), Email, SMS (Short Messaging Service, short message service) etc..

Memory 1420 can be used for storing software program and module, and processor 1480 is stored in memory by operation 1420 software program and module, thereby executing various function application and data processing.Memory 1420 can mainly include Storing program area and storage data area, wherein storing program area can application program needed for storage program area, function (such as Sound-playing function, image player function etc.) etc.；Storage data area, which can be stored, uses created data according to terminal 1400 (such as audio data, phone directory etc.) etc..In addition, memory 1420 may include high-speed random access memory, can also wrap Include nonvolatile memory, a for example, at least disk memory, flush memory device or other volatile solid-state parts. Correspondingly, memory 1420 can also include Memory Controller, to provide processor 1480 and 1430 pairs of input unit storages The access of device 1420.

Input unit 1430 can be used for receiving the number or character information of input, and generate and user setting and function Control related keyboard, mouse, operating stick, optics or trackball signal input.Specifically, input unit 1430 may include touching Sensitive surfaces 1431 and other input equipments 1432.Touch sensitive surface 1431, also referred to as touch display screen or Trackpad collect User on it or nearby touch operation (such as user using any suitable object or attachment such as finger, stylus touch-sensitive Operation on surface 1431 or near touch sensitive surface 1431), and corresponding attachment device is driven according to preset formula. Optionally, touch sensitive surface 1431 may include both touch detecting apparatus and touch controller.Wherein, touch detecting apparatus is examined The touch orientation of user is surveyed, and detects touch operation bring signal, transmits a signal to touch controller；Touch controller from Touch information is received on touch detecting apparatus, and is converted into contact coordinate, then gives processor 1480, and can reception processing Order that device 1480 is sent simultaneously is executed.Furthermore, it is possible to more using resistance-type, condenser type, infrared ray and surface acoustic wave etc. Seed type realizes touch sensitive surface 1431.In addition to touch sensitive surface 1431, input unit 1430 can also include other input equipments 1432.Specifically, other input equipments 1432 can include but is not limited to physical keyboard, function key (such as volume control button, Switch key etc.), trace ball, mouse, one of operating stick etc. or a variety of.

Display unit 1440 can be used for showing information input by user or the information and terminal 1400 that are supplied to user Various graphical user interface, these graphical user interface can be by figure, text, icon, video and any combination thereof come structure At.Display unit 1440 may include display panel 1441, optionally, can using LCD (Liquid Crystal Display, Liquid crystal display), the forms such as OLED (OrganicLight-Emitting Diode, Organic Light Emitting Diode) configure display Panel 1441.Further, touch sensitive surface 1431 can cover display panel 1441, when touch sensitive surface 1431 detect on it or After neighbouring touch operation, processor 1480 is sent to determine the type of touch event, is followed by subsequent processing device 1480 according to touch The type of event provides corresponding visual output on display panel 1441.Although in Figure 14, touch sensitive surface 1431 and display Panel 1441 is to realize input and input function as two independent components, but in some embodiments it is possible to will touching Sensitive surfaces 1431 and display panel 1441 integrate and realize and output and input function.

Terminal 1400 may also include at least one sensor 1450, such as optical sensor, motion sensor and other biographies Sensor.Specifically, optical sensor may include ambient light sensor and proximity sensor, wherein ambient light sensor can be according to ring The light and shade of border light adjusts the brightness of display panel 1441, and proximity sensor can close when terminal 1400 is moved in one's ear Display panel 1441 and/or backlight.As a kind of motion sensor, gravity accelerometer can detect in all directions The size of (generally three axis) acceleration, can detect that size and the direction of gravity, can be used to identify terminal posture when static It (for example pedometer, is struck using (such as horizontal/vertical screen switching, dependent game, magnetometer pose calibrating), Vibration identification correlation function Hit) etc.；Other biographies such as gyroscope, barometer, hygrometer, thermometer, infrared sensor for can also configure as terminal 1400 Sensor, details are not described herein.

The audio that voicefrequency circuit 1460, loudspeaker 1461 and microphone 1462 can provide between user and terminal 1400 connects Mouthful.Electric signal after the audio data received conversion can be transferred to loudspeaker 1461, by loudspeaker by voicefrequency circuit 1460 1461 are converted to voice signal output；On the other hand, the voice signal of collection is converted to electric signal by microphone 1462, by audio Circuit 1460 is converted to audio data after receiving, then by after the processing of audio data output processor 1480, through RF circuit 1410 with It is sent to such as another terminal, or audio data is exported to memory 1420 to be further processed.Voicefrequency circuit 1460 Earphone jack is also possible that, to provide the communication of peripheral hardware earphone Yu terminal 1400.

WiFi belongs to short range wireless transmission technology, and terminal 1400 can help user to receive and dispatch electricity by WiFi module 1470 Sub- mail, browsing webpage and access streaming video etc., it provides wireless broadband internet access for user.

Processor 1480 is the control centre of terminal 1400, utilizes each portion of various interfaces and the entire terminal of connection Point, by running or execute the software program and/or module that are stored in memory 1420, and calls and be stored in memory Data in 1420 execute the various functions and processing data of terminal 1400, to carry out integral monitoring to terminal.Optionally, Processor 1480 may include one or more processing cores；Preferably, processor 1480 can integrate application processor and modulatedemodulate Adjust processor, wherein the main processing operation system of application processor, user interface and application program etc., modem processor Main processing wireless communication.It is understood that above-mentioned modem processor can not also be integrated into processor 1480.

Terminal 1400 further includes the power supply 1490 (such as battery) powered to all parts, it is preferred that power supply can pass through Power-supply management system and processor 1480 are logically contiguous, to realize management charging, electric discharge, Yi Jigong by power-supply management system The functions such as consumption management.Power supply 1490 can also include one or more direct current or AC power source, recharging system, power supply The random components such as fault detection circuit, power adapter or inverter, power supply status indicator.

Although being not shown, terminal 1400 can also include camera, bluetooth module etc., and details are not described herein.Specifically at this In embodiment, the display unit of terminal is touch-screen display, terminal further include have memory and one or more than one Program, one of them perhaps more than one program be stored in memory and be configured to by one or more than one Reason device execution states one or more than one program includes the instruction for performing the following operation:

Corresponding policy template is selected according to test target；

Test case is generated according to the policy template, wherein the generation test case includes generating interface testing to use Example generates data relationship test case and generates data flow test case；

The test case is injected into the test target, the test target is tested, and to testing Log in journey is saved；

Reproduction script is generated according to the policy template and the log.

The present embodiment additionally provides a kind of computer readable storage medium, and computer is stored in the storage medium to be held Row instruction, the computer executable instructions are loaded by processor and execute following steps:

Corresponding policy template is selected according to test target；

Test case is generated according to the policy template, wherein the generation test case includes generating interface testing to use Example generates data relationship test case and generates data flow test case；

The test case is injected into the test target, the test target is tested, and to testing Log in journey is saved；

Reproduction script is generated according to the policy template and the log.

The bug excavation method based on service interface, data relationship and data flow referred in the application, can not only answer For shape library, it may be utilized in the Hole Detection of other kinds software (such as system kernel, various kinds of equipment driving etc.). The bug excavation method referred in the application can be applied not only to bug excavation and detection, may be utilized for malicious application Behavioural analysis and detection etc. scenes.

Meanwhile the bug excavation device in the application, actually a kind of expansible bug excavation basic framework, not only It can be used for shape library, on the bug excavation that can be also used for other kinds software.

Present description provides the method operating procedures as described in embodiment or flow chart, but based on routine or without creation The labour of property may include more or less operating procedure.The step of enumerating in embodiment and sequence are only numerous steps One of execution sequence mode, does not represent and unique executes sequence.System in practice or when interrupting product and executing, can be with It is executed according to embodiment or method shown in the drawings sequence or parallel executes (such as parallel processor or multiple threads Environment).

Structure shown in the present embodiment, only part-structure relevant to application scheme, is not constituted to this The restriction for the equipment that application scheme is applied thereon, specific equipment may include more or fewer components than showing, Perhaps certain components or the arrangement with different components are combined.It is to be understood that method disclosed in the present embodiment, Device etc., may be implemented in other ways.For example, the apparatus embodiments described above are merely exemplary, for example, The division of the module is only a kind of division of logic function, and there may be another division manner in actual implementation, such as more A unit or assembly can be combined or can be integrated into another system, or some features can be ignored or not executed.It is another Point, shown or discussed mutual coupling, direct-coupling or communication connection can be through some interfaces, device or The indirect coupling or communication connection of unit module.

Based on this understanding, technical solution of the present invention substantially in other words the part that contributes to existing technology or The all or part of person's technical solution can be embodied in the form of software products, which is stored in one In a storage medium, including some instructions are used so that computer equipment (it can be personal computer, server, or Network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), the various media that can store program code such as magnetic or disk.

Those skilled in the art further appreciate that, respectively show in conjunction with what embodiment disclosed in this specification described Example unit and algorithm steps, being implemented in combination with electronic hardware, computer software or the two, in order to illustrate with clearing The interchangeability of hardware and software generally describes each exemplary composition and step according to function in the above description Suddenly.These functions are implemented in hardware or software actually, the specific application and design constraint item depending on technical solution Part.Professional technician can use different methods to achieve the described function each specific application, but this reality Now it should not be considered as beyond the scope of the present invention.

The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations；Although referring to before Stating embodiment, invention is explained in detail, those skilled in the art should understand that: it still can be to preceding Technical solution documented by each embodiment is stated to modify or equivalent replacement of some of the technical features；And these It modifies or replaces, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.

Claims (14)

1. a kind of program bug method for digging, which is characterized in that the described method includes:

Corresponding policy template is selected according to test target；

Test case is generated according to the policy template, wherein the generation test case includes generating interface testing use-case, life At data relationship test case and generate data flow test case；

The test case is injected into the test target, the test target is tested, and in test process Log saved；

Reproduction script is generated according to the policy template and the log.

2. a kind of program bug method for digging according to claim 1, which is characterized in that the generation interface testing use-case Include:

Interface data is constructed, the interface data is generated according to preset standard；

Randomizing data is carried out to the interface data generated according to preset standard；

Classification assembling is carried out to the interface, and the interface after the classification assembling is ranked up according to preset logic；

Sequence randomization is carried out to the execution sequence of the interface.

3. a kind of program bug method for digging according to claim 1, which is characterized in that the generation data relationship test Use-case includes:

Relation data is constructed, the relation data is generated according to preset standard；

Relation data randomization is carried out to the relation data；

Classify to the relationship；

On the basis of fundamental relation is correct, relationship complication is carried out to the relationship.

4. a kind of program bug method for digging according to claim 1, which is characterized in that the generation data current test is used Example include:

Data flow is constructed, the data flow is generated according to preset standard；

Data flow in last test is analyzed, to obtain the trend of the data flow；

The optimization of row data range is flowed into current data according to the reachable path of current data stream；

Row data depth optimization is flowed into current data according to the reachable path of the data flow.

5. a kind of program bug method for digging according to claim 1, which is characterized in that the described method includes:

When needing to change Mining Strategy, the policy template is updated according to the testing requirement remote thermal of the test target.

6. a kind of program bug method for digging according to claim 5, which is characterized in that the method also includes:

During the test, dynamic adjustment is carried out to the policy template according to the test result of return.

7. a kind of program bug excavating gear characterized by comprising

Policy template selecting module, for selecting corresponding policy template according to test target；

Test cases technology module, for generating test case according to the policy template, wherein the Test cases technology mould Block includes interface testing use-case generation module, relation test use-case generation module and data current test use-case generation module；

Testing execution module surveys the test target for the test case to be injected into the test target Examination, and the log in test process is saved；

Script use-case recurrent modules, for generating reproduction script according to the policy template and the log.

8. a kind of program bug excavating gear according to claim 7, which is characterized in that the interface testing use-case generates Module includes:

Interface data constructs module, and for constructing interface data, the interface data is generated according to preset standard；

Interface data is randomized module, for carrying out randomizing data to the interface data generated according to preset standard；

Interface class module, for carrying out classification assembling to the interface, and according to preset logic to classification assembling after Interface be ranked up；

Sequence is randomized module, carries out sequence randomization for the execution sequence to the interface.

9. a kind of program bug excavating gear according to claim 7, which is characterized in that the relation test use-case generates Module includes:

Relation data constructs module, and for constructing relation data, the relation data is generated according to preset standard；

Relation data is randomized module, for carrying out relation data randomization to the relation data；

Relationship categorization module, for classifying to the relationship；

Relationship complicates module, for carrying out relationship complication to the relationship on the basis of fundamental relation is correct.

10. a kind of program bug excavating gear according to claim 7, which is characterized in that the data flow test case Generation module includes:

Data flow constructs module, and for constructing data flow, the data flow is generated according to preset standard；

Data-flow analysis module, for analyzing the data flow in last test, to obtain walking for the data flow To；

Range optimization module, for flowing into the optimization of row data range to current data according to the reachable path of current data stream；

Depth optimization module, for flowing into row data depth optimization to current data according to the reachable path of the data flow.

11. a kind of program bug excavating gear according to claim 7, which is characterized in that described device further include:

The hot update module of policy template, for when needing to change Mining Strategy, the testing requirement according to the test target to be remote Journey heat updates the policy template.

12. a kind of program bug excavating gear according to claim 11, which is characterized in that described device further include:

Dynamic adjustment module, for during the test, carrying out dynamic tune to the policy template according to the test result of return It is whole.

13. a kind of terminal characterized by comprising

Processor and memory, wherein the processor is for calling and executing the program stored in the memory, it is described For storing program, described program is used for memory:

Corresponding policy template is selected according to test target；

Test case is generated according to the policy template, wherein the generation test case includes generating interface testing use-case, life At data relationship test case and generate data flow test case；

The test case is injected into the test target, the test target is tested, and in test process Log saved；

Reproduction script is generated according to the policy template and the log.

14. a kind of computer storage medium, which is characterized in that be stored with computer executable instructions, institute in the storage medium Computer executable instructions are stated to be loaded by processor and execute following steps:

Corresponding policy template is selected according to test target；

Test case is generated according to the policy template, wherein the generation test case includes generating interface testing use-case, life At data relationship test case and generate data flow test case；

The test case is injected into the test target, the test target is tested, and in test process Log saved；

Reproduction script is generated according to the policy template and the log.