CN109241746A - Code process method, apparatus calculates equipment and storage medium - Google Patents

Code process method, apparatus calculates equipment and storage medium Download PDF

Info

Publication number
CN109241746A
CN109241746A CN201810994304.2A CN201810994304A CN109241746A CN 109241746 A CN109241746 A CN 109241746A CN 201810994304 A CN201810994304 A CN 201810994304A CN 109241746 A CN109241746 A CN 109241746A
Authority
CN
China
Prior art keywords
code
test
interface
program
test case
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810994304.2A
Other languages
Chinese (zh)
Other versions
CN109241746B (en
Inventor
蒋洪伟
邓欣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201810994304.2A priority Critical patent/CN109241746B/en
Publication of CN109241746A publication Critical patent/CN109241746A/en
Application granted granted Critical
Publication of CN109241746B publication Critical patent/CN109241746B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Quality & Reliability (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Debugging And Monitoring (AREA)

Abstract

This application provides a kind of code process methods, which comprises obtains test template code, the test template code is arranged according to the grammer of programming language;When reading the preset identifications in the test module code, the position where the preset identifications is determined as to the position to be added of interface in the test template code;The preset identifications are replaced with the corresponding code of the interface, to add on the corresponding code of the interface to the position to be added, generate test case;The test case is supplied to program to be tested, so that program to be tested runs the test case.

Description

Code process method, apparatus calculates equipment and storage medium
Technical field
This application involves information technology field more particularly to a kind of code process method, apparatus, calculate equipment and storage Medium.
Background technique
With the development of information technology, the people that are embodied as of program bring many conveniences, facilitate and carry out respectively on people's line Kind of activity, such as watch video on line, music is listened on line, is managed money matters on line, but following inevitably journey The problem of sequence loophole is brought, program bug can bring undesirable usage experience or even user privacy information and wealth to user Information is produced to be stolen, so the excavation of program bug has also obtained more and more concerns, but the excavation meeting of program bug A large amount of manpower and time are expended, and how rapidly to excavate program bug is the key that solve the above problems.
Summary of the invention
Given this following technical scheme is proposed, program bug can rapidly and be easily excavated.
Present application example proposes a kind of code process method, which comprises obtains test template code, the survey Examination template code is arranged according to the grammer of programming language;It, will when reading the preset identifications in the test module code Position where the preset identifications is determined as the position to be added of interface in the test template code;It is corresponding with the interface Code replace the preset identifications, to add on the corresponding code of the interface to the position to be added, it is real to generate test Example;The test case is supplied to program to be tested, so that program to be tested runs the test case.
Present application example also proposed a kind of code processing apparatus, and described device includes: acquisition module, obtain test template Code, the test template code are arranged according to the grammer of programming language;Determining module, when reading the test module generation When preset identifications in code, it is determined as the to be added of interface in the test template code with the position where the preset identifications Position;The corresponding code of the interface is replaced the preset identifications, to add the corresponding code of the interface extremely by replacement module On the position to be added, test case is generated;Module is provided, the test case is supplied to program to be tested, so that Program to be tested runs the test case.
In some instances, described device further comprises: selecting module, randomly chooses at least one from multiple interfaces Interface is as the interface, and the interface includes any one of following: method call interface and attribute calling interface.
In some instances, the determining module determines the test template code according to the test template code Programming language;The selecting module randomly chooses the interface from the corresponding multiple interfaces of the programming language.
In some instances, the determining module determines the test template code according to the test template code Programming language;Module is obtained, obtains the corresponding category code of the programming language, the category code includes method code and/or category Property code;Described device further comprises: generation module, generates the corresponding code of the interface according to the category code.
In some instances, described device further comprises: collector, is compiled to the test case;Wherein, Test case after compiling is supplied to the program to be tested by the offer module.
In some instances, described device further comprises: monitoring modular, runs the test to the program to be tested The case where example, is monitored;When monitoring that the program to be tested is abnormal the case where running the test case, Obtain the exception information;Module is issued, after getting the exception information, sends exception information to information client side.
In some instances, the monitoring modular, when monitoring that the program to be tested running the test case When happening abnormal, the test case is obtained;The test case is sent to information client side.
In some instances, the acquisition module obtains other test template codes;Described device further comprises: returning The step of returning module, returning to the position to be added of interface in the determination test template code.
Present application example also proposed a kind of calculating equipment, including memory, processor and be stored in the memory Computer program that is upper and running on the processor;The processor realizes above-mentioned side when executing the computer program Method.
Present application example also proposed a kind of storage medium, be stored with one or more programs, one or more of journeys Sequence include instruction, described instruction when executed by a computing apparatus so that the calculating equipment executes above-mentioned method.
It applies the technical scheme of the present invention, since the test template code got meets the syntax rule of programming language, So generating test case with the preset identifications in the corresponding code replacement test block code of interface, it can guarantee generation Test case be in order language grammer effective document so that program to be tested can successfully run the test Example tests the program to be tested, simultaneously as the corresponding code of interface is added in test template code, makes It obtains the test case based on the test template code building and constitutes the test case set with less test case, and reach Preferable code coverage path, thus can be by test case set that the less test case forms quickly and easily Find the loophole of the program to be tested.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art To obtain other drawings based on these drawings.
Fig. 1 is the applicable system structure diagram of the code process method of one example of the application;
Fig. 2A is the flow chart of the code process method of one example of the application;
Fig. 2 B is the flow chart of the code process method of one example of the application;
Fig. 3 is the flow chart of the server disposition of one example of the application;
Fig. 4 is the schematic diagram of the interface encapsulation of one example of the application;
Fig. 5 is the structural schematic diagram of the code processing apparatus of one example of the application;
Fig. 6 is the hardware structural diagram of the calculating equipment of one example of the application.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that the described embodiment is only a part of the embodiment of the present invention, instead of all the embodiments.Based on this Embodiment in invention, every other reality obtained by those of ordinary skill in the art without making creative efforts Example is applied, shall fall within the protection scope of the present invention.
It is succinct and intuitive in order to what is described, hereafter by describing several representative embodiments come to the solution of the present invention It is illustrated.A large amount of details is only used for helping to understand the solution of the present invention in embodiment.However, it will be apparent that technology of the invention Scheme can be not limited to these details when realizing.In order to avoid unnecessarily having obscured the solution of the present invention, some embodiment party Formula is not described meticulously, but only gives frame.Hereinafter, " comprising " refers to " including but not limited to ", " root According to ... " refer to " according at least to ..., but be not limited to according only to ... ".Hereinafter it is not specifically stated the quantity of an ingredient When, it is meant that the ingredient is either one or more, or can be regarded as at least one.
Program bug is excavated, and may be boundary value analysis in academia and the immediate technical term of fuzz testing (boundary value analysis, BVA) needs to investigate the boundary of the legitimate value of given input in boundary value analysis, Then to create test with the legal and illegal value outside boundary in boundary.BVA can help to ensure that exception handling can Unexpected value is filtered out, while allowing the acceptable input value of maximum magnitude.Fuzz testing is similar to BVA, but is holding When row fuzz testing, boundary value is not merely uniquely paid close attention to, but needs any possible initiation of additional attention undefined or uneasy The input of full behavior.
Fuzz testing (Fuzzing) is a kind of by providing unexpected input to goal systems and monitoring abnormal results Method to find software vulnerability.If tested object is AVM (ActionScript virtual machine, i.e. Adobe The ActionScript virtual machine of FlashPlayer), then should just input the binary file comprising bytecode.
Random variation based on file format, by being filled with random number to file, referred to as Dumb Fuzz, base Seem the fuzz testing of target very blindly, often in the same code in file and the Dumb Fuzz of random variation It is executed repeatedly under path, while Dumb Fuzz needs a large amount of input to be verified, if it is desired to having harvest must in a short time It is verified simultaneously using a large amount of machines.
Black-box Testing based on grammer, based on LangFuzz, their target is all JavaScript, the scripts such as PHP Grammer will not influence entire fuzz testing syntax error, but LangFuzz can not obscure ActionScript Test.
Fig. 1 shows 100 structural schematic diagram of system that the code process method of present application example is applicable in.The system 100 to It include less first server 101, which can also include network 102 and second server 103.
Wherein, first server 101 is equipped with the application server software for test, and first server 101 is equipped with Virtual Box (virtual machine) 101a, Fuzzer (Hole Detection machine) 101b and program 101c to be tested, Virtual Box (virtual machine) 101a runs Fuzzer (Hole Detection machine) 101b, Fuzzer (Hole Detection machine) 101b and generates test case, and Program 101c to be tested is tested by the test case, e.g., Fuzzer (Hole Detection machine) 101b can send out the test case It send into the local preset memory areas domain of first server 101, retransmits message to program 101c to be tested, which takes Storage address with the test case, program 101c to be tested read the test from first server 101 according to the storage address Example, to make program 101c to be tested run the test case, so that treating test program 101c carries out program bug detection.
It can also include second server in system 100 when being not installed with program 101c to be tested in first server 101 103, second server 103 is equipped with the application server software for test, and second server 103 can be equipped with to be measured Program 103a is tried, when Fuzzer (Hole Detection machine) the 101b generation test case in first server 101, and passes through the survey It tries example and tests program 103a to be tested, e.g., Fuzzer (Hole Detection machine) can send the test case by network 102 Into the local preset memory areas domain of second server 103, message is retransmited to program 103a to be tested, which carries the survey The storage address of example is tried, program 103a to be tested reads the test case according to the storage address, to run test reality Example treats test program 103a and carries out program bug detection.
It should be noted that even if being equipped with program 101c to be tested in first server 101, which can also be with Including second server 103, and second server 103 can also be equipped with the program 103a to be tested, when first server 101 In Fuzzer (Hole Detection machine) 101b generate test case, and program to be tested is tested by the test case, e.g., The test case can be sent to a local preset memory areas of first server 101 by Fuzzer (Hole Detection machine) 101b In domain, message is retransmited to program 101c to be tested, which carries the storage address of the test case, program 101c to be tested The test case is read according to the storage address, so that program 101c to be tested be made to run the test case, treats test program 101c carries out program bug detection, which can also be sent to the by network 102 by Fuzzer (Hole Detection machine) In the local preset memory areas domain of two servers 103, message is retransmited to program 103a to be tested, which carries test reality The storage address of example, program 103a to be tested reads the test case according to the storage address, to make program 103a to be tested The test case is run, test program 103a is treated and carries out program bug detection.
Network 102 can be cable network, be also possible to wireless network.
Based on system 100, the example of the application proposes a kind of code process method, is applied to first server 101 In, as shown in Figure 2 A, this method 200 the following steps are included:
Step 201: obtaining test template code.
Wherein, the test template code is arranged according to the grammer of programming language.
In some instances, Fuzzer (Hole Detection machine) the 101b acquisition being deployed in first server 101 is stored in Test template code in test template file (e.g., txt formatted file).Wherein, which can be used for testing one kind Program bug problem.
Step 202: when reading the preset identifications in the test module code, by the position where the preset identifications Set the position to be added for being determined as interface in the test template code.
Wherein, the interface is used to obtain the return value of method code or attribute codes in category code, and the interface is corresponding Code include the method code that the test template code calls or calling attribute codes.
In some instances, Fuzzer (Hole Detection machine) 101b read test template code;When reading test module When preset identifications in code, the position where the preset identifications is determined as to the position to be added of interface.
Step 203: the preset identifications are replaced with the corresponding code of the interface, to add the corresponding code of the interface On to the position to be added, test case is generated.
In some instances, Fuzzer (Hole Detection machine) 101b deletes the preset identifications, and by the corresponding code of interface Addition is on the corresponding position to be added of the preset identifications, so that the corresponding code of the interface replaces the preset identifications.
Step 204: the test case being supplied to program to be tested, so that program to be tested runs the test in fact Example.
In some instances, the program to be tested that the programming language of compiling is not needed for that can run, can will test Example (filename can be Main.as) is sent to program to be tested, so that program to be tested runs the test case.
It is explained in detail below for above-mentioned steps 201- step 204:
In step 201: obtaining test template code, the test template code is set according to the grammer of programming language It sets.
Wherein, it before executing step 201, needs Fuzzer (Hole Detection machine) 101b being deployed in first server 101 On, the deployment process is as shown in figure 3, Fuzzer (Hole Detection machine) 101b installation file is deployed in image file, step 301: be fabricated to the image file that Virtual Box (virtual machine) is identified, the image file other than including installation file, Resource file also comprising operation Fuzzer (Hole Detection machine) 101b, e.g., test template code file etc..By manually referring to The file for enabling mode trigger first server 101 uploads script, and step 302: upload includes Fuzzer (Hole Detection machine) On the image file of 101b installation file to first server 101 (i.e. test machine), when first server 101 receives the mirror image After file, step 303: the image file being deployed in first server 101 by configuration file, calls Virtual Box (virtual machine) runs the image file, step 304: running the image file in Virtual Box, realizes to Fuzzer (leakage Hole detection machine) 101b installation and operation.
For example, according to described previously, after having disposed Fuzzer (Hole Detection machine) 101b in first server 101, Fuzzer (Hole Detection machine) the 101b acquisition being deployed in first server 101 is stored in test template file (e.g., txt lattice Formula file) in test template code.
Wherein, which can be used for testing a kind of program bug problem.
In step 202:, will be where the preset identifications when reading the preset identifications in the test module code Position be determined as the position to be added of interface in the test template code.
For example, Fuzzer (Hole Detection machine) 101b reads the test template code, according to preset according to described previously First identifier (e.g., symbol or certain programmed language) is found identical or corresponding as the first identifier in the test template code Second identifier, and determine the second identifier position, i.e. the position is then position to be added.
It, can also there are preset to be associated with second identifier it should be understood that above-mentioned first identifier can be identical as second identifier Relationship.
For example, can using selectFuzz as preset first identifier, and second identifier then can for SelectFuzz relevant selectFuzz1 or selectFuzz2.In test template code, when reading the second identifier SelectFuzz1, then it represents that randomly choose method call interface (being referred to as method interface) in the class of programming language or Attribute calling interface (is referred to as attribute interface).
It should be noted that class (Class) is Object-oriented Programming Design (OOP, Object-Oriented Programming the basis of Information encapsulation) is realized.Class is a kind of definition type, also referred to as Class Type.Each class includes data explanation With the function of one group of operation data or transmitting message.
In step 203: the preset identifications are replaced with the corresponding code of the interface, it is corresponding to add the interface On code to the position to be added, test case is generated.
For example, Fuzzer (Hole Detection machine) 101b deletes the preset identifications, by interface corresponding generation according to described previously Code addition is on the position to be added, so that the corresponding code of the interface replaces the preset identifications.
Wherein, in some instances, the method 200 further comprises: randomly choosing at least one from multiple interfaces Interface is as the interface, and the interface includes any one of following: method call interface and attribute calling interface.
For example, according to described previously, when just for a kind of programming language, such as actionscript programming language, then (e.g., camera (shines a class in Fuzzer (Hole Detection machine) the 101b direct random call programming language in multiple classes Camera) class) corresponding to method call interface (e.g., open camera) or attribute calling interface (e.g., the long interface of attribute and category The wide interface of property), can also there are other multiple method call interfaces or attribute in a class (e.g., camera (camera) class) Calling interface.
It should be understood that above method calling interface may include function interface, above-mentioned attribute calling interface may include variable Interface.When be directed to a kind of programming language when, can the preset programming language be default programming language, when select a class When, this class can also correspond to the object after multiple instantiations, have method call included by this class to connect under each object Mouth and/or attribute calling interface.
It should be noted that instantiation refers in the programming language of object-oriented, the process of object is created by class.And Generation test case is merged by randomly choosing interface, and by the corresponding code of interface and test template code, can be incited somebody to action Code tester controls in the test case of limited code vulnerabilities, while can also be according to randomly selected interface corresponding generation Code provides different test cases, so that reaching best code coverage in the case where limited code vulnerabilities test case Path quickly and easily finds the loophole of the program to be tested.
In some instances, the method 200 further comprises: determining the test mould according to the test template code The programming language of plate code;The interface is randomly choosed from the corresponding multiple interfaces of the programming language.
For example, according to described previously, when being directed at least two programming languages, such as actionscript programming language and JavaScript programming language, Fuzzer (Hole Detection machine) 101b read the test template code, the test to reading Template code is determined, and determines that the grammer of the test template code meets the grammer of which programming language, so that it is determined that the survey The corresponding programming language of template code is tried, such as actionscript programming language, when determining that programming language is After actionscript, the method call interface in one class of the programming language (e.g., camera (camera) class) is randomly choosed (e.g., opening camera) or attribute calling interface (e.g., the long interface of attribute and the wide interface of attribute).
In some instances, the method 200 further comprises: determining the test mould according to the test template code The programming language of plate code;Obtain the corresponding category code of the programming language;It is corresponding that the interface is generated according to the category code Code.
Wherein, category code is the code in the class file of programming language, including method code and/or attribute codes.
The interface is used to obtain the return value of method code or attribute codes in the category code, and the interface is corresponding Code include the method code that the test template code calls or calling attribute codes.
For example, according to described previously, when being directed at least two programming languages, such as actionscript programming language and JavaScript programming language, Fuzzer (Hole Detection machine) 101b read the test template code, the test to reading Template code is determined, and the grammer of the test template code meets the grammer of which programming language, so that it is determined that the test mould The corresponding programming language of plate code, such as actionscript programming language, after Fuzzer (Hole Detection machine) 101b operation, Resolver in Fuzzer (Hole Detection machine) 101b is by being preset at Fuzzer (Hole Detection machine) 101b or image file In actionscript programming language each class file in code parsed, obtain the attribute generation in each class file Code and method code, read the attribute codes and method code in each class, and by the attribute codes read and method generation Code is packaged into corresponding calling interface.As shown in figure 4, resolver executes step 401: parsing the method code in each class, walk Rapid 402: parsing the attribute codes in each class, after resolver parses attribute codes and method code, execute step 403: encapsulating the method code being resolved to, generate the corresponding code of corresponding method call interface and step 404: encapsulation parsing The attribute codes arrived generate the corresponding code of corresponding attribute calling interface.
It should be understood that being the return value for acquisition methods code or attribute codes in the corresponding code of execution interface.
Above-mentioned actionscript programming language and JavaScript programming language may be suitable for above-mentioned generation institute The example content of the corresponding code of interface is stated, so herein with regard to no longer carrying out separating elaboration to two programming languages.
It should be noted that resolver can carry out interface envelope to method code and attribute codes by Python program Dress, Python program, can be at random by attribute codes or methods when carrying out interface encapsulation to method code and attribute codes Parameter assignment in code is preset identifications, e.g., " ob ", to be closed with the preset identifications " ob " in test template code Connection, when program to be tested runs the test case after the test case or compiling for including the interface, need by Python program executes the corresponding code of interface and issues return value.
Further, since Python program be for being packaged to interface, with actionscript programming language and JavaScript programming language is not identical.
It should be understood that can be with other preset multiple programming languages, often in Fuzzer (Hole Detection machine) 101b or image file The corresponding class of a programming language can be set to an independent file, can be to the programming language after determining programming language Say that attribute codes and method code in corresponding class are parsed and read.
In step 204: the corresponding code of the interface being added on the position to be added, test case is generated.
For example, according to described previously, Fuzzer (Hole Detection machine) 101b by the corresponding code of attribute calling interface and The corresponding code of method call interface is updated to the corresponding position in test template code, such as by attribute calling interface corresponding generation Code is updated at the selectFuzz1 in test template code, to replace selectFuzz1, method call interface is corresponding Code is updated at the selectFuzz2 in test template code, to replace selectFuzz2, to generate test case.
It should be noted that since test template code code corresponding with interface is all the grammer rule for meeting programming language Code then subtracts so can satisfy the legitimacy of the grammer of programming language according to the test case of test template code building Few creation due to the problem of not meeting grammatical soundness caused test case fails, to improve testing efficiency and test Quality.
In some instances, as shown in Figure 2 B, the method 200 further comprises step 205: to the test case into Row compiling, wherein step 2041: it includes: by the test case after compiling that the test case, which is supplied to program to be tested, It is sent to the program to be tested.
For example, calling the compiler being deployed in first server 101 to carry out above-mentioned test case according to described previously Compiling obtains binary file, and filename can be Main.swf, which is supplied to program to be tested.
In some instances, as shown in Figure 2 B, the method 200 further comprises: step 206: to the journey to be tested It is monitored the case where test case described in sort run;Step 207: when monitoring that the program to be tested running the test When the case where example is abnormal, the exception information is obtained;Step 208: after getting the exception information, sending abnormal Information is to information client side.
Wherein, sending exception information to information client side can include but is not limited to: can be by Fuzzer (Hole Detection Machine) exception information by mail he, is sent to Mail Clients, so that phase by 101b or classifier (e.g., collapsing classifier) Pass personnel handle the exception information.
Wherein, information client side can be Mail Clients.
For example, when program to be tested executes source code, Fuzzer (Hole Detection machine) 101b can according to described previously Directly by source code, i.e. test case, to be sent to the program to be tested being deployed in the same first server 101, e.g., hair Give the program to be tested that javascript programming language is run in first server 101.In other embodiments, it can also send out It send to the program to be tested being deployed in second server 103, after program to be tested receives the test case, runs the test Example, and operation of the classifier by being deployed in first server 101 (e.g., collapsing classifier) to the test case Journey is monitored, and when collapse classifier monitors that running the test case is abnormal, is captured to the exception information, and Exception information is written in log, log can be sent to information client side (e.g., Mail Clients) by collapse classifier.
It should be noted that Fuzzer (Hole Detection machine) 101b may include generator and variation device, generator is used for The test case is generated, variation device can also automatically generate survey for extracting preset test template code by deep learning Try template code.
In some instances, the method 200 further comprises: the test case after compiling being sent to described to be tested In program, so that the program to be tested runs the test case after the compiling;Step 207: when operation deposit when abnormal, hair Send exception information to information client side.
Wherein, sending exception information to information client side can include but is not limited to: can be by Fuzzer (Hole Detection Machine) exception information by mail he, is sent to Mail Clients by 101b or classifier (e.g., collapsing classifier), so that Related personnel handles the exception information.
Exception information may include: abnormal (e.g., program bug anomalous event) time occurred, the position that occurs extremely with And type occurred extremely etc..
For example, when program to be tested executes compiling file, e.g., program to be tested is Adobe according to described previously The ActionScript virtual machine of FlashPlayer, Fuzzer (Hole Detection machine) 101b can be directly by the tests after compiling Example is sent to the program to be tested being deployed in the same first server 101, e.g., operation javascript programming language Program to be tested, can also be sent to the program to be tested being deployed in second server 103, and program to be tested receives the volume After test case after translating, test case after running the compiling, and the collapse by being deployed in first server 101 is classified Device is monitored the operational process, right when collapsing the test case that classifier monitors to run after the compiling and being abnormal The exception information is captured, and exception information is written in log, log can be sent to message visitor by collapse classifier Family end (e.g., Mail Clients).
In some instances, as shown in Figure 2 B, the method 200 further comprises step 209: described to be measured when monitoring When examination program is abnormal the case where running the test case, the test case is obtained;Send the test case extremely Information client side.
For example, according to described previously, it when an exception occurs can be by classifying for the program to be tested of operation source code Device (e.g., collapsing classifier) gets the test case from program to be tested, and is sent to Messaging clients together with log It holds (e.g., Mail Clients).
In some instances, the method 200 further comprises: when monitoring that the program to be tested running the survey Test case when the case where trying example is abnormal, after obtaining the test case and compiling;Issue the test case And the test case after compiling.
For example, according to described previously, for the program to be tested of operation binary file, when an exception occurs, Ke Yiyou Collapse classifier gets the test case after the compiling from program to be tested, obtains from Fuzzer (Hole Detection machine) 101b Test case is taken, and adjoint log issues the test case after test case and compiling to information client side (e.g., mail together Client).
It should be noted that in the above-described example, when collapse classifier gets multiple logs, can be carried out to log Classification duplicate removal, removes the log of invalid redundancy, then log is sent to treated.
In some instances, the method 200 further comprises: obtaining other test template codes;Return to the determination In the test template code the step of position to be added of interface.
For example, according to described previously, it can be after to the test case end of run after a test case or compiling, no Increase test template code disconnectedly, when there is new test template code, obtains new test template code, be back to step 202 continue to execute.
It should be noted that other can not also be obtained after the test case end of run after test case or compiling Test template code e.g. can run the test case operation after preceding or compiling in test case, obtain other test templates generation Code.
In addition, test template code can be write by manual type, can also be generated by deep learning mode.
The technical program can be with manually generated test template code, also a large amount of loophole generations of available seed type loophole Code sample, bug code template is input in Fuzzer (Hole Detection machine) 101b, by Fuzzer (Hole Detection machine) 101b A large amount of bug codes are learnt, the formation rule of bug code are found out, to automatically generate test template code.
In addition, the technical solution of the application has found a large amount of loophole by the test case generated, it is sufficient to illustrate this skill The validity of art scheme.
Test program can with high efficiency be treated by the technical program and carries out fuzz testing, pass through fixed grammar templates The combination of the corresponding code of (i.e. test template) and random Interface, can be used the smallest test set and reaches best code coverage Path.It can with validity treat test program and carry out fuzz testing, pass through the grammar generator in first server 101 (i.e. generator in Fuzzer (Hole Detection machine) 101b) is surveyed according to test template code and the corresponding code building of interface Try example, it is ensured that the legitimacy of the grammar file (i.e. test case) of generation and can be by compiler by test case Generate binary file.
As browser becomes more and more popular in client, various scripting languages, such as Java Applet, Flash It is hidden that new safety has also been introduced in ActionScript, JavaScript while providing interactive function abundant for browser Suffer from.The technical program security breaches present in discovery product as early as possible and can notify manufacturer to take measures to repair, and prevent from using Family is plunged in incognizant situation by attacker, captures the control of computer.The technical program only needs to be applied to Server, which can be realized, automatically carries out fuzz testing to product, such as carries out fuzz testing to Adobe Flash Player, Induction and conclusion is carried out to the operation result of generation and author is notified to be further processed.By test, the technical program is had been found that The crash issue of more than 100 Adobe Flash Player, wherein having more than 50 is considered high-risk loophole by Adobe company And public loophole and exposure CVE (Common Vulnerabilities&Exposures) number are assigned with for each loophole.
Based on examples detailed above, the example of the application also proposed a kind of code processing apparatus, be applied to first server 101 In;As shown in figure 5, the processing unit 500 includes: to obtain module 501, determining module 502, adding module 503 provides mould Block 504, and the function of modules is specific as follows:
Module 501 is obtained, obtains test template code, the test template code is set according to the grammer of programming language It sets.
Determining module 502 will be where the preset identifications when reading the preset identifications in the test module code Position be determined as the position to be added of interface in the test template code;
Replacement module 503 replaces the preset identifications with the corresponding code of the interface, corresponding to add the interface On code to the position to be added, test case is generated.
Module 504 is provided, the test case is supplied to program to be tested, so that program to be tested runs the survey Try example.
In some instances, described device 500 further comprises: selecting module randomly chooses at least from multiple interfaces One interface is as the interface, and the interface includes any one of following: method call interface and attribute calling interface.
In some instances, the determining module 502 determines the test template code according to the test template code Programming language;The selecting module randomly chooses the interface from the corresponding multiple interfaces of the programming language.
In some instances, the determining module 502 determines the test template code according to the test template code Programming language;Obtain module 501, obtain the corresponding category code of the programming language, the category code include method code and/ Or attribute codes;Described device 500 further comprises: generation module, generates the interface corresponding generation according to the category code Code.
In some instances, described device 500 further comprises: collector is compiled the test case;Its In, the test case after compiling is supplied to the program to be tested by the offer module 504.
In some instances, described device 500 further comprises: monitoring modular, to described in the program operation to be tested The case where test case, is monitored;When monitoring that the program to be tested is abnormal the case where running the test case When, obtain the exception information;Module is issued, after getting the exception information, sends exception information to information client side.
In some instances, the monitoring modular, when monitoring that the program to be tested running the test case When happening abnormal, the test case is obtained;The test case is sent to information client side.
In some instances, the acquisition module 501, obtains other test template codes;Described device 500 is further The step of including: return module, returning to the position to be added of interface in the determination test template code.
Fig. 6 shows the composite structural diagram of the calculating equipment 600 where processing unit 500.This calculates equipment 600 can be with It is server.As shown in fig. 6, the calculating equipment 600 include one or more processor (CPU) 602, communication module 604, Memory 606, user interface 610, and the communication bus 608 for interconnecting these components.
Processor 602 can send and receive data by communication module 604 to realize network communication and/or local communication.
User interface 610 includes one or more output equipments 612 comprising one or more speakers and/or one Or multiple visual displays.User interface 610 also includes one or more input equipments 614 comprising such as, keyboard, mouse Mark, voice command input unit or loudspeaker, touch screen displays, touch sensitive tablet, posture capture camera or other inputs are pressed Button or control etc..
Memory 606 can be high-speed random access memory, such as DRAM, SRAM, DDR RAM or other deposit at random Take solid storage device;Or nonvolatile memory, such as one or more disk storage equipments, optical disc memory apparatus, sudden strain of a muscle Deposit equipment or other non-volatile solid-state memory devices.
The executable instruction set of 606 storage processor 602 of memory, comprising:
Operating system 616, including the program for handling various basic system services and for executing hardware dependent tasks;
Using 618, including the various application programs for video playing, this application program can be realized above-mentioned each example In process flow, for example may include module some or all of in processing unit 500 shown in fig. 5, each module 501-504 In at least one module can store machine-executable instruction, processor 602 is by executing each module in memory 606 Machine-executable instruction in 501-504 at least one module, and then can be realized in above-mentioned each module 501-504 at least The function of one module.
It should be noted that step and module not all in above-mentioned each process and each structure chart be all it is necessary, can To ignore certain steps or module according to the actual needs.Each step execution sequence be not it is fixed, can according to need into Row adjustment.The division of each module is intended merely to facilitate the division functionally that description uses, and in actual implementation, a module can It is realized with point by multiple modules, the function of multiple modules can also be realized by the same module, these modules can be located at same In a equipment, it can also be located in different equipment.
Hardware module in each embodiment can in hardware or hardware platform adds the mode of software to realize.Above-mentioned software Including machine readable instructions, it is stored in non-volatile memory medium.Therefore, each embodiment can also be presented as software product.
In each example, hardware can be by special hardware or the hardware realization of execution machine readable instructions.For example, hardware can be with Permanent circuit or logical device (such as application specific processor, such as FPGA or ASIC) specially to design are used to complete specifically to grasp Make.Hardware also may include programmable logic device or circuit by software provisional configuration (as included general processor or other Programmable processor) for executing specific operation.
In addition, each example of the application can pass through the data processor by data processing equipment such as computer execution To realize.Obviously, data processor constitutes the application.In addition, being commonly stored data processing in one storage medium Program is by directly reading out storage medium or the storage by program being installed or being copied to data processing equipment for program It is executed in equipment (such as hard disk and/or memory).Therefore, such storage medium also constitutes the application, and present invention also provides one Kind non-volatile memory medium, wherein being stored with data processor, this data processor can be used for executing in the application State any one of method example example.
The corresponding machine readable instructions of module in Fig. 5 can be such that operating system operated on computer etc. completes here The some or all of operation of description.Non-volatile computer readable storage medium storing program for executing can be in the expansion board in insertion computer In set memory or write the memory being arranged in the expanding element being connected to a computer.Be mounted on expansion board or CPU on person's expanding element etc. can be according to instruction execution part and whole practical operations.
It, can also be in addition, the device and each module in each example of the application can integrate in one processing unit It is that modules physically exist alone, can also be integrated in one unit with two or more devices or module.Above-mentioned collection At unit both can take the form of hardware realization, can also realize in the form of software functional units.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the present invention.

Claims (10)

1. a kind of code process method, which is characterized in that the described method includes:
Test template code is obtained, the test template code is arranged according to the grammer of programming language;
When reading the preset identifications in the test module code, the position where the preset identifications is determined as described The position to be added of interface in test template code;
The preset identifications are replaced with the corresponding code of the interface, to add the corresponding code of the interface to described to be added On position, test case is generated;
The test case is supplied to program to be tested, so that program to be tested runs the test case.
2. the method according to claim 1, wherein the method further includes:
At least one interface is randomly choosed from multiple interfaces as the interface, the interface includes any one of following: method Calling interface and attribute calling interface.
3. according to the method described in claim 2, it is characterized in that, the method further includes:
The programming language of the test template code is determined according to the test template code;
The interface is randomly choosed from the corresponding multiple interfaces of the programming language.
4. the method according to claim 1, wherein the method further includes:
The programming language of the test template code is determined according to the test template code;
The corresponding category code of the programming language is obtained, the category code includes method code and/or attribute codes;
The corresponding code of the interface is generated according to the category code.
5. the method according to claim 1, wherein the method further includes:
The test case is compiled;
Wherein, by the test case be supplied to program to be tested include: by the test case after compiling be supplied to it is described to Test program.
6. the method according to claim 1, wherein the method further includes:
The case where running the test case to the program to be tested is monitored;
When monitoring that the program to be tested is abnormal the case where running the test case, the abnormal letter is obtained Breath;
After getting the exception information, exception information is sent to information client side.
7. according to the method described in claim 6, it is characterized in that, the method further includes:
When monitoring that the program to be tested is abnormal the case where running the test case, it is real to obtain the test Example;
The test case is sent to information client side.
8. a kind of code processing apparatus, which is characterized in that described device includes:
Module is obtained, test template code is obtained, the test template code is arranged according to the grammer of programming language;
Determining module, when reading the preset identifications in the test module code, by the position where the preset identifications It is determined as the position to be added of interface in the test template code;
Replacement module replaces the preset identifications with the corresponding code of the interface, to add the corresponding code of the interface extremely On the position to be added, test case is generated;
Module is provided, the test case is supplied to program to be tested, so that program to be tested runs the test case.
9. a kind of calculating equipment, which is characterized in that including memory, processor and be stored on the memory and described The computer program run on processor;The processor realizes any one of claim 1-7 when executing the computer program The method.
10. a kind of storage medium, which is characterized in that be stored with one or more programs, one or more of programs include referring to Enable, described instruction when executed by a computing apparatus so that the equipment perform claim that calculates requires side described in any one of 1-7 Method.
CN201810994304.2A 2018-08-29 2018-08-29 Code processing method and device, computing equipment and storage medium Active CN109241746B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810994304.2A CN109241746B (en) 2018-08-29 2018-08-29 Code processing method and device, computing equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810994304.2A CN109241746B (en) 2018-08-29 2018-08-29 Code processing method and device, computing equipment and storage medium

Publications (2)

Publication Number Publication Date
CN109241746A true CN109241746A (en) 2019-01-18
CN109241746B CN109241746B (en) 2022-01-28

Family

ID=65068814

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810994304.2A Active CN109241746B (en) 2018-08-29 2018-08-29 Code processing method and device, computing equipment and storage medium

Country Status (1)

Country Link
CN (1) CN109241746B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109992503A (en) * 2019-01-25 2019-07-09 北京丁牛科技有限公司 Automated testing method and device
CN110413525A (en) * 2019-07-29 2019-11-05 国网新疆电力有限公司电力科学研究院 Safety detecting method and device
CN112306853A (en) * 2019-08-01 2021-02-02 深圳市腾讯计算机***有限公司 Fuzzy test method, device, equipment and medium
CN113238937A (en) * 2021-05-11 2021-08-10 西北大学 Compiler fuzzy test method based on code compaction and false alarm filtering

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103500139A (en) * 2013-09-25 2014-01-08 刘爱琴 Communication software integration testing system and method
CN104035873A (en) * 2014-06-30 2014-09-10 青岛海信电器股份有限公司 Method and device for generating testing codes
CN107168864A (en) * 2016-03-08 2017-09-15 上海大唐移动通信设备有限公司 Code stream generation method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103500139A (en) * 2013-09-25 2014-01-08 刘爱琴 Communication software integration testing system and method
CN104035873A (en) * 2014-06-30 2014-09-10 青岛海信电器股份有限公司 Method and device for generating testing codes
CN107168864A (en) * 2016-03-08 2017-09-15 上海大唐移动通信设备有限公司 Code stream generation method and device

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109992503A (en) * 2019-01-25 2019-07-09 北京丁牛科技有限公司 Automated testing method and device
CN109992503B (en) * 2019-01-25 2022-10-11 北京丁牛科技有限公司 Automatic testing method and device
CN110413525A (en) * 2019-07-29 2019-11-05 国网新疆电力有限公司电力科学研究院 Safety detecting method and device
CN110413525B (en) * 2019-07-29 2023-05-23 国网新疆电力有限公司电力科学研究院 Safety testing method and device
CN112306853A (en) * 2019-08-01 2021-02-02 深圳市腾讯计算机***有限公司 Fuzzy test method, device, equipment and medium
CN112306853B (en) * 2019-08-01 2023-12-12 深圳市腾讯计算机***有限公司 Fuzzy test method, device, equipment and medium
CN113238937A (en) * 2021-05-11 2021-08-10 西北大学 Compiler fuzzy test method based on code compaction and false alarm filtering
CN113238937B (en) * 2021-05-11 2023-02-03 西北大学 Compiler fuzzy test method based on code compaction and false alarm filtering

Also Published As

Publication number Publication date
CN109241746B (en) 2022-01-28

Similar Documents

Publication Publication Date Title
CN109241746A (en) Code process method, apparatus calculates equipment and storage medium
US10387656B2 (en) Integrated interactive application security testing
Le Goues et al. Genprog: A generic method for automatic software repair
CN107133519B (en) Privacy compromise detection method and system in a kind of communication of Android application network
CN102880546B (en) Software integration testing method and system based on extensible markup language (XML) database
EP3740864A1 (en) Secure deployment of artifacts on a cloud computing platform
CA2773981C (en) System and method of substituting parameter sets in self-contained mini-applications
CN104331662B (en) Android malicious application detection method and device
CN106709288A (en) Application program review operating authorization processing method and application program review operating authorization processing device
CN108769071A (en) attack information processing method, device and internet of things honey pot system
US20120084609A1 (en) Method and System to Extract a Navigation Model for Analysis of a Web Application
CN104731566B (en) Integrated Development Environment test device, method and system
WO2003009532A1 (en) System and method for detecting network events
EP3433782B1 (en) Integrated interactive application security testing
CN106778264A (en) The application program analysis method and analysis system of a kind of mobile client
Gupta et al. An infrastructure-based framework for the alleviation of JavaScript worms from OSN in mobile cloud platforms
CN107920276A (en) A kind of O&M operation On line inspection method, apparatus and auditing system
Göbel et al. A novel approach for generating synthetic datasets for digital forensics
CN105553775B (en) Acquisition methods, device and the test macro of information in a kind of test macro
CN110365714A (en) Host-based intrusion detection method, apparatus, equipment and computer storage medium
CN110896394A (en) Video monitoring equipment leak safety detection system
CN113515750B (en) Attack detection method and device under high-speed flow
CN108763079A (en) The method and its system of stream of items automatic test and deployment
CN109298869A (en) A kind of generation method and relevant apparatus of target channel packet
Born et al. Model-driven development and testing-a case study

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant